Laptop is erg traag en programmas reageren niet

[anoniem]

Mijn laptop is nu bijna 2 jaar oud en is sinds een aantal weken heel erg traag. Opstarten duurt bijna 30 minuten en programma's reageren niet. Tevens geeft Windows 7 aan dat het een niet legitieme versie is terwijl ik hem zo in de winkel heb gekocht. Ik heb mij computer helemaal gescanned met de laatste versie van AVG maar hier was niets te vinden. Ik heb Ccleaner en Defraggler gebruikt maar hij wordt nauwelijks sneller. Ook Malwarebytes Anti-Malware kon niets vinden. Ik heb geen idee wat ik nog meer kan doen om mijn laptop weer normaal werkend te krijgen. iemand een idee?

[anoniem]

Hoi Jeroen, nieuwe ronde verwijderingen AVG: open wederom een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:a57e3f7586]Kladblok[/b:a57e3f7586]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:a57e3f7586][color=Blue:a57e3f7586]KILLALL:: File:: c:\windows\system32\drivers\avgtdia.sys c:\windows\system32\drivers\AVGIDSFilter.sys c:\windows\system32\drivers\AVGIDSEH.sys c:\windows\system32\drivers\AVGIDSDriver.sys c:\windows\system32\drivers\avgldx64.sys c:\windows\system32\DRIVERS\avgfwd6a.sys c:\windows\system32\DRIVERS\avgrkx64.sys c:\windows\system32\DRIVERS\avgmfx64.sys c:\windows\system32\DRIVERS\avgtdia.sys Folder:: c:\program files (x86)\AVG c:\users\Peter\AppData\Roaming\AVG2012 c:\windows\system32\drivers\AVG c:\programdata\AVG2012 Driver:: avgtdia AVGIDSFilter AVGIDSEH AVGIDSDriver avgldx64 avgfwd6a avgrkx64 avgmfx64 avgtdia[/color:a57e3f7586][/b:a57e3f7586] Sla dit kladblokbestand op je bureaublad op als [b:a57e3f7586]CFScript.txt[/b:a57e3f7586]. [b:a57e3f7586][color=Red:a57e3f7586]Nu eerst de antivirus deaktiveren![/color:a57e3f7586][/b:a57e3f7586] Sleep CFScript.txt in ComboFix.exe Na een herstart mag jij van mij AVG2012 opnieuw installeren!

[anoniem]

