Mededeling

Collapse
No announcement yet.

Zeer trage pc, zeer waarschijnlijk een virus (pev.3xe ??)

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Zeer trage pc, zeer waarschijnlijk een virus (pev.3xe ??)

    Sinds gisteren is mijn pc super traag geworden. Het lijkt of ieder programma bevriest als ik er op klik. En als het dan eindelijk opent slaat het vervolgens voor een paar minuten vast. Verkenner openen duurt een paar minuten (wat tot eergisteren gewoon in een muisklik ging)
    Norton gaf een paar keer de melding dat PEV.3xe veel geheugen in beslag neemt.
    Via norton heb ik alles geprobeerd maar die kan niets vinden. Malware heeft 7 geinfecteerde bestanden gevonden, die zijn opgeruimd maar nog steeds is de pc niet vooruit te branden.
    Op mijn bureaublad heb ik een gadget staan met processor gebruik en ook als er niets draait is een belasting van 60/70%.
    Hieronder de gevraagde bestanden in de volgorde
    1. Malware (nadat de 7 bestanden zijn opgeruimd)
    2. DDS
    3. Gmer

    1. Malware
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.11.01.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    Online Accountants :: COOPFINANCE [administrator]

    1-11-2013 23:30:04
    mbam-log-2013-11-01 (23-30-04).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 215593
    Verstreken tijd: 21 minuut/minuten, 8 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    2. DDS
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.25.2
    Run by Online Accountants at 0:38:19 on 2013-11-02
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2048.171 [GMT 1:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.e xe
    C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\KPN\Mobiel Internet Software\LoggerServer.exe
    C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Program Files\KPN Back-up Online\BackupSC.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Online Accountants\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
    C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
    C:\Program Files\KPN Back-up Online\BackupFP.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\prevhost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Online Accountants\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = about:blank
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = about:blank
    mDefault_Page_URL = about:blank
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mURLSearchHooks: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - <orphaned>
    BHO: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
    BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - <orphaned>
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: <No Name>: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - LocalServer32 - <no file>
    uRun: [GoogleChromeAutoLaunch_509769FFD9576E3798F033AFA121DD8E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    dRun: [KPNBackupOnline] "C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe" minimized
    StartupFolder: C:\Users\ONLINE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Online Accountants\AppData\Roaming\Dropbox\bin\Dropbox.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: Afbeelding knippen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
    IE: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: Kopieer selectie - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
    IE: Kopieer URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
    IE: Nieuwe notitie - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    IE: Pagina opemen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
    IE: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: intelly.nl
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://twinfield.webex.com/client/T27LB/webex/ieatgpc1.cab
    TCP: NameServer = 62.179.104.196 213.46.228.196
    TCP: Interfaces\{0C346BF1-5F0B-4932-9A54-58C919063D9C} : NameServer = 194.151.228.2 194.151.228.50
    TCP: Interfaces\{11319E3C-023F-4BC2-8458-5C801AC3C30F} : NameServer = 194.151.228.2 194.151.228.34
    TCP: Interfaces\{17916EC8-8305-42EA-BDE9-F5DC69DDCF01} : NameServer = 62.133.126.28 62.133.126.29
    TCP: Interfaces\{20835DAC-3959-48F8-8461-91B61C4EC2C3} : NameServer = 62.133.126.28 62.133.126.29
    TCP: Interfaces\{60429B14-20EB-47DD-BEF9-F28B5A6856D9} : DHCPNameServer = 62.179.104.196 213.46.228.196
    TCP: Interfaces\{60429B14-20EB-47DD-BEF9-F28B5A6856D9}\140707C65602E4564777F627B602532656936693 : DHCPNameServer = 10.0.1.1
    TCP: Interfaces\{60429B14-20EB-47DD-BEF9-F28B5A6856D9}\14D236F657E64716E64737 : DHCPNameServer = 192.168.32.1
    TCP: Interfaces\{60429B14-20EB-47DD-BEF9-F28B5A6856D9}\34F675F627B656273714D6374756274616D6 : DHCPNameServer = 10.20.0.1
    TCP: Interfaces\{60429B14-20EB-47DD-BEF9-F28B5A6856D9}\550534234393239343137333 : DHCPNameServer = 192.168.192.1
    TCP: Interfaces\{60429B14-20EB-47DD-BEF9-F28B5A6856D9}\65963796F6E607C616E6E65627F57457563747 : DHCPNameServer = 10.59.0.1
    TCP: Interfaces\{60429B14-20EB-47DD-BEF9-F28B5A6856D9}\D45656470262025416470264275656D275966696 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{7B76CD82-60E4-4DCC-B3DE-36E00ACB66DB} : NameServer = 194.151.228.34 194.151.228.18
    TCP: Interfaces\{8BE406ED-514D-4D5D-AFE2-F377BE6F0D31} : DHCPNameServer = 62.179.104.196 213.46.228.196
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Online Accountants\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = DPPassFilter scecli
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = about:blank
    x64-mDefault_Page_URL = about:blank
    x64-BHO: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\dpotspluginie8.dll
    x64-BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - LocalServer32 - <no file>
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: <No Name>: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - LocalServer32 - <no file>
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\drivers\amdkmafd.sys [2013-6-4 21600]
    R0 AVPCIFilter;Avatron PCI Bus Device Filter;C:\Windows\System32\drivers\AVPCIFilter.sys [2013-4-15 37240]
    R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2013-5-31 157696]
    R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2013-8-22 168096]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]
    R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2010-1-29 20056]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AE STSr64.exe [2010-6-8 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-22 241152]
