Pc bij opstarten zwart scherm/"freezed" soms vast tijdens het werken op de pc

kape · 7 mei 2011

Die 2 mappen mag je verwijderen.

Combofix wordt - ten onrechte - door AVG gebrandmerkt als een virus. Er worden dan ook bestanden van CF naar de quarantaine geplaatst, zodat de werking van CF wordt verstoord. Om de controleren wat er nu net gebeurd is, zul je opnieuw Combofix moeten downloaden, opslaan op bureaublad en laten scannen. Maar ... dan moet je eerst weer de nieuwe AVG volledig verwijderen van de PC (uitschakelen alleen volstaat niet). En dan maar weer een logje met Combofix maken en in een volgende bericht hangen.

Dbrown · 9 mei 2011

Thanks voor je reply/hulp

C/Qoobox is nu ook verwijderd nu ik correct heb kunnen uninstallen.

In local heb ik de twee mappen verwijderd, maar deze blijven nog over:

Dan heb ik nog een vraagje. In mijn D schijf (waar ik mijn data opsla) staan er al een tijdje een paar mappen/bestanden waarvan ik in het begot niet zou weten voor wat ze dienen (ze zijn daar vanzelf opgekomen). Mag ik ze verwijderen?

Hier mijn combofix log:

ComboFix 11-05-08.04 - Mijn naam 09/05/2011 9:44.2.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.8190.6784 [GMT 2:00]

Gestart vanuit: c:\users\Mijn naam\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-09 to 2011-05-09 ))))))))))))))))))))))))))))))

.

2011-05-09 07:51 . 2011-05-09 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-09 07:40 . 2011-05-09 07:40 -------- d-----w- c:\users\Mijn naam\AppData\Local\{7E7604D5-55E2-4E36-A90B-150C2CA63F13}

2011-05-09 07:33 . 2011-05-09 07:34 -------- d-----w- c:\users\Mijn naam\AppData\Local\{29C5FF89-243E-43FB-898C-F815184FEB14}

2011-05-08 19:29 . 2011-05-08 19:29 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe

2011-05-08 19:29 . 2011-05-08 19:29 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll

2011-05-08 19:29 . 2011-05-08 19:29 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-05-08 19:29 . 2011-05-08 19:29 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll

2011-05-08 19:29 . 2011-05-08 19:29 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll

2011-05-08 19:29 . 2011-05-08 19:29 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll

2011-05-08 19:29 . 2011-05-08 19:29 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll

2011-05-08 19:29 . 2011-05-08 19:29 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll

2011-05-08 19:29 . 2011-05-08 19:29 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll

2011-05-08 19:29 . 2011-05-08 19:29 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-05-08 19:18 . 2011-05-08 19:18 -------- d-----w- c:\users\Mijn naam\AppData\Local\{BEDCD85D-C282-4944-A906-EC3A17BED0D9}

2011-05-06 15:45 . 2011-05-06 15:46 -------- d-----w- c:\users\Mijn naam\AppData\Local\{D479FBC3-FA3E-48E2-A152-B2912F84191B}

2011-05-06 10:41 . 2011-05-06 10:41 -------- d-----w- c:\users\Mijn naam\AppData\Local\{7FB64922-3299-40A0-9DF9-379CB7AA954A}

2011-05-05 07:50 . 2011-05-05 07:50 -------- d-----w- c:\users\Mijn naam\AppData\Local\{58C9DD11-DB29-46C6-9046-DEB79025E35B}

2011-05-04 15:55 . 2011-05-04 15:55 -------- d-----w- c:\program files\iPod

2011-05-04 15:55 . 2011-05-04 15:55 -------- d-----w- c:\program files\iTunes

2011-05-04 15:55 . 2011-05-04 15:55 -------- d-----w- c:\program files (x86)\iTunes

2011-05-04 15:54 . 2011-05-04 15:54 -------- d-----w- c:\program files\Bonjour

2011-05-04 15:31 . 2011-05-04 15:31 424152 ----a-w- c:\users\Mijn naam\cc_20110504_173130.reg

2011-05-04 15:17 . 2011-05-04 15:18 -------- d-----w- c:\users\Mijn naam\AppData\Local\{43F44700-D718-4E6C-83A2-32F9C2B6196F}

2011-05-04 06:18 . 2011-05-04 06:19 -------- d-----w- c:\users\Mijn naam\AppData\Local\{7B190137-40BE-408E-A37D-BC16AFABB177}

2011-05-03 16:39 . 2011-05-03 16:39 -------- d-----w- c:\users\Mijn naam\AppData\Local\AVG Security Toolbar

