Vraag & Antwoord

Beveiliging & privacy

Laptop erg traag

Anoniem
Abraham54
26 antwoorden
  • Mijn laptop is de laatste tijd erg traag, maar er ziz een vrij recente installatie van Windows 7 Home op (circa vier maanden).
    Zou iemand eens naar mijn Hijack log kunnen kijken of er wat verkeerd is? Bij voorbaat dank,

    Sjouke


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:41:41, on 05.08.2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sjouke Hoving\Desktop\Maintenance\HiJackThis204.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2310585955-207485757-2205469552-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2310585955-207485757-2205469552-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 12389 bytes
  • Vertel eens: gebruik jij Eset soms met een fix?

    Download AdwCleaner by Xplode naar het bureaublad.

    [list:4902f102bb][*:4902f102bb]Sluit alle openstaande vensters
    [*:4902f102bb]Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren…
    [*:4902f102bb]Klik vervolgens op Delete
    [*:4902f102bb]Klik bij AdwCleaner – Information op OK
    [*:4902f102bb]Klik bij AdwCleaner – Restart Required op OK[/list:u:4902f102bb]

    Dat tijdens de aktie de snelkoppelingen verdwijnen, is normaal.
    Nadat de PC opnieuw is opgestart, opent een logfile.
    Post aansluitend de inhoud van dit log in je volgende bericht.
  • Dank voor de hulp. Ik heb een licentie voor ESET ( al enkele jaren, hoezo?).
    Bijgaand is de log file van de AdwCleaner. Ik hoop, dat je er iets mee kunt.

    MfG, Sjouke

    # AdwCleaner v1.800 - Logfile created 08/05/2012 at 16:06:59
    # Updated 01/08/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Sjouke Hoving - SJOUKEHOVING-PC
    # Running from : C:\Users\Sjouke Hoving\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\boost_interprocess

    ***** [Registry] *****


    ***** [Registre - GUID] *****

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Google Chrome v21.0.1180.60

    File : C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted : "description": "The fastest way to search the web.",

    *************************

    AdwCleaner[S1].txt - [896 octets] - [05/08/2012 16:06:59]

    ########## EOF - C:\AdwCleaner[S1].txt - [1023 octets] ##########
  • Er draait maar één service van Eset.
    Welke versie gebruik jij ervan?

    En doe het volgende:

    [b:5563103c52]Welk programma[/b:5563103c52]:
  • Dit is mijn ESET versie:

    [img:4e8ba10043]http://i15.photobucket.com/albums/a389/hovinsj1/th_ESET-1.jpg[/img:4e8ba10043]

    Hier is de log van de ComboFix:


