fast-scan

[hoeplah]

Ik heb resident shield in avg uitgeschakeld, de rest lukte me niet.

Ook andere programma's waren niet simpel uit te schakelen. Ik heb nog een icoontje van bitdefender dat ik nog nooit wegkreeg, ik weet niet in hoeverre dit nog een actieve rol speelt.

Toen ik combofix startte, werd me gevraagd om AVG te de-installeren en dat leek me nu net iets teveel.

Als het teveel rompslomp oplevert dan laat ik het liever zo.

Bedankt

[kape]

Het enige dat je moet verwijderen is AVG, Bitdefender gaat geen problemen veroorzaken. AVG kan je met deze Removal Tool volledig verwijderen en (na de afhandeling van de behandeling met Combofix) gewoon terug downloaden.

[hoeplah]

Dit is het resultaat van combofix:

Zouden er nu dingen verwijderd zijn?

ComboFix 11-03-24.06 - rosalie en fabien 25/03/2011 19:00:53.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.6143.4693 [GMT 1:00]

Gestart vanuit: c:\users\rosalie en fabien\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\rosalie en fabien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2 .lnk

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-25 to 2011-03-25 ))))))))))))))))))))))))))))))

.

.

2011-03-25 18:08 . 2011-03-25 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-24 18:50 . 2011-03-24 18:50 1402880 ----a-w- c:\program files\HiJackThis.msi

2011-03-15 08:48 . 2011-03-15 08:48 -------- d--h--w- c:\programdata\Common Files

2011-03-13 18:25 . 2011-03-13 18:26 -------- d-----w- c:\program files\iTunes

2011-03-13 18:25 . 2011-03-13 18:26 -------- d-----w- c:\program files (x86)\iTunes

2011-03-13 18:25 . 2011-03-13 18:25 -------- d-----w- c:\program files\iPod

2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-03-09 17:53 . 2011-03-09 17:55 -------- d-----w- C:\93b9c2315b40dc1ae02af55f

2011-03-06 17:47 . 2011-03-06 17:47 -------- d-----w- c:\program files\Bonjour

2011-03-06 17:47 . 2011-03-06 17:47 -------- d-----w- c:\program files (x86)\Bonjour

2011-03-05 13:45 . 2011-03-05 13:45 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-03-02 15:31 . 2011-03-02 15:51 -------- d-----w- c:\users\rosalie en fabien\AppData\Roaming\Audacity

2011-03-02 15:31 . 2011-03-02 15:31 -------- d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)

2011-03-02 15:04 . 2011-03-02 15:29 -------- d-----w- c:\users\rosalie en fabien\AppData\Roaming\foobar2000

2011-03-02 15:04 . 2011-03-02 15:04 -------- d-----w- c:\program files (x86)\foobar2000

2011-03-02 13:25 . 2011-03-02 13:25 -------- d-----w- c:\users\rosalie en fabien\AppData\Roaming\AccurateRip

2011-03-02 13:25 . 2011-03-02 13:25 -------- d-----w- c:\users\rosalie en fabien\AppData\Roaming\EAC

2011-03-02 13:25 . 2011-03-02 13:25 -------- d-----w- c:\program files (x86)\Exact Audio Copy

2011-03-02 13:15 . 2011-03-02 13:15 -------- d-----w- c:\program files (x86)\FLAC

2011-02-24 02:05 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-24 02:05 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-12 08:37 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-02 20:40 . 2010-06-09 11:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-01-26 17:01 . 2011-01-26 17:01 658432 ----a-w- c:\program files\MicrosoftFixit50462.msi

2011-01-26 06:53 . 2011-02-10 06:03 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-26 06:53 . 2011-02-10 06:03 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-01-26 06:31 . 2011-02-10 06:03 144384 ----a-w- c:\windows\system32\cdd.dll

2011-01-07 08:07 . 2011-02-23 07:59 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 08:07 . 2011-02-23 07:59 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 08:06 . 2011-02-10 06:03 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 07:31 . 2011-02-23 07:59 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-01-07 07:31 . 2011-02-23 07:59 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-01-07 07:27 . 2011-02-10 06:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-01-07 05:49 . 2011-02-10 06:03 366080 ----a-w- c:\windows\system32\atmfd.dll

2011-01-07 05:33 . 2011-02-10 06:03 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-01-05 06:20 . 2011-02-10 06:03 612352 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 05:37 . 2011-02-10 06:03 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-01-05 04:00 . 2011-02-10 06:04 3127808 ----a-w- c:\windows\system32\win32k.sys

2010-12-13 14:48 . 2010-12-13 14:48 6718740 ----a-w- c:\program files\SABnzbd-0.5.6-win32-setup.exe

2010-12-13 14:37 . 2010-12-13 14:37 2188108 ----a-w- c:\program files\GrabIt172b4.exe

2010-12-12 16:09 . 2010-12-12 16:09 2790864 ----a-w- c:\program files\install_flash_player.exe

2010-12-08 15:48 . 2010-12-08 15:47 3115528 ----a-w- c:\program files\UseNeXT_freetrial_404461a.exe

2010-11-27 08:34 . 2010-11-27 08:34 2251368 ----a-w- c:\program files\BearShareV9.exe

2010-10-20 14:36 . 2010-10-20 14:31 7123600 ----a-w- c:\program files\Nimo50Build8.exe