2011-05-03 16:34 . 2011-05-03 16:34 -------- d-----w- c:\users\Mijn naam\AppData\Roaming\AVG10

2011-05-03 16:10 . 2011-05-03 16:10 -------- d-----w- c:\users\Mijn naam\AppData\Roaming\AVG9

2011-05-03 15:54 . 2011-05-03 16:34 -------- d-----w- c:\programdata\MFAData

2011-05-02 07:59 . 2011-05-02 07:59 -------- d-----w- c:\users\Mijn naam\AppData\Roaming\InstallShield

2011-05-01 19:42 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-05-01 19:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2011-04-27 06:24 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll

2011-04-27 06:24 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-04-27 06:24 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-04-27 06:24 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll

2011-04-27 06:24 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-04-27 06:24 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll

2011-04-26 06:44 . 2011-02-16 16:37 48128 ----a-w- c:\windows\system32\atmlib.dll

2011-04-26 06:44 . 2011-02-16 16:16 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-04-26 06:44 . 2011-02-16 14:15 367616 ----a-w- c:\windows\system32\atmfd.dll

2011-04-26 06:44 . 2011-02-16 14:02 292864 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-04-26 06:44 . 2011-03-10 17:18 1360384 ----a-w- c:\windows\system32\mfc42u.dll

2011-04-26 06:44 . 2011-03-10 17:18 1398784 ----a-w- c:\windows\system32\mfc42.dll

2011-04-26 06:44 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-04-26 06:44 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-04-26 06:44 . 2011-03-02 16:12 117760 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-04-26 06:44 . 2009-05-04 10:21 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-04-26 06:44 . 2009-05-04 09:59 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll

2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-05 20:57 . 2010-08-28 12:23 224960 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-05-05 20:57 . 2010-04-20 19:21 224960 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-05-05 20:03 . 2010-04-20 19:21 224960 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 14:26 . 2011-04-06 14:26 237856 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-03-15 07:56 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-03 15:59 . 2011-04-27 06:24 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2011-03-03 15:59 . 2011-04-27 06:24 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 15:59 . 2011-04-27 06:24 284672 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2011-03-03 15:40 . 2011-04-27 06:24 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2011-03-03 15:40 . 2011-04-27 06:24 542720 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-03-03 15:40 . 2011-04-27 06:24 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-03-03 15:40 . 2011-04-27 06:24 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-02-22 14:47 . 2011-03-24 09:23 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-22 14:13 . 2011-03-24 09:23 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-02-22 13:53 . 2011-03-24 09:23 1555968 ----a-w- c:\windows\system32\DWrite.dll

2011-02-22 13:53 . 2011-03-24 09:23 1149440 ----a-w- c:\windows\system32\FntCache.dll

2011-02-22 13:33 . 2011-03-24 09:23 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-02-22 06:38 . 2011-02-22 06:38 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll

2011-02-22 06:38 . 2011-02-22 06:38 84992 ----a-w- c:\windows\system32\frapsv64.dll

2011-02-18 14:36 . 2011-02-18 14:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-05-03_15.49.43 )))))))))))))))))))))))))))))))))))))))))

.

- 2010-04-27 13:45 . 2010-04-27 13:45 72856 c:\windows\SysWOW64\xliveinstallhost.exe

+ 2010-04-27 12:45 . 2010-04-27 12:45 72856 c:\windows\SysWOW64\xliveinstallhost.exe

- 2008-01-21 03:20 . 2010-10-09 10:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2011-05-08 19:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2011-05-08 19:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2010-10-09 10:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2010-10-09 10:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 03:20 . 2011-05-08 19:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2011-05-09 07:41 75230 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-06 11:57 . 2011-05-09 07:41 25174 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3289391138-723072036-955293971-1000_UserData.bin

+ 2008-09-06 11:54 . 2011-05-08 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-06 11:54 . 2011-05-03 15:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-06 11:54 . 2011-05-03 15:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-06 11:54 . 2011-05-08 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-06 11:54 . 2011-05-08 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-06 11:54 . 2011-05-03 15:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-06-20 06:47 . 2011-05-03 15:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-06-20 06:47 . 2011-05-06 11:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-06-20 06:47 . 2011-05-03 15:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-06-20 06:47 . 2011-05-06 11:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-06-20 06:47 . 2011-05-03 15:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-06-20 06:47 . 2011-05-06 11:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-12-17 10:55 . 2011-05-03 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-12-17 10:55 . 2011-05-09 07:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-12-17 10:55 . 2011-05-03 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-12-17 10:55 . 2011-05-09 07:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-03 16:30 . 2011-05-03 16:30 80384 c:\windows\Installer\a4179.msi

