Melding computerproblemen

Via PB het volgende bericht van jou ontvangen:

Kan weer het logje niet plaatsten, weer foutmeldingen.
Blijft hangen met verbinden en komt dan met foutmelding.


Fouten
De volgende fouten zijn opgetreden tijdens het versturen van dit bericht

Je bericht bevat 33 afbeeldingen. Je mag slechts 15 afbeeldingen invoegen. Ga terug, verhelp het probleem en probeer het opnieuw.

Onder afbeeldingen vallen ook smileys, de vB-code en de HTML-code <img>. Je kunt deze onderdelen alleen gebruiken als ze door de beheerder zijn ingeschakeld.[/QUOTE]


Ben je al weer vergeten dat Zippyshare ook bestaat.
En als je de volgende keer me weer een PB stuurt in plaats van het probleem in je topic te vermelden, zal ik die PB negeren!

Klik om te vergroten...

We gaan Eset verwijderen!


Stap 1
Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programmas\Bureau-accessoires\Kladblok (of Notepad)".

Kopieer en plak de volgende (blauwe tekst in het code-venster) in het lege kladblokvenster.



Sla dit kladblokbestand op je bureaublad op als CFScript.txt.

Nu eerst de antivirus en eventuele spywarescanners deaktiveren!
Zorg ook ervoor dat alle andere openstaande vensters gesloten zijn, ook de webbrowser.


Sleep CFScript.txt in ComboFix.exe




Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!
Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in C:\Combofix.txt

Belangrijke opmerking:

• Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
• Start dan de computer opnieuw op.

Het kan na opstarten van ComboFix gebeuren dat er een melding komt:

- of ComboFix wil geupdated worden;
- of ComboFix wil opnieuw gedownload worden.

Krijg je dus zo'n melding, dan dit ook uitvoeren.
Post de inhoud van het log wederom via de kleurcodeerder.


Stap 2
Download: Wise Registry Cleaner

Na downloaden het tool installeren via rechtsklik "Als administrator uitvoeren".

Bij de installatie van het Wise tool wel even opletten: bij het aanbod van Spyhunter klik je op de Decline-knop.


Het Windows register optimaliseren met Wise Registry Cleaner
Start dit tool met administratorrechten.

Klik in het menu op Veilig.

Klik daarna op de op de groene knop Start Scan.
Daarna op Start Opruimen.

Vervolgens klik je bovenin op Register Defrag en start deze.
Is het tool klaar dan zal het aangeven dat Windows opnieuw opgestart dient te worden, zodat het register weer als n blok op de harde schijf komt te staan.

Let op: tijdens de register-analysefase mag er geen enkel programma openstaan of gebruikt worden; laat de computer tijdens die fase met rust.