    R2 BecHelperService;BecHelperService;C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe [2011-10-11 1917832]
    R2 CFUACProxy_hddv2usb3;CFUACProxy_hddv2usb3;C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe [2012-4-16 83792]
    R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2010-4-19 9309544]
    R2 ezGOSvc;Easybits GO Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-19 13336]
    R2 KPN Back-up Online SC;KPN Back-up Online SC;C:\Program Files\KPN Back-up Online\BackupSC.exe [2010-10-30 524088]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-30 418376]
    R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2013-8-22 143928]
    R3 AirDisplay;Air Display Support;C:\Windows\System32\drivers\AVVideoCard.sys [2013-4-15 16248]
    R3 AirDisplayMirror;Air Display Mirror Support;C:\Windows\System32\drivers\AVVideoCardMirror.sys [2013-4-15 16248]
    R3 AirDisplayWDDM;AirDisplayWDDM;C:\Windows\System32\drivers\AVWDDMMiniPort.sys [2013-4-15 45432]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-6-2 96768]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-6-8 35104]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2011-10-11 86016]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-21 25928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-5-31 33008]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-5-3 11856]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-30 701512]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
    S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_5.3.24474.0.sys [2010-8-7 17408]
    S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\Windows\System32\drivers\aabed2.sys [2008-3-20 28672]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2011-10-11 117248]
    S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2011-10-11 13952]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2011-10-11 256000]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
    S3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]
    S3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;C:\Windows\System32\drivers\lan9500-x64-n51f.sys [2010-8-7 67584]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-6-8 232992]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-1 59392]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2013-11-01 22:56:14 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-11-01 22:56:13 116440 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2013-11-01 22:55:26 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2013-11-01 16:21:50 -------- d-----w- C:\ProgramData\boost_interprocess
    2013-11-01 16:17:29 -------- d-----w- C:\AdwCleaner
    2013-11-01 15:21:46 -------- d-----w- C:\Windows\SysWow64\wbem\Logs
    2013-11-01 15:04:26 -------- d-----w- C:\Users\Online Accountants\AppData\Roaming\eCyber
    2013-11-01 15:03:42 -------- d-----w- C:\Users\Online Accountants\AppData\Roaming\iSafe
    2013-11-01 14:51:55 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-11-01 13:57:40 -------- d-----w- C:\ComboFix
    2013-11-01 11:57:23 -------- d-----w- C:\Windows\System32\drivers\N360x64\1501000.012
    2013-10-28 11:32:50 -------- d-----w- C:\Users\Online Accountants\AppData\Local\ElevatedDiagnostics
    2013-10-24 23:08:41 26936 ----a-w- C:\Windows\System32\authuitu.dll
    2013-10-24 23:08:41 22328 ----a-w- C:\Windows\SysWow64\authuitu.dll
    2013-10-24 23:08:36 36664 ----a-w- C:\Windows\System32\uxtuneup.dll
    2013-10-24 23:08:36 30008 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
    2013-10-20 19:12:58 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-10-20 19:12:58 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-10-20 19:12:58 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-10-20 19:12:58 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-10-20 19:12:58 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-10-20 19:12:58 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2013-10-20 19:12:58 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2013-10-08 07:49:09 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2013-10-08 07:49:09 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2013-10-08 07:49:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2013-10-08 07:49:08 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2013-10-08 07:49:08 41472 ----a-w- C:\Windows\System32\lpk.dll
    2013-10-08 07:49:08 368128 ----a-w- C:\Windows\System32\atmfd.dll
    2013-10-08 07:49:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2013-10-08 07:49:08 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2013-10-08 07:49:08 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
    2013-10-08 07:49:08 14336 ----a-w- C:\Windows\System32\dciman32.dll
    2013-10-08 07:49:08 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
    2013-10-08 07:49:08 100864 ----a-w- C:\Windows\System32\fontsub.dll
    2013-10-08 07:45:58 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2013-10-08 07:45:58 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2013-10-08 07:45:57 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-10-08 07:45:57 461312 ----a-w- C:\Windows\System32\scavengeui.dll
    .
    ==================== Find3M ====================
    .
    2013-10-22 16:22:52 35640 ----a-w- C:\Windows\System32\TURegOpt.exe
    2013-10-09 08:54:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-10-09 08:54:21 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
    2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
    2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
    2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
    2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
    2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
    2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
    2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
    2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
    .
    ============= FINISH: 0:40:24,81 ===============

    3. Gmer
    in volgende post, want anders zijn het teveel tekens

  • #2
    En het Gmer log bestand

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-11-02 00:59:54
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
    Running: uf2db93i.exe; Driver: C:\Users\ONLINE~1\AppData\Local\Temp\kxdyifoc.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Users\Online Accountants\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b31465 2 bytes [B3, 75]
    .text C:\Users\Online Accountants\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b314bb 2 bytes [B3, 75]
    .text ... * 2