+ 2011-05-08 19:23 . 2011-05-08 19:23 76926 c:\windows\Installer\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}\GameForWindowsLiveDash.exe

+ 2006-11-02 12:40 . 2011-05-09 07:38 86016 c:\windows\inf\infstor.dat

- 2006-11-02 12:40 . 2011-03-27 19:38 86016 c:\windows\inf\infstor.dat

+ 2006-11-02 12:40 . 2011-05-09 07:38 51200 c:\windows\inf\infpub.dat

- 2006-11-02 12:40 . 2011-03-27 19:38 51200 c:\windows\inf\infpub.dat

- 2011-05-03 15:37 . 2011-05-03 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-05-09 07:39 . 2011-05-09 07:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-05-09 07:39 . 2011-05-09 07:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-05-03 15:37 . 2011-05-03 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2010-04-27 13:45 . 2010-04-27 13:45 187544 c:\windows\SysWOW64\xliveinstall.dll

+ 2010-04-27 12:45 . 2010-04-27 12:45 187544 c:\windows\SysWOW64\xliveinstall.dll

+ 2008-09-08 09:44 . 2011-05-06 16:21 209972 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2006-11-02 15:45 . 2011-05-09 07:41 160762 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-01-21 08:09 . 2011-05-03 15:43 679906 c:\windows\system32\perfh013.dat

+ 2008-01-21 08:09 . 2011-05-09 07:45 679906 c:\windows\system32\perfh013.dat

+ 2006-11-02 12:46 . 2011-05-09 07:45 603198 c:\windows\system32\perfh009.dat

- 2006-11-02 12:46 . 2011-05-03 15:43 603198 c:\windows\system32\perfh009.dat

- 2008-01-21 08:09 . 2011-05-03 15:43 131026 c:\windows\system32\perfc013.dat

+ 2008-01-21 08:09 . 2011-05-09 07:45 131026 c:\windows\system32\perfc013.dat

+ 2006-11-02 12:46 . 2011-05-09 07:45 109020 c:\windows\system32\perfc009.dat

- 2006-11-02 12:46 . 2011-05-03 15:43 109020 c:\windows\system32\perfc009.dat

- 2010-04-28 09:24 . 2011-05-03 15:36 465204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-04-28 09:24 . 2011-05-09 07:38 465204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-04-28 11:34 . 2011-05-03 15:36 936972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3289391138-723072036-955293971-1000-12288.dat

+ 2010-04-28 11:34 . 2011-05-09 07:38 936972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3289391138-723072036-955293971-1000-12288.dat

+ 2011-05-04 15:54 . 2011-05-04 15:54 811520 c:\windows\Installer\fb343.msi

+ 2011-05-03 16:30 . 2011-05-03 16:30 219648 c:\windows\Installer\a4175.msi

+ 2011-05-08 19:23 . 2011-05-08 19:23 830464 c:\windows\Installer\56f01.msi

+ 2011-05-08 19:22 . 2011-05-08 19:22 847872 c:\windows\Installer\56e92.msi

+ 2011-05-04 15:56 . 2011-05-04 15:56 380928 c:\windows\Installer\{18155797-EF2E-4699-9A16-FE787C4C10DB}\iTunesIco.exe

+ 2006-11-02 12:40 . 2011-05-09 07:38 143360 c:\windows\inf\infstrng.dat

- 2006-11-02 12:40 . 2011-03-27 19:38 143360 c:\windows\inf\infstrng.dat

+ 2011-05-04 15:56 . 2011-05-04 15:56 6530048 c:\windows\Installer\fbd5d.msi

+ 2011-05-04 15:54 . 2011-05-04 15:54 1991680 c:\windows\Installer\fb375.msi

- 2006-11-02 12:33 . 2011-05-02 16:53 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2006-11-02 12:33 . 2011-05-03 16:34 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"MsnMsgr"="c:\program files (x86)\Windows Live\Messenger\MsnMsgr.Exe" [2010-11-10 4240760]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-26 421160]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\users\Mijn naam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OneNote-inhoudsopgave.onetoc2 [2008-9-16 3656]

Skype.lnk - c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe [2010-10-21 371272]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2007-10-31 5430272]

"Skytel"="Skytel.exe" [2007-10-11 1826816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.be/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

FF - ProfilePath - c:\users\Mijn naam\AppData\Roaming\Mozilla\Firefox\Profiles\u6oalznp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3289391138-723072036-955293971-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:32,95,5f,b2,df,e5,88,18,13,f4,3f,ca,c1,13,9b,2e,bb,d5,06,1c,5f,c5,78,

c1,5d,ef,46,9d,1d,9d,3e,25,8f,8f,13,1c,bf,52,d2,14,54,26,13,16,50,57,76,35,\

"??"=hex:c2,14,6a,f5,59,13,69,49,ab,6e,a0,10,5d,8c,e9,84

.

