Maaike*

Beste mensen, Gisteren was alles nog normaal en vandaag start ik mijn pc op en krijg ik een 'korrelig' beeld. Zo wel op facebook als op mijn eigen website Ik heb de videokaart nagelopen op updates en de hdmi kabels gecheckt en vraag me nu af waar dit aan kan liggen. Iemand een idee?

Wilde nog even laten weten dat ik met behulp van een IT 'er een format C en schone installatie heb gedaan. Laptop draait weer als een tierelier. Ontzettend bedankt voor jullie hulp, heb er veel van geleerd. Het blijft wat onduidelijk wat het nou was, maar goed, hij doet het weer en daar gaat het om!

Even en korte update. Prompt heb ik even mijn handen vol met wat andere zaken en heb ik noodgedwongen de laptop aan de kant moeten schuiven tot ik weer meer tijd heb, ondertussen gebruik makend van mijn netbook. Ik kom er zsm op terug en weer verder met de laptop problemen.

Het probleem is ook na een week niet weg en dus zo ongeveer gelijk aan mijn allereerste post. Hetzelfde geld in veilige modus. De kaartlezer wordt opnieuw niet herkend en ook tijdens het opstarten blijft hij soms hangen bij de cd (dat is nieuw). Ik weet het zo langzamerhand niet meer maar t ziet er niet al te best uit zo.

Herstel: Heb even wat open gezet hier in de veilige modus en ook hier piekt hij inmiddels op chrome. Met IE en evenveel tabs open geeft hij vooralsnog een lager cpu aan en hij daalt ook sneller. Ik ga dat morgen nog even nalopen in de veilige modus.

Ik heb de hele riedel gedeïnstalleerd en laptop herstart. Vervolgens deed de kaartlezer het weer, top! De afgelopen 2 dagen even het cpu in de gaten gehouden. en tijdje doet hij het goed, dan gaat het achteruit maar is er nog wel mee te werken en dan schiet hij weer vast op 100%. Van wat ik zie is het dan een combinatie van taakbeheer, dwm (beheer bureaubladvensters, af en toe de Kernel en het Antivirusprogramma. Ik zie het vaak afhankelijk zijn van wat er draait en als hij in 100 hangt komt hij maar met moeite en tijd terug naar 65. De laptop is dan echter zeer traag, ook met en cpu van 65, geheugen zit nog onder de helft dus dat kan het ook niet zijn. Het lijkt wel of de processor zich niet hersteld om een of andere rede. In de veilige modus loopt hij als een zonnetje. Maar, zou het een optie zijn om de processors te deïnstalleren en weer opnieuw te installeren net als met usb? Of gaan er dan dingen mis? Zo langzamerhand hebben we al heel wat uitgezocht, maar hij blijft eigenlijk dezelfde fouten geven, ergens moet er dus nog iets verkeerd zitten...maar wat?

Hij draait nog steeds prima... en gaat keurig netjes terug naar 0 na het pieken maar we gaan het weer even aankijken. Heb wel ineens een ander probleem, mijn kaartlezer doet het niet meer. Één kaartje pakt hij niet, de ander hangt hij vast in het aansluiten, dus je hoort steeds dat geluidje van een usb die ingeschakeld wordt in herhaling en ik zie hem niet verschijnen.

Ik heb hem uitgeschakeld, nu is er weer rust in cpu en draait hij weer lekker. Maar heb niet veel kunnen testen want ondertussen gaat het leven van alledag ook door. Morgen weer wat meer tijd, dan hou ik t ff in de gaten.

Ik krijg zelf niet goed helder welke service het probleem geeft, het gaat ook zo ontzettend snel. Ik zie wel steeds de Kernel omhoog ploppen. Eerder waren dit de searchindexen, maar sinds al het schoonmaken zijn die niet meer zo prominent. Bijgevoegd maar weer een screenshot. Hier staat chrome al enige tijd aan met 2 tabs open maar ik doe niks, enkel het knipselprogramma uitvoeren. Overigens heb ik een netbook met XP erop, die geeft helemaal geen cpu meldingen van het Kernel.

Helaas, het cpu is weer op 100% en surfen zo goed als onmogelijk. Gek toch he, dat hij af en toe herstelt om weer terug te kukelen en in de veilige modus stabiel draait

Vooralsnog lost dat inderdaad het probleem voor nu op, CPU netjes rond de 0 en 1% Maar... we kennen het he.. dan draait hij een tijdje en dan begint het weer, dus ik kijk het even aan. Het is wel fijn te zien dat hij weer richting de 0 gaat, zelfs met 2 tabbladen open...dat was eerst niet mogelijk.

Er staat: Verificatie 100% voltooid. Er zijn geen schendingen van de verificatie gevonden. Dan staat hij weer te knippen bij system 32 maar het is mij niet helemaal duidelijk of hij nog bezig is of klaar. ---------- Post toegevoegd om 16:57 ---------- Vorige post was om 16:56 ---------- Herstel: Er zijn geen schendingen van de integriteit gevonden.

We zijn echt weer terug bij af wat het cpu betreft. Zelfs na herstarten duurt het een eeuw. Heb nu eerst even IE open gezet, die hangt nog net niet maar duurt ook lang en schommelt tussen de 98 en 70% Hier even de afbeeldingen van bovenstaande reactie.