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\system32\svchost.exe[1060] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress] [55580002820] c:\windows\system32\uxtuneup.dll
    IAT C:\Windows\system32\svchost.exe[1060] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!ReadFile] [55580002700] c:\windows\system32\uxtuneup.dll

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\System32\svchost.exe [1036:1092] 000007fefbb9f2f4
    Thread C:\Windows\System32\svchost.exe [1036:1096] 000007fefbca6204
    Thread C:\Windows\System32\svchost.exe [1036:1380] 000007fefab1331c
    Thread C:\Windows\System32\svchost.exe [1036:1740] 000007fefa2f59a0
    Thread C:\Windows\System32\svchost.exe [1036:2004] 000007fefd471a70
    Thread C:\Windows\System32\svchost.exe [1036:4700] 000007fefaef20c0
    Thread C:\Windows\System32\svchost.exe [1036:4720] 000007fefaef26a8
    Thread C:\Windows\System32\svchost.exe [1036:4724] 000007fef63214a0
    Thread C:\Windows\System32\svchost.exe [1036:4776] 000007feffc0c608
    Thread C:\Windows\System32\svchost.exe [1036:1988] 000007fefaef29dc
    Thread C:\Windows\system32\svchost.exe [1292:4920] 000007fef5506ed4
    Thread C:\Windows\system32\svchost.exe [1292:4924] 000007fef5506b8c
    Thread C:\Windows\system32\svchost.exe [1580:2824] 000007fef7a983d8
    Thread C:\Windows\system32\svchost.exe [1580:2828] 000007fef7a983d8
    Thread C:\Windows\system32\svchost.exe [1580:2832] 000007fef7a983d8
    Thread C:\Windows\system32\svchost.exe [1580:2836] 000007fef7a983d8
    Thread C:\Windows\system32\svchost.exe [1580:2840] 000007fef7a983d8
    Thread C:\Windows\system32\svchost.exe [1580:2844] 000007fef7a983d8
    Thread C:\Windows\system32\svchost.exe [1580:2848] 000007fef7a983d8
    Thread C:\Windows\system32\svchost.exe [1580:3348] 000007fef6663f1c
    Thread C:\Windows\system32\svchost.exe [1580:3380] 000007fef66322b8
    Thread C:\Windows\system32\svchost.exe [1580:3384] 000007fef6631a38
    Thread C:\Windows\system32\svchost.exe [1580:3396] 000007fef64b5388
    Thread C:\Windows\system32\svchost.exe [1580:3428] 000007fef6497738
    Thread C:\Windows\system32\svchost.exe [1580:3432] 000007fef6481f90
    Thread C:\Windows\system32\svchost.exe [1580:5296] 000007fef89e5170
    Thread C:\Windows\system32\svchost.exe [1708:1992] 000007fefd471a70
    Thread C:\Windows\system32\svchost.exe [1708:1056] 000007fefd471a70
    Thread C:\Windows\system32\svchost.exe [1708:1160] 000007fefd471a70
    Thread C:\Windows\system32\svchost.exe [1708:1272] 000007fef9b62c70
    Thread C:\Windows\system32\svchost.exe [1708:1280] 000007fef9b6fb40
    Thread C:\Windows\system32\svchost.exe [1708:1352] 000007fef9b81d20
    Thread C:\Windows\system32\svchost.exe [1708:1384] 000007fef9b6f6f0
    Thread C:\Windows\system32\svchost.exe [1708:2124] 000007fef9a935c0
    Thread C:\Windows\system32\svchost.exe [1708:4556] 000007fef9a95600
    Thread C:\Windows\system32\svchost.exe [1708:4968] 000007fef5482888
    Thread C:\Windows\system32\svchost.exe [1708:4988] 000007fef5472940
    Thread C:\Windows\System32\spoolsv.exe [1844:2636] 0000000000193c44
    Thread C:\Windows\System32\spoolsv.exe [1844:2664] 000007fef87710c8
    Thread C:\Windows\System32\spoolsv.exe [1844:2716] 000007fef8706144
    Thread C:\Windows\System32\spoolsv.exe [1844:2728] 000007fef8565fd0
    Thread C:\Windows\System32\spoolsv.exe [1844:2736] 000007fef7be3438
    Thread C:\Windows\System32\spoolsv.exe [1844:2740] 000007fef85663ec
    Thread C:\Windows\System32\spoolsv.exe [1844:2768] 000007fef8835e5c
    Thread C:\Windows\System32\spoolsv.exe [1844:2776] 000007fef88a5074
    Thread C:\Windows\system32\taskhost.exe [2344:4188] 000007fef89e5170
    Thread C:\Windows\system32\Dwm.exe [2460:6088] 000007fee9f62a84
    Thread C:\Windows\system32\svchost.exe [2668:2944] 000007fef8565fd0
    Thread C:\Windows\system32\svchost.exe [2668:3008] 000007fef7be3438
    Thread C:\Windows\system32\svchost.exe [2668:3016] 000007fef85663ec
    Thread C:\Windows\system32\svchost.exe [2668:2900] 0000000000364bf4
    Thread C:\Windows\system32\svchost.exe [2700:4128] 000007fef78e44e0
    Thread C:\Windows\system32\svchost.exe [4620:4704] 000007fef6352f9c
    Thread C:\Program Files\Windows Sidebar\sidebar.exe [5228:5176] 000007feed540790
    Thread C:\Program Files\Windows Sidebar\sidebar.exe [5228:4928] 000007feecf97460
    Thread C:\Program Files\Windows Sidebar\sidebar.exe [5228:2016] 000007feecf97460
    Thread C:\Program Files\Windows Sidebar\sidebar.exe [5228:4484] 000007feecf97460
    Thread C:\Program Files\Windows Sidebar\sidebar.exe [5228:6064] 000007feecb90e7c
    Thread C:\Program Files\Windows Sidebar\sidebar.exe [5228:5400] 000007feecb90e7c
    Thread C:\Program Files\Windows Sidebar\sidebar.exe [5228:4092] 000007feecb90e7c
    Thread C:\Program Files\Windows Sidebar\sidebar.exe [5228:2116] 000007feecb90e7c
    Thread C:\Windows\system32\taskhost.exe [4120:4684] 000007fefb07ef24