[hjt]
combofix 16-08-21.02 - ron 24-08-2016 8:05.3.2 - x64
microsoft windows 7 ultimate 6.1.7601.1.1252.31.1043.18.4095.2646 [gmt 2:00]
gestart vanuit: l:\combofix.exe
gebruikte opdracht switches :: c:\users\ron\desktop\cfscript.txt
av: eset nod32 antivirus 8.0 *disabled/updated* {19259fae-8396-a113-46db-15b0e7dfa289}
av: panda free antivirus *disabled/updated* {46aefd02-aca3-e038-1fa5-4a15efd361e0}
fw: panda firewall *disabled* {7e957c27-e6cc-e160-34fa-e3201100269b}
sp: eset nod32 antivirus 8.0 *disabled/updated* {a2447e4a-a5ac-ae9d-7c6b-2ec29c58e834}
sp: panda free antivirus *disabled/updated* {fdcf1ce6-8a99-efb6-2515-716794542b5d}
sp: windows defender *disabled/outdated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
* nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\eset
c:\program files\eset\eset nod32 antivirus\callmsi.exe
c:\program files\eset\eset nod32 antivirus\dmon.dll
c:\program files\eset\eset nod32 antivirus\drivers\eamonm\eamonm.cat
c:\program files\eset\eset nod32 antivirus\drivers\eamonm\eamonm.inf
c:\program files\eset\eset nod32 antivirus\drivers\eamonm\eamonm.sys
c:\program files\eset\eset nod32 antivirus\drivers\edevmon\edevmon.cat
c:\program files\eset\eset nod32 antivirus\drivers\edevmon\edevmon.inf
c:\program files\eset\eset nod32 antivirus\drivers\edevmon\edevmon.sys
c:\program files\eset\eset nod32 antivirus\drivers\ehdrv\ehdrv.cat
c:\program files\eset\eset nod32 antivirus\drivers\ehdrv\ehdrv.inf
c:\program files\eset\eset nod32 antivirus\drivers\ehdrv\ehdrv.sys
c:\program files\eset\eset nod32 antivirus\drivers\epfwwfpr\epfwwfpr.cat
c:\program files\eset\eset nod32 antivirus\drivers\epfwwfpr\epfwwfpr.inf
c:\program files\eset\eset nod32 antivirus\drivers\epfwwfpr\epfwwfpr.sys
c:\program files\eset\eset nod32 antivirus\ecls.exe
c:\program files\eset\eset nod32 antivirus\eclslang.dll
c:\program files\eset\eset nod32 antivirus\ecmd.exe
c:\program files\eset\eset nod32 antivirus\eeclnt.exe
c:\program files\eset\eset nod32 antivirus\egui.exe
c:\program files\eset\eset nod32 antivirus\eguiamon.dll
c:\program files\eset\eset nod32 antivirus\eguiamonlang.dll
c:\program files\eset\eset nod32 antivirus\eguidevmon.dll
c:\program files\eset\eset nod32 antivirus\eguidevmonlang.dll
c:\program files\eset\eset nod32 antivirus\eguidmon.dll
c:\program files\eset\eset nod32 antivirus\eguidmonlang.dll
c:\program files\eset\eset nod32 antivirus\eguiemon.dll
c:\program files\eset\eset nod32 antivirus\eguiemonlang.dll
c:\program files\eset\eset nod32 antivirus\eguiepfw.dll
c:\program files\eset\eset nod32 antivirus\eguiepfwlang.dll
c:\program files\eset\eset nod32 antivirus\eguihips.dll
c:\program files\eset\eset nod32 antivirus\eguihipslang.dll
c:\program files\eset\eset nod32 antivirus\eguilang.dll
c:\program files\eset\eset nod32 antivirus\eguimailplugins.dll
c:\program files\eset\eset nod32 antivirus\eguimailpluginslang.dll
c:\program files\eset\eset nod32 antivirus\eguiproduct.dll
c:\program files\eset\eset nod32 antivirus\eguiproductrcd.dll
c:\program files\eset\eset nod32 antivirus\eguiscan.dll
c:\program files\eset\eset nod32 antivirus\eguiscanlang.dll
c:\program files\eset\eset nod32 antivirus\eguiupdate.dll
c:\program files\eset\eset nod32 antivirus\eguiupdatelang.dll
c:\program files\eset\eset nod32 antivirus\eh64.exe
c:\program files\eset\eset nod32 antivirus\ekrndmonlang.dll
c:\program files\eset\eset nod32 antivirus\ekrnepfwlang.dll
c:\program files\eset\eset nod32 antivirus\ekrnhipslang.dll
c:\program files\eset\eset nod32 antivirus\ekrnlang.dll
c:\program files\eset\eset nod32 antivirus\ekrnmailpluginslang.dll
c:\program files\eset\eset nod32 antivirus\ekrnscanlang.dll
c:\program files\eset\eset nod32 antivirus\ekrnupdatelang.dll
c:\program files\eset\eset nod32 antivirus\em000_32.dat
c:\program files\eset\eset nod32 antivirus\em000_64.dat
c:\program files\eset\eset nod32 antivirus\em001_32.dat
c:\program files\eset\eset nod32 antivirus\em002_32.dat
c:\program files\eset\eset nod32 antivirus\em003_32.dat
c:\program files\eset\eset nod32 antivirus\em004_32.dat
c:\program files\eset\eset nod32 antivirus\em005_32.dat
c:\program files\eset\eset nod32 antivirus\em006_32.dat
c:\program files\eset\eset nod32 antivirus\em006_64.dat
c:\program files\eset\eset nod32 antivirus\em009_32.dat
c:\program files\eset\eset nod32 antivirus\em009_64.dat