Ik weet niet precies waar chrome op dat moment mee bezig was, vermoedelijk gewoon het openen van mijn email. Maar het is nu alweer zover dat hij bij het openen van chrome zelf omhoog schiet/vastloopt en wanneer ik chrome uitschakel hangt hij rond de 40% Interessant is ook dat ik met chrome en taakbeheer in de veilige modus geen enkele last heb van het cpu. En hij heeft het een paar dagen gewoon gedaan, dus ff pagina laden, klein piekje en dan weer naar 1 % in de gewone modus. Heb 2 afbeeldingen ingevoegd, één van het cpu tijdens het openen van chrome, en één wanneer ik chrome weer afgesloten had. Edit: die komen via de normale modus, want via veilige modus kan ik ze niet bijvoegen. Met IE ga ik nog ff checken, geeft vooralsnog geen problemen (en als ik chrome al gestart heb klopt het cpu sowieso niet meer). SP1 staat inmiddels geïnstalleerd.

Toch nog maar even een met het knipprogramma gemaakt, want ik zag al dat je niet zoveel ziet van de printscreen.

Daar zijn we weer, incl hoog cpu. Ik zie nu niet meer de Index ed omhoogschieten maar wel iets met Kernel. Als ik opnieuw opstart aat alles weer goed. Staat hij een tijdje te draaien en met name wanneer ik chrome open of ermee ga surfen komen we weer op 100% en traagheid. Bij 'stilstand' draait hij rond de 30. Even een prtscrn gemaakt, had de andere optie wel gezien, maar dit gaat wat sneller, mits het voldoende zichtbaar is, anders doorloop ik die andere procedure nog even.

Nee hoor, 's nachts gaatie gewoon uit en soms overdag herstart ik 'm. Maar dat is goed. Ik zal het de komende dagen in de gaten houden. Je weet maar nooit idd..

Done. Hij draait weer als een tierelier en dat al 24u+ Een hele prestatie tov een week geleden ;-) Ontzettend bedankt kweezie wabbit, ben hier super blij mee! Ik kijk het nog even aan, maar verwacht nu geen problemen meer. Als hij het morgen nog doet, zal ik dit topic markeren als opgelost.

Op dit moment schommelt hij eindelijk weer tussen de 0 en de 8 met soms een uitschieter naar 15 maar gaat dan snel weer richting de <10 ipv blijven hangen. Gisteravond leek het ook alweer te verbeteren. Ik heb wat zitten testen met chrome enzo en hij kan het weer makkelijk aan. Ik hou het in de gaten en je op de hoogte, daar hij dit wel vaker had en dan ineens weer torenhoog werd en ik te vroeg juichte.

Hij start weer op, super. Voor de rest even ccleaner overal doorheen gehaald, heeft en hoop registerproblemen opgelost (zo'n 1140). CPU is nog steeds niet goed.

ComboFix 12-02-22.01 - Maaike 24-02-2012 15:29:49.7.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3070.1942 [GMT 1:00] Gestart vanuit: c:\users\Maaike\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Maaike\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\DRIVERS\AVGIDSDriver.Sys" "c:\windows\system32\DRIVERS\AVGIDSEH.Sys" "c:\windows\system32\DRIVERS\AVGIDSFilter.Sys" "c:\windows\system32\DRIVERS\AVGIDSShim.Sys" "c:\windows\system32\DRIVERS\avgldx86.sys" "c:\windows\system32\DRIVERS\avgrkx86.sys" "c:\windows\system32\DRIVERS\avgtdix.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\DRIVERS\AVGIDSDriver.Sys c:\windows\system32\DRIVERS\AVGIDSEH.Sys c:\windows\system32\DRIVERS\AVGIDSFilter.Sys c:\windows\system32\DRIVERS\AVGIDSShim.Sys c:\windows\system32\DRIVERS\avgldx86.sys c:\windows\system32\DRIVERS\avgrkx86.sys c:\windows\system32\DRIVERS\avgtdix.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_AVGIDSDRIVER -------\Legacy_AVGIDSEH -------\Legacy_AVGIDSFILTER -------\Legacy_AVGIDSSHIM -------\Legacy_AVGLDX86 -------\Legacy_AVGRKX86 -------\Legacy_AVGTDIX -------\Service_AVGIDSDriver -------\Service_AVGIDSEH -------\Service_AVGIDSFilter -------\Service_AVGIDSShim -------\Service_Avgldx86 -------\Service_Avgrkx86 -------\Service_Avgtdix . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))) . . 2012-02-24 15:25 . 2012-02-24 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-24 13:08 . 2012-02-24 15:29 -------- d-----w- c:\users\Maaike\AppData\Local\temp 2012-02-23 21:13 . 2012-02-22 21:20 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-02-23 21:13 . 2012-02-22 21:22 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-02-23 21:13 . 2012-02-22 21:21 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-02-23 21:13 . 2012-02-22 21:20 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-02-23 21:13 . 2012-02-22 21:22 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-02-23 21:13 . 2012-02-22 21:20 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-02-23 21:11 . 2012-02-22 21:33 41184 ----a-w- c:\windows\avastSS.scr 2012-02-23 21:11 . 2012-02-22 21:33 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-02-23 21:10 . 2012-02-23 21:10 -------- d-----w- c:\programdata\AVAST Software 2012-02-23 21:10 . 2012-02-23 21:10 -------- d-----w- c:\program files\AVAST Software 2012-02-21 15:51 . 2012-02-21 15:51 -------- d--h--w- c:\programdata\Common Files 2012-02-21 15:33 . 2012-02-23 20:58 -------- d-----w- c:\programdata\MFAData 2012-02-20 10:15 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-20 10:15 . 2012-02-20 10:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-19 23:34 . 2012-02-20 13:54 -------- d-----w- C:\Nieuwe map 2012-02-19 15:48 . 2012-02-19 15:48 -------- d-----w- C:\Anti-Malware 2012-02-18 15:54 . 2012-02-23 18:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-02-18 15:54 . 2012-02-21 09:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-02-14 21:25 . 2012-02-14 21:25 -------- d-----w- C:\ZooEasy . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-02-22 21:33 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-14 8433664] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-14 81920] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-14 67584] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-01 36864] "OEM02Cfg.exe"="OEM02Cfg.exe" [2007-02-01 28672] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-22 4033440] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk backup=c:\windows\pss\QuickSet.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk backup=c:\windows\pss\Rainmeter.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Maaike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1 .lnk] path=c:\users\Maaike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1 .lnk backup=c:\windows\pss\OpenOffice.org 3.1 .lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Maaike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperTweet.local.lnk] path=c:\users\Maaike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperTweet.local.lnk backup=c:\windows\pss\SuperTweet.local.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-04-17 17:31 159744 ----a-w- c:\program files\DellTPad\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2007-03-21 09:33 1548288 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] 2012-01-24 18:15 2716992 ----a-w- c:\program files\CCleaner\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-01-31 12:13 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-10-04 14:05 273528 ----a-w- c:\program files\real\realplayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-05-12 19:41 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe . R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-23 136176] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-23 136176] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2009-12-22 1515520] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1343400] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-18 691696] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-22 57688] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-31 652360] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2012-02-24 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28] . 2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-23 21:13] . 2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-23 21:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(3252) c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\windows\System32\TUProgSt.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\taskhost.exe c:\windows\system32\sppsvc.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2012-02-24 16:48:01 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-24 15:47 ComboFix2.txt 2012-02-24 13:08 ComboFix3.txt 2012-02-24 02:31 ComboFix4.txt 2012-02-22 17:30 ComboFix5.txt 2012-02-24 14:23 . Pre-Run: 47.691.653.120 bytes beschikbaar Post-Run: 47.520.731.136 bytes beschikbaar . - - End Of File - - EC59A67DC2728E5DDBC9E76EA61A0872