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{79C516FD-853C-496F-AC0E-DF6153694AA6}\[email protected] isatap.{9FB4686E-004F-469F-8C65-720B5208C87A}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{7961CD10-318B-4389-8311-C54FDFDF5133}?\Device\{272A8F60-3102-4BE0-93EB-30B028F808FB}?\Device\{79C516FD-853C-496F-AC0E-DF6153694AA6}?\Device\{7CBEB580-8DDD-474C-82C1-ED7B17B6E9E6}?\Device\{1C154081-E20C-4056-9A39-4AD79F80D80B}?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{7961CD10-318B-4389-8311-C54FDFDF5133}"?"{272A8F60-3102-4BE0-93EB-30B028F808FB}"?"{79C516FD-853C-496F-AC0E-DF6153694AA6}"?"{7CBEB580-8DDD-474C-82C1-ED7B17B6E9E6}"?"{1C154081-E20C-4056-9A39-4AD79F80D80B}"?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{7961CD10-318B-4389-8311-C54FDFDF5133}?\Device\TCPIP6TUNNEL_{272A8F60-3102-4BE0-93EB-30B028F808FB}?\Device\TCPIP6TUNNEL_{79C516FD-853C-496F-AC0E-DF6153694AA6}?\Device\TCPIP6TUNNEL_{7CBEB580-8DDD-474C-82C1-ED7B17B6E9E6}?\Device\TCPIP6TUNNEL_{1C154081-E20C-4056-9A39-4AD79F80D80B}?
    Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\IDE\DiskWDC_WD7500KPVT-65HT5T0__________________01.01A01\4&8f6326a&0&[email protected] 611820
    Reg HKLM\SYSTEM\CurrentControlSet\services\Accelerometer\[email protected] 7247835
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955a65b2
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x4C 0xC1 0x2E 0x39 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x94 0xFA 0x4C 0x57 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x4A 0xF0 0x6C 0x48 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x3F 0x40 0x39 0x60 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{79C516FD-853C-496F-AC0E-DF6153694AA6}@InterfaceName isatap.{9FB4686E-004F-469F-8C65-720B5208C87A}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{79C516FD-853C-496F-AC0E-DF6153694AA6}@ReusableType 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\[email protected] 58194
    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\[email protected] 36581
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955a65b2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x4C 0xC1 0x2E 0x39 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x94 0xFA 0x4C 0x57 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x4A 0xF0 0x6C 0x48 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x3F 0x40 0x39 0x60 ...

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----

    Comment


    • #3
      Pevz.exe is een onderdeel van zoek.exe en is hetzelfde bestand dat Combofix ook gebruikt alleen heet het dan pev.exe
      Dat je het in de processlijst zag verschijnen is dus heel normaal.
      Dat het een trojan zou zijn is onzin, al die websites die dat schrijven hebben de informatie wellicht van elkaar overgenomen om mensen dubieuze scanners aan te smeren.
      De orginele bestandsnaam van pev.exe en pevz.exe is trouwens PevFind.exe
      Dit is een programma geschreven door Billy O Neal:
      https://bitbucket.org/BillyONeal/pevfind


      ****************************************




      Download Zoek.zip naar het bureaublad.
      1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
      2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

      • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
      • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
      • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
      • Kopieer nu onderstaande code en plak die in het grote invulvenster:
      • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
        Code:
        emptyclsid;
        emptyfolderscheck;delete
        firefoxlook; 
        Chromelook;  
        autoclean; 
        iedefaults; 
        filesrcm;
      • Klik nu op de knop "Run script".
      • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
      • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
      • Post het geopende logje in het volgende bericht als bijlage.

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        zoek-results.txt

        hierbij het bestand

        Comment


        • #5
          Prima gedaan, vertel even hoe het nu gaat.

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Juisterr,

            bedankt voor je hulp tot zover!
            Het openen van programma's gaat beter, maar de processor blijf een hoog gebruik houden (70/80% volgens bureaublad gadget) Je hoort de koelvin ook veel draaien.
            Gisteravond heeft het anti virus programma Avira 3 virussen gevonden en gelukkig kon dit progje het ook verwijderen.

            Comment


            • #7
              Is de ventilator wel goed schoon ?

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                ja, daar zorg ik voor

                Comment


                • #9
                  Download ComboFix van één van deze locaties:

                  Link 1
                  Link 2


                  * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

                  >>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.






