Ga naar inhoud

krijg Avira niet van PC

dries V

Door dries V
in Archief Andere software

 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\documents and settings\Microsoft User\Application Data\Avira

c:\documents and settings\All Users\Application Data\Avira

c:\program files\Avira

Driver::

AntiVirSchedulerService

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in de rode snelkoppeling van ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
dries V Enthousiasteling

dries V

Geplaatst:
  • Auteur
Geplaatst:

hier de file

ComboFix 13-01-08.01 - Microsoft User 10/01/2013 18:38:16.7.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.434 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Microsoft User\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Microsoft User\Bureaublad\CFScript.txt

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Avira

c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\CONFIG\AVWIN.INI

c:\documents and settings\Microsoft User\Application Data\Avira

c:\program files\Avira\AntiVir Desktop\aebb.dll

c:\program files\Avira\AntiVir Desktop\aecore.dll

c:\program files\Avira\AntiVir Desktop\aeemu.dll

c:\program files\Avira\AntiVir Desktop\aeexp.dll

c:\program files\Avira\AntiVir Desktop\aegen.dll

c:\program files\Avira\AntiVir Desktop\aehelp.dll

c:\program files\Avira\AntiVir Desktop\aeheur.dll

c:\program files\Avira\AntiVir Desktop\aeoffice.dll

c:\program files\Avira\AntiVir Desktop\aepack.dll

c:\program files\Avira\AntiVir Desktop\aerdl.dll

c:\program files\Avira\AntiVir Desktop\aesbx.dll

c:\program files\Avira\AntiVir Desktop\aescn.dll

c:\program files\Avira\AntiVir Desktop\aescript.dll

c:\program files\Avira\AntiVir Desktop\aevdf.dll

c:\program files\Avira\AntiVir Desktop\apnic.dll

c:\program files\Avira\AntiVir Desktop\apnstub.exe

c:\program files\Avira\AntiVir Desktop\apntoolbarinstaller.exe

c:\program files\Avira\AntiVir Desktop\avacl.dll

c:\program files\Avira\AntiVir Desktop\avarkt.dll

c:\program files\Avira\AntiVir Desktop\avbb.dll

c:\program files\Avira\AntiVir Desktop\avcenter.exe

c:\program files\Avira\AntiVir Desktop\avconfig.cpl

c:\program files\Avira\AntiVir Desktop\avconfig.dll

c:\program files\Avira\AntiVir Desktop\avconfig.exe

c:\program files\Avira\AntiVir Desktop\avconfigrc.dll

c:\program files\Avira\AntiVir Desktop\avesvc.dll

c:\program files\Avira\AntiVir Desktop\avesvcr.dll

c:\program files\Avira\AntiVir Desktop\avevtlog.dll

c:\program files\Avira\AntiVir Desktop\avevtrc.dll

c:\program files\Avira\AntiVir Desktop\avghook.dll

c:\program files\Avira\AntiVir Desktop\avgio.dll

c:\program files\Avira\AntiVir Desktop\avgnt.exe

c:\program files\Avira\AntiVir Desktop\avgntflt.cat

c:\program files\Avira\AntiVir Desktop\avgntflt.inf

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Avira\AntiVir Desktop\avinet.dll

c:\program files\Avira\AntiVir Desktop\avipbb.inf

c:\program files\Avira\AntiVir Desktop\avipc.dll

c:\program files\Avira\AntiVir Desktop\avkmgr.cat

c:\program files\Avira\AntiVir Desktop\avkmgr.inf

c:\program files\Avira\AntiVir Desktop\avmres.dll

c:\program files\Avira\AntiVir Desktop\avnotify.dll

c:\program files\Avira\AntiVir Desktop\avnotify.exe

c:\program files\Avira\AntiVir Desktop\avpref.dll

c:\program files\Avira\AntiVir Desktop\avreg.dll

c:\program files\Avira\AntiVir Desktop\avrep.dll

c:\program files\Avira\AntiVir Desktop\avrestart.exe

c:\program files\Avira\AntiVir Desktop\avscan.dll

c:\program files\Avira\AntiVir Desktop\avscan.exe

c:\program files\Avira\AntiVir Desktop\avscplr.dll

c:\program files\Avira\AntiVir Desktop\avsda.dll

c:\program files\Avira\AntiVir Desktop\avsda64.dll

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Avira\AntiVir Desktop\avsmtp.dll