Dat laatste bood inderdaad uitkomst. Tot overmaat van ramp blijkt mijn windows nu niet meer legitiem. Kan wel kloppen, ik heb hier iig geen cd van Windows 7 namelijk..Zit me even af te vragen of ik nu een licentie moet kopen of een cd..? Het taakbeheer doet het niet meer en ik krijg allerlei foutmeldingen van exe bestanden. maar ged, ik zit weer in de laptop. CF: ComboFix 12-02-22.01 - Maaike 24-02-2012 11:26:42.6.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3070.2097 [GMT 1:00] Gestart vanuit: c:\users\Maaike\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Maaike\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Installer\6e804.msi" "c:\windows\system32\drivers\avgntflt.sys" "c:\windows\system32\drivers\avipbb.sys" "c:\windows\system32\drivers\avkmgr.sys" "c:\windows\system32\drivers\nmwcdnsu.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\$AVG c:\$avg\$VAULT\V_00000001.fil c:\$avg\$VAULT\vvfolder.idx c:\program files\Common Files\Nokia c:\program files\Common Files\Nokia\Service Layer\A\iconv.dll c:\program files\Common Files\Nokia\Service Layer\A\libxml2.dll c:\program files\Common Files\Nokia\Service Layer\A\nsl_config.cfg c:\program files\Common Files\Nokia\Service Layer\A\nsl_data_package_manager.cfg c:\program files\Common Files\Nokia\Service Layer\A\nsl_download_manager.cfg c:\program files\Common Files\Nokia\Service Layer\A\nsl_download_manager.dll c:\program files\Common Files\Nokia\Service Layer\A\nsl_download_manager.mod c:\program files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe c:\program files\Common Files\Nokia\Service Layer\A\nsl_ip_port_manager.dll c:\program files\Common Files\Nokia\Service Layer\A\nsl_ip_port_manager.mod c:\program files\Common Files\Nokia\Service Layer\A\nsl_loader.dll c:\program files\Common Files\Nokia\Service Layer\A\nsl_reinstaller.exe c:\program files\Common Files\Nokia\Service Layer\A\nsl_service_provider.dll c:\program files\Common Files\Nokia\Service Layer\A\nsl_service_provider.mod c:\program files\Common Files\Nokia\Service Layer\A\nsl_usergroups.cfg c:\program files\Common Files\Nokia\Service Layer\A\nsl_version.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\g_cs.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\productapiconfiguration.xml c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_adl_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_adl2_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_adl3.1_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_adl3_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_adl4_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_audiovisual_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_callcontrol_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_commonrf_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_communication_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_energymanagement_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_filetransfer_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_firmware_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_flash_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_framework_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_gsmrf_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_hardwaretest_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_hwaprogrammer_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_keyboardtest_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_main.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_noncel***arwireless_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_productdata_dataitems_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_productdata_handlers_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_productdata_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_productdata2_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_productinfo_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_programmingdevice_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_releaseversion.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_security_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_server_msg.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\ta_wcdmarf_impl.dll c:\program files\Common Files\Nokia\Service Layer\A\NslProductApi\tsscommunicationstreamapi_msg.dll c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\iconv.dll c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\libxml2.dll c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\ADLREVA00.adl c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\ADLREVC00.adl c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\BCM21351_usb2nd.fg c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\BCM21351_XSR16_usbalg.fg c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\RAP3Gv40_2nd.fg c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\RAP3Gv40_XSR17_alg.fg c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\RAPIDOv11_2nd.fg c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\RAPIDOv11_XSR15_alg.fg c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\RAPUv11_2nd.fg c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\RAPUv11_XSR17_alg.fg c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\STn8815_2nd.fg c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\Loaders\STn8815_STNFMS_alg.fg c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\nsl_service_module_00001.cfg c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\nsl_service_module_00001.dll c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\nsl_service_module_00001.mod c:\program files\Common Files\Nokia\Service Layer\A\Service Modules\ServiceModule_00001\zlib1.dll c:\program files\Common Files\Nokia\Service Layer\A\zlib1.dll c:\program files\Common Files\Nokia\Tss\Communication API\cmn_tcs.dll c:\program files\Common Files\Nokia\Tss\Communication API\cmn_usbdcm.dll c:\program files\Common Files\Nokia\Tss\Communication API\dtl.dll c:\program files\Common Files\Nokia\Tss\Communication API\tca_releaseversion.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_audiovisual_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_callcontrol_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_cdma_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_commonrf_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_communication_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_energymanagement_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_filetransfer_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_firmware_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_flash_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_framework_libps.