                  1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

                  * (hier of hier

                  2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
                  3. Dubbelklik op "Combofix.exe" om de tool te starten.
                  4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

                  * Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

                  5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    ComboFix 13-11-03.02 - Online Accountants 04-11-2013 20:29:00.5.7 - x64
                    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2048.915 [GMT 1:00]
                    Gestart vanuit: c:\users\Online Accountants\Desktop\Divers\Jet Boost\ComboFix.exe
                    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
                    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
                    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
                    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                    .
                    .
                    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    c:\users\Online Accountants\AppData\Local\assembly\tmp
                    .
                    .
                    (((((((((((((((((((( Bestanden Gemaakt van 2013-10-04 to 2013-11-04 ))))))))))))))))))))))))))))))
                    .
                    .
                    2013-11-04 19:42 . 2013-11-04 19:42 -------- d-----w- c:\users\Public\AppData\Local\temp
                    2013-11-04 19:42 . 2013-11-04 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp
                    2013-11-04 10:20 . 2013-11-04 10:20 -------- d-----w- c:\programdata\Oracle
                    2013-11-04 10:20 . 2013-10-08 06:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                    2013-11-04 09:26 . 2013-11-04 09:26 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
                    2013-11-03 23:29 . 2013-11-03 23:29 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
                    2013-11-03 23:29 . 2013-11-03 23:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
                    2013-11-03 23:28 . 2013-11-03 23:28 -------- d-----w- c:\program files (x86)\Norton 360
                    2013-11-03 10:46 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
                    2013-11-03 10:46 . 2013-11-03 10:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
                    2013-11-03 00:05 . 2013-11-03 10:36 -------- d-----w- c:\programdata\Avira
                    2013-11-02 23:19 . 2013-11-02 23:19 -------- d-----w- c:\users\Online Accountants\AppData\Roaming\SUPERAntiSpyware.com
                    2013-11-02 23:03 . 2013-11-02 23:03 -------- d-----w- c:\programdata\Licenses
                    2013-11-02 23:03 . 2009-03-24 11:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
                    2013-11-02 22:54 . 2013-11-02 22:54 -------- d-----w- c:\program files\trend micro
                    2013-11-02 22:54 . 2013-11-02 22:55 -------- d-----w- C:\rsit
                    2013-11-02 19:44 . 2013-11-04 17:56 -------- d-----w- c:\programdata\boost_interprocess
                    2013-11-02 19:00 . 2013-11-04 19:42 -------- d-----w- c:\users\Online Accountants\AppData\Local\Temp
                    2013-11-02 18:37 . 2013-11-02 18:58 -------- d-----w- C:\zoek_backup
                    2013-11-01 16:17 . 2013-11-01 16:19 -------- d-----w- C:\AdwCleaner
                    2013-11-01 15:21 . 2013-11-01 15:21 -------- d-----w- c:\windows\SysWow64\wbem\Logs
                    2013-11-01 11:57 . 2013-11-03 23:29 -------- d-----w- c:\windows\system32\drivers\N360x64\1501000.012
                    2013-10-28 11:32 . 2013-10-28 11:32 -------- d-----w- c:\users\Online Accountants\AppData\Local\ElevatedDiagnostics
                    2013-10-24 23:08 . 2013-10-22 16:22 26936 ----a-w- c:\windows\system32\authuitu.dll
                    2013-10-24 23:08 . 2013-10-22 16:22 22328 ----a-w- c:\windows\SysWow64\authuitu.dll
                    2013-10-24 23:08 . 2013-10-22 16:22 36664 ----a-w- c:\windows\system32\uxtuneup.dll
                    2013-10-24 23:08 . 2013-10-22 16:22 30008 ----a-w- c:\windows\SysWow64\uxtuneup.dll
                    2013-10-20 19:12 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
                    2013-10-20 19:12 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
                    2013-10-20 19:12 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
                    2013-10-20 19:12 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
                    2013-10-20 19:12 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
                    2013-10-20 19:12 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
                    2013-10-20 19:12 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
                    2013-10-11 08:43 . 2013-09-22 23:27 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
                    2013-10-08 07:49 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
                    2013-10-08 07:49 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
                    2013-10-08 07:49 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll
                    2013-10-08 07:49 . 2013-06-06 05:49 100864 ----a-w- c:\windows\system32\fontsub.dll
                    2013-10-08 07:49 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll
                    2013-10-08 07:49 . 2013-06-06 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll
                    2013-10-08 07:49 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll
                    2013-10-08 07:49 . 2013-06-06 04:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
                    2013-10-08 07:49 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
                    2013-10-08 07:49 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll
                    2013-10-08 07:49 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
                    2013-10-08 07:49 . 2013-06-06 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
                    2013-10-08 07:45 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
                    2013-10-08 07:45 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
                    2013-10-08 07:45 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
                    2013-10-08 07:45 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
                    .
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2013-10-22 16:22 . 2012-08-11 21:50 35640 ----a-w- c:\windows\system32\TURegOpt.exe
                    2013-10-11 08:26 . 2010-09-20 18:27 80541720 ----a-w- c:\windows\system32\MRT.exe
                    2013-10-09 08:54 . 2012-04-05 20:40 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                    2013-10-09 08:54 . 2011-07-16 12:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                    2013-08-29 01:48 . 2013-10-08 07:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                    REGEDIT4
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
                    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
                    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
                    2013-05-18 19:03 222808 ----a-w- c:\users\Online Accountants\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
                    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
                    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
                    2013-05-18 19:03 222808 ----a-w- c:\users\Online Accountants\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
                    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
                    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
                    2013-05-18 19:03 222808 ----a-w- c:\users\Online Accountants\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
                    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                    2013-05-25 00:36 130736 ----a-w- c:\users\Online Accountants\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
                    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                    2013-05-25 00:36 130736 ----a-w- c:\users\Online Accountants\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
                    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                    2013-05-25 00:36 130736 ----a-w- c:\users\Online Accountants\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
                    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                    2013-05-25 00:36 130736 ----a-w- c:\users\Online Accountants\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
                    .
                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "GoogleChromeAutoLaunch_509769FFD9576E3798F033AFA121DD8E"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-10-09 844752]
                    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20474528]
                    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
                    .
                    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                    "KPNBackupOnline"="c:\program files\KPN Back-up Online\KPNBackupOnline.exe" [2013-03-26 13548856]
                    .
                    c:\users\Online Accountants\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                    Dropbox.lnk - c:\users\Online Accountants\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                    "ConsentPromptBehaviorAdmin"= 5 (0x5)
                    "ConsentPromptBehaviorUser"= 3 (0x3)
                    "EnableUIADesktopToggle"= 0 (0x0)
                    "PromptOnSecureDesktop"= 0 (0x0)
                    "HideFastUserSwitching"= 0 (0x0)
                    "EnableLinkedConnections"= 1 (0x1)
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
                    "EnableShellExecuteHooks"= 1 (0x1)
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                    "LoadAppInit_DLLs"=1 (0x1)
                    .