c:\program files\eset\eset nod32 antivirus\em015_32.dat
c:\program files\eset\eset nod32 antivirus\em015_64.dat
c:\program files\eset\eset nod32 antivirus\em017_32.dat
c:\program files\eset\eset nod32 antivirus\em017_64.dat
c:\program files\eset\eset nod32 antivirus\em018_32.dat
c:\program files\eset\eset nod32 antivirus\em018_64.dat
c:\program files\eset\eset nod32 antivirus\em019_32.dat
c:\program files\eset\eset nod32 antivirus\em022_32.dat
c:\program files\eset\eset nod32 antivirus\em023_32.dat
c:\program files\eset\eset nod32 antivirus\em024_32.dat
c:\program files\eset\eset nod32 antivirus\em028_64.dat
c:\program files\eset\eset nod32 antivirus\em031_32.dat
c:\program files\eset\eset nod32 antivirus\em034_32.dat
c:\program files\eset\eset nod32 antivirus\em041_32.dat
c:\program files\eset\eset nod32 antivirus\em042_32.dat
c:\program files\eset\eset nod32 antivirus\em042_64.dat
c:\program files\eset\eset nod32 antivirus\eplghooks.dll
c:\program files\eset\eset nod32 antivirus\eplgoe.dll
c:\program files\eset\eset nod32 antivirus\eplgoeemon.dll
c:\program files\eset\eset nod32 antivirus\eplgoelang.dll
c:\program files\eset\eset nod32 antivirus\eplgoutlook.dll
c:\program files\eset\eset nod32 antivirus\eplgoutlookemon.dll
c:\program files\eset\eset nod32 antivirus\eplgoutlookemonlang.dll
c:\program files\eset\eset nod32 antivirus\eplgoutlooklang.dll
c:\program files\eset\eset nod32 antivirus\eset.chm
c:\program files\eset\eset nod32 antivirus\eula.html
c:\program files\eset\eset nod32 antivirus\eula.rtf
c:\program files\eset\eset nod32 antivirus\mfc110u.dll
c:\program files\eset\eset nod32 antivirus\msvcp110.dll
c:\program files\eset\eset nod32 antivirus\msvcr110.dll
c:\program files\eset\eset nod32 antivirus\notice
c:\program files\eset\eset nod32 antivirus\shellext.dll
c:\program files\eset\eset nod32 antivirus\shellextlang.dll
c:\program files\eset\eset nod32 antivirus\speclean.exe
c:\program files\eset\eset nod32 antivirus\sysinspector.exe
c:\program files\eset\eset nod32 antivirus\sysinspectorlang.dll
c:\program files\eset\eset nod32 antivirus\sysrescue.exe
c:\program files\eset\eset nod32 antivirus\sysrescuelang.dll
c:\program files\eset\eset nod32 antivirus\toastnotify.dll
c:\program files\eset\eset nod32 antivirus\updater.dll
c:\program files\eset\eset nod32 antivirus\x86\certimporter-1362.exe
c:\program files\eset\eset nod32 antivirus\x86\dmon.dll
c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe
c:\program files\eset\eset nod32 antivirus\x86\ekrnamon.dll
c:\program files\eset\eset nod32 antivirus\x86\ekrndevmon.dll
c:\program files\eset\eset nod32 antivirus\x86\ekrndmon.dll
c:\program files\eset\eset nod32 antivirus\x86\ekrnemon.dll
c:\program files\eset\eset nod32 antivirus\x86\ekrnepfw.dll
c:\program files\eset\eset nod32 antivirus\x86\ekrnhips.dll
c:\program files\eset\eset nod32 antivirus\x86\ekrnmailplugins.dll
c:\program files\eset\eset nod32 antivirus\x86\ekrnscan.dll
c:\program files\eset\eset nod32 antivirus\x86\ekrnupdate.dll
c:\program files\eset\eset nod32 antivirus\x86\emodcmd.exe
c:\program files\eset\eset nod32 antivirus\x86\eplgoe.dll
c:\program files\eset\eset nod32 antivirus\x86\eplgoeemon.dll
c:\program files\eset\eset nod32 antivirus\x86\eplgoutlook.dll
c:\program files\eset\eset nod32 antivirus\x86\eplgoutlookemon.dll
c:\program files\eset\eset nod32 antivirus\x86\msvcp110.dll
c:\program files\eset\eset nod32 antivirus\x86\msvcr110.dll
c:\program files\eset\eset nod32 antivirus\x86\shellext.dll
c:\program files\eset\eset nod32 antivirus\x86\updater.dll
c:\program files\eset\eset nod32 antivirus\x86\upgrade.exe
c:\users\all users\eset
c:\users\ron\appdata\local\eset
.
.
((((((((((((((((((((((((((((((((((((((( drivers/services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\service_ekrn
-------\service_ekrn
.
.
(((((((((((((((((((( bestanden gemaakt van 2016-07-24 to 2016-08-24 ))))))))))))))))))))))))))))))
.
.
2016-08-24 06:15 . 2016-08-24 06:15 -------- d-----w- c:\users\gast\appdata\local\temp
2016-08-24 06:15 . 2016-08-24 06:15 -------- d-----w- c:\users\default\appdata\local\temp
2016-08-24 05:51 . 2016-08-24 05:51 -------- d-----w- c:\06d29734d8f910c077d0173a541740
2016-08-24 05:50 . 2016-08-24 05:50 -------- d-----w- c:\program files\common files\designer
2016-08-24 05:19 . 2015-05-22 08:45 61712 ----a-w- c:\windows\system32\drivers\pskmad.sys