[HKEY_USERS\S-1-5-21-3289391138-723072036-955293971-1000\Software\SecuROM\License information*]

"datasecu"=hex:5a,f7,bd,98,a5,62,77,70,46,57,88,59,70,81,ad,0d,3a,38,34,79,df,

61,73,aa,34,2a,33,18,1e,7f,2f,c3,95,8d,0c,43,ad,33,c5,58,f4,64,7a,a9,71,94,\

"rkeysecu"=hex:86,99,1e,02,ef,88,0d,3b,6c,d9,03,e7,03,8b,cc,2d

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2011-05-09 09:53:25

ComboFix-quarantined-files.txt 2011-05-09 07:53

ComboFix2.txt 2011-05-03 15:51

.

Pre-Run: 37.434.064.896 bytes beschikbaar

Post-Run: 37.471.985.664 bytes beschikbaar

.

- - End Of File - - F15ACD2D9FB8B092732E08E4A0808718

Thanks!

kape · 10 mei 2011

Dit zou de mappen op je C-schijf moeten verwijderen :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\users\Mijn naam\AppData\Local\{7E7604D5-55E2-4E36-A90B-150C2CA63F13}

c:\users\Mijn naam\AppData\Local\{29C5FF89-243E-43FB-898C-F815184FEB14}

c:\users\Mijn naam\AppData\Local\{BEDCD85D-C282-4944-A906-EC3A17BED0D9}

c:\users\Mijn naam\AppData\Local\{D479FBC3-FA3E-48E2-A152-B2912F84191B}

c:\users\Mijn naam\AppData\Local\{7FB64922-3299-40A0-9DF9-379CB7AA954A}

c:\users\Mijn naam\AppData\Local\{58C9DD11-DB29-46C6-9046-DEB79025E35B}

c:\users\Mijn naam\AppData\Local\{43F44700-D718-4E6C-83A2-32F9C2B6196F}

c:\users\Mijn naam\AppData\Local\{7B190137-40BE-408E-A37D-BC16AFABB177}

c:\users\Mijn naam\AppData\Roaming\AVG9

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

De mappen op je D-schijf met de numerieke benamingen, kan je verwijderen. Bij de .dll-bestanden is moeilijk te zeggen bij welke programma's ze horen. Indien ze niet te groot zijn, zou ik ze voorlopig laten staan.

Mogelijk kunnen we deze echter met CCleaner opruimen, indien ze geen nut meer hebben.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Dbrown · 11 mei 2011

Ok, ik heb geprobeerd te doen wat je me vroeg:

Ik heb combofix opgestart, en wanneer hij begon met te scannen (terwijl de melding er stond dat het besmette computers langer kon duren) heb ik het log bestand er aan toegevoegd. Hij heeft niet opnieuw opgestart, gewoon verder gescand... (het lukte me niet om het log bestand vroeger toe te voegen (wanneer combofix aan het opstarten was lukte me het niet)).

Ccleaner heeft de mappen in mijn dataschijf niet verwijderd (opnieuw ik heb firefox open laten staan omdat ik mijn geschiedenis wil bewaren).

Dit is de inhoud van vcred als dit helpt (ik denk dat het van een windows update is):

Hier mijn log:

ComboFix 11-05-10.02 - Mijn Naam 11/05/2011 19:47:38.3.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.8190.6702 [GMT 2:00]

Gestart vanuit: c:\users\Mijn Naam\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Mijn Naam\Desktop\CFScript.txt

AV: AVG Internet Security 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-11 to 2011-05-11 ))))))))))))))))))))))))))))))

.

2011-05-11 17:54 . 2011-05-11 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-11 16:40 . 2011-04-07 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-05-11 16:40 . 2011-04-07 12:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-05-11 16:18 . 2011-05-11 16:18 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{5FF52FD0-BB3F-43A2-BF97-D16530E18C8F}

2011-05-10 15:14 . 2011-05-10 15:14 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{3D4D3322-C92A-4691-A3C6-B9CFC77D8030}

2011-05-10 11:53 . 2011-05-10 11:53 183128 ----a-w- c:\users\Mijn Naam\cc_20110510_135309.reg

2011-05-10 06:10 . 2011-05-10 06:10 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{C76D2097-1AEF-47ED-9D80-949DB338C9A1}

2011-05-09 07:40 . 2011-05-09 07:40 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{7E7604D5-55E2-4E36-A90B-150C2CA63F13}

2011-05-09 07:33 . 2011-05-09 07:34 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{29C5FF89-243E-43FB-898C-F815184FEB14}