                    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
                    Notification Packages REG_MULTI_SZ DPPassFilter scecli
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUninstallURL]
                    start http://www.avg.com/ww.special-uninst...90&ver=9.0.872 [?]
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
                    c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer [X]
                    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
                    2012-03-28 01:27 309184 ----a-w- c:\users\Online Accountants\AppData\Local\Citrix\ICA Client\concentr.exe
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
                    2013-07-10 17:47 116648 ----atw- c:\users\Online Accountants\AppData\Local\Google\Update\GoogleUpdate.exe
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
                    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
                    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
                    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
                    "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
                    .
                    R2 CFUACProxy_hddv2usb3;CFUACProxy_hddv2usb3;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe;c:\program data\Clickfree\HDDV2USB3\UACProxy.exe [x]
                    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
                    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
                    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
                    R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.3.24474.0.sys;c:\windows\SYSNATIVE\DRIVERS\D isplayLinkUsbPort_5.3.24474.0.sys [x]
                    R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys;c:\windows\SYSNATIVE\DRIVERS\aabed2.sys [x]
                    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
                    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\ SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
                    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
                    R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys;c:\windows\SYSNATIVE\DRIVERS\HP8207_8307.sys [x]
                    R3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;c:\windows\system32\DRIVERS\lan9500-x64-n51f.sys;c:\windows\SYSNATIVE\DRIVERS\lan9500-x64-n51f.sys [x]
                    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
                    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
                    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
                    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
                    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNX T6.SYS [x]
                    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
                    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                    R3 vfsmrx;vfsmrx;c:\windows\System32\Drivers\vfsmrx.sys;c:\windows\SYSNATIVE\Drivers\vfsmrx.sys [x]
                    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
                    S0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x]
                    S0 AVPCIFilter;Avatron PCI Bus Device Filter;c:\windows\system32\DRIVERS\AVPCIFilter.sys;c:\windows\SYSNATIVE\DRIVERS\AVPCIFilter.sys [x]
                    S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c:\windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]
                    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x 64\1501000.012\SYMDS64.SYS [x]
                    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers \N360x64\1501000.012\SYMEFA64.SYS [x]
                    S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [x]
                    S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers \MCLIENTx64\0302020.00C\ccSetx64.sys [x]
                    S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N3 60x64\1501000.012\ccSetx64.sys [x]
                    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
                    S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys;c:\windows\SYSNATIVE\DRIVERS\dvmio.sys [x]
                    S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSVia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSVia64.sys [x]
                    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360 x64\1501000.012\Ironx64.SYS [x]
                    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\N360 x64\1501000.012\SYMNETS.SYS [x]
                    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AE STSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08 e\AESTSr64.exe [x]
                    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
                    S2 BecHelperService;BecHelperService;c:\program files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe;c:\program files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe [x]
                    S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
                    S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
                    S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
                    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
                    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
                    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
                    S2 KPN Back-up Online SC;KPN Back-up Online SC;c:\program files\KPN Back-up Online\BackupSC.exe;c:\program files\KPN Back-up Online\BackupSC.exe [x]
                    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
                    S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [x]
                    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [x]
                    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
                    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
                    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
                    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
                    S3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCard.sys [x]
                    S3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCardMi rror.sys [x]
                    S3 AirDisplayWDDM;AirDisplayWDDM;c:\windows\system32\DRIVERS\AVWDDMMiniPort.sys;c:\windows\SYSNATIVE\DR IVERS\AVWDDMMiniPort.sys [x]
                    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
                    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
                    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
                    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
                    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIV E\DRIVERS\ew_jubusenum.sys [x]
                    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
                    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
                    S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_dr iver_Intel.sys [x]
                    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
                    .
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
                    2010-01-22 09:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                    2013-10-18 09:05 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
                    .
                    Inhoud van de 'Gedeelde Taken' map
                    .
                    2013-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
                    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:54]
                    .
                    2013-08-31 c:\windows\Tasks\Defraggler Volume C Task.job
                    - c:\program files\Defraggler\df64.exe [2012-11-07 06:08]
                    .
                    2013-06-12 c:\windows\Tasks\Final Media Player Update Checker.job
                    - c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-03-12 17:40]
                    .
                    2013-06-12 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
                    - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-06-25 15:24]
                    .
                    2013-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 22:11]
                    .
                    2013-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 22:11]
                    .
                    2013-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3095922357-780651518-3130267696-1000Core.job
                    - c:\users\Online Accountants\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-11 17:47]
                    .
                    2013-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3095922357-780651518-3130267696-1000UA.job
                    - c:\users\Online Accountants\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-11 17:47]
                    .
                    2013-10-20 c:\windows\Tasks\HPCeeScheduleForCOOPFINANCE$.job
                    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
                    .
                    .
                    --------- X64 Entries -----------
                    .
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
                    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
                    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
                    2013-05-18 19:03 261704 ----a-w- c:\users\Online Accountants\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
                    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
                    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
                    2013-05-18 19:03 261704 ----a-w- c:\users\Online Accountants\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
                    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
                    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
                    2013-05-18 19:03 261704 ----a-w- c:\users\Online Accountants\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