Nadat ik het txt bestand naar combofix heb gesleept en de laptop opnieuw is opgestart wordt het AVG2012 icoon niet verwijdert klopt dat? ik heb AVG nog niet opnieuw geinstaleerd. Hierbij de log: ComboFix 11-10-08.01 - Peter 09-10-2011 9:21.7.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4026.2774 [GMT 2:00] Gestart vanuit: c:\users\Peter\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Peter\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\DRIVERS\avgfwd6a.sys" "c:\windows\system32\drivers\AVGIDSDriver.sys" "c:\windows\system32\drivers\AVGIDSEH.sys" "c:\windows\system32\drivers\AVGIDSFilter.sys" "c:\windows\system32\drivers\avgldx64.sys" "c:\windows\system32\DRIVERS\avgmfx64.sys" "c:\windows\system32\DRIVERS\avgrkx64.sys" "c:\windows\system32\drivers\avgtdia.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\AVGIDSDriver.sys c:\windows\system32\drivers\AVGIDSEH.sys c:\windows\system32\drivers\AVGIDSFilter.sys c:\windows\system32\drivers\avgldx64.sys c:\windows\system32\DRIVERS\avgmfx64.sys c:\windows\system32\DRIVERS\avgrkx64.sys c:\windows\system32\drivers\avgtdia.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_AVGLDX64 -------\Legacy_AVGMFX64 -------\Legacy_AVGRKX64 -------\Legacy_AVGTDIA -------\Service_Avgldx64 -------\Service_Avgmfx64 -------\Service_Avgrkx64 -------\Service_Avgtdia -------\Service_AVG Security Toolbar Service . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))) . . 2011-10-09 07:26 . 2011-10-09 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-04 20:20 . 2011-10-04 20:54 -------- d-----w- c:\users\Peter\AppData\Roaming\Download Manager 2011-10-04 18:47 . 2011-10-04 18:47 -------- d-----w- c:\windows\system32\oodag 2011-10-04 18:45 . 2011-10-04 18:45 -------- d-----w- c:\users\Peter\AppData\Local\O&O 2011-10-04 18:44 . 2011-10-04 18:44 -------- d-----w- c:\program files\OO Software 2011-10-04 18:43 . 2011-10-04 18:43 -------- d-----w- c:\users\Peter\AppData\Local\Downloaded Installations 2011-10-04 17:38 . 2011-10-04 17:38 -------- d-----w- c:\users\Peter\AppData\Roaming\AVG2012 2011-10-04 17:34 . 2011-10-06 19:41 -------- d-----w- c:\windows\system32\drivers\AVG 2011-10-04 17:34 . 2011-10-04 17:45 -------- d-----w- c:\programdata\AVG2012 2011-10-03 20:35 . 2011-10-03 20:35 -------- d-----w- c:\program files (x86)\VS Revo Group 2011-09-29 19:40 . 2011-10-02 20:42 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE 2011-09-26 20:56 . 2011-09-26 20:56 -------- d-----w- c:\users\Peter\AppData\Roaming\Malwarebytes 2011-09-26 20:55 . 2011-09-26 20:55 -------- d-----w- c:\programdata\Malwarebytes 2011-09-26 20:52 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-25 08:22 . 2011-09-25 08:22 -------- d-----w- c:\users\Peter\AppData\Roaming\Intel Corporation 2011-09-24 19:59 . 2010-11-05 21:45 438808 ----a-w- c:\windows\system32\drivers\iaStor.sys 2011-09-24 19:58 . 2011-09-24 19:58 -------- d-----w- c:\users\Peter\AppData\Roaming\InstallShield . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-25 08:42 . 2011-07-01 17:20 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-03 17:42 . 2011-05-08 12:39 627600 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-22 05:42 . 2011-08-10 06:53 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 05:36 . 2011-08-10 06:53 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 05:32 . 2011-08-10 06:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 02:54 . 2011-08-10 06:53 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-07-22 02:48 . 2011-08-10 06:53 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-07-22 02:44 . 2011-08-10 06:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-16 05:41 . 2011-08-10 06:42 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-16 05:41 . 2011-08-10 06:42 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-16 05:41 . 2011-08-10 06:42 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-16 05:39 . 2011-08-10 06:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-16 05:37 . 2011-08-10 06:42 421888 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 05:21 . 2011-08-10 06:42 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 04:29 . 2011-08-10 06:42 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-16 04:26 . 2011-08-10 06:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-16 04:25 . 2011-08-10 06:42 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-16 04:24 . 2011-08-10 06:42 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-16 04:24 . 2011-08-10 06:42 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 06:42 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-16 02:21 . 2011-08-10 06:42 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-16 02:17 . 2011-08-10 06:42 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 06:42 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-10-08_12.14.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-03 02:25 . 2011-10-09 07:13 66298 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-10-08 12:16 51120 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-10-09 07:29 51120 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-01-30 19:41 . 2011-10-09 07:29 23592 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2441378208-3533287211-1119336525-1000_UserData.bin - 2011-10-08 12:14 . 2011-10-08 12:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-09 07:27 . 2011-10-09 07:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-10-08 12:14 . 2011-10-08 12:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-09 07:27 . 2011-10-09 07:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2011-10-08 12:00 353416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-10-09 07:26 353416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-05-06 16:04 . 2011-10-09 07:26 1676212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2441378208-3533287211-1119336525-1000-8192.dat - 2011-05-06 16:04 . 2011-10-08 12:00 1676212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2441378208-3533287211-1119336525-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [BU] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 128296] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-05 181480] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "PLFSetI"="c:\windows\PLFSetI.exe" [2009-09-22 200704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912] "combofix"="c:\combofix\CF3563.3XE" [2010-11-20 345088] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.kpnvandaag.nl/#home/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7715z&r=273601100815l0324z1m5t47i2c015 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\jpdxqj6g.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.kpnvandaag.nl/#home FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4da9cce5&v=7.008.031.001&i=26&tp=ab&iy=&ychte=nl&lng=nl&q= . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe . ************************************************************************** . Voltooingstijd: 2011-10-09 09:32:00 - machine werd herstart ComboFix-quarantined-files.txt 2011-10-09 07:32 ComboFix2.txt 2011-10-08 17:27 ComboFix3.txt 2011-10-08 17:12 ComboFix4.txt 2011-10-08 12:19 ComboFix5.txt 2011-10-09 07:20 . Pre-Run: 449.166.524.416 bytes beschikbaar Post-Run: 449.632.534.528 bytes beschikbaar . - - End Of File - - B172C0207496AC9077349DB485768A0C

[anoniem]

