Mededeling

Collapse
No announcement yet.

Recentelijk veel BSoD gekregen en opeens trager dan voorheen.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Recentelijk veel BSoD gekregen en opeens trager dan voorheen.

    Hallo,

    Jullie zijn in het verleden al een paar keer de reddende engel geweest die mijn laptop net die extra jaren leven gegeven hebben en omdat ik met deze (2j oud) sinds kort problemen heb dacht ik hier nog eens te proberen.

    Tot voor kort waren het kleine dingetjes. Windows verkenner die crashte en opnieuw opstart, opstarttijd die over de 10min ging,... Maar sinds deze week crasht hij vaak en krijg ik een blauw scherm met witte letters dat snel weer verdwijnt (te snel om exact te lezen wat erop staat, maar iets van 'memory dump' staat er altijd bij). Beet googlen zei me dat wel eens 'Blue Screen of Death/Doom' genoemd wordt.
    Echt vervelend als hij telkens opnieuw opstart (zeker als het zo lang duurt).

    Ik heb de handleiding voor een schone pc gevolgd en hij start al iets sneller op nu, maar de BSoDs komen nog steeds, vandaar mijn post.

    Dit is het MBAM logje:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 30/08/2015
    Scan Time: 18:40
    Logfile: MBAMlog.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.08.30.01
    Rootkit Database: v2015.08.16.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Leandro

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 415380
    Time Elapsed: 26 min, 57 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.SProtector, HKLM\SOFTWARE\WOW6432NODE\SProtector, Quarantined, [837652bcb6d53006b01ebdbafe0654ac],
    PUP.Optional.Conduit, HKU\S-1-5-21-3225876579-3405291949-1122925917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1802B734-A167-4D42-905F-BCDBF0751BAD}, Quarantined, [58a12de13a51dc5ad0a9c8bb12f2c838],

    Registry Values: 2
    PUP.Optional.Conduit, HKU\S-1-5-21-3225876579-3405291949-1122925917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1802B734-A167-4D42-905F-BCDBF0751BAD}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468, Quarantined, [58a12de13a51dc5ad0a9c8bb12f2c838]
    PUP.Optional.Conduit, HKU\S-1-5-21-3225876579-3405291949-1122925917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1802B734-A167-4D42-905F-BCDBF0751BAD}|FaviconURL, http://search.conduit.com/favicon.ico, Quarantined, [36c3ab63523982b43f3a6320e71dd729]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Dit is de AdwCleaner log:

    # AdwCleaner v5.004 - Logfile created 30/08/2015 at 19:15:28
    # Updated 26/08/2015 by Xplode
    # Database : 2015-08-30.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Leandro - LEANDRO-TOSH
    # Running from : C:\Users\Leandro\Desktop\adwcleaner_5.004.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****

    [-] Service Deleted : vToolbarUpdater40.1.6

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files (x86)\Ss-Helper
    [-] Folder Deleted : C:\Program Files (x86)\WebConnect
    [-] Folder Deleted : C:\Program Files (x86)\WebSearch
    Folder Not Deleted : C:\Program Files (x86)\WebConnect
    [-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    [-] Folder Deleted : C:\ProgramData\AVG Secure Search
    [-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
    [-] Folder Deleted : C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\7xqzv7in.default-1384176856584\Extensions\[email protected]

    ***** [ Files ] *****

    [-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
    [-] File Deleted : C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\7xqzv7in.default-1384176856584\searchplugins\avg-secure-search.xml

    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\S
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_289822ec
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
    [-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
    [-] Key Deleted : HKCU\Software\AVG Secure Search
    [-] Key Deleted : HKCU\Software\Conduit
    [-] Key Deleted : HKCU\Software\Avg Secure Update
    [-] Key Deleted : HKLM\SOFTWARE\SP Global
    [-] Key Deleted : HKLM\SOFTWARE\Uniblue
    [-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update
    Key Not Deleted : [x64] HKCU\Software\AVG Secure Search
    Key Not Deleted : [x64] HKCU\Software\Conduit
    Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect
    Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
    Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Not Deleted : HKU\S-1-5-21-3225876579-3405291949-1122925917-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

    ***** [ Web browsers ] *****


    *************************

    :: Winsock settings cleared

    *************************

    C:\AdwCleaner[S1].txt - [11140 bytes] - [13/05/2013 10:06:40]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4500 bytes] ##########

