• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Iconen verdwijnen

Status
Niet open voor verdere reacties.

AnjoZ

Gevestigd lid
Lid geworden
18 sep 2013
Berichten
427
Waarderingsscore
21
Op mijn laptop, Probook 6550b 118 GB ssd, 8GB mem, win 7 proff heb ik sinds enige dagen t verschijnsel dat mijn iconen aan de linkerkant op de werkbalk verdwenen zijn en op mijn buroblad niet blijven staan.
Bij starten staat alles op een andere plek.

Welke scanner moet ik erop loslaten zodat de Prof's er naar kunnen kijken?
 
Laatst bewerkt door een moderator:
Download
52063a40e2e64-Farbar_Recovery_Scan_Tool_canned.png
Farbar Recovery Scan Tool 32 of 64 bit van n van de onderstaande links
Farbar Recovery Scan Tool 32 bit (x86)
Farbar Recovery Scan Tool 64 bit (x64)
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Opmerkingen: Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

Antivirusprogramma en actieve malwarescanners dienen al voor je FRST.exe start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

FRST opstarten:
  • Windows 2000 en Windows XP: dubbelklik op FRST.exe.
  • Windows Vista, Windows 7, Windows 8/8.1 en Windows 10: via rechtsklik op FRST.exe of FRST64.exe en kies voor "Als Administrator uitvoeren".

FRST start op:
  • Wanneer het programma is geopend klik dan op de knop Yes bij de disclaimer.
  • Druk vervolgens op de Scan knop.
  • Aansluitend zal een logbestand - FRST.txt en Addition-txt aangemaakt worden en op het bureaublad opgeslagen worden.
  • Post de inhoud van beide logbestanden in jouw volgende bericht.
.

In geval de inhoud van een van de logs of van beide logs te groot is om te posten, kijk dan hier: Hoe een bijlage toevoegen?
 
Waarschuwing: onderstaande bewerking is enkel voor deze computer bedoeld, het toepassen hiervan in een andere computer kan tot schade in Windows leiden.


We gaan
51a5c8edc4692-icon1337952077.png


Farbar Recovery Scan Tool (FRST.exe) opnieuw gebruiken.

Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programmas\Bureau-accessoires\Kladblok (of Notepad)".
Kopieer en plak de tekst in het code-venster in het lege kladblokvenster.

Code:
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restrictie <======= AANDACHT
2017-04-01 10:43 - 2017-04-01 10:43 - 00098816 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32api.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00110080 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\pywintypes27.dll
2017-04-01 10:43 - 2017-04-01 10:43 - 00364544 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\pythoncom27.dll
2017-04-01 10:43 - 2017-04-01 10:43 - 00320512 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32com.shell.shell.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00914432 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_hashlib.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 01176576 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._core_.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00806400 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._gdi_.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00816128 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._windows_.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 01067008 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._controls_.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00733184 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._misc_.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00682496 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\pysqlite2._sqlite.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00088064 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_ctypes.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00686080 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\unicodedata.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00119808 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32file.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00108544 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32security.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00007168 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\hashobjs_ext.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00017920 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\thumbnails_ext.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00088064 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\usb_ext.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00012800 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\common.time34.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00018432 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32event.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00167936 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32gui.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00046080 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_socket.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 01303552 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_ssl.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00128512 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_elementtree.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00127488 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\pyexpat.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00038912 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32inet.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00036864 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_psutil_windows.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00524248 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\windows._lib_cacheinvalidation.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00011264 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32crypt.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00123392 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._wizard.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00077312 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._html2.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00027648 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_multiprocessing.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00020480 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_yappi.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00035840 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32process.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00078848 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._animate.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00024064 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32pipe.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00010240 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\select.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00025600 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32pdh.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00017408 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32profile.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00022528 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32ts.pyd

cmd: ipconfig /flushdns
cmd: netsh winsock reset

Sla nu dit kladblokbestand in de dezelfde locatie waar ook FRST.exe aanwezig is op als Fixlist.txt

Farbar Recovery Scan Tool (FRST.exe) met de fixlist.txt gebruiken
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op FRST.exe en kies voor "Als Administrator uitvoeren".
  • Als het programma wordt gestart, klik dan op Ja in de popup.
  • Druk op de Fix knop.
  • Na de fix wordt een logbestand - Fixlog.txt - in dezelfde locatie aangemaakt van waaruit FRST.exe is gestart.
  • Post de inhoud van dit logbestand in jouw volgende bericht.
 