Welnu, die snelkoppeling p je bureaublad mag je handmatig verwijderen. De derde ronde: open wederom een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:0384359082]Kladblok[/b:0384359082]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:0384359082][color=Blue:0384359082]KILLALL:: File:: c:\windows\system32\DRIVERS\avgfwd6a.sys Folder:: c:\users\Peter\AppData\Roaming\AVG2012 c:\windows\system32\drivers\AVG c:\programdata\AVG2012 Driver:: avgfwd6a Registry:: [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=- Firefox:: Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4da9cce5&v=7.008.031.001&i=26&tp=ab&iy=&ychte=nl&lng=nl&q= [/color:0384359082][/b:0384359082] Sla dit kladblokbestand op je bureaublad op als [b:0384359082]CFScript.txt[/b:0384359082]. [b:0384359082][color=Red:0384359082]Nu eerst de antivirus deaktiveren![/color:0384359082][/b:0384359082] Sleep CFScript.txt in ComboFix.exe En dan is het hierna tijd om AVG of bijv. Avast 6 Free te installeren. Installeer je AVG weer, vink dan de SecurityToolbar uit - dat is enkel een verkapte Yahoo toolbar!

[anoniem]

Ik heb zojuist de actie uitgevoerd maar aangezien internet nog niet werkt lukt het niet om avg opnieuw te installeren :( hierbij de log: ComboFix 11-10-08.01 - Peter 09-10-2011 10:26:41.8.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4026.3061 [GMT 2:00] Gestart vanuit: c:\users\Peter\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Peter\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\windows\system32\DRIVERS\avgfwd6a.sys" . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))) . . 2011-10-09 08:32 . 2011-10-09 08:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-04 20:20 . 2011-10-04 20:54 -------- d-----w- c:\users\Peter\AppData\Roaming\Download Manager 2011-10-04 18:47 . 2011-10-04 18:47 -------- d-----w- c:\windows\system32\oodag 2011-10-04 18:45 . 2011-10-04 18:45 -------- d-----w- c:\users\Peter\AppData\Local\O&O 2011-10-04 18:44 . 2011-10-04 18:44 -------- d-----w- c:\program files\OO Software 2011-10-04 18:43 . 2011-10-04 18:43 -------- d-----w- c:\users\Peter\AppData\Local\Downloaded Installations 2011-10-04 17:38 . 2011-10-04 17:38 -------- d-----w- c:\users\Peter\AppData\Roaming\AVG2012 2011-10-04 17:34 . 2011-10-06 19:41 -------- d-----w- c:\windows\system32\drivers\AVG 2011-10-04 17:34 . 2011-10-04 17:45 -------- d-----w- c:\programdata\AVG2012 2011-10-03 20:35 . 2011-10-03 20:35 -------- d-----w- c:\program files (x86)\VS Revo Group 2011-09-29 19:40 . 2011-10-02 20:42 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE 2011-09-26 20:56 . 2011-09-26 20:56 -------- d-----w- c:\users\Peter\AppData\Roaming\Malwarebytes 2011-09-26 20:55 . 2011-09-26 20:55 -------- d-----w- c:\programdata\Malwarebytes 2011-09-26 20:52 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-25 08:22 . 2011-09-25 08:22 -------- d-----w- c:\users\Peter\AppData\Roaming\Intel Corporation 2011-09-24 19:59 . 2010-11-05 21:45 438808 ----a-w- c:\windows\system32\drivers\iaStor.sys 2011-09-24 19:58 . 2011-09-24 19:58 -------- d-----w- c:\users\Peter\AppData\Roaming\InstallShield . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-25 08:42 . 2011-07-01 17:20 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-03 17:42 . 2011-05-08 12:39 627600 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-22 05:42 . 2011-08-10 06:53 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 05:36 . 2011-08-10 06:53 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 05:32 . 2011-08-10 06:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 02:54 . 2011-08-10 06:53 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-07-22 02:48 . 2011-08-10 06:53 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-07-22 02:44 . 2011-08-10 06:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-16 05:41 . 2011-08-10 06:42 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-16 05:41 . 2011-08-10 06:42 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-16 05:41 . 2011-08-10 06:42 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-16 05:39 . 2011-08-10 06:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-16 05:37 . 2011-08-10 06:42 421888 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 05:21 . 2011-08-10 06:42 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 04:29 . 2011-08-10 06:42 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-16 04:26 . 2011-08-10 06:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-16 04:25 . 2011-08-10 06:42 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-16 04:24 . 2011-08-10 06:42 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-16 04:24 . 2011-08-10 06:42 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 06:42 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-16 02:21 . 2011-08-10 06:42 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-16 02:17 . 2011-08-10 06:42 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 06:42 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-10-08_12.14.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-03 02:25 . 2011-10-09 08:35 66566 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-10-09 08:35 51128 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-01-30 19:41 . 2011-10-09 08:35 23608 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2441378208-3533287211-1119336525-1000_UserData.bin - 2011-10-08 12:14 . 2011-10-08 12:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-09 08:33 . 2011-10-09 08:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-10-08 12:14 . 2011-10-08 12:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-09 08:33 . 2011-10-09 08:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2011-10-08 12:00 353416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-10-09 08:32 353416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-05-06 16:04 . 2011-10-09 08:32 1676212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2441378208-3533287211-1119336525-1000-8192.dat - 2011-05-06 16:04 . 2011-10-08 12:00 1676212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2441378208-3533287211-1119336525-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 128296] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-05 181480] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "PLFSetI"="c:\windows\PLFSetI.exe" [2009-09-22 200704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.kpnvandaag.nl/#home/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7715z&r=273601100815l0324z1m5t47i2c015 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\jpdxqj6g.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.kpnvandaag.nl/#home FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4da9cce5&v=7.008.031.001&i=26&tp=ab&iy=&ychte=nl&lng=nl&q= . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe . ************************************************************************** . Voltooingstijd: 2011-10-09 10:38:10 - machine werd herstart ComboFix-quarantined-files.txt 2011-10-09 08:38 ComboFix2.txt 2011-10-09 07:32 ComboFix3.txt 2011-10-08 17:27 ComboFix4.txt 2011-10-08 17:12 ComboFix5.txt 2011-10-09 08:25 . Pre-Run: 449.162.874.880 bytes beschikbaar Post-Run: 449.639.198.720 bytes beschikbaar . - - End Of File - - 89ACEBC389D46FE4DFB32BCC3B0000A1