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_gsmrf_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_hardwaretest_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_keyboardtest_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_noncel***arwireless_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_product_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_dataitems_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_productinfo_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_programmingdevice_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_security_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_utility_lib.dll c:\program files\Common Files\Nokia\Tss\Product API Libraries\ta_wcdmarf_lib.dll c:\program files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll c:\programdata\AVG2012 c:\programdata\AVG2012\Cfg\admin.cfg c:\programdata\AVG2012\Cfg\changecfgreg.cfg c:\programdata\AVG2012\Cfg\csl.cfg c:\programdata\AVG2012\Cfg\dav.cfg c:\programdata\AVG2012\Cfg\erd.cfg c:\programdata\AVG2012\Cfg\idp.cfg c:\programdata\AVG2012\Cfg\idp2.cfg c:\programdata\AVG2012\Cfg\krnl.cfg c:\programdata\AVG2012\Cfg\mail.cfg c:\programdata\AVG2012\Cfg\mailsrv.cfg c:\programdata\AVG2012\Cfg\mailsrvvsapi.cfg c:\programdata\AVG2012\Cfg\malrep.cfg c:\programdata\AVG2012\Cfg\rsexcludes.cfg c:\programdata\AVG2012\Cfg\sched.cfg c:\programdata\AVG2012\Cfg\setup.cfg c:\programdata\AVG2012\Cfg\spsrv.cfg c:\programdata\AVG2012\Cfg\update.cfg c:\programdata\AVG2012\Cfg\updatecomps.cfg c:\programdata\AVG2012\Cfg\user.cfg c:\programdata\AVG2012\cfgall\falsealarm.cfg c:\programdata\AVG2012\cfgall\krnlall.cfg c:\programdata\AVG2012\cfgall\updateall.cfg c:\programdata\AVG2012\cfgall\userall.cfg c:\programdata\AVG2012\Chjw\10189b7e189b6210.dat c:\programdata\AVG2012\Chjw\10189b7e189b6210\avgcchff.dat c:\programdata\AVG2012\Chjw\10189b7e189b6210\avgcchfi.dat c:\programdata\AVG2012\Chjw\10189b7e189b6210\avgcchmf.dat c:\programdata\AVG2012\Chjw\10189b7e189b6210\avgcchmi.dat c:\programdata\AVG2012\Chjw\d89296d69296b908.dat c:\programdata\AVG2012\Chjw\d89296d69296b908\avgcchff.dat c:\programdata\AVG2012\Chjw\d89296d69296b908\avgcchfi.dat c:\programdata\AVG2012\Chjw\d89296d69296b908\avgcchmf.dat c:\programdata\AVG2012\Chjw\d89296d69296b908\avgcchmi.dat c:\programdata\AVG2012\fet\d89296d69296b908.dat c:\programdata\AVG2012\IDS\config\BehavioralEventProcessors.dat c:\programdata\AVG2012\IDS\config\BehavioralEvents.dat c:\programdata\AVG2012\IDS\config\Characteristics.dat c:\programdata\AVG2012\IDS\config\Classifiers.dat c:\programdata\AVG2012\IDS\config\Correlations.dat c:\programdata\AVG2012\IDS\config\ExecutableEvents.dat c:\programdata\AVG2012\IDS\config\FileCoverage.dat c:\programdata\AVG2012\IDS\config\internalList.zip c:\programdata\AVG2012\IDS\config\md5Cache.dat c:\programdata\AVG2012\IDS\config\NetworkEvents.dat c:\programdata\AVG2012\IDS\config\quarantinedList.zip c:\programdata\AVG2012\IDS\config\RegistryCoverage.dat c:\programdata\AVG2012\IDS\config\Relationships.dat c:\programdata\AVG2012\IDS\config\ReportableEventMappings.dat c:\programdata\AVG2012\IDS\config\SelfProtection.dat c:\programdata\AVG2012\IDS\config\ShortcutCache.dat c:\programdata\AVG2012\IDS\config\userList.zip c:\programdata\AVG2012\IDS\config\XViewConfig.dat c:\programdata\AVG2012\IDS\malwareprofile\backup.dat c:\programdata\AVG2012\IDS\malwareprofile\nodes.dat c:\programdata\AVG2012\IDS\profile\globalLoadable.gdb c:\programdata\AVG2012\log\arklog.cfg c:\programdata\AVG2012\log\avgcfg.log.lock c:\programdata\AVG2012\log\avgcfgex.log.lock c:\programdata\AVG2012\log\avgchjw.log.1 c:\programdata\AVG2012\log\avgchjw.log.2 c:\programdata\AVG2012\log\avgchjw.log.lock c:\programdata\AVG2012\log\avgchjwsrv.log.lock c:\programdata\AVG2012\log\avgcore.log.1 c:\programdata\AVG2012\log\avgcore.log.10 c:\programdata\AVG2012\log\avgcore.log.2 c:\programdata\AVG2012\log\avgcore.log.3 c:\programdata\AVG2012\log\avgcore.log.4 c:\programdata\AVG2012\log\avgcore.log.5 c:\programdata\AVG2012\log\avgcore.log.6 c:\programdata\AVG2012\log\avgcore.log.7 c:\programdata\AVG2012\log\avgcore.log.8 c:\programdata\AVG2012\log\avgcore.log.9 c:\programdata\AVG2012\log\avgcore.log.lock c:\programdata\AVG2012\log\avgcsl.log.lock c:\programdata\AVG2012\log\avgdecider.log.lock c:\programdata\AVG2012\log\avgexc.log.lock c:\programdata\AVG2012\log\avgidpagent.log.lock c:\programdata\AVG2012\log\avgldr.log c:\programdata\AVG2012\log\avgldr.log.lock c:\programdata\AVG2012\log\avglng.log.lock c:\programdata\AVG2012\log\avgmail.cfg c:\programdata\AVG2012\log\avgns.log.lock c:\programdata\AVG2012\log\avgpostinst.log.lock c:\programdata\AVG2012\log\avgrs.log.1 c:\programdata\AVG2012\log\avgrs.log.2 c:\programdata\AVG2012\log\avgrs.log.lock c:\programdata\AVG2012\log\avgscan.log.1 c:\programdata\AVG2012\log\avgscan.log.lock c:\programdata\AVG2012\log\avgsched.log.1 c:\programdata\AVG2012\log\avgsched.log.2 c:\programdata\AVG2012\log\avgsched.log.lock c:\programdata\AVG2012\log\avgsrm.log.lock c:\programdata\AVG2012\log\avgsrmac.log.lock c:\programdata\AVG2012\log\avgss.cfg c:\programdata\AVG2012\log\avgtdi.log c:\programdata\AVG2012\log\avgtdi.log.lock c:\programdata\AVG2012\log\avgtray_idp_Maaike.log.lock c:\programdata\AVG2012\log\avgual.log.lock c:\programdata\AVG2012\log\avgui.log.lock c:\programdata\AVG2012\log\avgui_idp_Maaike.log.lock c:\programdata\AVG2012\log\avguidraw.log.lock c:\programdata\AVG2012\log\avguilog.cfg c:\programdata\AVG2012\log\avgupd.log.lock c:\programdata\AVG2012\log\avgwd.log.lock c:\programdata\AVG2012\log\avgwdsvc.log.lock c:\programdata\AVG2012\log\avgwdsvc_idp_SYSTEM.log.lock c:\programdata\AVG2012\log\cfgexlog.cfg c:\programdata\AVG2012\log\cfglog.cfg c:\programdata\AVG2012\log\chjwlog.cfg c:\programdata\AVG2012\log\commonpriv.log.lock c:\programdata\AVG2012\log\corelog.cfg c:\programdata\AVG2012\log\csllog.cfg c:\programdata\AVG2012\log\deciderlog.cfg c:\programdata\AVG2012\log\emclog.cfg c:\programdata\AVG2012\log\fixcfg.log.lock c:\programdata\AVG2012\log\idplog.cfg c:\programdata\AVG2012\log\ldrlog.cfg c:\programdata\AVG2012\log\lnglog.cfg c:\programdata\AVG2012\log\lscanlog.cfg c:\programdata\AVG2012\log\nslog.cfg c:\programdata\AVG2012\log\privlog.cfg c:\programdata\AVG2012\log\publog.cfg c:\programdata\AVG2012\log\rslog.cfg c:\programdata\AVG2012\log\scanlog.cfg c:\programdata\AVG2012\log\schedlog.cfg c:\programdata\AVG2012\log\srmlog.cfg c:\programdata\AVG2012\log\tdilog.cfg c:\programdata\AVG2012\log\updlog.cfg c:\programdata\AVG2012\log\vault.log.lock c:\programdata\AVG2012\log\vaultlog.cfg c:\programdata\AVG2012\log\wdlog.cfg c:\programdata\AVG2012\log\wdsvclog.cfg c:\programdata\AVG2012\process.bin c:\programdata\AVG2012\scanlogs\srm.idx c:\programdata\AVG2012\SetupBackup\AntiRkx.cab c:\programdata\AVG2012\SetupBackup\Antivirx.cab c:\programdata\AVG2012\SetupBackup\Avgx86.msi c:\programdata\AVG2012\SetupBackup\basex.cab