Ga naar inhoud
  • 0

HijackThis log vanwege computerproblemen!

anoniem

Gevraagd door anoniem,

Vraag

anoniem Nieuwkomer

anoniem

Geplaatst:
Geplaatst:
Naar aanleiding van mijn ander topic http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1467880#1467880 deze logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:52:49, on 17-11-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3T61C75\HijackThis (1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://willibrord.orionelo.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111113150322.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.mcafee.com O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13863 bytes
Link naar reactie
  • Antwoorden 76
  • Aangemaakt
  • Laatste reactie

Beste reacties voor deze vraag

Populaire dagen

Beste reacties voor deze vraag

Populaire dagen

76 antwoorden op deze vraag

Aanbevolen berichten

  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
ComboFix 11-11-23.01 - Nico 23-11-2011 18:27:08.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2849 [GMT 1:00] Gestart vanuit: d:\gebruikers\Nico\Bureaublad\ComboFix.exe AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfeeFirewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\slwga.dll . . . . konden niet verwijderd worden c:\windows\system32\srrstr.dll . . . . konden niet verwijderd worden c:\windows\system32\systemcpl.dll . . . . konden niet verwijderd worden c:\windows\system32\termsrv.dll . . . . konden niet verwijderd worden . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))) . . 2011-11-23 18:00 . 2011-11-23 18:00 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEA38F60-A8F5-4CFC-84FE-3FD6832736C7}\offreg.dll 2011-11-23 17:55 . 2011-11-23 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-17 15:51 . 2011-11-17 15:51 388096 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-16 13:57 . 2011-11-16 13:57 -------- d-----w- c:\users\Nico\AppData\Roaming\Malwarebytes 2011-11-16 13:56 . 2011-11-16 13:56 -------- d-----w- c:\programdata\Malwarebytes 2011-11-16 13:56 . 2011-11-16 13:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-16 13:56 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-09 18:30 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 18:30 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 18:30 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 18:30 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-09 17:44 . 2011-11-23 13:17 -------- d-----w- c:\users\Nico\AppData\Local\PokerStars 2011-11-09 17:43 . 2011-11-09 17:53 -------- d-----w- c:\program files (x86)\PokerStars . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-23 12:30 . 2011-10-23 12:30 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2011-10-18 13:32 . 2011-08-27 13:31 161168 ----a-w- c:\windows\system32\mfevtps.exe 2011-10-15 12:16 . 2011-08-27 13:32 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-10-15 12:16 . 2011-08-27 13:31 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-10-15 12:16 . 2011-08-27 13:31 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 12:16 . 2011-08-27 13:31 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-10-15 12:16 . 2011-08-27 13:31 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2011-10-15 12:16 . 2011-08-27 13:31 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-10-15 10:54 . 2011-09-12 13:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-01 05:24 . 2011-10-13 20:59 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 05:17 . 2011-10-13 20:59 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 05:12 . 2011-10-13 21:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-01 02:35 . 2011-10-13 20:59 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-09-01 02:28 . 2011-10-13 20:59 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-01 02:22 . 2011-10-13 21:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-08-28 11:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-08-28 11:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-08-27 13:28 . 2011-08-27 13:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-08-27 13:28 . 2011-08-27 13:28 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-08-27 13:28 . 2011-08-27 13:28 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-08-27 13:28 . 2011-08-27 13:28 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-08-27 13:28 . 2011-08-27 13:28 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-08-27 13:28 . 2011-08-27 13:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-08-27 13:28 . 2011-08-27 13:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-08-27 13:28 . 2011-08-27 13:28 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-08-27 13:28 . 2011-08-27 13:28 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-08-27 13:28 . 2011-08-27 13:28 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-08-27 13:28 . 2011-08-27 13:28 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-08-27 13:28 . 2011-08-27 13:28 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-08-27 13:28 . 2011-08-27 13:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-08-27 13:28 . 2011-08-27 13:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-08-27 13:28 . 2011-08-27 13:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-08-27 13:28 . 2011-08-27 13:28 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-08-27 13:28 . 