Ga naar inhoud

CPU gebruik overmatig hoog


Maaike*

Aanbevolen berichten

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\users\Maaike\AppData\Roaming\Avira

c:\programdata\Avira

c:\program files\Avira\AntiVir Desktop

c:\program files\Common Files\Nokia

C:\$AVG

c:\users\Maaike\AppData\Roaming\AVG2012

c:\windows\system32\drivers\AVG

c:\programdata\AVG2012

c:\programdata\Webroot

File::

c:\windows\system32\drivers\nmwcdnsu.sys

c:\windows\system32\drivers\avipbb.sys

c:\windows\system32\drivers\avkmgr.sys

c:\windows\system32\drivers\avgntflt.sys

C:\Windows\Installer\6e804.msi

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

[-HKLM\~\startupfolder\C:^Users^Maaike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]

Driver::

AntiVirSchedulerService

Avira Scheduler

nmwcdnsu

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een ieuw logje van hijackthis.

Link naar reactie
Delen op andere sites

  • Reacties 78
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Je kan ook proberen op te starten in veilige modus en dan de optie laatst gekende goede configuratie kiezen om door te gaan.

Alhoewel een systeemherstel ook moet kunnen want combofix maakt voor de scan een herstelpunt aan. Als je bij systeemherstel dan maar teruggaat naar het vorige herstelpunt, is enkel de laatste scan van combofix opnieuw te doen.

aangepast door kweezie wabbit
Link naar reactie
Delen op andere sites

Dat laatste bood inderdaad uitkomst.

Tot overmaat van ramp blijkt mijn windows nu niet meer legitiem. Kan wel kloppen, ik heb hier iig geen cd van Windows 7 namelijk..Zit me even af te vragen of ik nu een licentie moet kopen of een cd..?

Het taakbeheer doet het niet meer en ik krijg allerlei foutmeldingen van exe bestanden. maar ged, ik zit weer in de laptop.

CF:

ComboFix 12-02-22.01 - Maaike 24-02-2012 11:26:42.6.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3070.2097 [GMT 1:00]

Gestart vanuit: c:\users\Maaike\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Maaike\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\Installer\6e804.msi"

"c:\windows\system32\drivers\avgntflt.sys"

"c:\windows\system32\drivers\avipbb.sys"

"c:\windows\system32\drivers\avkmgr.sys"

"c:\windows\system32\drivers\nmwcdnsu.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\$AVG

c:\$avg\$VAULT\V_00000001.fil

c:\$avg\$VAULT\vvfolder.idx

c:\program files\Common Files\Nokia

c:\program files\Common Files\Nokia\Service Layer\A\iconv.dll

c:\program files\Common Files\Nokia\Service Layer\A\libxml2.dll

c:\program files\Common Files\Nokia\Service Layer\A\nsl_config.cfg

c:\program files\Common Files\Nokia\Service Layer\A\nsl_data_package_manager.cfg

c:\program files\Common Files\Nokia\Service Layer\A\nsl_download_manager.cfg

c:\program files\Common Files\Nokia\Service Layer\A\nsl_download_manager.dll

c:\program files\Common Files\Nokia\Service Layer\A\nsl_download_manager.mod

c:\program files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe

c:\program files\Common Files\Nokia\Service Layer\A\nsl_ip_port_manager.dll

c:\program files\Common Files\Nokia\Service Layer\A\nsl_ip_port_manager.mod

c:\program files\Common Files\Nokia\Service Layer\A\nsl_loader.dll

c:\program files\Common Files\Nokia\Service Layer\A\nsl_reinstaller.exe

c:\program files\Common Files\Nokia\Service Layer\A\nsl_service_provider.dll

c:\program files\Common Files\Nokia\Service Layer\A\nsl_service_provider.mod

c:\program files\Common Files\Nokia\Service Layer\A\nsl_usergroups.cfg

c:\program files\Common Files\Nokia\Service Layer\A\nsl_version.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\g_cs.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\productapiconfiguration.xml