    ComboFix 12-08-05.02 - Sjouke Hoving 06.08.2012 8:26.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.41.1033.18.8086.5924 [GMT 2:00]
    ausgeführt von:: c:\users\Sjouke Hoving\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Neuer Wiederherstellungspunkt wurde erstellt
    .
    .
    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\users\Sjouke Hoving\AppData\Local\assembly\tmp
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2012-07-06 bis 2012-08-06 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-06 06:30 . 2012-08-06 06:30 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-06 06:30 . 2012-08-06 06:30 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-08-05 06:09 . 2012-08-05 06:09 ——– d—–w- c:\users\Sjouke Hoving\AppData\Roaming\Malwarebytes
    2012-08-05 06:09 . 2012-08-05 06:09 ——– d—–w- c:\programdata\Malwarebytes
    2012-08-05 06:09 . 2012-08-05 06:09 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-05 06:09 . 2012-07-03 11:46 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-03 18:38 . 2012-08-03 18:38 ——– d—–w- c:\program files\ESET
    2012-08-03 18:18 . 2012-06-29 10:04 9133488 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D50351CE-15C6-40F4-93B5-47C979D14B55}\mpengine.dll
    2012-07-10 17:20 . 2012-06-12 03:08 3148800 —-a-w- c:\windows\system32\win32k.sys
    2012-07-10 17:13 . 2012-06-02 12:49 17807360 —-a-w- c:\windows\system32\mshtml.dll
    2012-07-10 17:13 . 2012-06-02 12:17 10924032 —-a-w- c:\windows\system32\ieframe.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-10 17:15 . 2012-03-23 18:26 59701280 —-a-w- c:\windows\system32\MRT.exe
    2012-06-26 21:21 . 2012-06-26 21:21 255352 —-a-w- c:\windows\SysWow64\awrdscdc.ax
    2012-06-18 05:20 . 2012-06-18 05:20 476936 —-a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-06-18 05:20 . 2012-04-03 20:04 472840 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-06-02 22:19 . 2012-06-21 17:24 38424 —-a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 17:24 2428952 —-a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 17:24 57880 —-a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 17:24 44056 —-a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 17:24 701976 —-a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 17:24 2622464 —-a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 17:24 99840 —-a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-21 17:24 186752 —-a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:15 . 2012-06-21 17:24 36864 —-a-w- c:\windows\system32\wuapp.exe
    2012-05-31 10:25 . 2012-03-23 18:13 279656 ——w- c:\windows\system32\MpSigStub.exe
    .
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
    R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-01-24 53008]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-10 172632]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-23 1255736]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-24 25960]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
    S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-02-17 103936]
    S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-02-17 12800]
    S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-02-17 61440]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2310585955-207485757-2205469552-1000Core.job
    - c:\users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 07:41]
    .
    2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2310585955-207485757-2205469552-1000UA.job
    - c:\users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 07:41]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-18 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-18 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-18 417304]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-31 4500128]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-12-23 312936]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-25 6611560]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
    "CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-02-17 2364928]
    "CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-02-17 2351104]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ——- Zusätzlicher Suchlauf ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ch/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
    .
    .
    ——————— Gesperrte Registrierungsschluessel ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Zeit der Fertigstellung: 2012-08-06 08:32:32
    ComboFix-quarantined-files.txt 2012-08-06 06:32
    .
    Vor Suchlauf: 36'131'868'672 bytes free
    Nach Suchlauf: 35'839'565'824 bytes free
    .
    - - End Of File - - EC64FF1F664F105E6B7E0C6B20DB9B3A
  • De ESET versie is deze:

    http://i15.photobucket.com/albums/a389/hovinsj1/ESET.jpg

    Dank voor de hulp zover. Kun je bijzondere dingen vinden?
  • Hoe gaat het nu met jouw Windows?
    En het is misschien een goed idee Eset opnieuw te installeren (met administratorrechten via rechtsklik).

    Verrassend overigens dat jij een een Duitse Windows 7 gebruikt.
  • Bedankt voor de hulp. Ik heb het idee, dat het wel weer wat sneller draait. Ik heb ESET opnieuw geinstalleerd (alles is groen).

    Ik draai een engelstalige windows, maar omdat ik in Basel (CH) ben, staat de locatie op Swiss-German. Daarom zijn bepaalde zaken in het Duits aangegeven, denk ik.

    MfG, Sjouke
  • Aha en mooi zo; toch wil ik nog wat controleren:

    [b:c51f3ea643]Welk programma[/b:c51f3ea643]:
  • Hier is de log inhoud (het is voor mij allemaal een beetje black box hoor, wat er allemaal getest wordt):