2011-08-27 13:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-08-27 13:28 . 2011-08-27 13:28 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-08-27 13:28 . 2011-08-27 13:28 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-08-27 13:28 . 2011-08-27 13:28 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-08-27 13:28 . 2011-08-27 13:28 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-08-27 13:28 . 2011-08-27 13:28 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-08-27 13:28 . 2011-08-27 13:28 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-08-27 13:28 . 2011-08-27 13:28 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-08-27 13:28 . 2011-08-27 13:28 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-08-27 13:28 . 2011-08-27 13:28 448512 ----a-w- c:\windows\system32\html.iec 2011-08-27 13:28 . 2011-08-27 13:28 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-27 13:28 . 2011-08-27 13:28 222208 ----a-w- c:\windows\system32\msls31.dll 2011-08-27 13:28 . 2011-08-27 13:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-08-27 13:28 . 2011-08-27 13:28 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-08-27 13:28 . 2011-08-27 13:28 160256 ----a-w- c:\windows\system32\wextract.exe 2011-08-27 13:28 . 2011-08-27 13:28 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-27 13:28 . 2011-08-27 13:28 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-08-27 13:28 . 2011-08-27 13:28 12288 ----a-w- c:\windows\system32\mshta.exe 2011-08-27 13:28 . 2011-08-27 13:28 114176 ----a-w- c:\windows\system32\admparse.dll 2011-08-27 13:28 . 2011-08-27 13:28 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-08-27 05:37 . 2011-10-13 05:49 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 05:37 . 2011-10-13 05:49 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 04:26 . 2011-10-13 05:49 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-27 04:26 . 2011-10-13 05:49 233472 ----a-w- c:\windows\SysWow64\oleacc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-17_21.13.17 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-12 08:58 . 2011-11-22 16:53 44624 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-11-23 07:05 33284 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-08-26 17:32 . 2011-11-23 07:05 11324 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2271613879-2368526444-3534850837-1000_UserData.bin + 2011-08-26 16:24 . 2011-11-23 18:05 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-26 16:24 . 2011-11-17 16:44 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-26 16:24 . 2011-11-23 18:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-08-26 16:24 . 2011-11-17 16:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-11-23 18:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-11-17 16:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-26 21:42 . 2011-11-02 21:34 3516 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-08-26 21:42 . 2011-11-22 16:49 3516 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-11-23 17:57 . 2011-11-23 17:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-11-17 21:12 . 2011-11-17 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-11-17 21:12 . 2011-11-17 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-11-23 17:57 . 2011-11-23 17:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-11-05 18:10 . 2011-11-23 15:07 246534 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2009-07-14 05:01 . 2011-11-23 17:57 337624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-11-17 21:11 337624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-08-27 13:44 . 2011-11-23 17:57 10288076 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2271613879-2368526444-3534850837-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 638736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 937920] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000Core.job - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31] . 2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000UA.job - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.nederland.fm/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3] @Class="Shell" . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ýM3] "0"=hex:46,3a,5c,4d,75,7a,69,65,6b,5c,41,76,69,63,69,69,20,2d,20,4c,65,76,65, 6c,73,20,28,50,61,72,74,79,20,52,65,6d,69,78,29,2e,6d,70,33,00,74,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe . ************************************************************************** . Voltooingstijd: 2011-11-23 20:52:42 - machine werd herstart ComboFix-quarantined-files.txt 2011-11-23 19:52 ComboFix2.txt 2011-11-17 21:19 . Pre-Run: 117.715.943.424 bytes beschikbaar Post-Run: 117.779.230.720 bytes beschikbaar . - - End Of File - - 8BD6F8F1B99EB7B5E34D69AC9B666E82
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