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_adl_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_adl2_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_adl3.1_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_adl3_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_adl4_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_audiovisual_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_callcontrol_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_commonrf_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_communication_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_energymanagement_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_filetransfer_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_firmware_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_flash_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_framework_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_gsmrf_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_hardwaretest_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_hwaprogrammer_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_keyboardtest_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_main.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_noncel***arwireless_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_productdata_dataitems_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_productdata_handlers_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_productdata_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_productdata2_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_productinfo_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_programmingdevice_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_releaseversion.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_security_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_server_msg.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_wcdmarf_impl.dll

c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\tsscommunicationstreamapi_msg.dll

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\iconv.dll

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\libxml2.dll

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\ADLREVA00.adl

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\ADLREVC00.adl

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\BCM21351_usb2nd.fg

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\BCM21351_XSR16_usbalg.fg

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\RAP3Gv40_2nd.fg

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\RAP3Gv40_XSR17_alg.fg

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\RAPIDOv11_2nd.fg

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\RAPIDOv11_XSR15_alg.fg

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\RAPUv11_2nd.fg

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\RAPUv11_XSR17_alg.fg

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\STn8815_2nd.fg

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\STn8815_STNFMS_alg.fg

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\nsl_service_module_00001.cfg

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\nsl_service_module_00001.dll

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\nsl_service_module_00001.mod

c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\zlib1.dll

c:\program files\Common Files\Nokia\Service Layer\A\zlib1.dll

c:\program files\Common Files\Nokia\Tss\Communication API\cmn_tcs.dll

c:\program files\Common Files\Nokia\Tss\Communication API\cmn_usbdcm.dll

c:\program files\Common Files\Nokia\Tss\Communication API\dtl.dll

c:\program files\Common Files\Nokia\Tss\Communication API\tca_releaseversion.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_audiovisual_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_callcontrol_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_cdma_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_commonrf_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_communication_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_energymanagement_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_filetransfer_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_firmware_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_flash_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_framework_libps.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_gsmrf_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_hardwaretest_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_keyboardtest_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_noncel***arwireless_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_product_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_dataitems_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_productinfo_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_programmingdevice_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_security_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_utility_lib.dll