    11:49:51.0159 2304 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    11:49:51.0159 2304 ============================================================
    11:49:51.0159 2304 Current date / time: 2012/08/06 11:49:51.0159
    11:49:51.0159 2304 SystemInfo:
    11:49:51.0159 2304
    11:49:51.0159 2304 OS Version: 6.1.7601 ServicePack: 1.0
    11:49:51.0159 2304 Product type: Workstation
    11:49:51.0159 2304 ComputerName: SJOUKEHOVING-PC
    11:49:51.0159 2304 UserName: Sjouke Hoving
    11:49:51.0159 2304 Windows directory: C:\Windows
    11:49:51.0159 2304 System windows directory: C:\Windows
    11:49:51.0159 2304 Running under WOW64
    11:49:51.0159 2304 Processor architecture: Intel x64
    11:49:51.0159 2304 Number of processors: 4
    11:49:51.0159 2304 Page size: 0x1000
    11:49:51.0159 2304 Boot type: Normal boot
    11:49:51.0159 2304 ============================================================
    11:49:51.0674 2304 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:49:51.0690 2304 ============================================================
    11:49:51.0690 2304 \Device\Harddisk0\DR0:
    11:49:51.0690 2304 MBR partitions:
    11:49:51.0690 2304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    11:49:51.0690 2304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
    11:49:51.0690 2304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x4B1F5000
    11:49:51.0690 2304 ============================================================
    11:49:51.0721 2304 C: <-> \Device\Harddisk0\DR0\Partition1
    11:49:51.0737 2304 D: <-> \Device\Harddisk0\DR0\Partition2
    11:49:51.0737 2304 ============================================================
    11:49:51.0737 2304 Initialize success
    11:49:51.0737 2304 ============================================================
    11:49:51.0830 1100 ============================================================
    11:49:51.0830 1100 Scan started
    11:49:51.0830 1100 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    11:49:51.0830 1100 ============================================================
    11:49:54.0217 1100 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    11:49:54.0342 1100 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
    11:49:54.0389 1100 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    11:49:54.0420 1100 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    11:49:54.0545 1100 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    11:49:54.0623 1100 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    11:49:54.0716 1100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:49:54.0872 1100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    11:49:55.0028 1100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    11:49:55.0184 1100 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    11:49:55.0356 1100 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    11:49:55.0449 1100 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    11:49:55.0543 1100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    11:49:55.0637 1100 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    11:49:55.0730 1100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    11:49:55.0808 1100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    11:49:55.0871 1100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    11:49:55.0964 1100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    11:49:56.0058 1100 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    11:49:56.0167 1100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:49:56.0214 1100 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    11:49:56.0292 1100 AnyDVD (30682a098e12e2c85fa65518e1618195) C:\Windows\system32\Drivers\AnyDVD.sys
    11:49:56.0401 1100 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    11:49:56.0526 1100 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    11:49:56.0604 1100 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    11:49:56.0729 1100 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    11:49:56.0807 1100 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    11:49:56.0885 1100 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    11:49:56.0947 1100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:49:57.0041 1100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    11:49:57.0134 1100 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    11:49:57.0259 1100 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    11:49:57.0368 1100 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    11:49:57.0477 1100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    11:49:57.0587 1100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:49:57.0743 1100 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    11:49:57.0805 1100 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    11:49:57.0961 1100 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    11:49:58.0304 1100 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    11:49:58.0445 1100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:49:58.0647 1100 Bluetooth Device Monitor (c440483a5ce0e0ab03a79a33ace35d91) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    11:49:58.0694 1100 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - [b:ebbddea245]
  • Maak je geen zorgen, ik gebruik enkel legitieme tools en aan het einde ruimen we alles weer op.

    [b:917707e756]Welk programma[/b:917707e756]:
  • Hier is de log. Niet alle files konden verwijderd worden…


    Emsisoft Emergency Kit - Versie 2.0
    Laatste Update: 06.08.2012 18:19:35

    Scaninstellingen:

    Scantype: Diepe scan
    Objecten: Rootkits, Geheugen, Sporen, C:\, D:\
    Scan archieven: Aan
    ADS Scan: Aan