[anoniem]

Herhaal het script uit het vorige bericht in veilige modus!

[anoniem]

ik heb het script nogmaals uitgevoerd in veilige modus. Mijn laptop maakt verbinding met mijn modem maar heeft beperkte toegang er wordt dan ook geen verbinding gemaakt met internet. hierbij het log bestand: ComboFix 11-10-08.01 - Peter 09-10-2011 11:44:07.9.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4026.3131 [GMT 2:00] Gestart vanuit: c:\users\Peter\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Peter\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\windows\system32\DRIVERS\avgfwd6a.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\AVG2012 c:\programdata\AVG2012\Cfg\admin.cfg c:\programdata\AVG2012\Cfg\changecfgreg.cfg c:\programdata\AVG2012\Cfg\csl.cfg c:\programdata\AVG2012\Cfg\erd.cfg c:\programdata\AVG2012\Cfg\idp.cfg c:\programdata\AVG2012\Cfg\idp2.cfg c:\programdata\AVG2012\Cfg\idpallow.cfg c:\programdata\AVG2012\Cfg\krnl.cfg c:\programdata\AVG2012\Cfg\mail.cfg c:\programdata\AVG2012\Cfg\mailsrv.cfg c:\programdata\AVG2012\Cfg\mailsrvvsapi.cfg c:\programdata\AVG2012\Cfg\malrep.cfg c:\programdata\AVG2012\Cfg\rsexcludes.cfg c:\programdata\AVG2012\Cfg\sched.cfg c:\programdata\AVG2012\Cfg\setup.cfg c:\programdata\AVG2012\Cfg\spsrv.cfg c:\programdata\AVG2012\Cfg\update.cfg c:\programdata\AVG2012\Cfg\updatecomps.cfg c:\programdata\AVG2012\Cfg\user.cfg c:\programdata\AVG2012\cfgall\falsealarm.cfg c:\programdata\AVG2012\cfgall\krnlall.cfg c:\programdata\AVG2012\cfgall\pctuneupall.cfg c:\programdata\AVG2012\cfgall\updateall.cfg c:\programdata\AVG2012\cfgall\userall.cfg c:\programdata\AVG2012\Chjw\2ca0d312a0d2e0fe.dat c:\programdata\AVG2012\Chjw\2ca0d312a0d2e0fe\avgcchff.dat c:\programdata\AVG2012\Chjw\2ca0d312a0d2e0fe\avgcchfi.dat c:\programdata\AVG2012\Chjw\2ca0d312a0d2e0fe\avgcchmf.dat c:\programdata\AVG2012\Chjw\2ca0d312a0d2e0fe\avgcchmi.dat c:\programdata\AVG2012\Chjw\2cc0d43bc0d40d48.dat c:\programdata\AVG2012\Chjw\2cc0d43bc0d40d48\avgcchff.dat c:\programdata\AVG2012\Chjw\2cc0d43bc0d40d48\avgcchfi.dat c:\programdata\AVG2012\Chjw\2cc0d43bc0d40d48\avgcchmf.dat c:\programdata\AVG2012\Chjw\2cc0d43bc0d40d48\avgcchmi.dat c:\programdata\AVG2012\Chjw\de00d33e00d31c79.dat c:\programdata\AVG2012\Chjw\de00d33e00d31c79\avgcchff.dat c:\programdata\AVG2012\Chjw\de00d33e00d31c79\avgcchfi.dat c:\programdata\AVG2012\Chjw\de00d33e00d31c79\avgcchmf.dat c:\programdata\AVG2012\Chjw\de00d33e00d31c79\avgcchmi.dat c:\programdata\AVG2012\fet\2cc0d43bc0d40d48.dat c:\programdata\AVG2012\IDS\config\BehavioralEventProcessors.dat c:\programdata\AVG2012\IDS\config\BehavioralEvents.dat c:\programdata\AVG2012\IDS\config\Characteristics.dat c:\programdata\AVG2012\IDS\config\Classifiers.dat c:\programdata\AVG2012\IDS\config\Correlations.dat c:\programdata\AVG2012\IDS\config\ExecutableEvents.dat c:\programdata\AVG2012\IDS\config\FileCoverage.dat c:\programdata\AVG2012\IDS\config\internalList.zip c:\programdata\AVG2012\IDS\config\internalList.zip.bak c:\programdata\AVG2012\IDS\config\md5Cache.dat c:\programdata\AVG2012\IDS\config\NetworkEvents.dat c:\programdata\AVG2012\IDS\config\quarantinedList.zip c:\programdata\AVG2012\IDS\config\quarantinedList.zip.bak c:\programdata\AVG2012\IDS\config\RegistryCoverage.dat c:\programdata\AVG2012\IDS\config\Relationships.dat c:\programdata\AVG2012\IDS\config\ReportableEventMappings.dat c:\programdata\AVG2012\IDS\config\SelfProtection.dat c:\programdata\AVG2012\IDS\config\userList.zip c:\programdata\AVG2012\IDS\config\userList.zip.bak c:\programdata\AVG2012\IDS\config\XViewConfig.dat c:\programdata\AVG2012\IDS\malwareprofile\backup.dat c:\programdata\AVG2012\IDS\malwareprofile\nodes.dat c:\programdata\AVG2012\IDS\profile\globalLoadable.bak c:\programdata\AVG2012\IDS\profile\globalLoadable.gdb c:\programdata\AVG2012\log\arklog.cfg