We gaan ComboFix opnieuw gebruiken, nu via een script. Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:0ab4d64b5f]Kladblok (of Notepad)[/b:0ab4d64b5f]". . Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:0ab4d64b5f][color=Blue:0ab4d64b5f]KILLALL:: File:: c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2271613879-2368526444-3534850837-1000_UserData.bin c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat c:\windows\system32\wdi\ERCQueuedResolutions.dat c:\windows\system32\wdi\ERCQueuedResolutions.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2271613879-2368526444-3534850837-1000-8192.dat [/color:0ab4d64b5f][/b:0ab4d64b5f] Sla dit kladblokbestand op je bureaublad op als [b:0ab4d64b5f]CFScript.txt[/b:0ab4d64b5f]. [b:0ab4d64b5f][color=Red:0ab4d64b5f]Nu eerst de antivirus deaktiveren![/color:0ab4d64b5f][/b:0ab4d64b5f] Sleep CFScript.txt in ComboFix.exe [img:0ab4d64b5f]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:0ab4d64b5f] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond! [b:0ab4d64b5f]Belangrijke opmerking[/b:0ab4d64b5f]: [list:0ab4d64b5f][*:0ab4d64b5f][b:0ab4d64b5f][color=Red:0ab4d64b5f]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:0ab4d64b5f][/b:0ab4d64b5f] [*:0ab4d64b5f][b:0ab4d64b5f][color=blue:0ab4d64b5f]Illegal operation attempted on a registery key that has been marked for deletion.[/color:0ab4d64b5f][/b:0ab4d64b5f] [*:0ab4d64b5f][b:0ab4d64b5f][color=Red:0ab4d64b5f]Start dan de computer opnieuw op.[/color:0ab4d64b5f][/b:0ab4d64b5f][/list:u:0ab4d64b5f]
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Dit is mijn nieuwe log, nadat ik het script in combofix heb gezet. Echter kwam er bij het genereren van de log een melding dat windows onverwacht is afgesloten met als oorzaak: Blue Screen...? Misschein dat dit komt omdat ik 2 logs had, bij de eerste keer dacht ik dat het fout was gegaan met dat script in combofix, omdat hij weer opnieuw ging zoeken naar fouten. Dus bij deze 2 logs... ComboFix 11-11-23.03 - Nico 24-11-2011 8:14.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2519 [GMT 1:00] Gestart vanuit: d:\gebruikers\Nico\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: d:\gebruikers\Nico\Bureaublad\CFScript.txt AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2271613879-2368526444-3534850837-1000-8192.dat" "c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat" "c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat" "c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat" "c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat" "c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" "c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat" "c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2271613879-2368526444-3534850837-1000_UserData.bin" "c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin" "c:\windows\system32\wdi\ERCQueuedResolutions.dat" "c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin" "c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2271613879-2368526444-3534850837-1000-8192.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2271613879-2368526444-3534850837-1000_UserData.bin c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin c:\windows\system32\wdi\ERCQueuedResolutions.dat c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . . . . konden niet verwijderd worden c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat . . . . konden niet verwijderd worden c:\windows\system32\slwga.dll . . . . konden niet verwijderd worden c:\windows\system32\srrstr.dll . . . . konden niet verwijderd worden c:\windows\system32\systemcpl.dll . . . . konden niet verwijderd worden c:\windows\system32\termsrv.dll . . . . konden niet verwijderd worden . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))) . . 2011-11-24 07:24 . 2011-11-24 07:24 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEA38F60-A8F5-4CFC-84FE-3FD6832736C7}\offreg.dll 2011-11-24 07:21 . 2011-11-24 07:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-22 08:20 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEA38F60-A8F5-4CFC-84FE-3FD6832736C7}\mpengine.dll 2011-11-17 15:51 . 2011-11-17 15:51 388096 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-16 13:57 . 2011-11-16 13:57 -------- d-----w- c:\users\Nico\AppData\Roaming\Malwarebytes 2011-11-16 13:56 . 2011-11-16 13:56 -------- d-----w- c:\programdata\Malwarebytes 2011-11-16 13:56 . 2011-11-16 13:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-16 13:56 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-09 18:30 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 18:30 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 18:30 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 18:30 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-09 17:44 . 2011-11-23 20:09 -------- d-----w- c:\users\Nico\AppData\Local\PokerStars 2011-11-09 17:43 . 2011-11-09 17:53 -------- d-----w- c:\program files (x86)\PokerStars . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-23 12:30 . 2011-10-23 12:30 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2011-10-18 13:32 . 2011-08-27 13:31 161168 ----a-w- c:\windows\system32\mfevtps.exe 2011-10-15 12:16 . 2011-08-27 13:32 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-10-15 12:16 . 2011-08-27 13:31 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-10-15 12:16 . 2011-08-27 13:31 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 12:16 . 2011-08-27 13:31 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-10-15 12:16 . 2011-08-27 13:31 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2011-10-15 12:16 . 2011-08-27 13:31 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-10-15 10:54 . 2011-09-12 13:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-01 05:24 . 2011-10-13 20:59 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 05:17 . 2011-10-13 20:59 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 05:12 . 