c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_wcdmarf_lib.dll

c:\program files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll

c:\programdata\AVG2012

c:\programdata\AVG2012\Cfg\admin.cfg

c:\programdata\AVG2012\Cfg\changecfgreg.cfg

c:\programdata\AVG2012\Cfg\csl.cfg

c:\programdata\AVG2012\Cfg\dav.cfg

c:\programdata\AVG2012\Cfg\erd.cfg

c:\programdata\AVG2012\Cfg\idp.cfg

c:\programdata\AVG2012\Cfg\idp2.cfg

c:\programdata\AVG2012\Cfg\krnl.cfg

c:\programdata\AVG2012\Cfg\mail.cfg

c:\programdata\AVG2012\Cfg\mailsrv.cfg

c:\programdata\AVG2012\Cfg\mailsrvvsapi.cfg

c:\programdata\AVG2012\Cfg\malrep.cfg

c:\programdata\AVG2012\Cfg\rsexcludes.cfg

c:\programdata\AVG2012\Cfg\sched.cfg

c:\programdata\AVG2012\Cfg\setup.cfg

c:\programdata\AVG2012\Cfg\spsrv.cfg

c:\programdata\AVG2012\Cfg\update.cfg

c:\programdata\AVG2012\Cfg\updatecomps.cfg

c:\programdata\AVG2012\Cfg\user.cfg

c:\programdata\AVG2012\cfgall\falsealarm.cfg

c:\programdata\AVG2012\cfgall\krnlall.cfg

c:\programdata\AVG2012\cfgall\updateall.cfg

c:\programdata\AVG2012\cfgall\userall.cfg

c:\programdata\AVG2012\Chjw\10189b7e189b6210.dat

c:\programdata\AVG2012\Chjw\10189b7e189b6210\avgcchff.dat

c:\programdata\AVG2012\Chjw\10189b7e189b6210\avgcchfi.dat

c:\programdata\AVG2012\Chjw\10189b7e189b6210\avgcchmf.dat

c:\programdata\AVG2012\Chjw\10189b7e189b6210\avgcchmi.dat

c:\programdata\AVG2012\Chjw\d89296d69296b908.dat

c:\programdata\AVG2012\Chjw\d89296d69296b908\avgcchff.dat

c:\programdata\AVG2012\Chjw\d89296d69296b908\avgcchfi.dat

c:\programdata\AVG2012\Chjw\d89296d69296b908\avgcchmf.dat

c:\programdata\AVG2012\Chjw\d89296d69296b908\avgcchmi.dat

c:\programdata\AVG2012\fet\d89296d69296b908.dat

c:\programdata\AVG2012\IDS\config\BehavioralEventProcessors.dat

c:\programdata\AVG2012\IDS\config\BehavioralEvents.dat

c:\programdata\AVG2012\IDS\config\Characteristics.dat

c:\programdata\AVG2012\IDS\config\Classifiers.dat

c:\programdata\AVG2012\IDS\config\Correlations.dat

c:\programdata\AVG2012\IDS\config\ExecutableEvents.dat

c:\programdata\AVG2012\IDS\config\FileCoverage.dat

c:\programdata\AVG2012\IDS\config\internalList.zip

c:\programdata\AVG2012\IDS\config\md5Cache.dat

c:\programdata\AVG2012\IDS\config\NetworkEvents.dat

c:\programdata\AVG2012\IDS\config\quarantinedList.zip

c:\programdata\AVG2012\IDS\config\RegistryCoverage.dat

c:\programdata\AVG2012\IDS\config\Relationships.dat

c:\programdata\AVG2012\IDS\config\ReportableEventMappings.dat

c:\programdata\AVG2012\IDS\config\SelfProtection.dat

c:\programdata\AVG2012\IDS\config\ShortcutCache.dat

c:\programdata\AVG2012\IDS\config\userList.zip

c:\programdata\AVG2012\IDS\config\XViewConfig.dat

c:\programdata\AVG2012\IDS\malwareprofile\backup.dat

c:\programdata\AVG2012\IDS\malwareprofile\nodes.dat

c:\programdata\AVG2012\IDS\profile\globalLoadable.gdb

c:\programdata\AVG2012\log\arklog.cfg

c:\programdata\AVG2012\log\avgcfg.log.lock

c:\programdata\AVG2012\log\avgcfgex.log.lock

c:\programdata\AVG2012\log\avgchjw.log.1

c:\programdata\AVG2012\log\avgchjw.log.2

c:\programdata\AVG2012\log\avgchjw.log.lock

c:\programdata\AVG2012\log\avgchjwsrv.log.lock

c:\programdata\AVG2012\log\avgcore.log.1

c:\programdata\AVG2012\log\avgcore.log.10

c:\programdata\AVG2012\log\avgcore.log.2

c:\programdata\AVG2012\log\avgcore.log.3

c:\programdata\AVG2012\log\avgcore.log.4

c:\programdata\AVG2012\log\avgcore.log.5

c:\programdata\AVG2012\log\avgcore.log.6

c:\programdata\AVG2012\log\avgcore.log.7

c:\programdata\AVG2012\log\avgcore.log.8

c:\programdata\AVG2012\log\avgcore.log.9

c:\programdata\AVG2012\log\avgcore.log.lock

c:\programdata\AVG2012\log\avgcsl.log.lock

c:\programdata\AVG2012\log\avgdecider.log.lock

c:\programdata\AVG2012\log\avgexc.log.lock

c:\programdata\AVG2012\log\avgidpagent.log.lock

c:\programdata\AVG2012\log\avgldr.log

c:\programdata\AVG2012\log\avgldr.log.lock

c:\programdata\AVG2012\log\avglng.log.lock

c:\programdata\AVG2012\log\avgmail.cfg

c:\programdata\AVG2012\log\avgns.log.lock

c:\programdata\AVG2012\log\avgpostinst.log.lock

c:\programdata\AVG2012\log\avgrs.log.1

c:\programdata\AVG2012\log\avgrs.log.2

c:\programdata\AVG2012\log\avgrs.log.lock

c:\programdata\AVG2012\log\avgscan.log.1

c:\programdata\AVG2012\log\avgscan.log.lock

c:\programdata\AVG2012\log\avgsched.log.1

c:\programdata\AVG2012\log\avgsched.log.2

c:\programdata\AVG2012\log\avgsched.log.lock

c:\programdata\AVG2012\log\avgsrm.log.lock

c:\programdata\AVG2012\log\avgsrmac.log.lock

c:\programdata\AVG2012\log\avgss.cfg

c:\programdata\AVG2012\log\avgtdi.log

c:\programdata\AVG2012\log\avgtdi.log.lock

c:\programdata\AVG2012\log\avgtray_idp_Maaike.log.lock

c:\programdata\AVG2012\log\avgual.log.lock

c:\programdata\AVG2012\log\avgui.log.lock

c:\programdata\AVG2012\log\avgui_idp_Maaike.log.lock

c:\programdata\AVG2012\log\avguidraw.log.lock

c:\programdata\AVG2012\log\avguilog.cfg

c:\programdata\AVG2012\log\avgupd.log.lock

c:\programdata\AVG2012\log\avgwd.log.lock

c:\programdata\AVG2012\log\avgwdsvc.log.lock

c:\programdata\AVG2012\log\avgwdsvc_idp_SYSTEM.log.lock

c:\programdata\AVG2012\log\cfgexlog.cfg