c:\programdata\AVG2012\SetupBackup\COREx.cab c:\programdata\AVG2012\SetupBackup\COREx86.msi c:\programdata\AVG2012\SetupBackup\Emailsx.cab c:\programdata\AVG2012\SetupBackup\GUIx.cab c:\programdata\AVG2012\SetupBackup\IDPx.cab c:\programdata\AVG2012\SetupBackup\lng_nlx.cab c:\programdata\AVG2012\SetupBackup\lng_usx.cab c:\programdata\AVG2012\SetupBackup\OnlnScx.cab c:\programdata\AVG2012\SetupBackup\ResShldx.cab c:\programdata\AVG2012\SetupBackup\SrchSrfx.cab c:\programdata\AVG2012\SetupBackup\SSHttpBx.cab c:\programdata\AVG2012\SetupBackup\TDIDrvx.cab c:\programdata\AVG2012\SetupBackup\TuneUpx.cab c:\programdata\AVG2012\SetupBackup\Updatex.cab c:\programdata\AVG2012\update\download\avg12infoavi.ctf c:\programdata\AVG2012\update\download\avg12infowin.ctf c:\programdata\Avira c:\programdata\Avira\AntiVir Desktop\addr_file.html c:\programdata\Avira\AntiVir Desktop\CONFIG\AVWIN.INI c:\programdata\Avira\AntiVir Desktop\EVENTDB\avevtdb.dbe c:\programdata\Avira\AntiVir Desktop\EVENTDB\tchk.dbe c:\programdata\Avira\AntiVir Desktop\JOBS\produpd.avj c:\programdata\Avira\AntiVir Desktop\JOBS\scanjob.avj c:\programdata\Avira\AntiVir Desktop\JOBS\startupd.avj c:\programdata\Avira\AntiVir Desktop\JOBS\updjob.avj c:\programdata\Avira\AntiVir Desktop\LOGFILES\avesvc.log c:\programdata\Avira\AntiVir Desktop\LOGFILES\avguard.log c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20120219-000601-0DC7A02D.LOG c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20120219-000713-16F75963.LOG c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20120219-000719-17BED2A7.LOG c:\programdata\Avira\AntiVir Desktop\LOGFILES\sched.log c:\programdata\Avira\AntiVir Desktop\LOGFILES\setup.log c:\programdata\Avira\AntiVir Desktop\LOGFILES\Upd-2012-02-19-23-59-16.log c:\programdata\Avira\AntiVir Desktop\PROFILES\folder.avp c:\programdata\Avira\AntiVir Desktop\PROFILES\rootkit.avp c:\programdata\Avira\AntiVir Desktop\REPORTS\5abd2cc9.avl c:\programdata\Avira\AntiVir Desktop\REPORTS\5c6d03ac.avl c:\programdata\Avira\AntiVir Desktop\REPORTS\69518dd2.avl c:\programdata\Avira\AntiVir Desktop\TEMP\avguard1.tmp c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aecore.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aecore.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeexp.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeexp.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aegen.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aegen.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aehelp.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aehelp.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeheur.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeheur.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeoffice.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeoffice.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aepack.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aepack.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aesbx.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aesbx.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescn.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescn.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescript.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescript.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeset.dat c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeset.dat.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aevdf.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aevdf.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\ave2-win32-int.info c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\ave2-win32-int.info.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\peclkey-common-int.info c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\peclkey-common-int.info.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\rdf-common-int.info c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\rdf-common-int.info.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\scanner-win32-int.info c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\scanner-win32-int.info.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\vdf.info c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\vdf.info.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\webcat-common-int.info c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\webcat-common-int.info.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira12-win32-en-pecl-info.info c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira12-win32-en-pecl-info.info.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira12-win32-en-pecl.idx c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira12-win32-en-pecl.info c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira12-win32-en-pecl.info.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\aevdf.dat c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\aevdf.dat.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase002.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase002.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase003.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase003.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase004.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase004.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase005.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase005.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase006.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase006.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase007.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase007.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase008.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase008.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase009.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase009.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase010.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase010.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase011.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase011.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase012.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase012.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase013.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase013.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase014.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase014.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase015.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase015.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase016.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase016.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase017.