CPU 100% : HijackThis-logje...

[Nolle]

Desktop Windows Vista 64-bit, CPU regelmatig 100%.

Case is stofvrij gemaakt, opstarters zijn bijgesnoeid, MBAM is clean.

HijackThis :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:22:08, on 6/01/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

J:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3314702685-2234804248-2658419205-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3314702685-2234804248-2658419205-1001\..\RunOnce: [scrSav] C:\Windows\SCREEN~1\PACKAR~1\RUN_PA~1.EXE (User 'UpdatusUser')

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - http://picasaweb.google.com/s/v/68.16/uploader2.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - C:\Windows\SYSTEM32\HidService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10675 bytes

Alvast bedankt !...

[kape]

Dit logje is probleemloos. Gaan we even verder kijken met dit :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Nolle]

ComboFix 12-01-05.04 - Harold 06/01/2012 14:55:25.1.1 - x64

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.2814.1673 [GMT 1:00]

Gestart vanuit: c:\users\Harold\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-06 to 2012-01-06 ))))))))))))))))))))))))))))))

.

.

2012-01-06 14:15 . 2012-01-06 14:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-01-06 14:15 . 2012-01-06 14:15 -------- d-----w- c:\users\Harold\AppData\Local\temp

2012-01-06 14:15 . 2012-01-06 14:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-06 13:17 . 2012-01-06 13:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3278AA1D-CF5B-4F09-B77F-D421993B42A7}\offreg.dll

2012-01-06 07:17 . 2011-11-30 01:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3278AA1D-CF5B-4F09-B77F-D421993B42A7}\mpengine.dll

2012-01-05 20:53 . 2012-01-05 20:53 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

2012-01-05 20:53 . 2012-01-05 20:53 -------- d-----w- c:\programdata\HitmanPro

2012-01-05 18:29 . 2012-01-05 18:29 19416 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2012-01-05 18:29 . 2012-01-05 18:29 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2012-01-05 18:29 . 2012-01-05 18:29 125912 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe

2012-01-05 18:29 . 2012-01-05 18:29 121816 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-01-05 18:29 . 2012-01-05 18:29 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2012-01-05 18:29 . 2012-01-05 18:29 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-05 18:29 . 2012-01-05 18:29 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-05 18:29 . 2012-01-05 18:29 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-01-05 18:29 . 2012-01-05 18:29 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-18 16:17 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-12-18 16:17 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-12-18 16:17 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-12-18 16:17 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-12-18 16:17 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-12-18 16:17 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-12-18 16:17 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-12-18 16:17 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2011-12-18 16:17 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-12-18 10:24 . 2011-12-18 10:24 -------- d-----w- c:\programdata\AVAST Software

2011-12-18 10:24 . 2011-12-18 10:24 -------- d-----w- c:\program files\AVAST Software

2011-12-16 20:56 . 2011-12-16 20:56 -------- d-----w- c:\users\Harold\AppData\Roaming\NVIDIA

2011-12-16 20:56 . 2011-12-16 20:56 -------- d-----w- c:\program files\Speccy

2011-12-15 05:28 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 05:28 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 05:28 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-15 05:28 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 05:28 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-15 05:28 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 05:28 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-12-15 05:28 . 2011-11-08 12:10 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-15 21:23 . 2011-06-14 03:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-10 14:24 . 2010-10-16 06:39 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-15 13:29 . 2009-10-23 11:50 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-10-15 08:53 . 2011-10-25 19:59 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-10-15 08:53 . 2011-10-25 19:59 68928 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-15 08:53 . 2011-10-25 19:59 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-10-15 08:53 . 2011-10-25 19:59 24742720 ----a-w- c:\windows\system32\nvoglv64.dll

2011-10-15 08:53 . 2011-10-25 19:59 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2011-10-15 08:53 . 2011-10-25 19:59 1533248 ----a-w- c:\windows\system32\nvdispco64.dll

2011-10-15 08:53 . 2011-10-25 19:59 1454400 ----a-w- c:\windows\system32\nvgenco64.dll

2011-10-15 08:53 . 2011-10-25 19:59 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2011-10-15 08:53 . 2011-10-25 19:59 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-10-15 08:53 . 2011-10-25 19:59 7581504 ----a-w- c:\windows\system32\nvcuda.dll

2011-10-15 08:53 . 2011-10-25 19:59 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll

2011-10-15 08:53 . 2011-10-25 19:59 2542912 ----a-w- c:\windows\system32\nvcuvid.dll

2011-10-15 08:53 . 2011-10-25 19:59 24796992 ----a-w- c:\windows\system32\nvcompiler.dll