2011-10-13 21:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-01 02:35 . 2011-10-13 20:59 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-09-01 02:28 . 2011-10-13 20:59 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-01 02:22 . 2011-10-13 21:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-08-28 11:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-08-28 11:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-08-27 13:28 . 2011-08-27 13:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-08-27 13:28 . 2011-08-27 13:28 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-08-27 13:28 . 2011-08-27 13:28 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-08-27 13:28 . 2011-08-27 13:28 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-08-27 13:28 . 2011-08-27 13:28 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-08-27 13:28 . 2011-08-27 13:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-08-27 13:28 . 2011-08-27 13:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-08-27 13:28 . 2011-08-27 13:28 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-08-27 13:28 . 2011-08-27 13:28 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-08-27 13:28 . 2011-08-27 13:28 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-08-27 13:28 . 2011-08-27 13:28 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-08-27 13:28 . 2011-08-27 13:28 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-08-27 13:28 . 2011-08-27 13:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-08-27 13:28 . 2011-08-27 13:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-08-27 13:28 . 2011-08-27 13:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-08-27 13:28 . 2011-08-27 13:28 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-08-27 13:28 . 2011-08-27 13:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-08-27 13:28 . 2011-08-27 13:28 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-08-27 13:28 . 2011-08-27 13:28 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-08-27 13:28 . 2011-08-27 13:28 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-08-27 13:28 . 2011-08-27 13:28 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-08-27 13:28 . 2011-08-27 13:28 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-08-27 13:28 . 2011-08-27 13:28 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-08-27 13:28 . 2011-08-27 13:28 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-08-27 13:28 . 2011-08-27 13:28 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-08-27 13:28 . 2011-08-27 13:28 448512 ----a-w- c:\windows\system32\html.iec 2011-08-27 13:28 . 2011-08-27 13:28 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-27 13:28 . 2011-08-27 13:28 222208 ----a-w- c:\windows\system32\msls31.dll 2011-08-27 13:28 . 2011-08-27 13:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-08-27 13:28 . 2011-08-27 13:28 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-08-27 13:28 . 2011-08-27 13:28 160256 ----a-w- c:\windows\system32\wextract.exe 2011-08-27 13:28 . 2011-08-27 13:28 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-27 13:28 . 2011-08-27 13:28 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-08-27 13:28 . 2011-08-27 13:28 12288 ----a-w- c:\windows\system32\mshta.exe 2011-08-27 13:28 . 2011-08-27 13:28 114176 ----a-w- c:\windows\system32\admparse.dll 2011-08-27 13:28 . 2011-08-27 13:28 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-08-27 05:37 . 2011-10-13 05:49 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 05:37 . 2011-10-13 05:49 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 04:26 . 2011-10-13 05:49 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-27 04:26 . 2011-10-13 05:49 233472 ----a-w- c:\windows\SysWow64\oleacc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-17_21.13.17 ))))))))))))))))))))))))))))))))))))))))) . - 2011-11-17 21:12 . 2011-11-17 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-24 07:22 . 2011-11-24 07:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-24 07:22 . 2011-11-24 07:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-11-17 21:12 . 2011-11-17 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 638736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 937920] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000Core.job - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31] . 2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000UA.job - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.nederland.fm/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3] @Class="Shell" . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ýM3] "0"=hex:46,3a,5c,4d,75,7a,69,65,6b,5c,41,76,69,63,69,69,20,2d,20,4c,65,76,65, 6c,73,20,28,50,61,72,74,79,20,52,65,6d,69,78,29,2e,6d,70,33,00,74,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe . ************************************************************************** . Voltooingstijd: 2011-11-24 08:31:59 - machine werd herstart ComboFix-quarantined-files.txt 2011-11-24 07:31 ComboFix2.txt 2011-11-23 19:52 ComboFix3.txt 2011-11-17 21:19 . Pre-Run: 117.714.173.952 bytes beschikbaar Post-Run: 117.533.782.016 bytes beschikbaar . - - End Of File - - 5D3069378DA74CE8F5F5F32E38FC6B36 ComboFix 11-11-23.03 - Nico 24-11-2011 13:43:45.