    Dit is de DDS log:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.31.2
    Run by Leandro at 19:20:32 on 2015-08-30
    .
    ============== Running Processes ================
    .
    C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
    C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    C:\windows\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://mysearch.avg.com/?cid={821A7FDC-89A3-48C1-A32F-8DADC59C04AA}&mid=51f3d4d678df47d3a9a79d3bffb155cd-5c9b5f3f5e29f696ee04c5fbb7f00af07dbe8846&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715av&pr=fr&d=2015-07-17 00:05:15&v=4.1.4.948&pid=wtu&sg=&sap=hp
    mStart Page = hxxp://www.google.com
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
    uRunOnce: [Uninstall C:\Users\Leandro\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Leandro\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
    uRunOnce: [Uninstall C:\Users\Leandro\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] C:\windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Leandro\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
    uRunOnce: [Uninstall C:\Users\Leandro\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] C:\windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Leandro\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
    uRunOnce: [Uninstall C:\Users\Leandro\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] C:\windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Leandro\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
    dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{8329695A-CFDE-4F96-BBBC-B2746D1C31DC} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{8329695A-CFDE-4F96-BBBC-B2746D1C31DC}\14E6469627F62616 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8329695A-CFDE-4F96-BBBC-B2746D1C31DC}\3596475636F6D6931364643434 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{8329695A-CFDE-4F96-BBBC-B2746D1C31DC}\44D2C496E6B6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{8329695A-CFDE-4F96-BBBC-B2746D1C31DC}\4756C656E65647D25354345303 : DHCPNameServer = 195.130.131.4 195.130.130.132
    TCP: Interfaces\{8329695A-CFDE-4F96-BBBC-B2746D1C31DC}\F4F637475627233323 : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{A7BD4FD8-29F0-4903-9F65-29579062E109} : DHCPNameServer = 192.168.1.1 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
    x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\7xqzv7in.default-1384176856584\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? acsock;acsock
    R? AMD External Events Utility;AMD External Events Utility
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? FLEXnet Licensing Service 64;FLEXnet Licensing Service 64
    R? GFNEXSrv;GFNEX Service
    R? IEEtwCollectorService;Internet Explorer ETW Collector Service
    R? Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface
    R? Intel(R) ME Service;Intel(R) ME Service
    R? jhi_service;Intel(R) Dynamic Application Loader Host Interface Service
    R? MBAMService;MBAMService
    R? MBAMWebAccessControl;MBAMWebAccessControl
    R? NAUpdate;Nero Update
    R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
    R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
    R? RtsUIR;Realtek IR Driver
    R? SkypeUpdate;Skype Updater
    R? SolutoRemoteService;Soluto Remote Service
    R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
    R? ssadmdfl;SAMSUNG Android USB Modem (Filter)
    R? ssadmdm;SAMSUNG Android USB Modem Drivers
    R? ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM)
    R? TDEIO;TDEIO
    R? TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO)
    R? TMachInfo;TMachInfo
    R? TOSHIBA eco Utility Service;TOSHIBA eco Utility Service
    R? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service
    R? TPCHSrv;TPCH Service
    R? TsUsbFlt;TsUsbFlt
    R? TsUsbGD;Remote Desktop Generic USB Device
    R? UNS;Intel(R) Management and Security Application User Notification Service
    R? vpnagent;Cisco AnyConnect Secure Mobility Agent
    R? WatAdminSvc;Windows Activation Technologies Service
    R? wlcrasvc;Windows Live Mesh remote connections service
    S? AtiHDAudioService;AMD Function Driver for HD Audio Service
    S? Avgdiska;AVG Disk Driver
    S? AVGIDSAgent;AVGIDSAgent
    S? AVGIDSDriver;AVGIDSDriver
    S? AVGIDSHA;AVGIDSHA
    S? Avgldx64;AVG AVI Loader Driver
    S? Avgloga;AVG Logging Driver
    S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
    S? Avgrkx64;AVG Anti-Rootkit Driver