c:\programdata\AVG2012\log\cfglog.cfg

c:\programdata\AVG2012\log\chjwlog.cfg

c:\programdata\AVG2012\log\commonpriv.log.lock

c:\programdata\AVG2012\log\corelog.cfg

c:\programdata\AVG2012\log\csllog.cfg

c:\programdata\AVG2012\log\deciderlog.cfg

c:\programdata\AVG2012\log\emclog.cfg

c:\programdata\AVG2012\log\fixcfg.log.lock

c:\programdata\AVG2012\log\idplog.cfg

c:\programdata\AVG2012\log\ldrlog.cfg

c:\programdata\AVG2012\log\lnglog.cfg

c:\programdata\AVG2012\log\lscanlog.cfg

c:\programdata\AVG2012\log\nslog.cfg

c:\programdata\AVG2012\log\privlog.cfg

c:\programdata\AVG2012\log\publog.cfg

c:\programdata\AVG2012\log\rslog.cfg

c:\programdata\AVG2012\log\scanlog.cfg

c:\programdata\AVG2012\log\schedlog.cfg

c:\programdata\AVG2012\log\srmlog.cfg

c:\programdata\AVG2012\log\tdilog.cfg

c:\programdata\AVG2012\log\updlog.cfg

c:\programdata\AVG2012\log\vault.log.lock

c:\programdata\AVG2012\log\vaultlog.cfg

c:\programdata\AVG2012\log\wdlog.cfg

c:\programdata\AVG2012\log\wdsvclog.cfg

c:\programdata\AVG2012\process.bin

c:\programdata\AVG2012\scanlogs\srm.idx

c:\programdata\AVG2012\SetupBackup\AntiRkx.cab

c:\programdata\AVG2012\SetupBackup\Antivirx.cab

c:\programdata\AVG2012\SetupBackup\Avgx86.msi

c:\programdata\AVG2012\SetupBackup\basex.cab

c:\programdata\AVG2012\SetupBackup\COREx.cab

c:\programdata\AVG2012\SetupBackup\COREx86.msi

c:\programdata\AVG2012\SetupBackup\Emailsx.cab

c:\programdata\AVG2012\SetupBackup\GUIx.cab

c:\programdata\AVG2012\SetupBackup\IDPx.cab

c:\programdata\AVG2012\SetupBackup\lng_nlx.cab

c:\programdata\AVG2012\SetupBackup\lng_usx.cab

c:\programdata\AVG2012\SetupBackup\OnlnScx.cab

c:\programdata\AVG2012\SetupBackup\ResShldx.cab

c:\programdata\AVG2012\SetupBackup\SrchSrfx.cab

c:\programdata\AVG2012\SetupBackup\SSHttpBx.cab

c:\programdata\AVG2012\SetupBackup\TDIDrvx.cab

c:\programdata\AVG2012\SetupBackup\TuneUpx.cab

c:\programdata\AVG2012\SetupBackup\Updatex.cab

c:\programdata\AVG2012\update\download\avg12infoavi.ctf

c:\programdata\AVG2012\update\download\avg12infowin.ctf

c:\programdata\Avira

c:\programdata\Avira\AntiVir Desktop\addr_file.html

c:\programdata\Avira\AntiVir Desktop\CONFIG\AVWIN.INI

c:\programdata\Avira\AntiVir Desktop\EVENTDB\avevtdb.dbe

c:\programdata\Avira\AntiVir Desktop\EVENTDB\tchk.dbe

c:\programdata\Avira\AntiVir Desktop\JOBS\produpd.avj

c:\programdata\Avira\AntiVir Desktop\JOBS\scanjob.avj

c:\programdata\Avira\AntiVir Desktop\JOBS\startupd.avj

c:\programdata\Avira\AntiVir Desktop\JOBS\updjob.avj

c:\programdata\Avira\AntiVir Desktop\LOGFILES\avesvc.log

c:\programdata\Avira\AntiVir Desktop\LOGFILES\avguard.log

c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20120219-000601-0DC7A02D.LOG

c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20120219-000713-16F75963.LOG

c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20120219-000719-17BED2A7.LOG

c:\programdata\Avira\AntiVir Desktop\LOGFILES\sched.log

c:\programdata\Avira\AntiVir Desktop\LOGFILES\setup.log

c:\programdata\Avira\AntiVir Desktop\LOGFILES\Upd-2012-02-19-23-59-16.log

c:\programdata\Avira\AntiVir Desktop\PROFILES\folder.avp

c:\programdata\Avira\AntiVir Desktop\PROFILES\rootkit.avp

c:\programdata\Avira\AntiVir Desktop\REPORTS\5abd2cc9.avl

c:\programdata\Avira\AntiVir Desktop\REPORTS\5c6d03ac.avl

c:\programdata\Avira\AntiVir Desktop\REPORTS\69518dd2.avl

c:\programdata\Avira\AntiVir Desktop\TEMP\avguard1.tmp

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aecore.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aecore.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeexp.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeexp.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aegen.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aegen.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aehelp.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aehelp.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeheur.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeheur.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeoffice.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeoffice.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aepack.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aepack.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aesbx.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aesbx.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescn.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescn.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescript.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescript.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeset.dat

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeset.dat.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aevdf.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aevdf.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\ave2-win32-int.info

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\ave2-win32-int.info.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\peclkey-common-int.info