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase017.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase018.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase018.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase019.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase019.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase020.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase020.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase021.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase021.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase022.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase022.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase023.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase023.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase024.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase024.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase025.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase025.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase026.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase026.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase027.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase027.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase028.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase028.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase029.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase029.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase030.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase030.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase031.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase031.vdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\rdf\common\int\antivir0.rdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\rdf\common\int\antivir0.rdf.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\scanner\win32\int\avreg.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\scanner\win32\int\avreg.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\scanner\win32\int\avreg.yml c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\scanner\win32\int\avreg.yml.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\scanner\win32\int\avscplr.dll c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\scanner\win32\int\avscplr.dll.gz c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\vbase000.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\vbase001.vdf c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\vbase002.vdf c:\programdata\Avira\AntiVir Desktop\UpdStartupLog.log c:\programdata\Webroot c:\users\Maaike\AppData\Roaming\AVG2012 c:\users\Maaike\AppData\Roaming\AVG2012\cfgall\userawacs.cfg c:\users\Maaike\AppData\Roaming\AVG2012\cfgall\usergui.cfg c:\users\Maaike\AppData\Roaming\Avira c:\windows\Installer\6e804.msi c:\windows\system32\drivers\AVG c:\windows\system32\drivers\AVG\iavichjg.avm c:\windows\system32\drivers\AVG\iavichjw.avm c:\windows\system32\drivers\AVG\incavi.avm c:\windows\system32\drivers\avgntflt.sys c:\windows\system32\drivers\avipbb.sys c:\windows\system32\drivers\avkmgr.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_nmwcdnsu -------\Legacy_avipbb -------\Legacy_avkmgr -------\Service_avipbb -------\Service_avkmgr . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))) . . . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-02-22 21:33 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-14 8433664] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-14 81920] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-14 67584] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-01 36864] "OEM02Cfg.exe"="OEM02Cfg.exe" [2007-02-01 28672] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-22 4033440] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk backup=c:\windows\pss\QuickSet.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk backup=c:\windows\pss\Rainmeter.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Maaike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1 .lnk] path=c:\users\Maaike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1 .lnk backup=c:\windows\pss\OpenOffice.org 3.1 .lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Maaike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperTweet.local.lnk] path=c:\users\Maaike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperTweet.local.lnk backup=c:\windows\pss\SuperTweet.local.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-04-17 17:31 159744 ----a-w- c:\program files\DellTPad\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2007-03-21 09:33 1548288 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] 2012-01-24 18:15 2716992 ----a-w- c:\program files\CCleaner\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-01-31 12:13 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-10-04 14:05 273528 ----a-w- c:\program files\real\realplayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-05-12 19:41 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe . R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-22 57688] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MBAMPROTECTOR . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2012-02-24 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28] . 2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-23 21:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm TCP: DhcpNameServer = 192.168.2.1 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\windows\System32\TUProgSt.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\sppsvc.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe . ************************************************************************** . Voltooingstijd: 2012-02-24 14:08:27 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-24 13:08 ComboFix2.txt 2012-02-24 02:31 ComboFix3.txt 2012-02-22 17:30 ComboFix4.txt 2012-02-22 11:19 ComboFix5.txt 2012-02-24 10:19 . Pre-Run: 48.412.073.984 bytes beschikbaar Post-Run: 48.043.888.640 bytes beschikbaar . - - End Of File - - DEDB77F29167BDE2ACB338D6EF60D5B9 HJT: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:21:40, on 24-2-2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\OEM02Mon.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Maaike\Desktop\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [OEM02Cfg.exe] OEM02Cfg.exe /d:2 O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7591 bytes ---------- Post toegevoegd om 14:28 ---------- Vorige post was om 14:24 ---------- Windows start trouwens niet meer normaal op, alleen via die veilige modus optie... ---------- Post toegevoegd om 14:36 ---------- Vorige post was om 14:28 ---------- Overigens is het processorgebruik onverandert hoog.