    S? Avgtdia;AVG TDI Driver
    S? avgwd;AVG WatchDog
    S? cpuz136;cpuz136
    S? DiagTrack;Diagnostics Tracking Service
    S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
    S? iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver
    S? iusb3hub;Intel(R) USB 3.0 Hub Driver
    S? iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver
    S? MBAMProtector;MBAMProtector
    S? NBVol;Nero Backup Volume Filter Driver
    S? NBVolUp;Nero Backup Volume Upper Filter Driver
    S? PGEffect;Pangu effect driver
    S? RtkBtFilter;Realtek Bluetooth Filter Driver
    S? RTL8167;Realtek 8167 NT Driver
    S? RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver
    S? Soluto;Soluto
    S? SolutoLauncherService;Soluto Launcher Service
    S? SolutoService;Soluto PCGenome Core Service
    S? TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver
    S? WtuSystemSupport;WtuSystemSupport
    .
    =============== File Associations ===============
    .
    ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2015-08-30 17:14:19 -------- d-----w- C:\AdwCleaner
    2015-08-20 01:00:39 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2015-08-20 01:00:39 2724864 ----a-w- C:\windows\System32\mshtml.tlb
    2015-08-12 01:15:28 124624 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2015-08-12 01:15:28 103120 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-08-11 22:29:28 82432 ----a-w- C:\windows\SysWow64\davclnt.dll
    2015-08-11 22:28:59 93184 ----a-w- C:\windows\SysWow64\wudriver.dll
    .
    ==================== Find3M ====================
    .
    2015-08-30 16:40:01 113880 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
    2015-08-12 22:01:14 778440 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2015-08-12 22:01:14 142536 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-07-30 18:06:57 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
    2015-07-30 18:06:57 1648128 ----a-w- C:\windows\System32\DWrite.dll
    2015-07-30 18:06:57 1180160 ----a-w- C:\windows\System32\FntCache.dll
    2015-07-30 18:06:42 41984 ----a-w- C:\windows\System32\lpk.dll
    2015-07-30 18:06:39 100864 ----a-w- C:\windows\System32\fontsub.dll
    2015-07-30 18:06:35 14336 ----a-w- C:\windows\System32\dciman32.dll
    2015-07-30 18:06:34 46080 ----a-w- C:\windows\System32\atmlib.dll
    2015-07-30 17:57:30 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
    2015-07-30 17:57:30 1251328 ----a-w- C:\windows\SysWow64\DWrite.dll
    2015-07-30 17:57:08 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
    2015-07-30 17:57:05 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
    2015-07-30 17:57:02 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2015-07-30 17:55:56 25600 ----a-w- C:\windows\SysWow64\lpk.dll
    2015-07-30 16:56:07 3208192 ----a-w- C:\windows\System32\win32k.sys
    2015-07-30 16:52:53 372736 ----a-w- C:\windows\System32\atmfd.dll
    2015-07-30 16:49:55 299520 ----a-w- C:\windows\SysWow64\atmfd.dll
    2015-07-28 20:09:44 17344 ----a-w- C:\windows\System32\CompatTelRunner.exe
    2015-07-28 20:05:53 774656 ----a-w- C:\windows\System32\invagent.dll
    2015-07-28 20:05:50 743424 ----a-w- C:\windows\System32\generaltel.dll
    2015-07-28 20:05:47 437760 ----a-w- C:\windows\System32\devinv.dll
    2015-07-28 20:05:45 1116672 ----a-w- C:\windows\System32\appraiser.dll
    2015-07-28 20:05:44 69120 ----a-w- C:\windows\System32\acmigration.dll
    2015-07-28 20:05:44 227328 ----a-w- C:\windows\System32\aepdu.dll
    2015-07-28 19:55:14 1148416 ----a-w- C:\windows\System32\aeinv.dll
    2015-07-20 18:12:45 98304 ----a-w- C:\windows\System32\wudriver.dll
    2015-07-20 18:12:45 3154944 ----a-w- C:\windows\System32\wucltux.dll
    2015-07-20 18:12:45 192000 ----a-w- C:\windows\System32\wuwebv.dll
    2015-07-20 18:12:16 91136 ----a-w- C:\windows\System32\WinSetupUI.dll
    2015-07-20 18:12:05 12288 ----a-w- C:\windows\System32\wu.upgrade.ps.dll
    2015-07-20 18:12:02 37376 ----a-w- C:\windows\System32\wuapp.exe
    2015-07-20 17:56:49 173056 ----a-w- C:\windows\SysWow64\wuwebv.dll
    2015-07-20 17:56:08 34816 ----a-w- C:\windows\SysWow64\wuapp.exe
    2015-07-16 20:54:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
    2015-07-16 20:37:26 66560 ----a-w- C:\windows\System32\iesetup.dll
    2015-07-16 20:36:31 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
    2015-07-16 20:36:22 417792 ----a-w- C:\windows\System32\html.iec
    2015-07-16 20:36:21 584192 ----a-w- C:\windows\System32\vbscript.dll