Na Reboot :


Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 15-03-2017
Gestart door Probook (01-04-2017 11:53:31) Run:1
Gestart vanaf C:\Users\Probook\Desktop
Geladen Profielen: Probook (Beschikbare Profielen: Probook)
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restrictie <======= AANDACHT
2017-04-01 10:43 - 2017-04-01 10:43 - 00098816 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32api.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00110080 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\pywintypes27.dll
2017-04-01 10:43 - 2017-04-01 10:43 - 00364544 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\pythoncom27.dll
2017-04-01 10:43 - 2017-04-01 10:43 - 00320512 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32com.shell.shell.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00914432 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_hashlib.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 01176576 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._core_.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00806400 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._gdi_.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00816128 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._windows_.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 01067008 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._controls_.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00733184 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._misc_.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00682496 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\pysqlite2._sqlite.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00088064 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_ctypes.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00686080 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\unicodedata.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00119808 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32file.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00108544 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32security.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00007168 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\hashobjs_ext.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00017920 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\thumbnails_ext.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00088064 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\usb_ext.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00012800 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\common.time34.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00018432 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32event.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00167936 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32gui.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00046080 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_socket.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 01303552 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_ssl.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00128512 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_elementtree.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00127488 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\pyexpat.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00038912 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32inet.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00036864 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_psutil_windows.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00524248 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\windows._lib_cacheinvalidation.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00011264 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32crypt.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00123392 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._wizard.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00077312 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._html2.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00027648 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_multiprocessing.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00020480 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\_yappi.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00035840 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32process.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00078848 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._animate.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00024064 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32pipe.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00010240 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\select.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00025600 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32pdh.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00017408 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32profile.pyd
2017-04-01 10:43 - 2017-04-01 10:43 - 00022528 ____R () C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32ts.pyd

cmd: ipconfig /flushdns
cmd: netsh winsock reset
*****************

Herstelpunt is succesvol gemaakt.
Proces succesvol afgesloten.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => waarde is succesvol verwijderd.
C:\Windows\system32\GroupPolicy\Machine => is succesvol verplaatst.
C:\Windows\system32\GroupPolicy\GPT.ini => is succesvol verplaatst.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32api.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\pywintypes27.dll => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\pythoncom27.dll => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32com.shell.shell.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\_hashlib.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._core_.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._gdi_.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._windows_.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._controls_.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._misc_.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\pysqlite2._sqlite.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\_ctypes.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\unicodedata.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32file.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32security.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\hashobjs_ext.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\thumbnails_ext.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\usb_ext.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\common.time34.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32event.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32gui.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\_socket.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\_ssl.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\_elementtree.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\pyexpat.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32inet.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\_psutil_windows.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\windows._lib_cacheinvalidation.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32crypt.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._wizard.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._html2.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\_multiprocessing.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\_yappi.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32process.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\wx._animate.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32pipe.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\select.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32pdh.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32profile.pyd => is succesvol verplaatst.
C:\Users\Probook\AppData\Local\Temp\_MEI35802\win32ts.pyd => is succesvol verplaatst.

========= ipconfig /flushdns =========


Windows IP-configuratie

De DNS-omzettingscache is leeggemaakt.

========= Eind van CMD: =========


========= netsh winsock reset =========


De Winsock-catalogus is opnieuw ingesteld.
De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien.


========= Eind van CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6705952 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 120914 B
Edge => 0 B
Chrome => 620215223 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 32502 B
Probook => 31419752 B

RecycleBin => 0 B
EmptyTemp: => 636.1 MB tijdelijke gegevens verwijderd.

================================


Het systeem moest herstart worden.

==== Eind van Fixlog 11:53:52 ====


En de iconen zijn er weer
 
Dat is dan mooi - dan was dat probleem veroorzaakt door veranderde Groeppolicy instellingen.

We doen daarom nog een scan.


Download
51c590ce361e7-ComboFix_resized_2.png
ComboFix via n van deze locaties:
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
ComboFix opstarten:
  • Windows Vista, Windows 7 en Windows 8: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".
ComboFix is opgestart:
  • Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
  • Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
  • Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
  • Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
  • Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
  • Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt
Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Start dan de computer opnieuw op.
 