    Scan gestart: 06.08.2012 18:21:31

    c:\program files (x86)\ares\data Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\osthemes Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\chatconf.txt Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\chanlistfilter.txt Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\blocked.txt.sample Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\buttonsbitmap.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\chat.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\emotic.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\libbig.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\logo.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\mimesmall.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\mshareset.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\prefs.txt Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\searchpnl.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\searchstars.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\tabssmall.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\transfer.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\homepage.url Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\p2pfilter.txt Ontdekt: Trace.File.ares!E1
    Value: hkey_classes_root\arlnk –> url protocol Ontdekt: Trace.Registry.ares galaxy p2p plus!E1
    Value: hkey_current_user\software\ares\columns\transfers –> download Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\columns\transfers –> queue Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\columns\transfers –> upload Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\classes\arlnk –> url protocol Ontdekt: Trace.Registry.ares galaxy p2p plus!E1
    Value: hkey_current_user\software\ares\positions\transfers –> download Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\positions\transfers –> queue Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\positions\transfers –> upload Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> extra.showactivecaption Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\bounds –> main.maximized Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.hookbittorrentext Ontdekt: Trace.Registry.ares!E1
    Value: hkey_classes_root\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 –> threadingmodel Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.autostartup Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\data –> ji.aresnet1 Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.language Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.lastlibrarymode Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastpmbrowse Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastchatroombrowse Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> hashing.priority Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.msnsongnotif Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> personal.guid Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> playlist.previousm3uapp Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> network.dhtid Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastsearch Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> privatemessage.awaymessage Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cavgtime Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> privatemessage.allowbrowse Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastlibrary Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> playlist.previouswaxapp Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cdnspeed Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cfrtime Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cttuptime Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cupspeed Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.haslqca Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> transfer.serverport Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.lstcaqueryint Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> displayname Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> displayversion Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> publisher Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> torrents.previousapp Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> urlinfoabout Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\classes\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 –> threadingmodel Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> uninstallstring Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.lstcaquery Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> urlupdateinfo Ontdekt: Trace.Registry.ares!E1

    Gescand 726862
    Gevonden 66

    Scan geëindigd: 06.08.2012 19:26:12
    Scantijd: 1:04:41

    Value: hkey_current_user\software\ares\columns\transfers –> download Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\columns\transfers –> queue Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\columns\transfers –> upload Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\positions\transfers –> download Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\positions\transfers –> queue Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\positions\transfers –> upload Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> extra.showactivecaption Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\bounds –> main.maximized Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.hookbittorrentext Verwijderd Trace.Registry.ares!E1
    Value: hkey_classes_root\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 –> threadingmodel Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.autostartup Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\data –> ji.aresnet1 Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.language Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.lastlibrarymode Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastpmbrowse Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastchatroombrowse Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> hashing.priority Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.msnsongnotif Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> personal.guid Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> playlist.previousm3uapp Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> network.dhtid Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastsearch Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> privatemessage.awaymessage Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cavgtime Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> privatemessage.allowbrowse Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastlibrary Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> playlist.previouswaxapp Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cdnspeed Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cfrtime Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cttuptime Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cupspeed Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.haslqca Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> transfer.serverport Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.lstcaqueryint Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> displayname Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> displayversion Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> publisher Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> torrents.previousapp Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> urlinfoabout Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\classes\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 –> threadingmodel Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> uninstallstring Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.lstcaquery Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> urlupdateinfo Verwijderd Trace.Registry.ares!E1
    Value: hkey_classes_root\arlnk –> url protocol Verwijderd Trace.Registry.ares galaxy p2p plus!E1
    Value: hkey_local_machine\software\classes\arlnk –> url protocol Verwijderd Trace.Registry.ares galaxy p2p plus!E1
    c:\program files (x86)\ares\data Verwijderd Trace.File.ares!E1

    Verwijderd 46
  • Had je mogelijk toch programma- dan wel webvensters openstaan tijdens de scan?
  • Nee, ik had alles precies zo gedaan als beschreven in de instrukties.

    Ziet het er nu goed uit?

    MvG, Sjouke
  • Hallo Sjouke, helemaal tevreden ben ik nog niet.

    [b:cf0e646bfa]Welk programma[/b:cf0e646bfa]:
  • En hier is het logje:


    Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
    www.malwarebytes.org

    Databaseversie: v2012.08.07.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Sjouke Hoving :: SJOUKEHOVING-PC [administrator]

    Realtime bescherming: Ingeschakeld

    07.08.2012 23:43:59
    mbam-log-2012-08-07 (23-43-59).txt

    Scantype: Volledige scan (C:\|D:\|)
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 433369
    Verstreken tijd: 49 minuut/minuten, 7 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
  • Ja, het is inderdaad beter geworden… zaten er onregelmatigheden in het systeem? Ik dacht dat ESET alles wel zou tegenhouden…

    mvG,
    Sjouke
  • Nog een scan te doen:

    [b:3b177b22c5]Welk programma[/b:3b177b22c5]:
  • Combofix heeft toch al een keer gedraaid???

    MvG, Sjouke
  • Desalniettemin het nogmaals doen!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.