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\peclkey-common-int.info.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\rdf-common-int.info

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\rdf-common-int.info.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\scanner-win32-int.info

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\scanner-win32-int.info.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\vdf.info

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\vdf.info.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\webcat-common-int.info

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\webcat-common-int.info.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira12-win32-en-pecl-info.info

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira12-win32-en-pecl-info.info.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira12-win32-en-pecl.idx

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira12-win32-en-pecl.info

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira12-win32-en-pecl.info.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\aevdf.dat

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\aevdf.dat.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase002.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase002.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase003.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase003.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase004.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase004.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase005.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase005.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase006.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase006.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase007.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase007.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase008.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase008.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase009.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase009.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase010.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase010.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase011.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase011.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase012.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase012.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase013.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase013.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase014.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase014.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase015.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase015.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase016.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase016.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase017.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase017.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase018.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase018.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase019.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase019.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase020.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase020.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase021.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase021.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase022.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase022.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase023.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase023.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase024.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase024.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase025.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase025.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase026.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase026.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase027.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase027.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase028.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase028.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase029.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase029.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase030.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase030.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase031.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase031.vdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\rdf\common\int\antivir0.rdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\rdf\common\int\antivir0.rdf.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\scanner\win32\int\avreg.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\scanner\win32\int\avreg.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\scanner\win32\int\avreg.yml