c:\programdata\AVG2012\log\avgcfg.log c:\programdata\AVG2012\log\avgcfg.log.lock c:\programdata\AVG2012\log\avgchjw.log c:\programdata\AVG2012\log\avgchjw.log.lock c:\programdata\AVG2012\log\avgchjwsrv.log c:\programdata\AVG2012\log\avgchjwsrv.log.lock c:\programdata\AVG2012\log\avgcore.log c:\programdata\AVG2012\log\avgcore.log.1 c:\programdata\AVG2012\log\avgcore.log.2 c:\programdata\AVG2012\log\avgcore.log.lock c:\programdata\AVG2012\log\avgcsl.log c:\programdata\AVG2012\log\avgcsl.log.lock c:\programdata\AVG2012\log\avgdecider.log c:\programdata\AVG2012\log\avgdecider.log.lock c:\programdata\AVG2012\log\avgexc.log c:\programdata\AVG2012\log\avgexc.log.lock c:\programdata\AVG2012\log\avgidpagent.log c:\programdata\AVG2012\log\avgidpagent.log.lock c:\programdata\AVG2012\log\avgldr.log c:\programdata\AVG2012\log\avgldr.log.lock c:\programdata\AVG2012\log\avglng.log c:\programdata\AVG2012\log\avglng.log.lock c:\programdata\AVG2012\log\avgmail.cfg c:\programdata\AVG2012\log\avgns.log c:\programdata\AVG2012\log\avgns.log.lock c:\programdata\AVG2012\log\avgpostinst.log c:\programdata\AVG2012\log\avgpostinst.log.lock c:\programdata\AVG2012\log\avgrs.log c:\programdata\AVG2012\log\avgrs.log.1 c:\programdata\AVG2012\log\avgrs.log.2 c:\programdata\AVG2012\log\avgrs.log.lock c:\programdata\AVG2012\log\avgscan.log c:\programdata\AVG2012\log\avgscan.log.1 c:\programdata\AVG2012\log\avgscan.log.lock c:\programdata\AVG2012\log\avgsched.log c:\programdata\AVG2012\log\avgsched.log.1 c:\programdata\AVG2012\log\avgsched.log.lock c:\programdata\AVG2012\log\avgsrm.log c:\programdata\AVG2012\log\avgsrm.log.lock c:\programdata\AVG2012\log\avgss.cfg c:\programdata\AVG2012\log\avgtdi.log c:\programdata\AVG2012\log\avgtdi.log.lock c:\programdata\AVG2012\log\avgtray_idp_Peter.log c:\programdata\AVG2012\log\avgtray_idp_Peter.log.lock c:\programdata\AVG2012\log\avgual.2011-10-04.log c:\programdata\AVG2012\log\avgual.2011-10-05.log c:\programdata\AVG2012\log\avgual.log c:\programdata\AVG2012\log\avgual.log.lock c:\programdata\AVG2012\log\avgui.log c:\programdata\AVG2012\log\avgui.log.lock c:\programdata\AVG2012\log\avgui_idp_Peter.log c:\programdata\AVG2012\log\avgui_idp_Peter.log.lock c:\programdata\AVG2012\log\avguidraw.log c:\programdata\AVG2012\log\avguidraw.log.lock c:\programdata\AVG2012\log\avguilog.cfg c:\programdata\AVG2012\log\avgupd.log c:\programdata\AVG2012\log\avgupd.log.lock c:\programdata\AVG2012\log\avgupdm.log c:\programdata\AVG2012\log\avgwd.log c:\programdata\AVG2012\log\avgwd.log.lock c:\programdata\AVG2012\log\avgwdsvc.log c:\programdata\AVG2012\log\avgwdsvc.log.lock c:\programdata\AVG2012\log\avgwdsvc_idp_SYSTEM.log c:\programdata\AVG2012\log\avgwdsvc_idp_SYSTEM.log.lock c:\programdata\AVG2012\log\cfgexlog.cfg c:\programdata\AVG2012\log\cfglog.cfg c:\programdata\AVG2012\log\chjwlog.cfg c:\programdata\AVG2012\log\commonpriv.log c:\programdata\AVG2012\log\commonpriv.log.1 c:\programdata\AVG2012\log\commonpriv.log.lock c:\programdata\AVG2012\log\corelog.cfg c:\programdata\AVG2012\log\csllog.cfg c:\programdata\AVG2012\log\deciderlog.cfg c:\programdata\AVG2012\log\emclog.cfg c:\programdata\AVG2012\log\fixcfg.log c:\programdata\AVG2012\log\fixcfg.log.lock c:\programdata\AVG2012\log\history.xml c:\programdata\AVG2012\log\idplog.cfg c:\programdata\AVG2012\log\ldrlog.cfg c:\programdata\AVG2012\log\lnglog.cfg c:\programdata\AVG2012\log\lscanlog.cfg c:\programdata\AVG2012\log\nslog.cfg c:\programdata\AVG2012\log\privlog.cfg c:\programdata\AVG2012\log\publog.cfg c:\programdata\AVG2012\log\rslog.cfg c:\programdata\AVG2012\log\scanlog.cfg c:\programdata\AVG2012\log\schedlog.cfg c:\programdata\AVG2012\log\srmlog.cfg c:\programdata\AVG2012\log\tdilog.cfg c:\programdata\AVG2012\log\updlog.cfg c:\programdata\AVG2012\log\vault.log