c:\program files\Avira\AntiVir Desktop\avupgsvc.exe

c:\program files\Avira\AntiVir Desktop\avwebgrc.dll

c:\program files\Avira\AntiVir Desktop\avwebgrd.exe

c:\program files\Avira\AntiVir Desktop\avwebloader.dll

c:\program files\Avira\AntiVir Desktop\avwebloader.exe

c:\program files\Avira\AntiVir Desktop\avwebloadergui.dll

c:\program files\Avira\AntiVir Desktop\avwinll.dll

c:\program files\Avira\AntiVir Desktop\avwmi.dll

c:\program files\Avira\AntiVir Desktop\avwsc.exe

c:\program files\Avira\AntiVir Desktop\ccavscanex.dll

c:\program files\Avira\AntiVir Desktop\ccavscanexrc.dll

c:\program files\Avira\AntiVir Desktop\ccev.dll

c:\program files\Avira\AntiVir Desktop\ccevrc.dll

c:\program files\Avira\AntiVir Desktop\ccevw.dll

c:\program files\Avira\AntiVir Desktop\ccgen.dll

c:\program files\Avira\AntiVir Desktop\ccgenrc.dll

c:\program files\Avira\AntiVir Desktop\ccgenw.dll

c:\program files\Avira\AntiVir Desktop\ccgrdrc.dll

c:\program files\Avira\AntiVir Desktop\ccgrdw.dll

c:\program files\Avira\AntiVir Desktop\ccguard.dll

c:\program files\Avira\AntiVir Desktop\cchips.dll

c:\program files\Avira\AntiVir Desktop\cchipsrc.dll

c:\program files\Avira\AntiVir Desktop\cclic.dll

c:\program files\Avira\AntiVir Desktop\cclicrc.dll

c:\program files\Avira\AntiVir Desktop\cclicw.dll

c:\program files\Avira\AntiVir Desktop\ccmainrc.dll

c:\program files\Avira\AntiVir Desktop\ccmsg.dll

c:\program files\Avira\AntiVir Desktop\ccmsgrc.dll

c:\program files\Avira\AntiVir Desktop\ccprofil.dll

c:\program files\Avira\AntiVir Desktop\ccquamgr.dll

c:\program files\Avira\AntiVir Desktop\ccquarc.dll

c:\program files\Avira\AntiVir Desktop\ccquaw.dll

c:\program files\Avira\AntiVir Desktop\ccreporc.dll

c:\program files\Avira\AntiVir Desktop\ccreport.dll

c:\program files\Avira\AntiVir Desktop\ccrepow.dll

c:\program files\Avira\AntiVir Desktop\ccscanrc.dll

c:\program files\Avira\AntiVir Desktop\ccscanw.dll

c:\program files\Avira\AntiVir Desktop\ccsched.dll

c:\program files\Avira\AntiVir Desktop\ccschedw.dll

c:\program files\Avira\AntiVir Desktop\ccscherc.dll

c:\program files\Avira\AntiVir Desktop\ccupdate.dll

c:\program files\Avira\AntiVir Desktop\ccupdrc.dll

c:\program files\Avira\AntiVir Desktop\ccupdw.dll

c:\program files\Avira\AntiVir Desktop\ccwgrd.dll

c:\program files\Avira\AntiVir Desktop\ccwgrdrc.dll

c:\program files\Avira\AntiVir Desktop\ccwgrdw.dll

c:\program files\Avira\AntiVir Desktop\ccwkrlib.dll

c:\program files\Avira\AntiVir Desktop\cfglib.dll

c:\program files\Avira\AntiVir Desktop\defaults.ini

c:\program files\Avira\AntiVir Desktop\extdlgfw.dll

c:\program files\Avira\AntiVir Desktop\fact.exe

c:\program files\Avira\AntiVir Desktop\factrc.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aebb.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aecore.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeemu.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeexp.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aegen.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aehelp.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeheur.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeoffice.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aepack.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aerdl.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aesbx.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aescn.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aescript.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\aevdf.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\avreg.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\avrep.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\avscplr.dll