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\scanner\win32\int\avreg.yml.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\scanner\win32\int\avscplr.dll

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\scanner\win32\int\avscplr.dll.gz

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\vbase000.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\vbase001.vdf

c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\vbase002.vdf

c:\programdata\Avira\AntiVir Desktop\UpdStartupLog.log

c:\programdata\Webroot

c:\users\Maaike\AppData\Roaming\AVG2012

c:\users\Maaike\AppData\Roaming\AVG2012\cfgall\userawacs.cfg

c:\users\Maaike\AppData\Roaming\AVG2012\cfgall\usergui.cfg

c:\users\Maaike\AppData\Roaming\Avira

c:\windows\Installer\6e804.msi

c:\windows\system32\drivers\AVG

c:\windows\system32\drivers\AVG\iavichjg.avm

c:\windows\system32\drivers\AVG\iavichjw.avm

c:\windows\system32\drivers\AVG\incavi.avm

c:\windows\system32\drivers\avgntflt.sys

c:\windows\system32\drivers\avipbb.sys

c:\windows\system32\drivers\avkmgr.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_nmwcdnsu

-------\Legacy_avipbb

-------\Legacy_avkmgr

-------\Service_avipbb

-------\Service_avkmgr

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-24 to 2012-02-24 ))))))))))))))))))))))))))))))

.

.

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-02-22 21:33 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-14 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-14 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-14 81920]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-14 67584]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-01 36864]

"OEM02Cfg.exe"="OEM02Cfg.exe" [2007-02-01 28672]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-22 4033440]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

backup=c:\windows\pss\QuickSet.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk

backup=c:\windows\pss\Rainmeter.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Maaike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1 .lnk]

path=c:\users\Maaike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1 .lnk

backup=c:\windows\pss\OpenOffice.org 3.1 .lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Maaike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperTweet.local.lnk]

path=c:\users\Maaike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperTweet.local.lnk

backup=c:\windows\pss\SuperTweet.local.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-04-17 17:31 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2007-03-21 09:33 1548288 ----a-w- c:\windows\System32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

2012-01-24 18:15 2716992 ----a-w- c:\program files\CCleaner\CCleaner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2012-01-31 12:13 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-10-04 14:05 273528 ----a-w- c:\program files\real\realplayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2011-05-12 19:41 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-22 57688]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MBAMPROTECTOR

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-24 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]

.

2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-23 21:13]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

TCP: DhcpNameServer = 192.168.2.1

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\windows\System32\TUProgSt.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

.

**************************************************************************

.

Voltooingstijd: 2012-02-24 14:08:27 - machine werd herstart

ComboFix-quarantined-files.txt 2012-02-24 13:08

ComboFix2.txt 2012-02-24 02:31

ComboFix3.txt 2012-02-22 17:30

ComboFix4.txt 2012-02-22 11:19

ComboFix5.txt 2012-02-24 10:19

.

Pre-Run: 48.412.073.984 bytes beschikbaar

Post-Run: 48.043.888.640 bytes beschikbaar

.

- - End Of File - - DEDB77F29167BDE2ACB338D6EF60D5B9

HJT:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:21:40, on 24-2-2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\notepad.exe

C:\Windows\explorer.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Maaike\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [OEM02Cfg.exe] OEM02Cfg.exe /d:2

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 7591 bytes

---------- Post toegevoegd om 14:28 ---------- Vorige post was om 14:24 ----------

Windows start trouwens niet meer normaal op, alleen via die veilige modus optie...

---------- Post toegevoegd om 14:36 ---------- Vorige post was om 14:28 ----------

Overigens is het processorgebruik onverandert hoog.