[hjt]
combofix 17-03-28.01 - probook 01-04-2017 12:28:14.1.4 - x64
microsoft windows 7 professional 6.1.7601.1.1252.31.1043.18.8047.5310 [gmt 2:00]
gestart vanuit: c:\users\probook\desktop\combofix.exe
av: bitdefender antivirus *disabled/updated* {3fb17364-4fcc-0fa7-6bbf-973897395371}
av: malwarebytes *disabled/updated* {23007ad3-69fe-687c-2629-d584affaf72b}
fw: bitdefender firewall *disabled* {078af241-05a3-0eff-40e0-3e0d69ea140a}
sp: bitdefender antispyware *disabled/updated* {84d09280-69f6-0029-510f-ac4aecbe19cc}
sp: malwarebytes *disabled/updated* {98619b37-4fc4-67f2-1c99-eef6d47dbd96}
sp: windows defender *disabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\probook\appdata\local\temp\_mei12322\_ctypes.pyd
c:\users\probook\appdata\local\temp\_mei12322\_elementtree.pyd
c:\users\probook\appdata\local\temp\_mei12322\_hashlib.pyd
c:\users\probook\appdata\local\temp\_mei12322\_multiprocessing.pyd
c:\users\probook\appdata\local\temp\_mei12322\_psutil_windows.pyd
c:\users\probook\appdata\local\temp\_mei12322\_socket.pyd
c:\users\probook\appdata\local\temp\_mei12322\_ssl.pyd
c:\users\probook\appdata\local\temp\_mei12322\_yappi.pyd
c:\users\probook\appdata\local\temp\_mei12322\common.time34.pyd
c:\users\probook\appdata\local\temp\_mei12322\hashobjs_ext.pyd
c:\users\probook\appdata\local\temp\_mei12322\pyexpat.pyd
c:\users\probook\appdata\local\temp\_mei12322\pysqlite2._sqlite.pyd
c:\users\probook\appdata\local\temp\_mei12322\python27.dll
c:\users\probook\appdata\local\temp\_mei12322\pythoncom27.dll
c:\users\probook\appdata\local\temp\_mei12322\pywintypes27.dll
c:\users\probook\appdata\local\temp\_mei12322\select.pyd
c:\users\probook\appdata\local\temp\_mei12322\thumbnails_ext.pyd
c:\users\probook\appdata\local\temp\_mei12322\unicodedata.pyd
c:\users\probook\appdata\local\temp\_mei12322\usb_ext.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32api.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32com.shell.shell.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32crypt.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32event.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32file.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32gui.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32inet.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32pdh.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32pipe.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32process.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32profile.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32security.pyd
c:\users\probook\appdata\local\temp\_mei12322\win32ts.pyd
c:\users\probook\appdata\local\temp\_mei12322\windows._lib_cacheinvalidation.pyd
c:\users\probook\appdata\local\temp\_mei12322\wx._animate.pyd
c:\users\probook\appdata\local\temp\_mei12322\wx._controls_.pyd
c:\users\probook\appdata\local\temp\_mei12322\wx._core_.pyd
c:\users\probook\appdata\local\temp\_mei12322\wx._gdi_.pyd
c:\users\probook\appdata\local\temp\_mei12322\wx._html2.pyd
c:\users\probook\appdata\local\temp\_mei12322\wx._misc_.pyd
c:\users\probook\appdata\local\temp\_mei12322\wx._windows_.pyd
c:\users\probook\appdata\local\temp\_mei12322\wx._wizard.pyd
c:\users\probook\appdata\local\temp\_mei12322\wxbase30u_net_vc90.dll
c:\users\probook\appdata\local\temp\_mei12322\wxbase30u_vc90.dll
c:\users\probook\appdata\local\temp\_mei12322\wxmsw30u_adv_vc90.dll
c:\users\probook\appdata\local\temp\_mei12322\wxmsw30u_core_vc90.dll
c:\users\probook\appdata\local\temp\_mei12322\wxmsw30u_html_vc90.dll
c:\users\probook\appdata\local\temp\_mei12322\wxmsw30u_webview_vc90.dll
c:\windows\temp\hp support framework\hpsf_config1.dll
.
.
(((((((((((((((((((( bestanden gemaakt van 2017-03-01 to 2017-04-01 ))))))))))))))))))))))))))))))
.
.
2017-04-01 10:33 . 2017-04-01 10:33 -------- d-----w- c:\users\default\appdata\local\temp
2017-04-01 09:25 . 2017-04-01 09:55 -------- d-----w- c:\frst
2017-03-25 13:58 . 2017-03-25 13:58 -------- d-----w- c:\users\default\appdata\local\google
2017-03-23 19:46 . 2017-03-23 19:46 -------- d-----w- c:\program files (x86)\raw image viewer
2017-03-17 12:03 . 2017-03-17 12:03 29978 ----a-w- c:\programdata\agent.update.1489752185.bdinstall.bin
2017-03-16 16:00 . 2017-03-16 16:00 41638 ----a-w- c:\programdata\dm.update.1489679999.bdinstall.bin
2017-03-15 14:21 . 2017-02-22 23:37 1285632 ----a-w- c:\windows\system32\aeinv.dll
2017-03-15 14:21 . 2017-02-18 14:05 1609216 ----a-w- c:\windows\system32\appraiser.dll
2017-03-15 14:21 . 2016-12-31 15:36 556544 ----a-w- c:\windows\system32\devinv.dll
2017-03-15 14:21 . 2016-12-31 15:36 233984 ----a-w- c:\windows\system32\aepic.dll
2017-03-15 14:21 . 2017-02-22 23:42 84712 ----a-w- c:\windows\system32\compattelrunner.exe
2017-03-15 14:21 . 2017-02-18 14:05 646656 ----a-w- c:\windows\system32\generaltel.dll
2017-03-15 14:21 . 2016-12-31 15:36 335360 ----a-w- c:\windows\system32\invagent.dll