    2015-07-16 20:35:40 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
    2015-07-16 20:26:00 5923328 ----a-w- C:\windows\System32\jscript9.dll
    2015-07-16 20:21:50 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
    2015-07-16 20:21:47 144384 ----a-w- C:\windows\System32\ieUnatt.exe
    2015-07-16 20:21:25 814080 ----a-w- C:\windows\System32\jscript9diag.dll
    2015-07-16 20:12:23 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
    2015-07-16 20:00:07 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
    2015-07-16 19:51:47 504320 ----a-w- C:\windows\SysWow64\vbscript.dll
    2015-07-16 19:51:46 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
    2015-07-16 19:50:54 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
    2015-07-16 19:50:38 341504 ----a-w- C:\windows\SysWow64\html.iec
    2015-07-16 19:49:37 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
    2015-07-16 19:39:20 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2015-07-16 19:38:51 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
    2015-07-16 19:33:23 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
    2015-07-16 19:32:53 2125824 ----a-w- C:\windows\System32\inetcpl.cpl
    2015-07-16 19:24:03 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2015-07-16 19:12:42 2427904 ----a-w- C:\windows\System32\wininet.dll
    2015-07-16 19:12:39 4520448 ----a-w- C:\windows\SysWow64\jscript9.dll
    2015-07-16 19:12:22 37376 ----a-w- C:\windows\SysWow64\tsgqec.dll
    2015-07-16 19:12:21 4922368 ----a-w- C:\windows\SysWow64\mstscax.dll
    2015-07-16 19:12:17 269824 ----a-w- C:\windows\SysWow64\aaclient.dll
    2015-07-16 19:11:18 44032 ----a-w- C:\windows\System32\tsgqec.dll
    2015-07-16 19:11:17 5779456 ----a-w- C:\windows\System32\mstscax.dll
    2015-07-16 19:11:09 322560 ----a-w- C:\windows\System32\aaclient.dll
    2015-07-16 19:06:06 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2015-07-16 19:05:15 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
    2015-07-16 18:42:02 1951232 ----a-w- C:\windows\SysWow64\wininet.dll
    2015-07-15 18:15:12 5568960 ----a-w- C:\windows\System32\ntoskrnl.exe
    2015-07-15 18:15:11 94656 ----a-w- C:\windows\System32\drivers\mountmgr.sys
    2015-07-15 18:15:10 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
    2015-07-15 18:15:10 155584 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
    2015-07-15 18:12:09 1730496 ----a-w- C:\windows\System32\ntdll.dll
    2015-07-15 18:11:14 362496 ----a-w- C:\windows\System32\wow64win.dll
    2015-07-15 18:11:14 243712 ----a-w- C:\windows\System32\wow64.dll
    2015-07-15 18:11:14 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2015-07-15 18:11:13 215040 ----a-w- C:\windows\System32\winsrv.dll
    2015-07-15 18:11:01 210944 ----a-w- C:\windows\System32\wdigest.dll
    2015-07-15 18:09:57 338432 ----a-w- C:\windows\System32\conhost.exe
    2015-07-15 18:09:52 64000 ----a-w- C:\windows\System32\auditpol.exe
    2015-07-15 18:05:47 60416 ----a-w- C:\windows\System32\msobjs.dll
    2015-07-15 18:05:26 146432 ----a-w- C:\windows\System32\msaudite.dll
    2015-07-15 17:59:45 3989952 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2015-07-15 17:59:45 3934656 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2015-07-15 17:56:24 1311768 ----a-w- C:\windows\SysWow64\ntdll.dll
    2015-07-15 17:55:07 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
    2015-07-15 17:55:04 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
    2015-07-15 17:55:02 43008 ----a-w- C:\windows\SysWow64\srclient.dll
    2015-07-15 17:55:00 248832 ----a-w- C:\windows\SysWow64\schannel.dll
    2015-07-15 17:55:00 22016 ----a-w- C:\windows\SysWow64\secur32.dll
    2015-07-15 17:54:56 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2015-07-15 17:54:55 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2015-07-15 17:54:54 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
    2015-07-15 17:54:49 552960 ----a-w- C:\windows\SysWow64\kerberos.dll
    2015-07-15 17:54:43 36864 ----a-w- C:\windows\SysWow64\cryptbase.dll
    2015-07-15 17:54:43 17408 ----a-w- C:\windows\SysWow64\credssp.dll
    2015-07-15 17:54:40 44032 ----a-w- C:\windows\apppatch\acwow64.dll
    2015-07-15 17:54:22 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2015-07-15 17:53:53 50176 ----a-w- C:\windows\SysWow64\auditpol.exe
    2015-07-15 17:53:37 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    .
    ============= FINISH: 19:23:44.58 ===============