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2698 [GMT 1:00] Gestart vanuit: d:\gebruikers\Nico\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: d:\gebruikers\Nico\Bureaublad\CFScript.txt AV: McAfeeAntivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfeeFirewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfeeAntivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2271613879-2368526444-3534850837-1000-8192.dat" "c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat" "c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat" "c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat" "c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat" "c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" "c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat" "c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2271613879-2368526444-3534850837-1000_UserData.bin" "c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin" "c:\windows\system32\wdi\ERCQueuedResolutions.dat" "c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin" "c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2271613879-2368526444-3534850837-1000-8192.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2271613879-2368526444-3534850837-1000_UserData.bin c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . . . . konden niet verwijderd worden c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat . . . . konden niet verwijderd worden c:\windows\system32\slwga.dll . . . . konden niet verwijderd worden c:\windows\system32\srrstr.dll . . . . konden niet verwijderd worden c:\windows\system32\systemcpl.dll . . . . konden niet verwijderd worden c:\windows\system32\termsrv.dll . . . . konden niet verwijderd worden . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))) . . 2011-11-24 12:54 . 2011-11-24 12:54 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEA38F60-A8F5-4CFC-84FE-3FD6832736C7}\offreg.dll 2011-11-24 12:49 . 2011-11-24 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-22 08:20 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEA38F60-A8F5-4CFC-84FE-3FD6832736C7}\mpengine.dll 2011-11-17 15:51 . 2011-11-17 15:51 388096 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-16 13:57 . 2011-11-16 13:57 -------- d-----w- c:\users\Nico\AppData\Roaming\Malwarebytes 2011-11-16 13:56 . 2011-11-16 13:56 -------- d-----w- c:\programdata\Malwarebytes 2011-11-16 13:56 . 2011-11-16 13:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-16 13:56 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-09 18:30 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 18:30 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 18:30 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 18:30 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-09 17:44 . 2011-11-24 11:16 -------- d-----w- c:\users\Nico\AppData\Local\PokerStars 2011-11-09 17:43 . 2011-11-09 17:53 -------- d-----w- c:\program files (x86)\PokerStars . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-23 12:30 . 2011-10-23 12:30 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2011-10-18 13:32 . 2011-08-27 13:31 161168 ----a-w- c:\windows\system32\mfevtps.exe 2011-10-15 12:16 . 2011-08-27 13:32 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-10-15 12:16 . 2011-08-27 13:31 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-10-15 12:16 . 2011-08-27 13:31 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 12:16 . 2011-08-27 13:31 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-10-15 12:16 . 2011-08-27 13:31 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2011-10-15 12:16 . 2011-08-27 13:31 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-10-15 10:54 . 2011-09-12 13:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-01 05:24 . 2011-10-13 20:59 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 05:17 . 2011-10-13 20:59 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 05:12 . 2011-10-13 21:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-01 02:35 . 2011-10-13 20:59 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-09-01 02:28 . 2011-10-13 20:59 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-01 02:22 . 2011-10-13 21:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-08-28 11:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-08-28 11:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-08-27 13:28 . 2011-08-27 13:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-08-27 13:28 . 2011-08-27 13:28 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-08-27 13:28 . 2011-08-27 13:28 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-08-27 13:28 . 2011-08-27 13:28 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-08-27 13:28 . 2011-08-27 13:28 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-08-27 13:28 . 2011-08-27 13:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-08-27 13:28 . 2011-08-27 13:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-08-27 13:28 . 2011-08-27 13:28 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-08-27 13:28 . 2011-08-27 13:28 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-08-27 13:28 . 2011-08-27 13:28 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-08-27 13:28 . 2011-08-27 13:28 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-08-27 13:28 . 2011-08-27 13:28 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-08-27 13:28 . 2011-08-27 13:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-08-27 13:28 . 2011-08-27 13:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-08-27 13:28 . 