Inmiddels na restart door Combofix start windows niet meer. In de 2de StartUp Repair wordt gevraagd om gebruik te maken van systeemherstel. Heb het geweigerd om reden dat we dan weer overnieuw kunnen beginnen maar twijfel wel. Wat alsie helemaal niet meer start?

Hierbij nog even een printscreen daar ik zie dat het (nog) steeds dezelfde zijn die voor CPU problemen zorgen (heb ze even met een zwart bolletje gemarkeerd). Hoop dat het zo beter te zien is dan de vorige keer.

Geloof dat ik iets te snel las en dat bestandje idd van AVG was die er opgeruimd kon worden omdat ik AVG verwijdert had. Die vreemde installer geeft zich uit voor nokia installer AVAST ge-update en gedraaid: vond niets MBAM nog een keer: vond ook niets. Had toch liever gehad van wel, weet je tenminste wat over wát er aan de hand is... Wat betreft onderstaande log: Evernote staat niet meer op mijn pc AVG ook niet WebRoot (spysweeper) ook niet meer. ComboFix 12-02-22.01 - Maaike 24-02-2012 2:53.5.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3070.2295 [GMT 1:00] Gestart vanuit: c:\users\Maaike\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))) . . 2012-02-24 02:20 . 2012-02-24 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-23 21:13 . 2012-02-22 21:20 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-02-23 21:13 . 2012-02-22 21:22 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-02-23 21:13 . 2012-02-22 21:21 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-02-23 21:13 . 2012-02-22 21:20 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-02-23 21:13 . 2012-02-22 21:22 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-02-23 21:13 . 2012-02-22 21:20 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-02-23 21:11 . 2012-02-22 21:33 41184 ----a-w- c:\windows\avastSS.scr 2012-02-23 21:11 . 2012-02-22 21:33 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-02-23 21:10 . 2012-02-23 21:10 -------- d-----w- c:\programdata\AVAST Software 2012-02-23 21:10 . 2012-02-23 21:10 -------- d-----w- c:\program files\AVAST Software 2012-02-21 17:10 . 2012-02-21 17:10 -------- d-----w- C:\$AVG 2012-02-21 16:03 . 2012-02-21 16:03 -------- d-----w- c:\users\Maaike\AppData\Roaming\AVG2012 2012-02-21 15:51 . 2012-02-21 15:51 -------- d--h--w- c:\programdata\Common Files 2012-02-21 15:48 . 2012-02-23 16:48 -------- d-----w- c:\windows\system32\drivers\AVG 2012-02-21 15:48 . 2012-02-21 16:14 -------- d-----w- c:\programdata\AVG2012 2012-02-21 15:33 . 2012-02-23 20:58 -------- d-----w- c:\programdata\MFAData 2012-02-20 10:15 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-20 10:15 . 2012-02-20 10:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-19 23:34 . 2012-02-20 13:54 -------- d-----w- C:\Nieuwe map 2012-02-19 22:57 . 2011-09-18 07:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-02-19 22:57 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-02-19 22:57 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-02-19 21:54 . 2012-02-24 02:20 -------- d-----w- c:\users\Maaike\AppData\Local\temp 2012-02-19 15:48 . 2012-02-19 15:48 -------- d-----w- C:\Anti-Malware 2012-02-18 23:03 . 2012-02-18 23:03 -------- d-----w- c:\users\Maaike\AppData\Roaming\Avira 2012-02-18 23:02 . 2012-02-18 23:02 -------- d-----w- c:\programdata\Avira 2012-02-18 16:54 . 2012-02-18 16:54 -------- d-----w- c:\programdata\Webroot 2012-02-18 15:54 . 2012-02-23 18:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-02-18 15:54 . 2012-02-21 09:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-02-14 21:25 . 2012-02-14 21:25 -------- d-----w- C:\ZooEasy . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-06-30 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((( SnapShot_2012-02-22_11.10.52 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-22 19:45 . 2012-02-23 21:29 63822 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2012-02-23 21:29 48462 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-11-22 17:30 . 2012-02-23 21:29 23108 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-78515046-423906893-3748314241-1000_UserData.bin - 2009-07-14 04:50 . 2011-11-17 20:24 86016 c:\windows\System32\DriverStore\infpub.dat + 2009-07-14 04:50 . 2012-02-22 15:42 86016 c:\windows\System32\DriverStore\infpub.dat + 2009-11-22 17:19 . 2012-02-23 21:33 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-11-22 17:19 . 2012-02-22 10:24 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-11-22 17:19 . 2012-02-23 21:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-11-22 17:19 . 2012-02-22 10:24 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:41 . 2012-02-23 21:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:41 . 2012-02-22 10:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-11-22 17:30 . 2012-02-22 10:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-11-22 17:30 . 