c:\programdata\AVG2012\log\vault.log.lock c:\programdata\AVG2012\log\vaultlog.cfg c:\programdata\AVG2012\log\wdlog.cfg c:\programdata\AVG2012\log\wdsvclog.cfg c:\programdata\AVG2012\process.bin c:\programdata\AVG2012\scanlogs\I_00000004.log c:\programdata\AVG2012\scanlogs\I_00000005.log c:\programdata\AVG2012\scanlogs\srm.idx c:\programdata\AVG2012\SetupBackup\AntiRka.cab c:\programdata\AVG2012\SetupBackup\Antivira.cab c:\programdata\AVG2012\SetupBackup\Avgx64.msi c:\programdata\AVG2012\SetupBackup\basea.cab c:\programdata\AVG2012\SetupBackup\COREa.cab c:\programdata\AVG2012\SetupBackup\COREx64.msi c:\programdata\AVG2012\SetupBackup\Emailsa.cab c:\programdata\AVG2012\SetupBackup\GUIa.cab c:\programdata\AVG2012\SetupBackup\IDPa.cab c:\programdata\AVG2012\SetupBackup\lng_nla.cab c:\programdata\AVG2012\SetupBackup\lng_usa.cab c:\programdata\AVG2012\SetupBackup\OnlnSca.cab c:\programdata\AVG2012\SetupBackup\ResShlda.cab c:\programdata\AVG2012\SetupBackup\SrchSrfa.cab c:\programdata\AVG2012\SetupBackup\SSHttpBa.cab c:\programdata\AVG2012\SetupBackup\TDIDrva.cab c:\programdata\AVG2012\SetupBackup\TuneUpa.cab c:\programdata\AVG2012\SetupBackup\Updatea.cab c:\programdata\AVG2012\Temp\file3196.tmp c:\programdata\AVG2012\Temp\file9514.tmp c:\programdata\AVG2012\update\backup\avgmfapx.exe c:\programdata\AVG2012\update\backup\incavi.avm c:\programdata\AVG2012\update\backup\info.enc c:\programdata\AVG2012\update\backup\internalList.dat c:\programdata\AVG2012\update\backup\ph.dat c:\programdata\AVG2012\update\backup\sb.dat c:\programdata\AVG2012\update\backup\sc.dat c:\programdata\AVG2012\update\download\avg12infoavi.ctf c:\programdata\AVG2012\update\download\avg12infowin.ctf c:\users\Peter\AppData\Roaming\AVG2012 c:\users\Peter\AppData\Roaming\AVG2012\cfgall\userawacs.cfg c:\users\Peter\AppData\Roaming\AVG2012\cfgall\usergui.cfg . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))) . . 2011-10-09 09:49 . 2011-10-09 09:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-09 08:38 . 2011-10-09 08:39 -------- d-----w- c:\programdata\MFAData 2011-10-04 20:20 . 2011-10-04 20:54 -------- d-----w- c:\users\Peter\AppData\Roaming\Download Manager 2011-10-04 18:47 . 2011-10-04 18:47 -------- d-----w- c:\windows\system32\oodag 2011-10-04 18:45 . 2011-10-04 18:45 -------- d-----w- c:\users\Peter\AppData\Local\O&O 2011-10-04 18:44 . 2011-10-04 18:44 -------- d-----w- c:\program files\OO Software 2011-10-04 18:43 . 2011-10-04 18:43 -------- d-----w- c:\users\Peter\AppData\Local\Downloaded Installations 2011-10-04 17:34 . 2011-10-06 19:41 -------- d-----w- c:\windows\system32\drivers\AVG 2011-10-03 20:35 . 2011-10-03 20:35 -------- d-----w- c:\program files (x86)\VS Revo Group 2011-09-29 19:40 . 2011-10-02 20:42 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE 2011-09-26 20:56 . 2011-09-26 20:56 -------- d-----w- c:\users\Peter\AppData\Roaming\Malwarebytes 2011-09-26 20:55 . 2011-09-26 20:55 -------- d-----w- c:\programdata\Malwarebytes 2011-09-26 20:52 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-25 08:22 . 2011-09-25 08:22 -------- d-----w- c:\users\Peter\AppData\Roaming\Intel Corporation 2011-09-24 19:59 . 2010-11-05 21:45 438808 ----a-w- c:\windows\system32\drivers\iaStor.sys 2011-09-24 19:58 . 2011-09-24 19:58 -------- d-----w- c:\users\Peter\AppData\Roaming\InstallShield . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-25 08:42 . 2011-07-01 17:20 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-03 17:42 . 2011-05-08 12:39 627600 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-22 05:42 . 2011-08-10 06:53 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 05:36 . 2011-08-10 06:53 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 05:32 . 2011-08-10 06:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 02:54 . 