2010-09-17 17:00 . 2010-09-17 16:59 75743528 ----a-w- c:\program files\iTunes64Setup.exe

2010-09-15 08:26 . 2010-09-15 08:26 3427248 ----a-w- c:\program files\ccsetup235.exe

2010-06-07 18:01 . 2010-06-07 17:59 11394432 ----a-w- c:\program files\winamp5572_full_emusic-7plus_nl-nl.exe

2010-05-27 09:53 . 2010-05-27 09:53 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe

2010-03-31 14:05 . 2010-03-31 14:03 2530105 ----a-w- c:\program files\installer_mp3_wav_converter_Nederlands_Dutch.exe

2010-03-17 10:44 . 2010-03-17 09:54 139383584 ----a-w- c:\program files\OOo_3.2.0_Win32Intel_install_nl.exe

2010-03-06 12:22 . 2010-03-06 12:18 11304088 ----a-w- c:\program files\winamp557_full_emusic-7plus_nl-nl.exe

2010-03-04 10:01 . 2010-03-04 10:00 569504 ----a-w- c:\program files\GoogleEarthSetup.exe

2010-02-16 11:35 . 2010-02-16 11:34 1710743 ----a-w- c:\program files\winrar-x64-392b1nl.exe

2010-02-16 11:32 . 2010-02-16 11:32 1543284 ----a-w- c:\program files\wrar392b1nl.exe

2010-02-08 14:55 . 2010-02-08 14:55 792197 ----a-w- c:\program files\MozBackup-1.4.8-EN.exe

2010-01-27 15:42 . 2010-01-27 15:12 6739823 ----a-w- c:\program files\fdminst.exe

2010-01-26 10:03 . 2010-01-26 10:02 27445824 ----a-w- c:\program files\AdbeRdr930_nl_NL.exe

2010-01-21 15:53 . 2010-01-21 15:53 4998707 ----a-w- c:\program files\flvplayer_setup.exe

2010-01-20 16:15 . 2010-01-20 16:15 4308596 ----a-w- c:\program files\BitTornado-0.3.17-w32install.exe

2010-01-18 22:29 . 2010-01-18 22:29 1115064 ----a-w- c:\program files\ccsetup227_slim.exe

2010-01-18 22:26 . 2010-01-18 22:26 8763528 ----a-w- c:\program files\Firefox Setup 3.5.7.exe

2010-01-18 20:34 . 2010-01-18 20:34 891224 ----a-w- c:\program files\avg_free_stb_eu_9_40_free.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-29 1689144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-05-25 37888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 135664]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\11n USB Wireless LAN Utility\RtlService.exe [2009-12-07 40960]

S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys [x]

S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 10:03]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 10:03]

.

2011-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_BE&c=94&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

FF - ProfilePath - c:\users\rosalie en fabien\AppData\Roaming\Mozilla\Firefox\Profiles\zo8zmcvr.default\

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b54d4c1&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=nl&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKCU-Run-fsm - (no file)

Wow6432Node-HKLM-Run-HP Remote Solution - %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-03-25 19:09:52

ComboFix-quarantined-files.txt 2011-03-25 18:09

.

Pre-Run: 631.579.938.816 bytes beschikbaar

Post-Run: 632.037.928.960 bytes beschikbaar

.

- - End Of File - - 6A0EDA2483A111CBAB25C5712DE17AE6

[kape]

Nu zijn er inderdaad zaken verwijderd. Al zitten er in je logje van Combofix nog een heel pak setups van programma's die je gedownload hebt en die je best mag verwijderen.

c:\program files\SABnzbd-0.5.6-win32-setup.exe

c:\program files\GrabIt172b4.exe

c:\program files\install_flash_player.exe

c:\program files\UseNeXT_freetrial_404461a.exe

c:\program files\BearShareV9.exe

c:\program files\Nimo50Build8.exe

c:\program files\iTunes64Setup.exe

c:\program files\ccsetup235.exe

c:\program files\winamp5572_full_emusic-7plus_nl-nl.exe

c:\program files\wmpfirefoxplugin.exe

c:\program files\installer_mp3_wav_converter_Nederlands_Dutch.exe

c:\program files\OOo_3.2.0_Win32Intel_install_nl.exe

c:\program files\winamp557_full_emusic-7plus_nl-nl.exe

c:\program files\GoogleEarthSetup.exe

c:\program files\winrar-x64-392b1nl.exe

c:\program files\wrar392b1nl.exe

c:\program files\MozBackup-1.4.8-EN.exe

c:\program files\fdminst.exe

c:\program files\AdbeRdr930_nl_NL.exe

c:\program files\flvplayer_setup.exe

c:\program files\BitTornado-0.3.17-w32install.exe

c:\program files\ccsetup227_slim.exe

c:\program files\Firefox Setup 3.5.7.exe

c:\program files\avg_free_stb_eu_9_40_free.exe

[hoeplah]

Bedankt. Bij deze zal mijn pc toch weer wat opgeschoond zijn. Ik zal AVG weer installeren.

[kape]

Na het verwijderen van die bestanden, mag je nog het volgende doen :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

[hoeplah]

Ccleaner vond nog zo'n 500 problemen in het register. Allemaal opgelost.

Heel erg bedankt voor de hulp.

[kape]

Graag gedaan ... dan zetten we dit bericht netjes op "opgelost"