c:\program files\Avira\AntiVir Desktop\FAILSAFE\unacev2.dll

c:\program files\Avira\AntiVir Desktop\gpavgio.dll

c:\program files\Avira\AntiVir Desktop\gpevtlog.dll

c:\program files\Avira\AntiVir Desktop\gpgavid.dll

c:\program files\Avira\AntiVir Desktop\gpgen.dll

c:\program files\Avira\AntiVir Desktop\gpgenrep.dll

c:\program files\Avira\AntiVir Desktop\gpgrd.dll

c:\program files\Avira\AntiVir Desktop\gpgui.dll

c:\program files\Avira\AntiVir Desktop\gpipc.dll

c:\program files\Avira\AntiVir Desktop\gplegacy.dll

c:\program files\Avira\AntiVir Desktop\gpschd.dll

c:\program files\Avira\AntiVir Desktop\grdcore.dll

c:\program files\Avira\AntiVir Desktop\guardgui.exe

c:\program files\Avira\AntiVir Desktop\guardmsg.dll

c:\program files\Avira\AntiVir Desktop\ipmgui.exe

c:\program files\Avira\AntiVir Desktop\libdb44.dll

c:\program files\Avira\AntiVir Desktop\licmgr.dll

c:\program files\Avira\AntiVir Desktop\licmgr.exe

c:\program files\Avira\AntiVir Desktop\luke.dll

c:\program files\Avira\AntiVir Desktop\lukeres.dll

c:\program files\Avira\AntiVir Desktop\mgrs.dll

c:\program files\Avira\AntiVir Desktop\msgclient.dll

c:\program files\Avira\AntiVir Desktop\netnt.dll

c:\program files\Avira\AntiVir Desktop\onlcfg.dll

c:\program files\Avira\AntiVir Desktop\rchelp.dll

c:\program files\Avira\AntiVir Desktop\rcimage.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_de.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_en.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_es.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_fr.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_it.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_jp.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_ko.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_nl.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_pt.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_ru.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_tr.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_zhcn.dll

c:\program files\Avira\AntiVir Desktop\rcnwload_zhtw.dll

c:\program files\Avira\AntiVir Desktop\rctext.dll

c:\program files\Avira\AntiVir Desktop\restartrc.dll

c:\program files\Avira\AntiVir Desktop\scewxmlw.dll

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\program files\Avira\AntiVir Desktop\schedr.dll

c:\program files\Avira\AntiVir Desktop\setup.dll

c:\program files\Avira\AntiVir Desktop\setup.exe

c:\program files\Avira\AntiVir Desktop\shlext.dll

c:\program files\Avira\AntiVir Desktop\sqlite3.dll

c:\program files\Avira\AntiVir Desktop\ssmdrv.inf

c:\program files\Avira\AntiVir Desktop\unacev2.dll

c:\program files\Avira\AntiVir Desktop\update.dll

c:\program files\Avira\AntiVir Desktop\update.exe

c:\program files\Avira\AntiVir Desktop\updaterc.dll

c:\program files\Avira\AntiVir Desktop\updext.dll

c:\program files\Avira\AntiVir Desktop\updgui.dll

c:\program files\Avira\AntiVir Desktop\updguirc.dll

c:\program files\Avira\AntiVir Desktop\updrgui.exe

c:\program files\Avira\AntiVir Desktop\webcat.dll

c:\program files\Avira\AntiVir Desktop\webcatrc.dll

c:\program files\Avira\AntiVir Desktop\wksstats.dll

c:\program files\Avira . . . . konden niet verwijderd worden

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ANTIVIRSCHEDULERSERVICE

-------\Service_AntiVirSchedulerService

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-12-10 to 2013-01-10 ))))))))))))))))))))))))))))))

.

.

2013-01-05 12:32 . 2013-01-05 12:32 -------- d-----w- c:\windows\system32\wbem\Repository

2013-01-05 12:28 . 2013-01-05 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-05 12:28 . 2013-01-06 16:12 -------- d-----w- c:\program files\Online Armor

2013-01-05 12:28 . 2013-01-05 12:28 -------- d-----w- c:\program files\Avira

2012-12-20 10:38 . 2013-01-05 12:28 -------- d-----w- c:\program files\Common Files\Mcafee

2012-12-20 10:38 . 2013-01-05 12:28 -------- d-----w- c:\program files\McAfee

2012-12-20 10:30 . 2012-04-13 19:33 161144 ----a-r- c:\windows\system32\mfevtps.exe.595c.deleteme

2012-12-18 19:08 . 2012-12-18 19:08 209112 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-10 17:55 . 2013-01-10 17:55 15739912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-01-05 13:56 . 2012-07-14 10:15 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-05 13:55 . 2011-05-25 08:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:23 . 2004-09-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 12:23 . 2004-09-02 12:00 290560 ----a-w- c:\windows\system32\atmfd(2).dll

2012-11-29 18:18 . 2012-11-29 18:18 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-29 18:18 . 2012-08-08 20:49 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-29 18:18 . 2012-01-14 22:11 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-13 11:55 . 2004-09-02 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 00:41 . 2004-09-02 12:00 290560 ----a-w- c:\windows\system32\atmfd(3).dll