    En dit is de GMER log:

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2015-08-30 19:44:47
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 596.17GB
    Running: 6yn601r0.exe; Driver: C:\Users\Leandro\AppData\Local\Temp\pwrirpow.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000756e1401 2 bytes JMP 776db20b C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000756e1419 2 bytes JMP 776db336 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000756e1431 2 bytes JMP 77758f39 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000756e144a 2 bytes CALL 776b4885 C:\windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756e14dd 2 bytes JMP 77758832 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756e14f5 2 bytes JMP 77758a08 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000756e150d 2 bytes JMP 77758728 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000756e1525 2 bytes JMP 77758af2 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000756e153d 2 bytes JMP 776cfc98 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000756e1555 2 bytes JMP 776d68df C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000756e156d 2 bytes JMP 77758ff1 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000756e1585 2 bytes JMP 77758b52 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000756e159d 2 bytes JMP 777586ec C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756e15b5 2 bytes JMP 776cfd31 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756e15cd 2 bytes JMP 776db2cc C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756e16b2 2 bytes JMP 77758eb4 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2032] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756e16bd 2 bytes JMP 77758681 C:\windows\syswow64\kernel32.dll
    .text C:\windows\system32\SearchIndexer.exe[3448] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077addc30 5 bytes JMP 0000000077c40128
    .text C:\windows\system32\SearchIndexer.exe[3448] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077addd50 5 bytes JMP 0000000077c40018
    .text C:\windows\system32\svchost.exe[4432] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077addc30 5 bytes JMP 0000000177a80128
    .text C:\windows\system32\svchost.exe[4432] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077addd50 5 bytes JMP 0000000177a80018
    .text C:\windows\system32\svchost.exe[4432] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007788db10 1 byte JMP 0000000077a800a0
    .text C:\windows\system32\svchost.exe[4432] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007788db12 3 bytes {JMP 0x1f2590}
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4480] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077addc30 5 bytes JMP 0000000077c40128
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4480] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077addd50 5 bytes JMP 0000000077c40018
    .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077addc30 5 bytes JMP 0000000077c40128
    .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077addd50 5 bytes JMP 0000000077c40018
    .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4584] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007788db10 1 byte JMP 0000000077c400a0
    .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4584] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007788db12 3 bytes {JMP 0x3b2590}
    .text C:\windows\system32\SearchProtocolHost.exe[4688] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077addc30 5 bytes JMP 0000000077c40128
    .text C:\windows\system32\SearchProtocolHost.exe[4688] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077addd50 5 bytes JMP 0000000077c40018
    .text C:\windows\system32\SearchProtocolHost.exe[4688] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007788db10 1 byte JMP 0000000077c400a0
    .text C:\windows\system32\SearchProtocolHost.exe[4688] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007788db12 3 bytes {JMP 0x3b2590}
    .text C:\windows\System32\svchost.exe[4776] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077addc30 5 bytes JMP 0000000177a80128
    .text C:\windows\System32\svchost.exe[4776] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077addd50 5 bytes JMP 0000000177a80018
    .text C:\windows\System32\svchost.exe[4776] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007788db10 1 byte JMP 0000000077a800a0
    .text C:\windows\System32\svchost.exe[4776] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007788db12 3 bytes {JMP 0x1f2590}
    .text C:\windows\SysWOW64\ctfmon.exe[5108] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077c8fc90 5 bytes JMP 00000001747919c0
    .text C:\windows\SysWOW64\ctfmon.exe[5108] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c8fe54 5 bytes JMP 00000001747915e0
    .text C:\windows\SysWOW64\ctfmon.exe[5108] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000776c3b93 5 bytes JMP 0000000174791750
    .text C:\windows\system32\DllHost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077addc30 5 bytes JMP 0000000077c40128
    .text C:\windows\system32\DllHost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077addd50 5 bytes JMP 0000000077c40018
    .text C:\windows\system32\DllHost.exe[5104] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007788db10 1 byte JMP 0000000077c400a0
    .text C:\windows\system32\DllHost.exe[5104] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007788db12 3 bytes {JMP 0x3b2590}
    .text C:\Windows\System32\StikyNot.exe[2760] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077addc30 5 bytes JMP 0000000077c40128
    .text C:\Windows\System32\StikyNot.exe[2760] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077addd50 5 bytes JMP 0000000077c40018
    .text C:\Windows\System32\StikyNot.exe[2760] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007788db10 1 byte JMP 0000000077c400a0
    .text C:\Windows\System32\StikyNot.exe[2760] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007788db12 3 bytes {JMP 0x3b2590}
    .text C:\windows\system32\TODDSrv.exe[5052] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077addc30 5 bytes JMP 0000000077c40128
    .text C:\windows\system32\TODDSrv.exe[5052] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077addd50 5 bytes JMP 0000000077c40018
    .text C:\windows\system32\TODDSrv.exe[5052] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007788db10 1 byte JMP 0000000077c400a0
    .text C:\windows\system32\TODDSrv.exe[5052] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007788db12 3 bytes {JMP 0x3b2590}
    .text C:\windows\servicing\TrustedInstaller.exe[3684] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077addc30 5 bytes JMP 0000000077c40128
    .text C:\windows\servicing\TrustedInstaller.exe[3684] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077addd50 5 bytes JMP 0000000077c40018
    .text C:\windows\servicing\TrustedInstaller.exe[3684] C:\windows\system32\kernel32.dll!CreateProcessInternalW 000000007788db10 1 byte JMP 0000000077c400a0
    .text C:\windows\servicing\TrustedInstaller.exe[3684] C:\windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007788db12 3 bytes {JMP 0x3b2590}