2011-08-10 06:53 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-07-22 02:48 . 2011-08-10 06:53 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-07-22 02:44 . 2011-08-10 06:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-16 05:41 . 2011-08-10 06:42 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-16 05:41 . 2011-08-10 06:42 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-16 05:41 . 2011-08-10 06:42 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-16 05:39 . 2011-08-10 06:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-16 05:37 . 2011-08-10 06:42 421888 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 05:21 . 2011-08-10 06:42 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 04:29 . 2011-08-10 06:42 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-16 04:26 . 2011-08-10 06:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-16 04:25 . 2011-08-10 06:42 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-16 04:24 . 2011-08-10 06:42 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-16 04:24 . 2011-08-10 06:42 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 06:42 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-16 02:21 . 2011-08-10 06:42 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-16 02:17 . 2011-08-10 06:42 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 06:42 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 06:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 06:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-10-08_12.14.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-03 02:25 . 2011-10-09 09:51 66566 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-10-09 08:35 51128 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-01-30 19:41 . 2011-10-09 09:51 23608 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2441378208-3533287211-1119336525-1000_UserData.bin - 2011-10-08 12:14 . 2011-10-08 12:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-09 09:50 . 2011-10-09 09:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-10-08 12:14 . 2011-10-08 12:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-09 09:50 . 2011-10-09 09:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2011-10-08 12:00 353416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-10-09 08:41 353416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-05-06 16:04 . 2011-10-09 08:32 1676212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2441378208-3533287211-1119336525-1000-8192.dat - 2011-05-06 16:04 . 2011-10-08 12:00 1676212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2441378208-3533287211-1119336525-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 128296] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-05 181480] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "PLFSetI"="c:\windows\PLFSetI.exe" [2009-09-22 200704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.kpnvandaag.nl/#home/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7715z&r=273601100815l0324z1m5t47i2c015 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\jpdxqj6g.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.kpnvandaag.nl/#home FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4da9cce5&v=7.008.031.001&i=26&tp=ab&iy=&ychte=nl&lng=nl&q= . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe . ************************************************************************** . Voltooingstijd: 2011-10-09 11:54:35 - machine werd herstart ComboFix-quarantined-files.txt 2011-10-09 09:54 ComboFix2.txt 2011-10-09 08:38 ComboFix3.txt 2011-10-09 07:32 ComboFix4.txt 2011-10-08 17:27 ComboFix5.txt 2011-10-09 09:43 . Pre-Run: 449.735.614.464 bytes beschikbaar Post-Run: 449.668.513.792 bytes beschikbaar . - - End Of File - - FC11CBC6E85905B896550B882469B302