2017-03-15 14:21 . 2016-12-31 15:36 293376 ----a-w- c:\windows\system32\centel.dll
2017-03-15 14:21 . 2016-12-31 15:36 133632 ----a-w- c:\windows\system32\acmigration.dll
2017-03-10 23:17 . 2017-03-10 23:17 46408 ----a-w- c:\windows\system32\dbxsvc.exe
2017-03-10 23:17 . 2017-03-10 23:17 45672 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2017-03-10 23:17 . 2017-03-10 23:17 45672 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2017-03-10 23:17 . 2017-03-10 23:17 45672 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2017-03-03 10:44 . 2017-03-03 10:44 -------- d-----w- c:\users\probook\appdata\roaming\roxio log files
2017-03-02 18:36 . 2017-03-02 18:36 -------- d-----w- c:\programdata\bdch
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-04-01 10:35 . 2017-01-19 09:06 186304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-04-01 10:35 . 2017-01-19 09:06 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-04-01 10:35 . 2017-01-19 09:06 251840 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2017-04-01 09:55 . 2017-01-19 09:06 111544 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-04-01 09:54 . 2017-01-19 09:06 82208 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-03-20 19:01 . 2017-02-08 10:40 305120 ----a-w- c:\windows\system32\drivers\ignis.sys
2017-03-11 08:54 . 2017-01-19 09:06 77408 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-02-16 08:48 . 2017-02-16 08:48 996800 --shatr- c:\windows\syswow64\actioncenterforms.dll
2017-02-11 12:53 . 2017-02-11 12:53 1063936 ----a-w- c:\windows\system32\bcmlogon.dll
2017-02-11 12:53 . 2017-02-11 12:53 7849472 ----a-w- c:\windows\system32\bcmwlcpl.cpl
2017-02-11 12:53 . 2017-02-11 12:53 73216 ----a-w- c:\windows\system32\wltrynt.dll
2017-02-11 12:53 . 2017-02-11 12:53 4961800 ----a-w- c:\windows\syswow64\vcredist_x64.exe
2017-02-11 12:53 . 2017-02-11 12:53 4659200 ----a-w- c:\windows\system32\bcmttls.dll
2017-02-11 12:53 . 2017-02-11 12:53 446 ----a-w- c:\windows\syswow64\vcredist_x64.bat
2017-02-11 12:53 . 2017-02-11 12:53 441 ----a-w- c:\windows\system32\vcredist_x64.bat
2017-02-11 12:53 . 2017-02-11 12:53 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2017-02-11 12:53 . 2017-02-11 12:53 3161088 ----a-w- c:\windows\system32\vcredist_x64.exe
2017-02-11 12:53 . 2017-02-11 12:53 23760 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2017-02-11 12:53 . 2017-02-11 12:53 96560 ----a-w- c:\windows\system32\bcmwlcoi.dll
2017-02-11 12:53 . 2017-02-11 12:53 4749008 ----a-w- c:\windows\system32\drivers\bcmwl664.sys
2017-02-11 12:53 . 2017-02-11 12:53 3952640 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2017-02-11 12:53 . 2017-02-11 12:53 3617792 ----a-w- c:\windows\system32\bcmihvui64.dll
2017-02-11 12:53 . 2017-02-11 12:53 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2017-02-11 12:50 . 2017-02-11 12:50 125456 ----a-w- c:\windows\system32\drivers\atihdmi.sys
2017-02-11 12:50 . 2017-02-11 12:50 2898944 ----a-w- c:\windows\syswow64\atiumdva.dll
2017-02-11 12:50 . 2017-02-11 12:50 3601920 ----a-w- c:\windows\syswow64\atiumdag.dll
2017-02-11 12:50 . 2017-02-11 12:50 421376 ----a-w- c:\windows\system32\atipdl64.dll
2017-02-11 12:50 . 2017-02-11 12:50 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2017-02-11 12:50 . 2017-02-11 12:50 12963840 ----a-w- c:\windows\syswow64\atioglxx.dll
2017-02-11 12:50 . 2017-02-11 12:50 120320 ----a-w- c:\windows\system32\atitmm64.dll
2017-02-11 12:50 . 2017-02-11 12:50 6102528 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2017-02-11 12:50 . 2017-02-11 12:50 59392 ----a-w- c:\windows\system32\atiedu64.dll
2017-02-11 12:50 . 2017-02-11 12:50 53248 ----a-w- c:\windows\syswow64\aticalrt.dll
2017-02-11 12:50 . 2017-02-11 12:50 53248 ----a-w- c:\windows\syswow64\aticalcl.dll
2017-02-11 12:50 . 2017-02-11 12:50 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2017-02-11 12:50 . 2017-02-11 12:50 53248 ----a-w- c:\windows\system32\atimpc64.dll
2017-02-11 12:50 . 2017-02-11 12:50 53248 ----a-w- c:\windows\system32\amdpcom64.dll
2017-02-11 12:50 . 2017-02-11 12:50 52224 ----a-w- c:\windows\syswow64\atimpc32.dll
2017-02-11 12:50 . 2017-02-11 12:50 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll
2017-02-11 12:50 . 2017-02-11 12:50 4635136 ----a-w- c:\windows\system32\aticaldd64.dll
2017-02-11 12:50 . 2017-02-11 12:50 446464 ----a-w- c:\windows\system32\atidemgx.dll
2017-02-11 12:50 . 2017-02-11 12:50 436736 ----a-w- c:\windows\system32\atieclxx.exe
2017-02-11 12:50 . 2017-02-11 12:50 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2017-02-11 12:50 . 2017-02-11 12:50 43008 ----a-w- c:\windows\system32\aticalrt64.dll
2017-02-11 12:50 . 2017-02-11 12:50 39936 ----a-w- c:\windows\system32\aticalcl64.dll
2017-02-11 12:50 . 2017-02-11 12:50 3623936 ----a-w- c:\windows\system32\atidxx64.dll
2017-02-11 12:50 . 2017-02-11 12:50 3543040 ----a-w- c:\windows\syswow64\aticaldd.dll
2017-02-11 12:50 . 2017-02-11 12:50 302592 ----a-w- c:\windows\system32\atiadlxx.dll