Link naar reactie
Delen op andere sites

Start Hijackthis op. Klik met de rechter muisknop op de icoon en kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”.

Vink alleen de items aan die hieronder zijn genoemd:

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

Klik op 'Fix checked' om de items te verwijderen.

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

C:\Program Files\Babylon

File::

c:\windows\system32\DRIVERS\avgldx86.sys

c:\windows\system32\DRIVERS\AVGIDSDriver.Sys

c:\windows\system32\DRIVERS\AVGIDSFilter.Sys

c:\windows\system32\DRIVERS\AVGIDSShim.Sys

c:\windows\system32\DRIVERS\AVGIDSEH.Sys

c:\windows\system32\DRIVERS\avgrkx86.sys

c:\windows\system32\DRIVERS\avgtdix.sys

Driver::

avgldx86

AVGIDSDriver

AVGIDSFilter

AVGIDSShim

AVGIDSEH

Avgrkx86

Avgtdix

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites

ComboFix 12-02-22.01 - Maaike 24-02-2012 15:29:49.7.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3070.1942 [GMT 1:00]

Gestart vanuit: c:\users\Maaike\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Maaike\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\DRIVERS\AVGIDSDriver.Sys"

"c:\windows\system32\DRIVERS\AVGIDSEH.Sys"

"c:\windows\system32\DRIVERS\AVGIDSFilter.Sys"

"c:\windows\system32\DRIVERS\AVGIDSShim.Sys"

"c:\windows\system32\DRIVERS\avgldx86.sys"

"c:\windows\system32\DRIVERS\avgrkx86.sys"

"c:\windows\system32\DRIVERS\avgtdix.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\DRIVERS\AVGIDSDriver.Sys

c:\windows\system32\DRIVERS\AVGIDSEH.Sys

c:\windows\system32\DRIVERS\AVGIDSFilter.Sys

c:\windows\system32\DRIVERS\AVGIDSShim.Sys

c:\windows\system32\DRIVERS\avgldx86.sys

c:\windows\system32\DRIVERS\avgrkx86.sys

c:\windows\system32\DRIVERS\avgtdix.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_AVGIDSDRIVER

-------\Legacy_AVGIDSEH

-------\Legacy_AVGIDSFILTER

-------\Legacy_AVGIDSSHIM

-------\Legacy_AVGLDX86

-------\Legacy_AVGRKX86

-------\Legacy_AVGTDIX

-------\Service_AVGIDSDriver

-------\Service_AVGIDSEH

-------\Service_AVGIDSFilter

-------\Service_AVGIDSShim

-------\Service_Avgldx86

-------\Service_Avgrkx86

-------\Service_Avgtdix

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-24 to 2012-02-24 ))))))))))))))))))))))))))))))

.

.

2012-02-24 15:25 . 2012-02-24 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-24 13:08 . 2012-02-24 15:29 -------- d-----w- c:\users\Maaike\AppData\Local\temp

2012-02-23 21:13 . 2012-02-22 21:20 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-02-23 21:13 . 2012-02-22 21:22 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-02-23 21:13 . 2012-02-22 21:21 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-02-23 21:13 . 2012-02-22 21:20 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-02-23 21:13 . 2012-02-22 21:22 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-02-23 21:13 . 2012-02-22 21:20 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-02-23 21:11 . 2012-02-22 21:33 41184 ----a-w- c:\windows\avastSS.scr

2012-02-23 21:11 . 2012-02-22 21:33 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-02-23 21:10 . 2012-02-23 21:10 -------- d-----w- c:\programdata\AVAST Software

2012-02-23 21:10 . 2012-02-23 21:10 -------- d-----w- c:\program files\AVAST Software

2012-02-21 15:51 . 2012-02-21 15:51 -------- d--h--w- c:\programdata\Common Files

2012-02-21 15:33 . 2012-02-23 20:58 -------- d-----w- c:\programdata\MFAData

2012-02-20 10:15 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-20 10:15 . 2012-02-20 10:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-19 23:34 . 2012-02-20 13:54 -------- d-----w- C:\Nieuwe map