[anoniem]

In de handlijding die ik gemaakt heb voor Combofix, vindt je ook een link naar de complete handleiding op BleepingComputer! Had je daar gekeken, had je allang geweten hoe de internetverbinding te herstellen. [img:de2b3cabeb]http://www.bleepstatic.com/combofix/nl/repair.jpg[/img:de2b3cabeb] En: AVG mag weer geïnstalleerd worden.

[anoniem]

Misschien een hele domme vraag maar waar kan ik de internetverbinding herstellen onder windows7?

[anoniem]

Je klikt met rechts op het interneticoontje in de systray en je kiest Netwerkcentrum openenen. Vervolgens klik in de linkerkolom op "Adapterinstellingen wijzeigen".

[anoniem]

Dan krijg ik niet op optie herstellen maar wel: uitschakelen verbinding maken/ verbreken status verbindingsbrug maken snelkoppeling maken naam wijzigen eigenschappen

[anoniem]

Hoi Jeroen, waarschijnlijk heb je in het eerste venster een rood kruis bij de verbindingen staan? Zo ja - dubbelklik daarop en volg de aanwijzingen.

[anoniem]

hij geeft 2 foutmeldingen: Er is mogelijk een probleem met het stuurprogramma voor de adapter voor draadloze netwerkverbinding Er is mogelijk een probleem met het stuurprogramma voor de adapter voor LAN-verbinding Als ik probeer om de reparaties als administratoer uit te voeren worden er geen oplossingen gevonden.

[anoniem]

Kijk in Apparaatbeheer of er bij Netwerkadapters speciale gele meldingen staan.

[anoniem]

Er staat geen gele melding. Er staat dit apparaat werkt correct

[anoniem]

Je bent draaloos verbonden. Is het een notebook of is het een desktop-PC?

[anoniem]

Het is een notebook Acer aspire 7715 Er is altijd draadloos verbonden met internet

[anoniem]

Heb je de radio mogelijk uitgeschakeld? kontroleer de tiptoetsen of schakelaar daarvoor.

[anoniem]

Nee die staat aan. Zojuist nog een keer uit en aan gezet maar dat haalt ook niets uit.

[anoniem]

Start je notebook dan eens helemaal opnieuw op.

[anoniem]

Helaas maakt dat niets uit. Ook als ik de notebook met draad aan de modem verbind hou ik het probleem.