    ---- Threads - GMER 2.1 ----

    Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [3340:3112] 000007feec63c680
    Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3352:5004] 000007feeca2838c
    Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3352:5012] 000007feec63c680

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\24ec993cdd62
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\24ec993cdd62 (not active ControlSet)

    ---- EOF - GMER 2.1 ----

    Ik blijf zeker ter beschikking voor bijkomende info te verstrekken of aangeraadde stappen te ondernemen.

    Alvast enorm bedankt om jullie tijd hier in te stoppen.
    Wordt enorm hard geapprecieerd.

    Leand

  • #2
    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
    (hier en hier) kan je lezen hoe je dat doet.

    Download Zoek.exe naar het bureaublad (klik hier voor meer informatie over hoe zoek.exe te gebruiken)
    • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
    • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
      Code:
       
      emptyfolderscheck;
      firefoxlook; 
      Chromelook; 
      CHRdefaults;
      autoclean; 
      iedefaults;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Ik heb je instructies gevolgd.

      Hier is het resultaat:

      zoek-results.txt

      Comment


      • #4
        Ziet er goed uit, hoe is het met de problemen?

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Opstart tijd gehalveerd en ondertussen geen blauw scherm meer gekregen.

          Moest het toch nog gebeuren (als in, deze week) zal ik het dan nog even melden of is het zo in orde?

          Cheers,

          Comment


          • #6
            Graag.

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Er is meer dan een week voorbij gegaan nu.
              Geen blauw scherm meer gekregen, geen crashes en nog steeds een mooie opstarttijd.

              Bedankt voor de hulp!
              Ik denk dat hier een slotje op mag, tenzij jij nog iets kan bedenken?

              Cheers,

              Comment


              • #8
                Download Delfix by Xplode naar het bureaublad.

                KLIK HIER voor een vergroting!
                (Klik bovenstaande afbeelding aan voor een vergroting!)

                Dubbelklik op Delfix.exe om de tool te starten.
                Zet nu vinkjes voor de volgende items:
                • Remove disinfection tools
                • Purge System Restore
                • Reset system settings

                Klik nu op "Run" en wacht geduldig tot de tool gereed is.
                Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.


                Bescherming tegen ongewenste software.

                Unchecky voorkomt installatie van ongewenste software

                Dubbelklik op het installatiebestand unchecky_setup.exe om de installatie te starten.
                In het scherm wat nu verschijnt kunt u voor meer opties kiezen, op deze manier kunt u zelf de locatie instellen waar Unchecky geïnstalleerd dien te worden.
                Klik vervolgens op de knop Install om Unchecky te installeren.
                Wanneer de installatie van Unchecky gereed is klikt u op Finish.
                Start na de installatie wel even de computer opnieuw op, dit om de wijzigingen in het hostsbestand van Windows door te voeren.



                Misschien ook beter om Hitmanproalert te installeren. Alert
                Uitleg hieronder.
                Uitleg

                Windows 10 opstarten in Veilige Modus

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X