2012-02-19 15:48 . 2012-02-19 15:48 -------- d-----w- C:\Anti-Malware

2012-02-18 15:54 . 2012-02-23 18:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-02-18 15:54 . 2012-02-21 09:35 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-02-14 21:25 . 2012-02-14 21:25 -------- d-----w- C:\ZooEasy

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-02-22 21:33 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-14 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-14 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-14 81920]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-14 67584]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-01 36864]

"OEM02Cfg.exe"="OEM02Cfg.exe" [2007-02-01 28672]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-22 4033440]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

backup=c:\windows\pss\QuickSet.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk

backup=c:\windows\pss\Rainmeter.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Maaike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1 .lnk]

path=c:\users\Maaike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1 .lnk

backup=c:\windows\pss\OpenOffice.org 3.1 .lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Maaike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperTweet.local.lnk]

path=c:\users\Maaike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperTweet.local.lnk

backup=c:\windows\pss\SuperTweet.local.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-04-17 17:31 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2007-03-21 09:33 1548288 ----a-w- c:\windows\System32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

2012-01-24 18:15 2716992 ----a-w- c:\program files\CCleaner\CCleaner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2012-01-31 12:13 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-10-04 14:05 273528 ----a-w- c:\program files\real\realplayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2011-05-12 19:41 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-23 136176]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-23 136176]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2009-12-22 1515520]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1343400]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-18 691696]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-22 57688]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-31 652360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-24 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-23 21:13]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-23 21:13]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(3252)

c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\windows\System32\TUProgSt.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Voltooingstijd: 2012-02-24 16:48:01 - machine werd herstart

ComboFix-quarantined-files.txt 2012-02-24 15:47

ComboFix2.txt 2012-02-24 13:08

ComboFix3.txt 2012-02-24 02:31

ComboFix4.txt 2012-02-22 17:30

ComboFix5.txt 2012-02-24 14:23

.

Pre-Run: 47.691.653.120 bytes beschikbaar

Post-Run: 47.520.731.136 bytes beschikbaar

.

- - End Of File - - EC59A67DC2728E5DDBC9E76EA61A0872

Link naar reactie
Delen op andere sites

Mooi zo.

Zijn er ook mommenten dat de cpu belasting normaal is? Met normaal bedoel ik een belasting van minder dan 15 à 20 %.

Maak eens een afbeelding van het taakbeheer als de cpu belasting weer piekt.

Druk gelijktijdig de toetsen Ctrl-Alt en Delete in en kies nu "Taakbeheer starten".

Selecteer de Tab Processen en klik vervolgens onderaan op "Processen van alle gebruikers weergeven".

Klik nu op de hoofding van de kolom "processor" tot de processen die cpu verbruiken bovenaan staan.

Zo zie je welk proces het meeste van je cpu kracht vraagt.

Maak nu van je Taakbeheer een afbeelding en voeg dit toe als bijlage in je volgende bericht zodat wij kunnen zien welk Proces/Processen zorgt voor de hoge CPU belasting.

Een afbeelding kan je maken met het knipprogramma.

Hoe je een bijlage toevoegt aan een bericht, kan je lezen in deze handleiding.

Link naar reactie
Delen op andere sites

Op dit moment schommelt hij eindelijk weer tussen de 0 en de 8 met soms een uitschieter naar 15 maar gaat dan snel weer richting de <10 ipv blijven hangen.

Gisteravond leek het ook alweer te verbeteren.

Ik heb wat zitten testen met chrome enzo en hij kan het weer makkelijk aan.

Ik hou het in de gaten en je op de hoogte, daar hij dit wel vaker had en dan ineens weer torenhoog werd en ik te vroeg juichte.

Link naar reactie
Delen op andere sites

Dan kunnen we ondertussen al wat tools opruimen.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall (met spatie voor de /)

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Het is aangewezen om de bestaande herstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen. Doe dit via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen".

Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem en dan heb je in geval van nood een herstelpunt naar een werkende configuratie.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.