2012-11-02 02:03 . 2004-09-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:12 . 2004-09-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:12 . 2004-09-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:12 . 2004-09-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-09-02 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-10-28 08:10 . 2012-10-28 08:10 556 ----a-w- c:\windows\_MSSETUP.BAT

2012-10-28 08:10 . 2012-10-28 08:10 9813 ----a-w- c:\windows\_MSRSTRT.EXE

2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2008-08-16 15:42 . 2013-01-06 16:14 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 15:42 . 2013-01-06 16:14 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 15:42 . 2013-01-06 16:14 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 15:42 . 2013-01-06 16:14 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 15:43 . 2013-01-06 16:14 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 15:42 . 2013-01-06 16:14 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 15:42 . 2013-01-06 16:14 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 06:41 . 2013-01-06 16:14 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 06:41 . 2013-01-06 16:14 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 06:41 . 2013-01-06 16:14 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 11:58 . 2013-01-06 16:14 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 15:42 . 2013-01-06 16:14 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2013-01-06 16:14 . 2013-01-06 16:14 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2004-09-02 12:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll

[-] 2004-09-02 12:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120]

"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 88204]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-04-06 225280]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]

"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Citrix XenApp.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Citrix XenApp.lnk

backup=c:\windows\pss\Citrix XenApp.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

2006-04-06 18:00 331776 ----a-w- c:\program files\Acer\OrbiCam\CameraAssistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

2006-04-06 18:06 73728 ----a-w- c:\program files\Acer\OrbiCam\InstallHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Apple Mobile Device"=2 (0x2)

"AntiVirService"=2 (0x2)

"AntiVirSchedulerService"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=

"c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=

"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=

"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/05/2012 13:17 36000]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [16/12/2009 11:39 1097472]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [15/12/2009 17:28 20160]

.

Inhoud van de 'Gedeelde Taken' map

.

2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 17:55]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 195.130.130.133 195.130.131.133

FF - ProfilePath - c:\documents and settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - ExtSQL: 2012-11-29 19:27; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: !HIDDEN! 2009-12-17 14:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe

AddRemove-Avira AntiVir Desktop - c:\program files\Avira\AntiVir Desktop\setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-01-10 18:54

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

.

c:\windows\system32\FlashPlayerInstaller.exe 15739912 bytes executable

.

Scan succesvol afgerond

verborgen bestanden: 1

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(564)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(7968)

c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

c:\windows\system32\webcheck.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\RTHDCPL.EXE

c:\windows\AGRSMMSG.exe

c:\windows\eHome\ehmsas.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\program files\Brother\Brmfcmon\BrMfcmon.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2013-01-10 18:57:55 - machine werd herstart

ComboFix-quarantined-files.txt 2013-01-10 17:57

ComboFix2.txt 2013-01-08 19:36

ComboFix3.txt 2013-01-06 20:07

ComboFix4.txt 2012-12-07 21:55

ComboFix5.txt 2013-01-10 17:36

.

Pre-Run: 31.664.074.752 bytes beschikbaar

Post-Run: 31.427.293.184 bytes beschikbaar

.

- - End Of File - - 1ECF33E39E449CADA6CEE1DE9FE73E62

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

  • Download The Avenger by Swandog46 naar je bureaublad.
  • Klik op Avenger.zip
  • Pak het bestand uit naar je bureaublad.
  • Start The Avenger door op het icoontje te dubbelklikken.
  • Vista en Windows 7 ->rechtsklik uitvoeren als Administrator.

Zet een vinkje bij 'Scan for rootkits en vink Automatically disable any rootkits found' uit.

avenger2.jpg

In het venster Input Script here, kopieer en plak je het volgende:

 [b]Folders to delete:[/b]
 [b]c:\program files\Avira[/b]

Opgelet: Bovenstaande code werd enkel gemaakt voor deze computer/situatie/user. Indien je deze code op een andere computer gebruikt kan het schade toebrengen!

Klik nu op de knop Execute.

Klik Yes om te bevestigen.

Klik Yes wanneer gevraagd wordt om je PC te rebooten.

Je PC zal rebooten, indien niet doe het dan manueel.

Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

De logfile van Avenger staat ook in C:\avenger.txt

Link naar reactie
Delen op andere sites
  • 2 weken later...
dries V Enthousiasteling

dries V

Geplaatst:
  • Auteur
Geplaatst:

Logfile of The Avenger Version 2.0, © by Swandog46

Swandog46's Public Anti-Malware Tools

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Folder "c:\program files\Avira" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.