2017-02-11 12:50 . 2017-02-11 12:50 208896 ----a-w- c:\windows\syswow64\atiadlxy.dll
2017-02-11 12:50 . 2017-02-11 12:50 202752 ----a-w- c:\windows\system32\atiesrxx.exe
2017-02-11 12:50 . 2017-02-11 12:50 17198592 ----a-w- c:\windows\system32\atio6axx.dll
2017-02-11 12:50 . 2017-02-11 12:50 12288 ----a-w- c:\windows\system32\atimuixx.dll
2017-02-11 12:50 . 2009-08-18 01:31 3034624 ----a-w- c:\windows\syswow64\atidxx32.dll
2017-02-11 12:50 . 2009-08-18 01:15 4659712 ----a-w- c:\windows\system32\atiumd64.dll
2017-02-11 12:50 . 2009-08-18 01:10 2588672 ----a-w- c:\windows\system32\atiumd6a.dll
2017-02-09 16:14 . 2017-03-15 14:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-02-08 10:41 . 2017-02-08 10:41 56604 ----a-w- c:\programdata\dm.1486550478.bdinstall.bin
2017-02-08 10:41 . 2017-02-08 10:41 366608 ----a-w- c:\programdata\cl.1486550336.bdinstall.bin
2017-02-08 10:38 . 2017-02-08 10:38 28952 ----a-w- c:\programdata\agent.1486550300.bdinstall.bin
2017-02-08 10:37 . 2017-02-08 10:37 28952 ----a-w- c:\programdata\agent.1486550223.bdinstall.bin
2017-02-08 10:25 . 2017-02-08 10:25 47129 ----a-w- c:\programdata\agent.1486549504.bdinstall.bin
2017-02-07 06:53 . 2017-02-07 06:53 75888 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{724142ca-d19a-4c69-99c4-654149bb3835}\offreg.2524.dll
2017-01-09 12:45 . 2017-02-07 06:52 12229912 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{724142ca-d19a-4c69-99c4-654149bb3835}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext01]
@="{fb314ed9-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ed9-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\dropbox\client\dropboxext.15.0.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext02]
@="{fb314edf-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edf-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\dropbox\client\dropboxext.15.0.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext03]
@="{fb314ee1-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ee1-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\dropbox\client\dropboxext.15.0.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext04]
@="{fb314edb-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edb-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\dropbox\client\dropboxext.15.0.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext05]
@="{fb314eda-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314eda-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\dropbox\client\dropboxext.15.0.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext06]
@="{fb314edc-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edc-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\dropbox\client\dropboxext.15.0.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext07]
@="{fb314edd-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edd-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\dropbox\client\dropboxext.15.0.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext08]
@="{fb314ee0-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ee0-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\dropbox\client\dropboxext.15.0.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext09]
@="{fb314ee2-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ee2-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\dropbox\client\dropboxext.15.0.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext10]
@="{fb314ede-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ede-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\dropbox\client\dropboxext.15.0.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrivepro1 (errorconflict)]
@="{8ba85c75-763b-4103-94eb-9470f12fe0f7}"
[hkey_classes_root\clsid\{8ba85c75-763b-4103-94eb-9470f12fe0f7}]
2017-02-22 22:58 1524528 ----a-w- c:\progra~2\micros~2\office16\grooveex.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrivepro2 (syncinprogress)]
@="{cd55129a-b1a1-438e-a425-cebc7dc684ee}"
[hkey_classes_root\clsid\{cd55129a-b1a1-438e-a425-cebc7dc684ee}]
2017-02-22 22:58 1524528 ----a-w- c:\progra~2\micros~2\office16\grooveex.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrivepro3 (insync)]
@="{e768cd3b-bddc-436d-9c13-e1b39ca257b1}"
[hkey_classes_root\clsid\{e768cd3b-bddc-436d-9c13-e1b39ca257b1}]
2017-02-22 22:58 1524528 ----a-w- c:\progra~2\micros~2\office16\grooveex.dll
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"googledrivesync"=c:\program files (x86)\google\drive\googledrivesync.exe [2017-03-21 23819304]
"googlechromeautolaunch_88e54d836a27a7a8eb5a8134ddb7117b"=c:\program files (x86)\google\chrome\application\chrome.exe [2017-03-29 1111896]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"dropbox"=c:\program files (x86)\dropbox\client\dropbox.exe [2017-03-21 28065728]
"startccc"=c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [2010-06-01 98304]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 5 (0x5)