2011-10-15 08:53 . 2011-10-25 19:59 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-10-15 08:53 . 2011-10-25 19:59 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2011-10-15 08:53 . 2011-10-25 19:59 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-10-15 08:53 . 2011-10-25 19:59 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2011-10-15 08:53 . 2011-10-25 19:59 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2011-10-15 08:53 . 2011-09-18 19:31 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-10-15 08:53 . 2010-07-10 04:38 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-10-15 08:53 . 2010-07-09 15:27 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

2011-10-15 08:53 . 2010-07-09 15:27 222528 ----a-w- c:\windows\system32\nvmctray.dll

2011-10-15 08:53 . 2010-07-09 15:27 1640768 ----a-w- c:\windows\system32\nvvsvc.exe

2011-10-15 08:53 . 2010-07-09 15:27 137536 ----a-w- c:\windows\system32\nvshext.dll

2011-10-15 08:53 . 2010-07-09 15:27 10406208 ----a-w- c:\windows\system32\nvcpl.dll

2011-10-15 08:53 . 2009-01-08 10:28 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll

2011-10-15 08:53 . 2009-01-08 10:28 3074368 ----a-w- c:\windows\system32\nvsvcr.dll

2011-10-15 08:53 . 2009-01-08 10:28 2808128 ----a-w- c:\windows\system32\nvapi64.dll

2011-10-14 22:54 . 2011-10-14 22:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-06 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2010-02-21 12:08]

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-29 15:05]

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-29 15:05]

.

2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3314702685-2234804248-2658419205-1000Core.job

- c:\users\Harold\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 15:59]

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3314702685-2234804248-2658419205-1000UA.job

- c:\users\Harold\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 15:59]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"FijiKeyboard"="c:\acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe" [2008-09-18 79416]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0813&s=1&o=vb64&d=0809&m=imedia_s3210

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: %SYSTEMROOT%\system32\nvLsp.dll

TCP: DhcpNameServer = 195.130.130.129 195.130.131.129

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\xwyosjs8.default\

FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?hl=nl&shva=1#inbox

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

AddRemove-Energy Skate Park - c:\windows\system32\javaws.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-01-06 15:24:42

ComboFix-quarantined-files.txt 2012-01-06 14:24

.

Pre-Run: 51.042.050.048 bytes beschikbaar

Post-Run: 50.968.584.192 bytes beschikbaar

.

- - End Of File - - 88E885188C1430097C011F79C2CF9B24

[Nolle]

Hieronder screen van CPU-gebruik in rusttoestand : met nog altijd pieken maar geen constante 100% meer na de run van ComboFix.

[kape]

Combofixlogje geeft ook geen verdere negatieve aanduidingen.

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

• Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  
• Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
  
• Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  
• Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  
• Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  
• Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  Opmerking:
  Als u deze melding ziet.
  C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK
  Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor "Versturen als vals alarm (False Positive)".
  
• Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
  Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  
• Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  
• Herstart nu de computer.
  

[Nolle]

Emsisoft Emergency Kit - Versie 1.0

Laatste Update: 6/01/2012 16:38:29

Scaninstellingen:

Scantype: Diepe Scan

Objecten: Geheugen, Sporen, Cookies, C:\, D:\

Scan archieven: Aan

Heuristieken: Uit

ADS Scan: Aan

Scan gestart: 6/01/2012 16:39:49

C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\xwyosjs8.default\cookies.sqlite:40 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2

C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\xwyosjs8.default\cookies.sqlite:60 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2

Gescand

Bestanden: 259965

Sporen: 403649

Cookies: 27

Processen: 57

Gevonden

Bestanden: 0

Sporen: 0

Cookies: 2

Processen: 0

Registersleutels: 0

Scan Geëindigd: 6/01/2012 22:51:40

Scantijd: 6:11:51

C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\xwyosjs8.default\cookies.sqlite:40 Verwijderd Trace.TrackingCookie.doubleclick.net!A2

C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\xwyosjs8.default\cookies.sqlite:60 Verwijderd Trace.TrackingCookie.doubleclick.net!A2

Verwijderd

Bestanden: 0

Sporen: 0

Cookies: 2

[kape]

Enkel wat Tracking Cookies ... malware is nu zo goed als uitgesloten.

[Nolle]

Hallo,

ondertussen alle mappen met muziek, foto's en video's leeggemaakt.

Gedefragmenteerd en alles nog is opgecleand en opnieuw opgestart.

Probleem met CPU 100 % blijft...

Pc blijft ook traag werken.

[kweezie wabbit]

Ga naar taakbeheer en open de tab processen.

Zet onderaan een vinkje bij processen van alle gebruikers tonen.

Sorteer dan de processen zodat de "grootverbruikers" bovenaan staan. Je doet dit door te klikken op de hoofding van de kolom met de cpu belasting.

Maak een screenshot op het moment dat de cpu piekt of noteer de naam van het proces dat dan het meeste cpu gebruikt.

Post dan de screenshot of de naam van het proces.

[Nolle]