                    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                    2013-05-25 00:36 164016 ----a-w- c:\users\Online Accountants\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
                    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                    2013-05-25 00:36 164016 ----a-w- c:\users\Online Accountants\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
                    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                    2013-05-25 00:36 164016 ----a-w- c:\users\Online Accountants\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
                    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                    2013-05-25 00:36 164016 ----a-w- c:\users\Online Accountants\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveBlacklistedOverlay]
                    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
                    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
                    2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedEditOverlay]
                    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedOverlay]
                    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
                    2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedEditOverlay]
                    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedOverlay]
                    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
                    2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedViewOverlay]
                    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
                    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
                    2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncedOverlay]
                    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
                    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
                    2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncingOverlay]
                    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
                    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
                    2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                    .
                    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
                    UxTuneUp
                    ezGOSvc
                    .
                    ------- Bijkomende Scan -------
                    .
                    uLocal Page = c:\windows\system32\blank.htm
                    uDefault_Search_URL = hxxp://www.google.com/ie
                    mDefault_Page_URL = about:blank
                    mStart Page = about:blank
                    uInternet Settings,ProxyOverride = *.local
                    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
                    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
                    IE: Afbeelding knippen - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
                    IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
                    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
                    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
                    IE: Kopieer selectie - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
                    IE: Kopieer URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
                    IE: Nieuwe notitie - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
                    IE: Pagina opemen - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
                    IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                    Trusted Zone: intelly.nl
                    Trusted Zone: intelly.nl\secure
                    TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
                    TCP: Interfaces\{0C346BF1-5F0B-4932-9A54-58C919063D9C}: NameServer = 194.151.228.2 194.151.228.50
                    TCP: Interfaces\{11319E3C-023F-4BC2-8458-5C801AC3C30F}: NameServer = 194.151.228.2 194.151.228.34
                    TCP: Interfaces\{17916EC8-8305-42EA-BDE9-F5DC69DDCF01}: NameServer = 62.133.126.28 62.133.126.29
                    TCP: Interfaces\{20835DAC-3959-48F8-8461-91B61C4EC2C3}: NameServer = 62.133.126.28 62.133.126.29
                    TCP: Interfaces\{7B76CD82-60E4-4DCC-B3DE-36E00ACB66DB}: NameServer = 194.151.228.34 194.151.228.18
                    .
                    - - - - ORPHANS VERWIJDERD - - - -
                    .
                    AddRemove-PDF Creator Packages - c:\users\Online Accountants\AppData\Roaming\PDF Creator Packages\uninstaller.exe
                    .
                    .
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MCLIENT]
                    "ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.2.12\diMaster.dll\" /prefetch:1"
                    --
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
                    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
                    "ImagePath"="\SystemRoot\system32\drivers\N360x64\1501000.012\SYMNETS.SYS"
                    "TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.1.0.18;c:\program files (x86)\Norton 360\Engine64\21.1.0.18"
                    .
                    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                    .
                    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
                    @Denied: (2) (LocalSystem)
                    "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"=hex:51,66,7a,6c,4c,1d,38,12,55,98,a7,
                    af,4f,e5,be,0b,ee,23,d0,bd,5f,fa,b2,8b
                    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
                    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
                    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
                    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
                    "{395610AE-C624-4F58-B89E-23733EA00F9A}"=hex:51,66,7a,6c,4c,1d,38,12,c0,13,45,
                    3d,16,88,36,0a,c7,88,60,33,3b,fe,4b,8e
                    "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
                    6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
                    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
                    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
                    "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
                    ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
                    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
                    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
                    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
                    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                    @Denied: (A 2) (Everyone)
                    @="FlashBroker"
                    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe ,-101"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                    "Enabled"=dword:00000001
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                    @Denied: (A 2) (Everyone)
                    @="IFlashBroker5"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                    @="{00020424-0000-0000-C000-000000000046}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    "Version"="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                    @Denied: (A 2) (Everyone)
                    @="FlashBroker"
                    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe ,-101"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                    "Enabled"=dword:00000001
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                    @Denied: (A 2) (Everyone)
                    @="Shockwave Flash Object"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
                    "ThreadingModel"="Apartment"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                    @="0"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                    @="ShockwaveFlash.ShockwaveFlash.11"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                    @="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                    @="ShockwaveFlash.ShockwaveFlash"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                    @Denied: (A 2) (Everyone)
                    @="Macromedia Flash Factory Object"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
                    "ThreadingModel"="Apartment"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                    @="FlashFactory.FlashFactory.1"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                    @="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                    @="FlashFactory.FlashFactory"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                    @Denied: (A 2) (Everyone)
                    @="IFlashBroker5"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                    @="{00020424-0000-0000-C000-000000000046}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    "Version"="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
                    @Denied: (A) (Everyone)
                    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
                    @Denied: (A) (Everyone)
                    .
                    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
                    "Key"="ActionsPane3"
                    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                    @Denied: (Full) (Everyone)
                    .
                    Voltooingstijd: 2013-11-04 20:48:02
                    ComboFix-quarantined-files.txt 2013-11-04 19:47
                    ComboFix2.txt 2013-11-01 14:36
                    ComboFix3.txt 2013-08-14 13:29
                    ComboFix4.txt 2013-07-26 23:38
                    ComboFix5.txt 2013-11-04 19:27
                    .
                    Pre-Run: 550.795.898.880 bytes beschikbaar
                    Post-Run: 550.348.988.416 bytes beschikbaar
                    .
                    - - End Of File - - EB7F25A25EB6828D8896BBAEA7FE64EF