2011-08-27 13:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-08-27 13:28 . 2011-08-27 13:28 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-08-27 13:28 . 2011-08-27 13:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-08-27 13:28 . 2011-08-27 13:28 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-08-27 13:28 . 2011-08-27 13:28 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-08-27 13:28 . 2011-08-27 13:28 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-08-27 13:28 . 2011-08-27 13:28 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-08-27 13:28 . 2011-08-27 13:28 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-08-27 13:28 . 2011-08-27 13:28 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-08-27 13:28 . 2011-08-27 13:28 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-08-27 13:28 . 2011-08-27 13:28 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-08-27 13:28 . 2011-08-27 13:28 448512 ----a-w- c:\windows\system32\html.iec 2011-08-27 13:28 . 2011-08-27 13:28 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-27 13:28 . 2011-08-27 13:28 222208 ----a-w- c:\windows\system32\msls31.dll 2011-08-27 13:28 . 2011-08-27 13:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-08-27 13:28 . 2011-08-27 13:28 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-08-27 13:28 . 2011-08-27 13:28 160256 ----a-w- c:\windows\system32\wextract.exe 2011-08-27 13:28 . 2011-08-27 13:28 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-27 13:28 . 2011-08-27 13:28 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-08-27 13:28 . 2011-08-27 13:28 12288 ----a-w- c:\windows\system32\mshta.exe 2011-08-27 13:28 . 2011-08-27 13:28 114176 ----a-w- c:\windows\system32\admparse.dll 2011-08-27 13:28 . 2011-08-27 13:28 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-08-27 05:37 . 2011-10-13 05:49 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 05:37 . 2011-10-13 05:49 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 04:26 . 2011-10-13 05:49 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-27 04:26 . 2011-10-13 05:49 233472 ----a-w- c:\windows\SysWow64\oleacc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-17_21.13.17 ))))))))))))))))))))))))))))))))))))))))) . - 2011-11-17 21:12 . 2011-11-17 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-24 12:50 . 2011-11-24 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-24 12:50 . 2011-11-24 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-11-17 21:12 . 2011-11-17 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 638736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 937920] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000Core.job - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31] . 2011-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000UA.job - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.nederland.fm/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3] @Class="Shell" . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ýM3] "0"=hex:46,3a,5c,4d,75,7a,69,65,6b,5c,41,76,69,63,69,69,20,2d,20,4c,65,76,65, 6c,73,20,28,50,61,72,74,79,20,52,65,6d,69,78,29,2e,6d,70,33,00,74,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe . ************************************************************************** . Voltooingstijd: 2011-11-24 14:01:38 - machine werd herstart ComboFix-quarantined-files.txt 2011-11-24 13:01 ComboFix2.txt 2011-11-24 07:32 ComboFix3.txt 2011-11-23 19:52 ComboFix4.txt 2011-11-17 21:19 . Pre-Run: 117.479.313.408 bytes beschikbaar Post-Run: 117.406.318.592 bytes beschikbaar . - - End Of File - - 10C988BDFDC098FAA6C8C583466A95A2
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Download [url=http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/][b:18a922e0c4][color=Blue:18a922e0c4]Kaspersky® Virus Removal Tool [/color:18a922e0c4][/b:18a922e0c4][/url] naar je [b:18a922e0c4]Bureaublad[/b:18a922e0c4]. Platform: Windows 2000 Professional (Service Pack 4 or higher) Windows XP (Service Pack 2 or higher) Windows Vista (32-Bit) Windows 7 Start op in veilige Modus. Dubbelklik op het installatie bestand om het programma te installeren. Zorg ervoor dat de volgende items zijn aangevinkt[list:18a922e0c4][*:18a922e0c4]Hidden startup objects[*:18a922e0c4]System memory[*:18a922e0c4]Disk boot sectors[list:18a922e0c4][*:18a922e0c4]Deze Computer [*:18a922e0c4]De schijf waar Windows is geïnstalleerd[*:18a922e0c4]Alle verwisselbare schijven[/list:u:18a922e0c4] Klik: [b:18a922e0c4]Start scan[/b:18a922e0c4][/list:u:18a922e0c4] Wanneer de scanner blijft hangen bij C:\Program Files\Malwarebytes Anti-Malware\[b:18a922e0c4]mbamext.dll[/b:18a922e0c4] Stop dan vervolgens de scanner! Verwijder nu via Software [b:18a922e0c4]Malwarebytes Anti-Malware[/b:18a922e0c4] en start de PC [b:18a922e0c4]NIET[/b:18a922e0c4] opnieuw op Start de scanner weer en kies “[b:18a922e0c4]Resume scan[/b:18a922e0c4]” Bij een Infectie word door middel van een Pop-Up aangegeven wat te doen “[b:18a922e0c4]Disinfect[/b:18a922e0c4] (recommended)” en/of “[b:18a922e0c4]Delete[/b:18a922e0c4] (recommended)” Klik aan het eind van de scan op “Report” Klik op het plus([b:18a922e0c4]+[/b:18a922e0c4]) teken voor Autoscan Rechtermuisklik >>kies “select all” dan Rechtermuisklik >>kies “Copy” Ga via Start\Programma’s\Bureau accesoires naar Kladblok(Editor) Rechtermuisklik >>kies “Plakken” Geef het tekstbestandje een naam b.v [b:18a922e0c4]kav.txt [/b:18a922e0c4]en sla het op je Bureaublad op Sluit AVP en er komt de volgende vraag,klik [b:18a922e0c4]Yes[/b:18a922e0c4] Post de inhoud van het logje in je volgende bericht. [b:18a922e0c4]Deaktiveer de aanwezige antivirussoftware - de scan kan lang duren dus heb geduld.[/b:18a922e0c4]