2012-02-23 21:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-11-22 17:30 . 2012-02-23 21:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-11-22 17:30 . 2012-02-22 10:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-11-22 17:30 . 2012-02-22 10:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-11-22 17:30 . 2012-02-23 21:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-11-22 17:30 . 2012-02-22 10:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-11-22 17:30 . 2012-02-23 20:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-11-22 17:30 . 2012-02-22 10:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-11-22 17:30 . 2012-02-23 20:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-02-23 21:25 . 2012-02-23 21:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-02-22 10:22 . 2012-02-22 10:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-02-23 21:25 . 2012-02-23 21:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-02-22 10:22 . 2012-02-22 10:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 04:50 . 2011-11-17 20:24 143360 c:\windows\System32\DriverStore\infstrng.dat + 2009-07-14 04:50 . 2012-02-22 15:42 143360 c:\windows\System32\DriverStore\infstrng.dat + 2009-07-14 04:50 . 2012-02-22 15:42 143360 c:\windows\System32\DriverStore\infstor.dat - 2009-07-14 04:50 . 2011-10-19 18:39 143360 c:\windows\System32\DriverStore\infstor.dat - 2009-11-22 17:24 . 2011-12-01 22:42 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-11-22 17:24 . 2012-02-23 12:19 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 02:03 . 2012-02-21 15:42 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat + 2009-07-14 02:03 . 2012-02-23 14:49 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat + 2012-02-23 08:34 . 2012-02-23 08:34 2189312 c:\windows\Installer\2217c.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-02-22 21:33 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-14 8433664] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-14 81920] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-14 67584] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-01 36864] "OEM02Cfg.exe"="OEM02Cfg.exe" [2007-02-01 28672] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-22 4033440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk backup=c:\windows\pss\QuickSet.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk backup=c:\windows\pss\Rainmeter.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Maaike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk] path=c:\users\Maaike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk backup=c:\windows\pss\EvernoteClipper.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Maaike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1 .lnk] path=c:\users\Maaike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1 .lnk backup=c:\windows\pss\OpenOffice.org 3.1 .lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Maaike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperTweet.local.lnk] path=c:\users\Maaike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperTweet.local.lnk backup=c:\windows\pss\SuperTweet.local.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-04-17 17:31 159744 ----a-w- c:\program files\DellTPad\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2007-03-21 09:33 1548288 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] 2012-01-24 18:15 2716992 ----a-w- c:\program files\CCleaner\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-01-31 12:13 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-10-04 14:05 273528 ----a-w- c:\program files\real\realplayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-05-12 19:41 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe . R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2012-02-23 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28] . 2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-23 21:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS VERWIJDERD - - - - . MSConfigStartUp-Google Update - c:\users\Maaike\AppData\Local\Google\Update\GoogleUpdate.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1636) c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL . Voltooingstijd: 2012-02-24 03:31:25 ComboFix-quarantined-files.txt 2012-02-24 02:31 ComboFix2.txt 2012-02-22 17:30 ComboFix3.txt 2012-02-22 11:19 ComboFix4.txt 2012-02-20 23:03 ComboFix5.txt 2012-02-24 01:49 . Pre-Run: 48.760.643.584 bytes beschikbaar Post-Run: 48.351.531.008 bytes beschikbaar . - - End Of File - - 3889BAB8125C76CEBC60D57E03576718 ---------- Post toegevoegd om 09:29 ---------- Vorige post was om 09:27 ---------- Babylon en One Not en die andere zaken op IE ken ik ook niet. Voorts gebruik ik IE nauwelijks tot niet, maar altijd chrome.