"consentpromptbehavioruser"= 3 (0x3)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\mbamservice]
@="service"
.
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [x]
r2 dbupdate;dropbox-update-service (dbupdate);c:\program files (x86)\dropbox\update\dropboxupdate.exe;c:\program files (x86)\dropbox\update\dropboxupdate.exe [x]
r3 atihdaudioservice;amd function driver for hd audio service;c:\windows\system32\drivers\atihdw76.sys;c:\windows\sysnative\drivers\atihdw76.sys [x]
r3 avckf;avckf;c:\windows\system32\drivers\avckf.sys;c:\windows\sysnative\drivers\avckf.sys [x]
r3 b06diag;broadcom netxtreme ii diag driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\sysnative\drivers\bxdiaga.sys [x]
r3 bfn7x64;bigfoot networks killer gaming service;c:\windows\system32\drivers\xeno7x64.sys;c:\windows\sysnative\drivers\xeno7x64.sys [x]
r3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\sysnative\drivers\bxfcoe.sys [x]
r3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\sysnative\drivers\bxois.sys [x]
r3 dbupdatem;dropbox-update-service (dbupdatem);c:\program files (x86)\dropbox\update\dropboxupdate.exe;c:\program files (x86)\dropbox\update\dropboxupdate.exe [x]
r3 dbx;dbx;c:\windows\system32\drivers\dbx.sys;c:\windows\sysnative\drivers\dbx.sys [x]
r3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\sysnative\drivers\dmvsc.sys [x]
r3 etmdevpch;etmdevpch;c:\windows\system32\drivers\etmdevpch.sys;c:\windows\sysnative\drivers\etmdevpch.sys [x]
r3 hpqcaslwmiex;hp casl framework service;c:\program files (x86)\hp\shared\hpqwmiex.exe;c:\program files (x86)\hp\shared\hpqwmiex.exe [x]
r3 ieetwcollectorservice;internet explorer etw collector service;c:\windows\system32\ieetwcollector.exe;c:\windows\sysnative\ieetwcollector.exe [x]
r3 impcd;impcd;c:\windows\system32\drivers\impcd.sys;c:\windows\sysnative\drivers\impcd.sys [x]
r3 ioatdma1;ioatdma1;c:\windows\system32\drivers\qd162x64.sys;c:\windows\sysnative\drivers\qd162x64.sys [x]
r3 ioatdma2;intel(r) quickdata technology device ver.2;c:\windows\system32\drivers\qd262x64.sys;c:\windows\sysnative\drivers\qd262x64.sys [x]
r3 mbamprotection;mbamprotection;c:\windows\system32\drivers\mbam.sys;c:\windows\sysnative\drivers\mbam.sys [x]
r3 ose64;office 64 source engine;c:\program files\common files\microsoft shared\source engine\ose.exe;c:\program files\common files\microsoft shared\source engine\ose.exe [x]
r3 pikbd;pluralinput keyboard 1.0;c:\windows\system32\drivers\pikbd.sys;c:\windows\sysnative\drivers\pikbd.sys [x]
r3 pimou;pluralinput mouse 1.0;c:\windows\system32\drivers\pimou.sys;c:\windows\sysnative\drivers\pimou.sys [x]
r3 pnpmem;stuurprogramma van microsoft voor geheugenmodule;c:\windows\system32\drivers\pnpmem.sys;c:\windows\sysnative\drivers\pnpmem.sys [x]
r3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\sysnative\pwdspio.sys [x]
r3 rdpvideominiport;remote desktop video miniport driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\sysnative\drivers\rdpvideominiport.sys [x]
r3 revoflt;revoflt;c:\windows\system32\drivers\revoflt.sys;c:\windows\sysnative\drivers\revoflt.sys [x]
r3 terminpt;microsoft remote desktop input driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\sysnative\drivers\terminpt.sys [x]
r3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\sysnative\drivers\tsusbflt.sys [x]
r3 tsusbgd;remote desktop generic usb device;c:\windows\system32\drivers\tsusbgd.sys;c:\windows\sysnative\drivers\tsusbgd.sys [x]
r3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe;c:\windows\sysnative\wat\watadminsvc.exe [x]
r4 diagtrack;diagnostics tracking service;c:\windows\system32\svchost.exe;c:\windows\sysnative\svchost.exe [x]
s0 avc3;avc3;c:\windows\system32\drivers\avc3.sys;c:\windows\sysnative\drivers\avc3.sys [x]
s0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys;c:\windows\sysnative\drivers\gzflt.sys [x]
s0 ignis;ignis service;c:\windows\system32\drivers\ignis.sys;c:\windows\sysnative\drivers\ignis.sys [x]
s0 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\sysnative\drivers\mbamchameleon.sys [x]
s0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\sysnative\pwdrvio.sys [x]
s1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [x]
s1 bdvedisk;bdvedisk;c:\windows\system32\drivers\bdvedisk.sys;c:\windows\sysnative\drivers\bdvedisk.sys [x]
s2 aestfilters;andrea st filters service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\aestsr64.exe;c:\windows\sysnative\driverstore\filerepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\aestsr64.exe [x]
s2 amd external events utility;amd external events utility;c:\windows\system32\atiesrxx.exe;c:\windows\sysnative\atiesrxx.exe [x]
s2 dbxsvc;dbxsvc;c:\windows\system32\dbxsvc.exe;c:\windows\sysnative\dbxsvc.exe [x]
s2 devmgmtservice;bitdefender apparaatbeheer;c:\program files\bitdefender\bitdefender device management\devmgmtservice.exe;c:\program files\bitdefender\bitdefender device management\devmgmtservice.exe [x]