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Hoe moet ik veilig opstarten? & Mag ik vragen wat u inmiddels heeft ontdekt en waarom ik zoveel programmas moet laten scannen? Niet dat ik uw hulp niet waardeer, integendeel zelfs! Maar het maakt me wel nieuwsgierig al die dingen, was er dan toch iets ergs aan de hand? En nu bij deze scan, moet ik iets laten verwijderen wat ik eerder moest downloaden en laten starten? Is dat programma niet helemaal okè ofzo? Nogmaals ik waardeer uw hulp heel erg, ben alleen beetje nieuwsgierig naar wat ik tot nu toe allemaal gedaan heb, word ik ook weer wijzer op!
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Veilige modus: tijdens de biosopstart op de funktietoets F8 tokkelen. Daarna krijg je een zwart scherm met in witte letters de opties. Kies voor Veilige modus en niet Veilige modus met netwerkmogelijkheid. En nee: MBAM niet verwijderen. Goed lezen: enkel deïnstallereen indien Kaspersky's scan op MBAM vastloopt. En: MBAM is een volkomen betrouwbaar tool.
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Oke. Verder kreeg ik weer de melding dat windows onverwachts is afgesloten met als detail Blue Screen, maar ik heb hem weer niet zelf waargenomen... Wel gebeurde er weer iets vreemds toen ik afsloot, dat het scherm zwart was maar de lampjes nog allemaal aanwaren net als wanneer de computer aan staat. Maar ik zal morgen het programma wat u zei laten draaien, heb nu weinig tijd en aangezien die scan enige tijd duurt...
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Wat betreft die BSOd's, gebruik dan als de scan klaar is enz. het volgende tool: [url=http://www.resplendence.com/whocrashed]WhoCrashed introductie[/url] [url=http://www.softpedia.com/get/Antivirus/WhoCrashed.shtml]WhoCrashed beschrijving[/url] Download de [i:750f0f131d]free home edition[/i:750f0f131d] van [b:750f0f131d]WhoCrashed[/b:750f0f131d] naar je bureaublad via [url=http://www.resplendence.com/downloads]klik hier[/url] [img:750f0f131d]http://i65.servimg.com/u/f65/11/35/67/12/whocra10.png[/img:750f0f131d] en installeer het tool via klikken/dubbelklikken op "[b:750f0f131d]whocrashedSetup.exe[/b:750f0f131d]" Nadat 'WhoCrashed' is opgestart, klik je op de "[b:750f0f131d]Analyze[/b:750f0f131d]" knop. Selekteer nu de inhoud van het venster, kopieer dit en post het resultaat in je volgende post.
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Nee dat had ik nog niet gedaan want ik wou uw stappen een voor een opvolgen en dat moest eerst. Inmiddels heb ik de resultaten van deze scan en ook opgeslagen, maar dit is zo onvoorstelbaar groot (113MB in tekstblok, nog nooit gezien) dat ik niet weet of het wel nuttig is. er stond op het einde bij dat er geen bedreigingen waren... Dus ik heb hem even geupload naar een site en dan kijkt u maar of u het nodig heeft. In de poging om hem hier te plakken liep me internet gewoon helemaal vast omdat het zoveel tekst is..! Ook duurde het even voordat het opende in kladblok... Morgen zou ik dat andere programma installeren. :wink:
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Bij deze ook de WhoCrashed log. Vergeet niet over me vorige reactie heen te lezen... Wat me opvalt is dat er maar 3 crashes staan in november, hoewel dat er toch zeker meer zijn... minimaal 6. Maar dit is wat WhoCrashed gaf: -------------------------------------------------------------------------------- System Information (local) -------------------------------------------------------------------------------- computer name: NICO-LAPTOP windows version: Windows 7 Service Pack 1, 6.1, build: 7601 windows dir: C:\Windows CPU: GenuineIntel Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz Intel586, level: 6 4 logical processors, active mask: 15 RAM: 4151148544 total VM: 2147352576, free: 1949741056 -------------------------------------------------------------------------------- Crash Dump Analysis -------------------------------------------------------------------------------- Crash dump directory: C:\Windows\Minidump Crash dumps are enabled on your computer. On Fri 25-11-2011 19:50:24 GMT your computer crashed crash dump file: C:\Windows\Minidump\112511-16941-01.dmp This was probably caused by the following module: portcls.sys (portcls+0x1D753) Bugcheck code: 0x3B (0xC0000005, 0xFFFFF88005599753, 0xFFFFF880087EAB50, 0x0) Error: SYSTEM_SERVICE_EXCEPTION file path: C:\Windows\system32\drivers\portcls.sys product: Microsoft® Windows® Operating System company: Microsoft Corporation description: Port Class (Class Driver for Port/Miniport Devices) Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time. On Fri 25-11-2011 19:50:24 GMT your computer crashed crash dump file: C:\Windows\memory.dmp This was probably caused by the following module: chdrt64.sys (CHDRT64+0x95B13) Bugcheck code: 0x3B (0xC0000005, 0xFFFFF88005599753, 0xFFFFF880087EAB50, 0x0) Error: SYSTEM_SERVICE_EXCEPTION file path: C:\Windows\system32\drivers\chdrt64.sys product: Conexant HDAudio Driver company: Conexant Systems Inc. description: 64-bit High Definition Audio Function Driver Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: chdrt64.sys (64-bit High Definition Audio Function Driver, Conexant Systems Inc.). Google query: chdrt64.sys Conexant Systems Inc. SYSTEM_SERVICE_EXCEPTION On Fri 25-11-2011 16:56:41 GMT your computer crashed crash dump file: C:\Windows\Minidump\112511-16770-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0x1A (0x1236, 0xFFFFFA8003B1A960, 0xFFFFFA8003B1AA30, 0x60404) Error: MEMORY_MANAGEMENT file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that a severe memory management error occurred. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. On Thu 24-11-2011 17:51:39 GMT your computer crashed crash dump file: C:\Windows\Minidump\112411-28142-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0x3B (0xC0000005, 0xFFFFF800033A7833, 0xFFFFF880076B1E60, 0x0) Error: SYSTEM_SERVICE_EXCEPTION file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. On Thu 24-11-2011 12:51:04 GMT your computer crashed crash dump file: C:\Windows\Minidump\112411-18127-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80003384C1F, 0xFFFFF88005B9AF90, 0x0) Error: SYSTEM_SERVICE_EXCEPTION file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. On Sun 23-10-2011 20:10:14 GMT your computer crashed crash dump file: C:\Windows\Minidump\102311-21590-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0x9F (0x3, 0xFFFFFA800B95B440, 0xFFFFF80000B9C518, 0xFFFFFA8007B852A0) Error: DRIVER_POWER_STATE_FAILURE file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. On Thu 13-10-2011 13:11:17 GMT your computer crashed crash dump file: C:\Windows\Minidump\101311-21169-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0x1A (0x1236, 0xFFFFFA8003B1AA60, 0xFFFFFA8003B1AAB0, 0x49F96) Error: MEMORY_MANAGEMENT file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that a severe memory management error occurred. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. On Wed 5-10-2011 15:51:28 GMT your computer crashed crash dump file: C:\Windows\Minidump\100511-22744-01.dmp This was probably caused by the following module: atikmpag.sys (atikmpag+0x640C) Bugcheck code: 0x116 (0xFFFFFA80093B2470, 0xFFFFF8800160640C, 0x0, 0x2) Error: VIDEO_TDR_ERROR file path: C:\Windows\system32\drivers\atikmpag.sys product: AMD driver company: Advanced Micro Devices, Inc. description: AMD multi-vendor Miniport Driver Bug check description: This indicates that an attempt to reset the display driver and recover from a timeout failed. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: atikmpag.sys (AMD multi-vendor Miniport Driver, Advanced Micro Devices, Inc.). Google query: atikmpag.sys Advanced Micro Devices, Inc. VIDEO_TDR_ERROR On Sat 1-10-2011 14:54:29 GMT your computer crashed crash dump file: C:\Windows\Minidump\100111-38844-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0x9F (0x3, 0xFFFFFA8009AF7100, 0xFFFFF80000B9C518, 0xFFFFFA8003E79C10) Error: DRIVER_POWER_STATE_FAILURE file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. On Sat 10-9-2011 16:21:23 GMT your computer crashed crash dump file: C:\Windows\Minidump\091011-23930-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0xA (0xFFFFFA8049025B50, 0x2, 0x0, 0xFFFFF800030638E6) Error: IRQL_NOT_LESS_OR_EQUAL file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. On Sat 3-9-2011 12:07:43 GMT your computer crashed crash dump file: C:\Windows\Minidump\090411-17456-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0x9F (0x3, 0xFFFFFA8004461060, 0xFFFFF80000B9C518, 0xFFFFFA8008B11C10) Error: DRIVER_POWER_STATE_FAILURE file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. On Sat 3-9-2011 10:57:53 GMT your computer crashed crash dump file: C:\Windows\Minidump\090311-18579-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0x9F (0x3, 0xFFFFFA8008DDE060, 0xFFFFF800046E9518, 0xFFFFFA80046EDC10) Error: DRIVER_POWER_STATE_FAILURE file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. On Thu 1-9-2011 19:25:09 GMT your computer crashed crash dump file: C:\Windows\Minidump\090111-19765-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0x9F (0x3, 0xFFFFFA8006E24060, 0xFFFFF80000B9C518, 0xFFFFFA800453E810) Error: DRIVER_POWER_STATE_FAILURE file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time. -------------------------------------------------------------------------------- Conclusion -------------------------------------------------------------------------------- 13 crash dumps have been found and analyzed. 2 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers: atikmpag.sys (AMD multi-vendor Miniport Driver, Advanced Micro Devices, Inc.) chdrt64.sys (64-bit High Definition Audio Function Driver, Conexant Systems Inc.) If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems. Read the topic general suggestions for troubleshooting system crashes for more information. Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Gast
Antwoord op deze vraag...

×   Geplakt als verrijkte tekst.   Herstel opmaak

  Er zijn maximaal 75 emoji toegestaan.

×   Je link werd automatisch ingevoegd.   Tonen als normale link

×   Je vorige inhoud werd hersteld.   Leeg de tekstverwerker

×   Je kunt afbeeldingen niet direct plakken. Upload of voeg afbeeldingen vanaf een URL in

×
Ga naar vragenoverzicht

  • Populaire leden

    Er is nog niemand die deze week reputatie heeft ontvangen.

  • Leden

    Geen leden om te tonen

×
×
  • Nieuwe aanmaken...