2016-08-22 14:51 . 2016-08-22 14:51 -------- d-----w- c:\users\ron\appdata\roaming\panda security
2016-08-22 14:50 . 2016-08-22 14:51 -------- d-----w- c:\program files (x86)\panda security
2016-08-22 14:49 . 2016-08-22 14:51 -------- d-----w- c:\programdata\panda security
2016-08-18 07:09 . 2016-08-18 07:11 -------- d-----w- c:\adwcleaner
2016-08-11 13:39 . 2016-08-11 13:39 432416 ----a-w- c:\program files\common files\microsoft shared\office16\liclua.exe
2016-08-11 13:36 . 2016-08-11 13:36 30976 ----a-w- c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig.companion.dll
2016-08-11 13:26 . 2016-08-11 13:26 251096 ----a-w- c:\program files\common files\microsoft shared\source engine\ose.exe
2016-08-05 09:18 . 2016-08-14 09:57 -------- d-----w- c:\frst
2016-08-03 07:17 . 2016-08-19 07:57 192216 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2016-08-03 07:17 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-08-03 07:17 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-08-03 07:17 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-08-02 18:06 . 2016-08-02 18:11 -------- d-----w- c:\programdata\360quarant
2016-08-02 18:05 . 2016-08-02 19:55 -------- d-----w- c:\program files (x86)\common files\av
2016-08-02 05:11 . 2016-08-02 05:11 -------- d-----w- c:\623616984ef2a055f3c010
2016-07-29 14:21 . 2016-07-29 14:21 -------- d-----w- c:\programdata\avs4you
2016-07-29 14:21 . 2016-07-29 14:21 -------- d-----w- c:\users\ron\appdata\roaming\avs4you
2016-07-29 14:20 . 2010-05-11 11:17 24576 ----a-w- c:\windows\syswow64\msxml3a.dll
2016-07-29 14:20 . 2010-05-11 11:17 1700352 ----a-w- c:\windows\syswow64\gdiplus.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-24 05:41 . 2016-03-11 10:07 4291776 ----a-w- c:\programdata\microsoft\clicktorun\{9ac08e99-230b-47e8-9721-4577b7f124ea}\integrator.exe
2016-07-15 04:52 . 2015-11-09 14:39 796352 ----a-w- c:\windows\syswow64\flashplayerapp.exe
2016-07-15 04:52 . 2015-11-09 14:39 142528 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2016-07-09 05:49 . 2016-07-09 05:49 75888 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a0a0a13a-fc1f-4875-bf17-fe066caa683b}\offreg.3180.dll
2016-07-04 05:41 . 2012-07-17 12:37 24800 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2016-05-26 20:28 . 2016-06-11 04:54 11895896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a0a0a13a-fc1f-4875-bf17-fe066caa683b}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ onedrive1]
@="{bbacc218-34ea-4666-9d7a-c78f2274a524}"
[hkey_classes_root\clsid\{bbacc218-34ea-4666-9d7a-c78f2274a524}]
2016-03-11 10:17 329376 ----a-w- c:\users\ron\appdata\local\microsoft\onedrive\17.3.4604.0120\filesyncshell.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ onedrive2]
@="{5ab7172c-9c11-405c-8dd5-af20f3606282}"
[hkey_classes_root\clsid\{5ab7172c-9c11-405c-8dd5-af20f3606282}]
2016-03-11 10:17 329376 ----a-w- c:\users\ron\appdata\local\microsoft\onedrive\17.3.4604.0120\filesyncshell.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ onedrive3]
@="{a78ed123-ab77-406b-9962-2a5d9d2f7f30}"
[hkey_classes_root\clsid\{a78ed123-ab77-406b-9962-2a5d9d2f7f30}]
2016-03-11 10:17 329376 ----a-w- c:\users\ron\appdata\local\microsoft\onedrive\17.3.4604.0120\filesyncshell.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ onedrive4]
@="{f241c880-6982-4ce5-8cf7-7085ba96da5a}"
[hkey_classes_root\clsid\{f241c880-6982-4ce5-8cf7-7085ba96da5a}]
2016-03-11 10:17 329376 ----a-w- c:\users\ron\appdata\local\microsoft\onedrive\17.3.4604.0120\filesyncshell.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ onedrive5]
@="{a0396a93-dc06-4aef-bee9-95ffccaef20e}"
[hkey_classes_root\clsid\{a0396a93-dc06-4aef-bee9-95ffccaef20e}]
2016-03-11 10:17 329376 ----a-w- c:\users\ron\appdata\local\microsoft\onedrive\17.3.4604.0120\filesyncshell.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrivepro1 (errorconflict)]
@="{8ba85c75-763b-4103-94eb-9470f12fe0f7}"
[hkey_classes_root\clsid\{8ba85c75-763b-4103-94eb-9470f12fe0f7}]
2016-08-24 05:45 1658160 ----a-w- c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\grooveex.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrivepro2 (syncinprogress)]
@="{cd55129a-b1a1-438e-a425-cebc7dc684ee}"
[hkey_classes_root\clsid\{cd55129a-b1a1-438e-a425-cebc7dc684ee}]
2016-08-24 05:45 1658160 ----a-w- c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\grooveex.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrivepro3 (insync)]
@="{e768cd3b-bddc-436d-9c13-e1b39ca257b1}"
[hkey_classes_root\clsid\{e768cd3b-bddc-436d-9c13-e1b39ca257b1}]
2016-08-24 05:45 1658160 ----a-w- c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\grooveex.dll
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"sidebar"=c:\program files\windows sidebar\sidebar.exe [2012-02-15 1475584]
"offcat"=c:\users\ron\appdata\local\microsoft\offcat\offcat_rts.exe [2016-01-28 363904]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"controlcenter4"=c:\program files (x86)\controlcenter4\brccboot.exe [2016-02-03 139776]
"brstsmon00"=c:\program files (x86)\browny02\brother\brstmonw.exe [2014-05-22 4513792]
"psuamain"=c:\program files (x86)\panda security\panda security protection\psuamain.exe [2016-05-03 109824]
.
c:\users\ron\appdata\roaming\microsoft\windows\start menu\programs\startup\
verzenden naar onenote.lnk - c:\program files\microsoft office\root\office16\onenotem.exe /tsr [2016-3-13 183488]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 5 (0x5)
"consentpromptbehavioruser"= 3 (0x3)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\nanoservicemain]
@="service"
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\psuaservice]
@="service"
.
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [x]
r3 amd external events utility;amd external events utility;c:\windows\system32\atiesrxx.exe;c:\windows\sysnative\atiesrxx.exe [x]
r3 brynsvc;brynsvc;c:\program files (x86)\browny02\brynsvc.exe;c:\program files (x86)\browny02\brynsvc.exe [x]
r3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\sysnative\drivers\dmvsc.sys [x]
r3 ieetwcollectorservice;internet explorer etw collector service;c:\windows\system32\ieetwcollector.exe;c:\windows\sysnative\ieetwcollector.exe [x]
r3 naupdate;nero update;c:\program files (x86)\nero\update\nasvc.exe;c:\program files (x86)\nero\update\nasvc.exe [x]
r3 ose64;office 64 source engine;c:\program files\common files\microsoft shared\source engine\ose.exe;c:\program files\common files\microsoft shared\source engine\ose.exe [x]
r3 rdpvideominiport;remote desktop video miniport driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\sysnative\drivers\rdpvideominiport.sys [x]
r3 synth3dvsc;synth3dvsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\sysnative\drivers\synth3dvsc.sys [x]
r3 terminpt;microsoft remote desktop input driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\sysnative\drivers\terminpt.sys [x]
r3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\sysnative\drivers\tsusbflt.sys [x]
r3 tsusbgd;remote desktop generic usb device;c:\windows\system32\drivers\tsusbgd.sys;c:\windows\sysnative\drivers\tsusbgd.sys [x]
r3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\sysnative\drivers\tsusbhub.sys [x]
r3 vgpu;vgpu;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\sysnative\drivers\rdvgkmd.sys [x]
s1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys;c:\windows\sysnative\drivers\eamonm.sys [x]
s1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys;c:\windows\sysnative\drivers\ehdrv.sys [x]
s1 nnsalpc;nnsalpc;c:\windows\system32\drivers\nnsalpc.sys;c:\windows\sysnative\drivers\nnsalpc.sys [x]
s1 nnshttp;nnshttp;c:\windows\system32\drivers\nnshttp.sys;c:\windows\sysnative\drivers\nnshttp.sys [x]
s1 nnshttps;nnshttps;c:\windows\system32\drivers\nnshttps.sys;c:\windows\sysnative\drivers\nnshttps.sys [x]
s1 nnsids;nnsids;c:\windows\system32\drivers\nnsids.sys;c:\windows\sysnative\drivers\nnsids.sys [x]
s1 nnsnahsl;network activity hook server lightweight filter driver;c:\windows\system32\drivers\nnsnahsl.sys;c:\windows\sysnative\drivers\nnsnahsl.sys [x]
s1 nnspicc;nnspicc;c:\windows\system32\drivers\nnspicc.sys;c:\windows\sysnative\drivers\nnspicc.sys [x]
s1 nnspihsw;nnspihsw;c:\windows\system32\drivers\nnspihsw.sys;c:\windows\sysnative\drivers\nnspihsw.sys [x]
s1 nnspop3;nnspop3;c:\windows\system32\drivers\nnspop3.sys;c:\windows\sysnative\drivers\nnspop3.sys [x]
s1 nnsprot;nnsprot;c:\windows\system32\drivers\nnsprot.sys;c:\windows\sysnative\drivers\nnsprot.sys [x]
s1 nnsprv;nnsprv;c:\windows\system32\drivers\nnsprv.sys;c:\windows\sysnative\drivers\nnsprv.sys [x]
s1 nnssmtp;nnssmtp;c:\windows\system32\drivers\nnssmtp.sys;c:\windows\sysnative\drivers\nnssmtp.sys [x]
s1 nnsstrm;nnsstrm;c:\windows\system32\drivers\nnsstrm.sys;c:\windows\sysnative\drivers\nnsstrm.sys [x]
s1 nnstlsc;nnstlsc;c:\windows\system32\drivers\nnstlsc.sys;c:\windows\sysnative\drivers\nnstlsc.sys [x]
s1 psinknc;psinknc;c:\windows\system32\drivers\psinknc.sys;c:\windows\sysnative\drivers\psinknc.sys [x]
s2 clicktorunsvc;klik-en-klaar-service van microsoft office;c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe;c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe [x]
s2 diagtrack;diagnostics tracking service;c:\windows\system32\svchost.exe;c:\windows\sysnative\svchost.exe [x]
s2 freemake improver;freemake improver;c:\programdata\freemake\freemakeutilsservice\freemakeutilsservice.exe;c:\programdata\freemake\freemakeutilsservice\freemakeutilsservice.exe [x]
s2 freemakevideocapture;freemakevideocapture;c:\program files (x86)\freemake\capturelib\capturelibservice.exe;c:\program files (x86)\freemake\capturelib\capturelibservice.exe [x]
s2 nanoservicemain;panda protection service;c:\program files (x86)\panda security\panda security protection\psanhost.exe;c:\program files (x86)\panda security\panda security protection\psanhost.exe [x]
s2 pandaagent;panda devices agent;c:\program files (x86)\panda security\panda devices agent\agentsvc.exe;c:\program files (x86)\panda security\panda devices agent\agentsvc.exe [x]
s2 psinaflt;psinaflt;c:\windows\system32\drivers\psinaflt.sys;c:\windows\sysnative\drivers\psinaflt.sys [x]
s2 psinfile;psinfile;c:\windows\system32\drivers\psinfile.sys;c:\windows\sysnative\drivers\psinfile.sys [x]
s2 psinproc;psinproc;c:\windows\system32\drivers\psinproc.sys;c:\windows\sysnative\drivers\psinproc.sys [x]
s2 psinprot;psinprot;c:\windows\system32\drivers\psinprot.sys;c:\windows\sysnative\drivers\psinprot.sys [x]
s2 psinreg;psinreg;c:\windows\system32\drivers\psinreg.sys;c:\windows\sysnative\drivers\psinreg.sys [x]
s2 psuaservice;panda product service;c:\program files (x86)\panda security\panda security protection\psuaservice.exe;c:\program files (x86)\panda security\panda security protection\psuaservice.exe [x]
s3 e1yexpress;stuurprogramma voor intel(r) gigabit-netwerkverbindingen;c:\windows\system32\drivers\e1y60x64.sys;c:\windows\sysnative\drivers\e1y60x64.sys [x]
s3 pskmad;pskmad;c:\windows\system32\drivers\pskmad.sys;c:\windows\sysnative\drivers\pskmad.sys [x]
.
.
[hkey_local_machine\software\wow6432node\microsoft\windows nt\currentversion\svchost]
localserviceandnoimpersonation reg_multi_sz ssdpsrv upnphost scardsvr qwave wcncsvc
.
.
--------- x64 entries -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ onedrive1]
@="{bbacc218-34ea-4666-9d7a-c78f2274a524}"
[hkey_classes_root\clsid\{bbacc218-34ea-4666-9d7a-c78f2274a524}]
2016-03-11 10:17 358064 ----a-w- c:\users\ron\appdata\local\microsoft\onedrive\17.3.4604.0120\amd64\filesyncshell64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ onedrive2]
@="{5ab7172c-9c11-405c-8dd5-af20f3606282}"
[hkey_classes_root\clsid\{5ab7172c-9c11-405c-8dd5-af20f3606282}]
2016-03-11 10:17 358064 ----a-w- c:\users\ron\appdata\local\microsoft\onedrive\17.3.4604.0120\amd64\filesyncshell64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ onedrive3]
@="{a78ed123-ab77-406b-9962-2a5d9d2f7f30}"
[hkey_classes_root\clsid\{a78ed123-ab77-406b-9962-2a5d9d2f7f30}]
2016-03-11 10:17 358064 ----a-w- c:\users\ron\appdata\local\microsoft\onedrive\17.3.4604.0120\amd64\filesyncshell64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ onedrive4]
@="{f241c880-6982-4ce5-8cf7-7085ba96da5a}"
[hkey_classes_root\clsid\{f241c880-6982-4ce5-8cf7-7085ba96da5a}]
2016-03-11 10:17 358064 ----a-w- c:\users\ron\appdata\local\microsoft\onedrive\17.3.4604.0120\amd64\filesyncshell64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ onedrive5]
@="{a0396a93-dc06-4aef-bee9-95ffccaef20e}"
[hkey_classes_root\clsid\{a0396a93-dc06-4aef-bee9-95ffccaef20e}]
2016-03-11 10:17 358064 ----a-w- c:\users\ron\appdata\local\microsoft\onedrive\17.3.4604.0120\amd64\filesyncshell64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrivepro1 (errorconflict)]
@="{8ba85c75-763b-4103-94eb-9470f12fe0f7}"
[hkey_classes_root\clsid\{8ba85c75-763b-4103-94eb-9470f12fe0f7}]
2016-08-24 05:45 2278192 ----a-w- c:\program files\microsoft office\root\office16\grooveex.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrivepro2 (syncinprogress)]
@="{cd55129a-b1a1-438e-a425-cebc7dc684ee}"
[hkey_classes_root\clsid\{cd55129a-b1a1-438e-a425-cebc7dc684ee}]
2016-08-24 05:45 2278192 ----a-w- c:\program files\microsoft office\root\office16\grooveex.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrivepro3 (insync)]
@="{e768cd3b-bddc-436d-9c13-e1b39ca257b1}"
[hkey_classes_root\clsid\{e768cd3b-bddc-436d-9c13-e1b39ca257b1}]
2016-08-24 05:45 2278192 ----a-w- c:\program files\microsoft office\root\office16\grooveex.dll
.
------- bijkomende scan -------
.
ulocal page = c:\windows\system32\blank.htm
ustart page = hxxp://www.google.nl/
mlocal page = c:\windows\syswow64\blank.htm
tcp: dhcpnameserver = 84.116.46.22 84.116.46.23
handler: mso-minsb-roaming.16 - {83c25742-a9f7-49fb-9138-434302c88d07} - c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\msosb.dll
handler: mso-minsb.16 - {42089d2d-912d-4018-9087-2b87803e93fb} - c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\msosb.dll
handler: osf-roaming.16 - {42089d2d-912d-4018-9087-2b87803e93fb} - c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\msosb.dll
handler: osf.16 - {5504be45-a83b-4808-900a-3a5c36e7f77a} - c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\msosb.dll
ff - profilepath - c:\users\ron\appdata\roaming\mozilla\firefox\profiles\hf1op5a8.default-1465625524212\
ff - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
.
- - - - orphans verwijderd - - - -
.
toolbar-locked - (no file)
hklm-run-egui - c:\program files\eset\eset nod32 antivirus\egui.exe
addremove-{a0ff368f-6373-4208-beff-c8c4728cb7b4} - c:\program files (x86)\lavasoft\web companion\application\webcompanioninstaller.exe
.
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\classes\clsid\{b019e3bf-e7e5-453c-a2e4-d2c18ca0866f}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\system32\\macromed\\flash\\flashutil64_22_0_0_210_activex.exe,-101"
.
[hkey_local_machine\software\classes\clsid\{b019e3bf-e7e5-453c-a2e4-d2c18ca0866f}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\clsid\{b019e3bf-e7e5-453c-a2e4-d2c18ca0866f}\localserver32]
@=c:\\windows\\system32\\macromed\\flash\\flashutil64_22_0_0_210_activex.exe
.
[hkey_local_machine\software\classes\clsid\{b019e3bf-e7e5-453c-a2e4-d2c18ca0866f}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\interface\{299817da-1fac-4ce2-8f48-a108237013bd}]
@denied: (a 2) (everyone)
@="iflashbroker6"
.
[hkey_local_machine\software\classes\interface\{299817da-1fac-4ce2-8f48-a108237013bd}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\interface\{299817da-1fac-4ce2-8f48-a108237013bd}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{b019e3bf-e7e5-453c-a2e4-d2c18ca0866f}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\syswow64\\macromed\\flash\\flashutil32_22_0_0_210_activex.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{b019e3bf-e7e5-453c-a2e4-d2c18ca0866f}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\clsid\{b019e3bf-e7e5-453c-a2e4-d2c18ca0866f}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil32_22_0_0_210_activex.exe
.
[hkey_local_machine\software\classes\wow6432node\clsid\{b019e3bf-e7e5-453c-a2e4-d2c18ca0866f}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_22_0_0_210.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.22"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_22_0_0_210.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_22_0_0_210.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_22_0_0_210.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\interface\{299817da-1fac-4ce2-8f48-a108237013bd}]
@denied: (a 2) (everyone)
@="iflashbroker6"
.
[hkey_local_machine\software\classes\wow6432node\interface\{299817da-1fac-4ce2-8f48-a108237013bd}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\interface\{299817da-1fac-4ce2-8f48-a108237013bd}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
------------------------ andere aktieve processen ------------------------
.
c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
.
**************************************************************************
.
voltooingstijd: 2016-08-24 08:24:08 - machine werd herstart
combofix-quarantined-files.txt 2016-08-24 06:24
combofix2.txt 2016-08-19 08:16
.
pre-run: 471.572.475.904 bytes beschikbaar
post-run: 471.768.748.032 bytes beschikbaar
.
- - end of file - - 448d71d3aa82261080fd3b39c7aef973
a36c5e4f47e84449ff07ed3517b43a31

[/hjt]

Vertel maar hoe jouw Windows op de veranderingen heeft gereageerd.

Het lijkt nu helemaal in orde, geen ESET en kernel meldingen meer.
Ook geen meldingen meer van onderhoudscentrum. En geen crash meer.
Panda erop gezet.

Dat zag ik al dat je dat gedaan heb hebt (blij ermee?) en fijn dat alles weer soepel draait.
De registeropschonig en aansluitende defragmentering daarvan ook gedaan?


Download Security Check
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
SecurityCheck.exe opstarten:

• Windows 2000 en Windows XP: dubbelklik op SecurityCheck.exe.
• Windows Vista, Windows 7, Windows 8: en Windows 10: rechtsklik op SecurityCheck.exe en kies "Als Administrator uitvoeren".
• Let op de instrukties in het zwarte venster.
• Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
• Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.

Post de inhoud van checkup.txt in jouw volgende post

Ja, hij geeft aan dat er een defragmentatie gedaan is, 7,85 MB is gedefragmenteerd.


Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Panda Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Wise Registry Cleaner 9.23
Adobe Flash Player 22.0.0.209
Mozilla Firefox (47.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Ziet er goed uit.

We gaan opruimen.

Tip: hou MBAM als ondemand scanners in jouw Windows erbij voor een wekelijkse scan ermee.
Mocht je onverhoopt in de toekomst via een van de scans weer een virus vinden, meld je dan terug in een nieuw topic.


Download Delfix by Xplode naar het bureaublad.



Delfix by Xplode opstarten:

• Windows 2000 en Windows XP: dubbelklik op delfix.exe.
• Windows Vista, Windows 7, Windows 8[/b en Windows 10 rechtsklik op delfix.exe en kies "Als Administrator uitvoeren".

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
• Purge System Restore
• Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer het tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Klaar, in orde.

Bedankt.

Weer helemaal tevreden; geen vragen of opmerkingen?

In orde.