s2 foxitreaderservice;foxit reader service;c:\program files (x86)\foxit software\foxit reader\foxitconnectedpdfservice.exe;c:\program files (x86)\foxit software\foxit reader\foxitconnectedpdfservice.exe [x]
s2 hp laserjet service;hp laserjet service;c:\program files (x86)\hp\hplaserjetservice\hplaserjetservice.exe;c:\program files (x86)\hp\hplaserjetservice\hplaserjetservice.exe [x]
s2 hpsiservice;hp si service;c:\windows\system32\hpsisvc.exe;c:\windows\sysnative\hpsisvc.exe [x]
s2 hpsrv;hp service;c:\windows\system32\hpservice.exe;c:\windows\sysnative\hpservice.exe [x]
s2 hpsupportsolutionsframeworkservice;hp support solutions framework service;c:\program files (x86)\hewlett-packard\hp support solutions\hpsupportsolutionsframeworkservice.exe;c:\program files (x86)\hewlett-packard\hp support solutions\hpsupportsolutionsframeworkservice.exe [x]
s2 mbamservice;malwarebytes service;c:\program files\malwarebytes\anti-malware\mbamservice.exe;c:\program files\malwarebytes\anti-malware\mbamservice.exe [x]
s2 productagentservice;productagentservice;c:\program files\bitdefender agent\productagentservice.exe;c:\program files\bitdefender agent\productagentservice.exe [x]
s2 updatesrv;bitdefender desktop update service;c:\program files\bitdefender\bitdefender 2017\updatesrv.exe;c:\program files\bitdefender\bitdefender 2017\updatesrv.exe [x]
s2 usbclientservice;usbclientservice;c:\program files (x86)\synology\assistant\usbclientservice.exe;c:\program files (x86)\synology\assistant\usbclientservice.exe [x]
s3 busenum;synology virtual usb hub;c:\windows\system32\drivers\busenum.sys;c:\windows\sysnative\drivers\busenum.sys [x]
s3 e1kexpress;intel(r) network connections driver k;c:\windows\system32\drivers\e1k62x64.sys;c:\windows\sysnative\drivers\e1k62x64.sys [x]
s3 hecix64;intel(r) management engine interface;c:\windows\system32\drivers\hecix64.sys;c:\windows\sysnative\drivers\hecix64.sys [x]
s3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys;c:\windows\sysnative\drivers\mbamswissarmy.sys [x]
s3 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys;c:\windows\sysnative\drivers\rimspe64.sys [x]
s3 risdxc;risdxc;c:\windows\system32\drivers\risdxc64.sys;c:\windows\sysnative\drivers\risdxc64.sys [x]
s3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys;c:\windows\sysnative\drivers\rixdpe64.sys [x]
s3 teamviewervpn;teamviewer vpn adapter;c:\windows\system32\drivers\teamviewervpn.sys;c:\windows\sysnative\drivers\teamviewervpn.sys [x]
.
.
--- andere services/drivers in geheugen ---
.
*newlycreated* - mbamchameleon
*newlycreated* - mbamswissarmy
*newlycreated* - ws2ifsl
.
[hkey_local_machine\software\wow6432node\microsoft\windows nt\currentversion\svchost]
localserviceandnoimpersonation reg_multi_sz ssdpsrv upnphost scardsvr qwave wcncsvc
.
inhoud van de 'gedeelde taken' map
.
2017-04-01 c:\windows\tasks\dropboxupdatetaskmachinecore.job
- c:\program files (x86)\dropbox\update\dropboxupdate.exe [2017-01-18 17:58]
.
2017-04-01 c:\windows\tasks\dropboxupdatetaskmachineua.job
- c:\program files (x86)\dropbox\update\dropboxupdate.exe [2017-01-18 17:58]
.
2017-04-01 c:\windows\tasks\hpceescheduleforprobook.job
- c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe [2016-05-12 14:40]
.
.
--------- x64 entries -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext01]
@="{fb314ed9-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ed9-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\dropbox\client\dropboxext64.15.0.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext02]
@="{fb314edf-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edf-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\dropbox\client\dropboxext64.15.0.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext03]
@="{fb314ee1-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ee1-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\dropbox\client\dropboxext64.15.0.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext04]
@="{fb314edb-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edb-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\dropbox\client\dropboxext64.15.0.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext05]
@="{fb314eda-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314eda-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\dropbox\client\dropboxext64.15.0.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext06]
@="{fb314edc-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edc-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\dropbox\client\dropboxext64.15.0.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext07]
@="{fb314edd-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edd-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\dropbox\client\dropboxext64.15.0.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext08]