                    Comment


                    • #11
                      Ik zie geen malware verder, hoe gaat het nu ?

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        Click image for larger version

Name:	Knipsel.GIF
Views:	1
Size:	5,3 KB
ID:	1067365

                        De computer blijft traag met reageren, het processor gebruik blijft hoog (zie bijlage, waarbij ik alleen een chrome scherm open heb staan en verder niets.

                        Comment


                        • #13
                          Download TDSSKiller en plaats het op je bureaublad.
                          • Voordat je TDSSKiller uitvoert is het raadzaam om de onderstaande handleiding van TDSSKiller te raadplegen.
                          • Dubbelklik op TDSSKiller.exe om de tool te starten. (Indien je TDSSKiller als ZIP bestand hebt gedownload dien je deze eerst uit te pakken).
                          • Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"
                          • Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.
                          • Start nu TDSSkiller opnieuw.
                          • Klik in het licentiescherm op "Accept" om door te gaan.
                          • Vervolgens krijgt u het scherm te zien van het "Kaspersky Security Network Statement" klik hier eveneens op "Accep".
                          • Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
                          • Klik op de knop "Start Scan" en volg de instructies.
                            • Gebruik nooit de "Delete" of "Quarantaine" optie bij een "Fail signature" melding.
                            • Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
                            • Voeg dit log-bestand als bijlage toe aan het volgende bericht.

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            TDSSKiller.2.8.16.0_06.11.2013_11.57.22_log.txt
                            Juisterr,

                            hierbij het gevraagde log bestand

                            Ik krijg nu regelmatig de melding dat de installatie van een stuurprogramma is mislukt.
                            Het is voor niet duidelijk welk stuurprogramma, en ik heb zelf niets ginstalleerd
                            Bijgevoegde Bestanden
                            Last edited by coopman; 06-11-13, 11:34. Reden: extra info

                            Comment


                            • #15
                              Download de Emsisoft Emergency Kit naar het bureaublad.
                              Klik hier voor de complete / uitgebreide handleiding van de Emsisoft Emergency Kit.

                              Emsisoft Emergency Kit uitvoeren
                              • Dubbelklik op "EmsisoftEmergencyKit.exe", wanneer u een melding krijgt van het gebruikersaccountbeheer staat u dit toe.
                              • Klik vervolgens op de knop "Accept & Extract" en de bestanden worden nu automatisch uitgepakt naar de systeemschijf "C:\EEK".
                              • Wanneer het uitpakken gereed is wordt er een snelkoppeling op het bureaublad aangemaakt en zal de Emsisoft Emergency Kit vanzelf openen.
                              • Klik nu op de optie "Emergency Kit Scanner" en wanneer u de melding "Wilt u nu updaten?" krijgt klikt u op "Ja".
                              • Wanneer de update gereed is klikt u in het linker menu op de optie "Computer Scannen".
                              • Kies vervolgens de optie "Diep", deze scan kan geruime tijd in beslag nemen en gebruik bij voorkeur de computer niet voor andere bezigheden tijdens de scan.
                              • Wanneer de scan gereed is zorg dat alle items staan aangevinkt en klik op de knop "Quarantaine".
                              • Klik vervolgens op de knop "Rapport bekijken" en plaats de inhoud van dit bestand in uw volgende bericht.


                              Emsisoft Emergency Kit logbestand plaatsen
                              • Voeg het logbestand met de naam "a2scan_130711-154142.txt" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in de map "C:\EEK\Run\Reports")
                              • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X