@="{fb314ee0-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ee0-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\dropbox\client\dropboxext64.15.0.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext09]
@="{fb314ee2-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ee2-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\dropbox\client\dropboxext64.15.0.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ dropboxext10]
@="{fb314ede-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ede-a251-47b7-93e1-cdd82e34af8b}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\dropbox\client\dropboxext64.15.0.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ googledriveblacklisted]
@="{81539fe6-33c7-4ce7-90c7-1c7b8f2f2d42}"
[hkey_classes_root\clsid\{81539fe6-33c7-4ce7-90c7-1c7b8f2f2d42}]
2017-03-21 07:15 775064 ----a-w- c:\program files (x86)\google\drive\googledrivesync64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ googledrivesynced]
@="{81539fe6-33c7-4ce7-90c7-1c7b8f2f2d40}"
[hkey_classes_root\clsid\{81539fe6-33c7-4ce7-90c7-1c7b8f2f2d40}]
2017-03-21 07:15 775064 ----a-w- c:\program files (x86)\google\drive\googledrivesync64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ googledrivesyncing]
@="{81539fe6-33c7-4ce7-90c7-1c7b8f2f2d41}"
[hkey_classes_root\clsid\{81539fe6-33c7-4ce7-90c7-1c7b8f2f2d41}]
2017-03-21 07:15 775064 ----a-w- c:\program files (x86)\google\drive\googledrivesync64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrivepro1 (errorconflict)]
@="{8ba85c75-763b-4103-94eb-9470f12fe0f7}"
[hkey_classes_root\clsid\{8ba85c75-763b-4103-94eb-9470f12fe0f7}]
2017-02-22 22:56 2179376 ----a-w- c:\progra~1\micros~1\office16\grooveex.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrivepro2 (syncinprogress)]
@="{cd55129a-b1a1-438e-a425-cebc7dc684ee}"
[hkey_classes_root\clsid\{cd55129a-b1a1-438e-a425-cebc7dc684ee}]
2017-02-22 22:56 2179376 ----a-w- c:\progra~1\micros~1\office16\grooveex.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrivepro3 (insync)]
@="{e768cd3b-bddc-436d-9c13-e1b39ca257b1}"
[hkey_classes_root\clsid\{e768cd3b-bddc-436d-9c13-e1b39ca257b1}]
2017-02-22 22:56 2179376 ----a-w- c:\progra~1\micros~1\office16\grooveex.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"malwarebytes trayapp"=c:\program files\malwarebytes\anti-malware\mbamtray.exe [2016-12-14 2776528]
"bdagent"=c:\program files\bitdefender\bitdefender 2017\bdagent.exe [2017-03-30 322312]
"systrayapp"=c:\program files\idt\wdm\sttray64.exe [2010-03-17 487424]
.
------- bijkomende scan -------
.
ulocal page = c:\windows\system32\blank.htm
mlocal page = c:\windows\syswow64\blank.htm
uinternet settings,proxyoverride = *.local
ie: &verzenden naar onenote - c:\progra~1\micros~1\office16\onbttnie.dll/105
ie: e&xporteren naar microsoft excel - c:\progra~1\micros~1\office16\excel.exe/3000
tcp: dhcpnameserver = 192.168.2.254
filter: text/xml - {807583e5-5146-11d5-a672-00b0d022e945} - c:\program files (x86)\common files\microsoft shared\office16\msoxmlmf.dll
handler: mso-minsb.16 - {3459b272-cc19-4448-86c9-ddc3b4b2fad3} - c:\program files (x86)\microsoft office\office16\msosb.dll
handler: osf.16 - {5504be45-a83b-4808-900a-3a5c36e7f77a} - c:\program files (x86)\microsoft office\office16\msosb.dll
.
- - - - orphans verwijderd - - - -
.
hklm-run-syntpenh - c:\program files (x86)\synaptics\syntp\syntpenh.exe
.
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
"mscurrentcountry"=dword:000000b5
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
------------------------ andere aktieve processen ------------------------
.
c:\program files (x86)\teamviewer\teamviewer_service.exe
c:\program files (x86)\google\update\1.3.32.7\googlecrashhandler.exe
c:\program files (x86)\auslogics\boostspeed\boostspeed.exe
c:\program files (x86)\innovative solutions\drivermax\innostp.exe
c:\program files (x86)\innovative solutions\drivermax\drivermax.exe
c:\program files (x86)\innovative solutions\drivermax\drivermax.exe
c:\program files (x86)\teamviewer\teamviewer.exe
c:\program files (x86)\teamviewer\tv_w32.exe
.
**************************************************************************
.
voltooingstijd: 2017-04-01 12:52:51 - machine werd herstart
combofix-quarantined-files.txt 2017-04-01 10:52
.
pre-run: 50.793.631.744 bytes beschikbaar
post-run: 49.833.934.848 bytes beschikbaar
.
- - end of file - - b841d3ab75c1890221429f52267444f1
09ce7397af23d4c0b331b89d0297cc7e

[/hjt]
 
Nee, ik heb ook die update waar over esproken werd in de draad Buroblad windows 7 verwijdert en tioen was t over.
Gister opeens wel weer hetzelfde probleem, maar er was eergister een update binnengehaald, ik heb systeemherstel van vr die update teruggezet en nu draait het weer.

Zat te wachten met bedanken totdat ik doorkreeg dat jij laatste log gezien had.
 
Vreemd allemaal dat die update het veroorzaakt.

Min Win 7 Professional heeft geen enkel probleem, maar op mijn bureaublad heb ik dan ook het weergeven van snelkoppelingen uitgeschakeld.
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan