Archief - FCCU

BelgiumTJ · 14 sep 2012

Beste,
ik ook zit met het FCCU-virus. Al meerdere dingen geprobeerd, maar niets heeft al gelukt.
Hier een HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:45:18, on 14/09/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jona\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5264 bytes

Juisterr · 16 sep 2012

De scan kan een tijdje duren omdat je hele schijf afgezocht wordt naar recent geplaatste bestanden.
"zoek.exe" gebruiken:

Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens het gebruik soms als trojan aangezien.

(hier of hier) kan je lezen hoe je dat doet.
Download daarna zoek.exe naar het bureaublad.
- Windows 2000 en Windows XP: start de tool middels dubbelklik op "zoek.exe".
- Windows Vista en Windows 7: start de tool middels rechtsklik op "zoek.exe" en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande code en plak die in het grote invulvenster:

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
Code:
```
emptytemp;
filesrcm;
emptyclsid;
startupall;
emptyjava;
emptyflash;
emptyIEcache;
iedefaults;
```
Sluit nu eerst alle overige nog openstaande programmavensters!
Klik daarna op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.

BelgiumTJ · 16 sep 2012

Zoek.exe Version 3.0.0.3 Updated 16-09-2012
Tool run by Jona on zo 16/09/2012 at 19:53:02,41.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running from: C:\Users\Jona\AppData\Local\Temp\zoek.exe

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.be/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer

ource?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz="
"SortIndex"=dword:00000000
"FaviconPath"="C:\\Users\\Jona\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{6A1806CD-94D4-4689-BA73-E35EA1EA9990}.ico"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie

ectionHeight}&FORM=IE8SSC&market={language}"
"FaviconPath"="C:\\Users\\Jona\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
"DisplayName"="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Jona\AppData\Local\Temp ====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2012-09-15 11:07:44 65E794E86468B61F2BC79ABC48BC4433 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
2012-09-13 21:32:45 150BDB2745C030BE4DD7E03D71742709 1662 ----a-w- C:\avenger.txt
====== C:\Users\Jona\AppData\Roaming ======
2012-09-13 20:49:23 -------- d-----w- C:\users\Jona\AppData\Roaming\Avira
====== C:\Users\Jona ======
2012-09-08 23:22:54 E4E0E383045FAE7A6F18EE609BC461DC 4503728 ----atw- C:\ProgramData\dsgsdgdsgdsgw.pad

====== C: exe-files ==
2012-09-16 17:41:48 CB8AF049AC9BE419A77ADAE288673359 114144 ----a-w- C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe
2012-09-14 18:40:47 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Users\Jona\Desktop\HijackThis.exe
2012-09-13 20:47:05 EA51F395E2FD8259BBB4CECAFBCCFCF9 484008 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
2012-09-13 20:47:05 DF5A3016052755C910A206058B4A1729 269480 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2012-09-13 20:47:05 CBFFAFD0BC8FB39C1BBD28C33631ECB1 124584 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avadmin.exe
2012-09-13 20:47:05 C983E62B6FB74457D173BA93F66F6068 281768 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2012-09-13 20:47:05 C3C970D9AB881237D2C78F4F59FE9FE3 223912 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
2012-09-13 20:47:05 8C91BD35AE9AA8B628EEC5E637BB1D0F 76968 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2012-09-13 20:47:05 8A9266EB1B290E85F73936A38ED3032C 60072 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avupgsvc.exe
2012-09-13 20:47:05 892198278FE9E5754CA3D8AEFEA3DEDE 400040 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
2012-09-13 20:47:05 822B0EB5E0FA4547D52EA4FB1A52910E 428200 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
2012-09-13 20:47:05 6FB11E89A6E66E398D9E8608D24AE7AC 3351432 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ApnToolbarInstaller.exe
2012-09-13 20:47:05 4991758AFBEBDC892B1C65A2200E0281 353960 ----a-w- C:\Program Files\Avira\AntiVir Desktop\fact.exe
2012-09-13 20:47:05 2B6BE5C26C476A9F292567703197143A 214184 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwebloader.exe
2012-09-13 20:47:05 23EE55D0C183CC6E85C8FB97FB5973E8 108424 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ApnStub.exe
2012-09-13 20:47:05 1F4AD4BC5747F7F150F6D53CC52482F2 98480 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwsc.exe
2012-09-13 20:47:05 136BC4C5FFFF8FAB0F1C508FC0EF2B23 195240 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avrestart.exe
2012-09-13 20:47:05 0B7A79193FBCFB2AF3819D6533F162C2 370856 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avconfig.exe
2012-09-13 20:47:05 02436258A83810EBD3676A147BF1A719 71848 ----a-w- C:\Program Files\Avira\AntiVir Desktop\guardgui.exe
=== C: other files ==
2012-09-16 17:41:46 36673291647DA77D43D01CA5ECC7FE93 73696 ----a-w- C:\Program Files\Mozilla Firefox\breakpadinjector.dll
2012-09-15 11:07:44 65E794E86468B61F2BC79ABC48BC4433 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-13 20:47:56 492E0883DEFBE740D5DA3737E87C95EC 77569 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\unacev2.dll
2012-09-13 20:47:05 FC8739AA30497418DADC8B5C9052CAA1 11624 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avconfigrc.dll
2012-09-13 20:47:05 FB29E986F789B6A104022525589B3866 452456 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccavscanex.dll
2012-09-13 20:47:05 F7263B4E58E0346178CAD70EAC7F35E6 873832 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccgen.dll
2012-09-13 20:47:05 F05A5753C308425749B37ACD39A5F760 36712 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccgenrc.dll
2012-09-13 20:47:05 EEBB9A28B06BFFF6B801A7B3B0263194 439144 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccsched.dll
2012-09-13 20:47:05 E75A782A8C218D03A0AF54325132BC70 102772 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aevdf.dll
2012-09-13 20:47:05 E75A782A8C218D03A0AF54325132BC70 102772 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aevdf.dll
2012-09-13 20:47:05 E6B4343D20DE505DC17E819D60783042 24424 ----a-w- C:\Program Files\Avira\AntiVir Desktop\factrc.dll
2012-09-13 20:47:05 E679BFACA916613BDFBF0844DE248EF0 20328 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccwgrdrc.dll
2012-09-13 20:47:05 DFCA644502DFA491384A53F87AE03FB6 63848 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avsmtp.dll
2012-09-13 20:47:05 DCEED5ABB513F50F58F3E5AC412B60B6 201083 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aeoffice.dll
2012-09-13 20:47:05 DCEED5ABB513F50F58F3E5AC412B60B6 201083 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll
2012-09-13 20:47:05 DCD62C40142DF3B41F64AC837FEB5716 8040 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccmainrc.dll
2012-09-13 20:47:05 D41A02871F992A2C47B84A95C2A78B40 75112 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccwgrdw.dll
2012-09-13 20:47:05 D0D12E791014691E78463F2E752F328E 17768 ----a-w- C:\Program Files\Avira\AntiVir Desktop\cclicw.dll
2012-09-13 20:47:05 CF28139A8AECBF3BEC26CA1A16FD69CF 639348 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aerdl.dll
2012-09-13 20:47:05 CF28139A8AECBF3BEC26CA1A16FD69CF 639348 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aerdl.dll
2012-09-13 20:47:05 CD7B65E600B8EBC91B292C1AC9EC1215 393587 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aeemu.dll
2012-09-13 20:47:05 CD7B65E600B8EBC91B292C1AC9EC1215 393587 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aeemu.dll
2012-09-13 20:47:05 C55EE924474044CA64B473B356E9D080 122216 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avesvc.dll
2012-09-13 20:47:05 C2C9BE593D6FF85C236667A754248210 435560 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccreport.dll
2012-09-13 20:47:05 C0BCD324F850F8676E917B2A72ECADC7 12136 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avevtrc.dll
2012-09-13 20:47:05 C0245ED1F48397D41632CAB0AFA842CE 174440 ----a-w- C:\Program Files\Avira\AntiVir Desktop\cclic.dll
2012-09-13 20:47:05 BE46F316FCF4B17BC4EE780CA7708957 14184 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avinet.dll
2012-09-13 20:47:05 BD655A8ECAF694C48684B89C745F52FA 290664 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccupdate.dll
2012-09-13 20:47:05 BC6E22138C02F41028B46E2B600B4833 90484 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aeexp.dll
2012-09-13 20:47:05 BC6E22138C02F41028B46E2B600B4833 90484 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aeexp.dll
2012-09-13 20:47:05 B9BE6BBD5A5D067999BB43DE297F589A 8040 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avnotify.dll
2012-09-13 20:47:05 B0AB608BD39C43F9EB5A2FD033413F4E 9064 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avesvcr.dll
2012-09-13 20:47:05 B095D4F78A2FA9BD627855F368113E81 811382 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aepack.dll
2012-09-13 20:47:05 B095D4F78A2FA9BD627855F368113E81 811382 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aepack.dll
2012-09-13 20:47:05 AD676891B172562C0B19EDD0BE701940 33128 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccscanrc.dll
2012-09-13 20:47:05 ACFEC9B963B04268856823051D08251C 659304 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccprofil.dll
2012-09-13 20:47:05 A99354A52D2FAC0C459DE59874AEF080 244072 ----a-w- C:\Program Files\Avira\AntiVir Desktop\extdlgfw.dll
2012-09-13 20:47:05 A93A23D1D8922FE1E625D9884C275FF5 22888 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccupdrc.dll
2012-09-13 20:47:05 A69E88EAB3C03131912C7017E0C3EE26 94568 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccscanw.dll
2012-09-13 20:47:05 A5751E9DD69539DE299B4FFC87425DCB 495464 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avconfig.dll
2012-09-13 20:47:05 A2997C6D82B43BF7E2983C16BFC5EA61 88833 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avreg.dll
2012-09-13 20:47:05 A0EF10DE0D455E33ADFFC39948660899 121704 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll
2012-09-13 20:47:05 9911A19EB57C5DE254455D0E9C3B547E 82280 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccgenw.dll
2012-09-13 20:47:05 98D551A16398529F181570A001843231 304488 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccmsg.dll
2012-09-13 20:47:05 939286B2D5177E88D1FA804413AC8862 4968 ----a-w- C:\Program Files\Avira\AntiVir Desktop\cclicrc.dll
2012-09-13 20:47:05 8A15C06DCB7BF0517E1B7FDAE7C1CD21 459131 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aescript.dll
2012-09-13 20:47:05 8A15C06DCB7BF0517E1B7FDAE7C1CD21 459131 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aescript.dll
2012-09-13 20:47:05 84F045A39B6DCFA6018F7D8F68E1F80C 511336 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccquamgr.dll
2012-09-13 20:47:05 813B69E6CE318D610AC7604E7D50E2E3 114536 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccquaw.dll
2012-09-13 20:47:05 80A83D2825CDA4BC2044CA755460738F 280232 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avsda.dll
2012-09-13 20:47:05 7E3D9E781E7D2E099BD424B188FBC9AA 53618 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aebb.dll
2012-09-13 20:47:05 7E3D9E781E7D2E099BD424B188FBC9AA 53618 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aebb.dll
2012-09-13 20:47:05 76D19B395001F884EEED44D582FD5658 5480 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccmsgrc.dll
2012-09-13 20:47:05 7347175142539922208EE8511FD56D4E 47464 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avscan.dll
2012-09-13 20:47:05 723C0677080B300D161CAE9BC1B34B91 255336 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avarkt.dll
2012-09-13 20:47:05 6F6E35D1EBAF6A2F7F1F6AB6B1CA42B8 14696 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccavscanexrc.dll
2012-09-13 20:47:05 670690FD78D7A14FF6B2579502C7FFFB 216784 ----a-w- C:\Program Files\Avira\AntiVir Desktop\gpavgio.dll
2012-09-13 20:47:05 64605B72B605DEDE66D38E3D7094E73B 606578 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aesbx.dll
2012-09-13 20:47:05 64605B72B605DEDE66D38E3D7094E73B 606578 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aesbx.dll
2012-09-13 20:47:05 600D111C470F6C37924112C15576FDE8 174120 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avrep.dll
2012-09-13 20:47:05 5EE5C132D47BA6F331099BFF1D1DB539 89960 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avgio.dll
2012-09-13 20:47:05 5A39549351DDC955272DE139EC6D1663 322920 ----a-w- C:\Program Files\Avira\AntiVir Desktop\cchips.dll
2012-09-13 20:47:05 59D76039603BADD181374FCFAE1A9CBF 15208 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwebgrc.dll
2012-09-13 20:47:05 5757FD95F10D5307292BF2F874F06CE9 11112 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccreporc.dll
2012-09-13 20:47:05 572B2D80C15F505379050667EC316DF7 5280120 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aeheur.dll
2012-09-13 20:47:05 572B2D80C15F505379050667EC316DF7 5280120 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aeheur.dll
2012-09-13 20:47:05 56C81A9E8AAA5B94A8EF843ABA91E1D6 9064 ----a-w- C:\Program Files\Avira\AntiVir Desktop\cchipsrc.dll
2012-09-13 20:47:05 53AD98D496349C187ADDFDE866392D29 435560 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avghook.dll
2012-09-13 20:47:05 5252BB49A0B35E1127D3771E21C7AF6D 44904 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avpref.dll
2012-09-13 20:47:05 4B3A4639DD281B709162A2120B3DAEFC 446312 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccguard.dll
2012-09-13 20:47:05 48620181236476EC845CB96D453EDF54 17768 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccquarc.dll
2012-09-13 20:47:05 47766F6B79A25AF04ED3F6F2B02AA4CB 288616 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
2012-09-13 20:47:05 4418D5E1AEF2DE478F2DFA84E1854E4F 434549 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aegen.dll
2012-09-13 20:47:05 4418D5E1AEF2DE478F2DFA84E1854E4F 434549 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aegen.dll
2012-09-13 20:47:05 41303E032613D2C4E29BE8B8EB5F027B 92520 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccgrdw.dll
2012-09-13 20:47:05 3E7264A7E9C6EAEC21715D5FB05F0083 77160 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccschedw.dll
2012-09-13 20:47:05 3202783FF72CEA2E388342F1B71F7C08 239976 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwmi.dll
2012-09-13 20:47:05 298B49E02025ADD1D12AAF27937A3549 23400 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccgrdrc.dll
2012-09-13 20:47:05 1CBB11C78C0A31A3C4E38978D4D14D9C 119656 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avscplr.dll
2012-09-13 20:47:05 1CA3249F283ACA61097341C02D9A633F 556392 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avbb.dll
2012-09-13 20:47:05 1C8244C24F208591D7BDECFFE5856D44 11624 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccevrc.dll
2012-09-13 20:47:05 18C6ABB238E53B513391E9B22EC015F7 452456 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccev.dll
2012-09-13 20:47:05 1356621FF912F6DF2DD7D8112E06E430 60264 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccrepow.dll
2012-09-13 20:47:05 124AA4D42188C9391DA49355A23FC1B5 125464 ----a-w- C:\Program Files\Avira\AntiVir Desktop\sweb.zip
2012-09-13 20:47:05 111011E0F345840224160E6B1ECF8B1F 93032 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccevw.dll
2012-09-13 20:47:05 0CA0530BDA80A75A63EF95D7DDFD6B4C 18792 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccscherc.dll
2012-09-13 20:47:05 0798951AE42D1161CF1E6CF4280CC8EB 201078 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aecore.dll
2012-09-13 20:47:05 0798951AE42D1161CF1E6CF4280CC8EB 201078 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aecore.dll
2012-09-13 20:47:05 06990855177B4AB5366864738C43D459 62312 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avipc.dll
2012-09-13 20:47:05 05D568D158B2AAA4FF1549B157D0E994 19304 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwinll.dll
2012-09-13 20:47:05 01936B92434B6AB994D9BB2139729CFB 54120 ----a-w- C:\Program Files\Avira\AntiVir Desktop\cfglib.dll
2012-09-13 20:47:05 016B4CB0F363E8563AE9D4C97189AE5D 178568 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ApnIC.dll
2012-09-13 20:47:05 011C74CF75EA6E0B5AB816E2D94F8257 131444 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aescn.dll
2012-09-13 20:47:05 011C74CF75EA6E0B5AB816E2D94F8257 131444 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aescn.dll
2012-09-13 20:47:05 0109C5101DD4520719F912A32DED5946 258422 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aehelp.dll
2012-09-13 20:47:05 0109C5101DD4520719F912A32DED5946 258422 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aehelp.dll
2012-09-13 20:47:05 0014339814C89ABF148F49976146941C 511336 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccwgrd.dll

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1202760800-3644983721-2447136914-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25/08/2011 00:16]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25/08/2011 00:16]

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jona\AppData\Local\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Jona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

Juisterr · 17 sep 2012

Beter nu ?

BelgiumTJ · 17 sep 2012

Juisterr zei:
Beter nu ?

Zeker niet, heb vandaag een ander scherm te zien gekregen (ook om 100 euro te betalen vanwege zogenaamd kinderpornografie etc...) dus hetzelfde virus zit er nog in.
Edit: heb nieuw HiJackThis-logje maar krijg wederom de melding dat niet alles in het log zit vanwege iets met hijacked domains.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:40:05, on 17/09/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jona\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5178 bytes

BelgiumTJ · 17 sep 2012

Hier nog eens zo'n zoek.exe-logje (kon geen edit meer doen want dan kon de log er niet volledig in):

Zoek.exe Version 3.0.0.3 Updated 16-09-2012
Tool run by Jona on ma 17/09/2012 at 22:42:07,68.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running from: C:\Users\Jona\AppData\Local\Temp\zoek.exe

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.be/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer

ource?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz="
"SortIndex"=dword:00000000
"FaviconPath"="C:\\Users\\Jona\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{6A1806CD-94D4-4689-BA73-E35EA1EA9990}.ico"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie

ectionHeight}&FORM=IE8SSC&market={language}"
"FaviconPath"="C:\\Users\\Jona\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
"DisplayName"="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Jona\AppData\Local\Temp ====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2012-09-17 10:10:33 A36EE93698802CD899F98BFD553D8185 28520 ----a-w- C:\Windows\System32\drivers\ssmdrv.sys
2012-09-17 10:10:32 D5541F0AFB767E85FC412FC609D96A74 83392 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-09-17 10:10:32 7D967A682D4694DF7FA57D63A2DB01FE 137928 ----a-w- C:\Windows\System32\drivers\avipbb.sys
2012-09-17 10:10:32 53E56450DA16A1A7F0D002F511113F67 36000 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-09-17 09:14:07 65E794E86468B61F2BC79ABC48BC4433 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2012-09-17 10:10:30 -------- d-----w- C:\Program Files\Avira
======= C: =====
====== C:\Users\Jona\AppData\Roaming ======
2012-09-17 10:12:41 -------- d-----w- C:\users\Jona\AppData\Roaming\Avira
2012-09-16 17:56:53 -------- d-----w- C:\users\Jona\AppData\Local\Temp
====== C:\Users\Jona ======
2012-09-17 10:10:30 -------- d-----w- C:\ProgramData\Avira
2012-09-08 23:22:54 E4E0E383045FAE7A6F18EE609BC461DC 4503728 ----atw- C:\ProgramData\dsgsdgdsgdsgw.pad

====== C: exe-files ==
2012-09-17 10:10:33 A74090509559B2F9EF28A7F8D17B69B3 613880 ----a-w- C:\Program Files\Avira\AntiVir Desktop\update.exe
2012-09-17 10:10:33 A011B7F6F35EA4B9F226F62C5C68D531 495096 ----a-w- C:\Program Files\Avira\AntiVir Desktop\fact.exe
2012-09-17 10:10:33 811AC03E0957AD17C3A559362B91B9C0 174032 ----a-w- C:\Program Files\Avira\AntiVir Desktop\guardgui.exe
2012-09-17 10:10:33 752BE36FC236DB6D1C9EDCF98AC1247A 716792 ----a-w- C:\Program Files\Avira\AntiVir Desktop\setup.exe
2012-09-17 10:10:33 58B7FB2602992F3A7EA3AF4D380E918C 47824 ----a-w- C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
2012-09-17 10:10:33 38781A594B5C035A861D1E47A2CC61A5 86992 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
2012-09-17 10:10:33 3339FEA3C6F33E59F4E665AC65681CF1 106344 ----a-w- C:\Program Files\Avira\AntiVir Desktop\licmgr.exe
2012-09-17 10:10:33 1C758E8B921DE548AA6FABC5039B8B0D 80848 ----a-w- C:\Program Files\Avira\AntiVir Desktop\wsctool.exe
2012-09-17 10:10:33 0A1CC583E8147004E4AD4625D7FBF88C 86224 ----a-w- C:\Program Files\Avira\AntiVir Desktop\sched.exe
2012-09-17 10:10:32 F51C2ECCA78C230E78BBFB3D0087224F 391632 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
2012-09-17 10:10:32 F4202F68BB3B9A08822238D9017EC638 348664 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2012-09-17 10:10:32 E38BA9FAB3981A2115C53260B930FD3C 465360 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
2012-09-17 10:10:32 D872A2C5372858851B3643B8F7BBE8A7 3904680 ----a-w- C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe
2012-09-17 10:10:32 D4318B914115BA68C580311C048C9E7A 304120 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
2012-09-17 10:10:32 C9A36EF935ACED86AEDF93E97E606911 110032 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2012-09-17 10:10:32 C36923084822C017F69396418A999D39 143240 ----a-w- C:\Program Files\Avira\AntiVir Desktop\apnstub.exe
2012-09-17 10:10:32 9BA2C6A1BB047C1872A8ED80081FFB3F 500728 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avconfig.exe
2012-09-17 10:10:32 6157DC2C87BEF8C93BDEBF5774B806CA 468472 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
2012-09-17 10:10:32 52233C5D1890811C552068015AFE27DF 80336 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2012-09-17 10:10:32 4E9561C8102C8AC6A878AA6F090804C5 232912 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwebloader.exe
2012-09-17 10:10:32 3E2F07867A8D51553DFF8CF008CD0C26 117688 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwsc.exe
2012-09-17 10:10:32 3D99A4216AEC79809529B03409FBD5C8 182224 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avrestart.exe
2012-09-17 10:10:32 3C4D2D59C8C8DF42FD7279DBDE46E413 85968 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avadmin.exe
2012-09-17 10:10:32 0007CACB5A43339E24C38E5E20028FEE 59088 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avupgsvc.exe
2012-09-14 18:40:47 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Users\Jona\Desktop\HijackThis.exe
=== C: other files ==
2012-09-17 10:12:33 B497555DF18157A3B2AED130EA57B74C 232232 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\avreg.dll
2012-09-17 10:12:33 7332FDC0E78EC6AFC59C5AEA9F5C194E 179208 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\avrep.dll
2012-09-17 10:12:33 58937CDA132C2D6E20D828766ABC31EF 97064 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\avscplr.dll
2012-09-17 10:12:33 492E0883DEFBE740D5DA3737E87C95EC 77569 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\unacev2.dll
2012-09-17 10:10:33 F32D28367E883F64759F47358C0AE71A 26576 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_de.dll
2012-09-17 10:10:33 F28BED5FD10383561020647858D1FFFD 68304 ----a-w- C:\Program Files\Avira\AntiVir Desktop\luke.dll
2012-09-17 10:10:33 F1FED06E27C2F2DC186D8744DD719A4F 29136 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_pt.dll
2012-09-17 10:10:33 ED7720D60C8D6F909A966E88DDFA77D0 16848 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccevrc.dll
2012-09-17 10:10:33 ECC5B7AEF23C71C4A4795C20E7D07921 136400 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccgenw.dll
2012-09-17 10:10:33 EC8A876D90DAA6F763582774F69A5A5C 18384 ----a-w- C:\Program Files\Avira\AntiVir Desktop\lukeres.dll
2012-09-17 10:10:33 EA196C9873949A3D2050C86B7AE95FDD 37840 ----a-w- C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll
2012-09-17 10:10:33 E75A782A8C218D03A0AF54325132BC70 102772 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aevdf.dll
2012-09-17 10:10:33 E08FC5FA406389AFF791B786F79F7371 14288 ----a-w- C:\Program Files\Avira\AntiVir Desktop\cchipsrc.dll
2012-09-17 10:10:33 E0025CB2C368BDA2B055CE39CBE8D568 38352 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccscanrc.dll
2012-09-17 10:10:33 DCEED5ABB513F50F58F3E5AC412B60B6 201083 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aeoffice.dll
2012-09-17 10:10:33 DCD86730767099BEC39ED7D36F3218DC 24016 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccquarc.dll
2012-09-17 10:10:33 DB7F445E3A62F96B8E5B4B61BCFFD22E 405200 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccguard.dll
2012-09-17 10:10:33 D8EC3C498961531A33D5F2E3FEB96D9B 27600 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_fr.dll
2012-09-17 10:10:33 D75AD61EAC890B7DAEC64E43EB1BFEF1 26576 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_tr.dll
2012-09-17 10:10:33 CF28139A8AECBF3BEC26CA1A16FD69CF 639348 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aerdl.dll
2012-09-17 10:10:33 CD7B65E600B8EBC91B292C1AC9EC1215 393587 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aeemu.dll
2012-09-17 10:10:33 CC4F136CD24EBAE9C9BCE408EBCD26ED 142800 ----a-w- C:\Program Files\Avira\AntiVir Desktop\wksstats.dll
2012-09-17 10:10:33 CC095BCF3ABD351CA5B7C4336A6F3A4C 94192 ----a-w- C:\Program Files\Avira\AntiVir Desktop\sweb.zip
2012-09-17 10:10:33 CB0248A426835FE0A77F1B468E1825E1 107728 ----a-w- C:\Program Files\Avira\AntiVir Desktop\gpgavid.dll
2012-09-17 10:10:33 C48E0D43530060CAD4A0B231B10EB5BA 132304 ----a-w- C:\Program Files\Avira\AntiVir Desktop\gpschd.dll
2012-09-17 10:10:33 C2C2335E62DA083E06BD99A70DFA8785 61136 ----a-w- C:\Program Files\Avira\AntiVir Desktop\gpgui.dll
2012-09-17 10:10:33 C0537786F8D494A0686D64D8E278DC65 27088 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccwgrdrc.dll
2012-09-17 10:10:33 BFBC3F31985DE98DF20EBB5748708534 227024 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccquaw.dll
2012-09-17 10:10:33 BE32875753662CE03E55542EFBF22FF6 26576 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_zhtw.dll
2012-09-17 10:10:33 BDAEDE7FA550C90DBBBF350965773D46 15824 ----a-w- C:\Program Files\Avira\AntiVir Desktop\updguirc.dll
2012-09-17 10:10:33 BC6E22138C02F41028B46E2B600B4833 90484 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aeexp.dll
2012-09-17 10:10:33 BC6E22138C02F41028B46E2B600B4833 90484 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aeexp.dll
2012-09-17 10:10:33 B63FDE7DE42DAD2C46BFF9A38459B904 80592 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rchelp.dll
2012-09-17 10:10:33 B25BD7D86A6C70B10BA78CE3DCB2F8F3 26576 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_es.dll
2012-09-17 10:10:33 B095D4F78A2FA9BD627855F368113E81 811382 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aepack.dll
2012-09-17 10:10:33 AD1B4CC8CE9AC5C1E5DEC049A163AB09 27088 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_it.dll
2012-09-17 10:10:33 AB55B5D730C88CCF1A55F8697D28F125 265424 ----a-w- C:\Program Files\Avira\AntiVir Desktop\extdlgfw.dll
2012-09-17 10:10:33 A36EE93698802CD899F98BFD553D8185 28520 ----a-w- C:\Windows\System32\drivers\ssmdrv.sys
2012-09-17 10:10:33 9D8A813966EC2F087C41BB9E904C068D 26064 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_ru.dll
2012-09-17 10:10:33 9D22EDDCCF93E380A7BDF5635964E05E 97784 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rctext.dll
2012-09-17 10:10:33 9D1C5D971235A5E84B1C25E7CEFC52E4 10192 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccmsgrc.dll
2012-09-17 10:10:33 99808B76B0CE967CF7766E0284C51F8D 162512 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccrepow.dll
2012-09-17 10:10:33 991F2C676B636E475CB9C8C30ED8E570 44752 ----a-w- C:\Program Files\Avira\AntiVir Desktop\gpgrd.dll
2012-09-17 10:10:33 9403A0F5EC6C75A47353C1853B703D7F 2072016 ----a-w- C:\Program Files\Avira\AntiVir Desktop\update.dll
2012-09-17 10:10:33 8FBE15001ACA2E67EE9FE3A103469DAC 234704 ----a-w- C:\Program Files\Avira\AntiVir Desktop\msgclient.dll
2012-09-17 10:10:33 8F9F50F3810672AC36503B72A0B1808A 757248 ----a-w- C:\Program Files\Avira\AntiVir Desktop\libdb44.dll
2012-09-17 10:10:33 8E95EEECC7EC8624A360D4EE73E8E140 471800 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccwgrd.dll
2012-09-17 10:10:33 8A2469F40E7A342D1B12C5363E95F315 47056 ----a-w- C:\Program Files\Avira\AntiVir Desktop\updaterc.dll
2012-09-17 10:10:33 8A15C06DCB7BF0517E1B7FDAE7C1CD21 459131 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aescript.dll
2012-09-17 10:10:33 82464461ACDFBA6B876BF9F74A66BCBB 14288 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccmainrc.dll
2012-09-17 10:10:33 81834FB4AAB4B48CA953946774D96CFD 108496 ----a-w- C:\Program Files\Avira\AntiVir Desktop\mgrs.dll
2012-09-17 10:10:33 80E734A39C3AB45522188E2DCDD61047 291536 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccreport.dll
2012-09-17 10:10:33 80126BC6148CAD0FDB4EFF948232DC34 221432 ----a-w- C:\Program Files\Avira\AntiVir Desktop\gpipc.dll
2012-09-17 10:10:33 7FD7311B69071AE20C8BA8F3D755E32F 420048 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccprofil.dll
2012-09-17 10:10:33 7E6BA46E48A45DBAD5AADE3510598BDD 235216 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccgrdw.dll
2012-09-17 10:10:33 7E505224F8515663F29AF82DB0967CB6 84688 ----a-w- C:\Program Files\Avira\AntiVir Desktop\cclicw.dll
2012-09-17 10:10:33 7E3D9E781E7D2E099BD424B188FBC9AA 53618 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aebb.dll
2012-09-17 10:10:33 7D639EF362395EDD7F3DA94B46C035DA 15824 ----a-w- C:\Program Files\Avira\AntiVir Desktop\licmgr.dll
2012-09-17 10:10:33 795D4835CE714F4A0C601766134F344B 128208 ----a-w- C:\Program Files\Avira\AntiVir Desktop\cclic.dll
2012-09-17 10:10:33 78E8FD5AC41691857100B0D615B08799 351440 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccquamgr.dll
2012-09-17 10:10:33 738F75501E40D8C9733B1D5EA2FDA7A0 152272 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccevw.dll
2012-09-17 10:10:33 729F4D9EC5E17A5588DD187D0F5F2738 62160 ----a-w- C:\Program Files\Avira\AntiVir Desktop\gpgenrep.dll
2012-09-17 10:10:33 71CB520209C414BA41951D9D1AD69DA6 255184 ----a-w- C:\Program Files\Avira\AntiVir Desktop\cchips.dll
2012-09-17 10:10:33 6EBF590F58CB13F34E4BD702CC1286B3 133584 ----a-w- C:\Program Files\Avira\AntiVir Desktop\scewxmlw.dll
2012-09-17 10:10:33 6B247F1DA10F8F00151E1AD666205B4F 12752 ----a-w- C:\Program Files\Avira\AntiVir Desktop\restartrc.dll
2012-09-17 10:10:33 692DDF02F2C3F53AE670CFAF55D2DBB3 130768 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccwgrdw.dll
2012-09-17 10:10:33 670690FD78D7A14FF6B2579502C7FFFB 216784 ----a-w- C:\Program Files\Avira\AntiVir Desktop\gpavgio.dll
2012-09-17 10:10:33 64605B72B605DEDE66D38E3D7094E73B 606578 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aesbx.dll
2012-09-17 10:10:33 5AC47E3AC56E5E8827C9C593CB86881E 10704 ----a-w- C:\Program Files\Avira\AntiVir Desktop\cclicrc.dll
2012-09-17 10:10:33 5A90551258ACC765FE2EB06C2334F41F 90832 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccschedw.dll
2012-09-17 10:10:33 572B2D80C15F505379050667EC316DF7 5280120 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aeheur.dll
2012-09-17 10:10:33 5336C3171A5B80BB58220FE4ED795E47 217296 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll
2012-09-17 10:10:33 503FE48BC3B68F40018520AEAE3BEAC1 398288 ----a-w- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2012-09-17 10:10:33 4F8FFD7AA200D5A41570EA663DBBEEB8 26576 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_zhcn.dll
2012-09-17 10:10:33 4BA32378BAD7D8DE8C307BCCEEBDCEC7 25552 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_en.dll
2012-09-17 10:10:33 492E0883DEFBE740D5DA3737E87C95EC 77569 ----a-w- C:\Program Files\Avira\AntiVir Desktop\unacev2.dll
2012-09-17 10:10:33 453A81F0537D7619BDC677E9A733C3FA 16336 ----a-w- C:\Program Files\Avira\AntiVir Desktop\schedr.dll
2012-09-17 10:10:33 4418D5E1AEF2DE478F2DFA84E1854E4F 434549 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aegen.dll
2012-09-17 10:10:33 3EF34FFAB47A2ECF4CE395EDB6D15334 382160 ----a-w- C:\Program Files\Avira\AntiVir Desktop\grdcore.dll
2012-09-17 10:10:33 3B31850FFF112BE58294896EB9F684F1 4445944 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
2012-09-17 10:10:33 388129C269DB1DB1E36D89C8D27C330F 231672 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccmsg.dll
2012-09-17 10:10:33 3683305795280DA6E9CC9329E32BCBEA 24528 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_ko.dll
2012-09-17 10:10:33 354AAF99EDF42D2AFFFE1533849564BC 211408 ----a-w- C:\Program Files\Avira\AntiVir Desktop\updgui.dll
2012-09-17 10:10:33 31222A7F19EF7013FD43E47168E4400A 28880 ----a-w- C:\Program Files\Avira\AntiVir Desktop\onlcfg.dll
2012-09-17 10:10:33 2F42802FA5ECCDCDB8BC0E744BEA9387 316624 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccev.dll
2012-09-17 10:10:33 2EC0D1737C05ADB6156C65BD4A2613F6 48848 ----a-w- C:\Program Files\Avira\AntiVir Desktop\gplegacy.dll
2012-09-17 10:10:33 2BD4E540E3CA570002FD40C042432C09 24528 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_jp.dll
2012-09-17 10:10:33 274B6853AE85C52AC139F236A4DDF673 97488 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccscanw.dll
2012-09-17 10:10:33 2330E302C38546791F49E3F6643DD03D 24528 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccscherc.dll
2012-09-17 10:10:33 19439B245C71A5C0C62AF5671ED078E8 756984 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccgen.dll
2012-09-17 10:10:33 191A67A95FC15A79CD1ABAD718861AD2 16336 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccreporc.dll
2012-09-17 10:10:33 17A54B34FD9C2D5B7D0CB191A9D2DC69 285392 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccsched.dll
2012-09-17 10:10:33 1568A7175588C6A8150C6D257BA58C81 149456 ----a-w- C:\Program Files\Avira\AntiVir Desktop\shlext.dll
2012-09-17 10:10:33 15371D0E8DADAC9F850F006A1EA5F1C0 189392 ----a-w- C:\Program Files\Avira\AntiVir Desktop\updext.dll
2012-09-17 10:10:33 13B7445DAAD8EA6774D65FD9DEF5D199 58320 ----a-w- C:\Program Files\Avira\AntiVir Desktop\cfglib.dll
2012-09-17 10:10:33 13AC3614A4297AA9CA3E4034E527A5D5 31184 ----a-w- C:\Program Files\Avira\AntiVir Desktop\factrc.dll
2012-09-17 10:10:33 129DFCA77A3B96B9FABE4E5ACECD36F4 17104 ----a-w- C:\Program Files\Avira\AntiVir Desktop\netnt.dll
2012-09-17 10:10:33 126B2F509341C36D99BD15188592123A 28624 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccgrdrc.dll
2012-09-17 10:10:33 0DB29955E77A2C6FFD933A6006AD8887 85496 ----a-w- C:\Program Files\Avira\AntiVir Desktop\setup.dll
2012-09-17 10:10:33 0D99E1210ECBC560E53FD759CFA4EAB5 194256 ----a-w- C:\Program Files\Avira\AntiVir Desktop\gpgen.dll
2012-09-17 10:10:33 0B747F2AE060346ADB56A89B4AF73BC9 27088 ----a-w- C:\Program Files\Avira\AntiVir Desktop\rcnwload_nl.dll
2012-09-17 10:10:33 0A0F3612A73619A755C596A4441F25D9 47568 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccgenrc.dll
2012-09-17 10:10:33 0915EF55171347230E465C98FA44DDED 721144 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
2012-09-17 10:10:33 0800FF435A29DCD07D275798CFEB6EF2 27640 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccupdrc.dll
2012-09-17 10:10:33 0798951AE42D1161CF1E6CF4280CC8EB 201078 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aecore.dll
2012-09-17 10:10:33 06F93DA727D348689707611448470C9E 279248 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccupdate.dll
2012-09-17 10:10:33 011C74CF75EA6E0B5AB816E2D94F8257 131444 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aescn.dll
2012-09-17 10:10:33 0109C5101DD4520719F912A32DED5946 258422 ----a-w- C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aehelp.dll
2012-09-17 10:10:32 EF047612DA8DFCCCA5B777EA44A69C51 17360 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avevtrc.dll
2012-09-17 10:10:32 E75A782A8C218D03A0AF54325132BC70 102772 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aevdf.dll
2012-09-17 10:10:32 E5D1B95DE6D9A3559BADEF184AB41FE0 467664 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avconfig.dll
2012-09-17 10:10:32 E5BC83665973FF164CB04EC9A22DD343 229840 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwmi.dll
2012-09-17 10:10:32 DCEED5ABB513F50F58F3E5AC412B60B6 201083 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll
2012-09-17 10:10:32 D662D098446FF07EA73F326D74B5DFF8 349904 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccavscanex.dll
2012-09-17 10:10:32 D5541F0AFB767E85FC412FC609D96A74 83392 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-09-17 10:10:32 CF28139A8AECBF3BEC26CA1A16FD69CF 639348 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aerdl.dll
2012-09-17 10:10:32 CD7B65E600B8EBC91B292C1AC9EC1215 393587 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aeemu.dll
2012-09-17 10:10:32 C05E10AC65CE218EA116A9AF5B250E00 15824 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avesvcr.dll
2012-09-17 10:10:32 BEA4A21BEE5D2F175A0BBD7640F89F84 234960 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avsda64.dll
2012-09-17 10:10:32 B497555DF18157A3B2AED130EA57B74C 232232 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avreg.dll
2012-09-17 10:10:32 B095D4F78A2FA9BD627855F368113E81 811382 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aepack.dll
2012-09-17 10:10:32 A04DD0E3C71FE7AC602B573B1B03758F 51920 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avpref.dll
2012-09-17 10:10:32 9E813663DCE7A70B64B1E264276F555C 15312 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avnotify.dll
2012-09-17 10:10:32 9D0B8F4C96E43CE1B572AA11DD497279 15312 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avacl.dll
2012-09-17 10:10:32 960C325F652F6E9E82EA1117E848F4C3 54736 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avscan.dll
2012-09-17 10:10:32 8D5BF6B9CBF9D8FC24CFAB9CEB0B9722 261840 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avsda.dll
2012-09-17 10:10:32 8A15C06DCB7BF0517E1B7FDAE7C1CD21 459131 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aescript.dll
2012-09-17 10:10:32 82685059D70C146B6AB7CCBDE39A4CD7 211408 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avarkt.dll
2012-09-17 10:10:32 7E3D9E781E7D2E099BD424B188FBC9AA 53618 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aebb.dll
2012-09-17 10:10:32 7D967A682D4694DF7FA57D63A2DB01FE 137928 ----a-w- C:\Windows\System32\drivers\avipbb.sys
2012-09-17 10:10:32 76B98FDD4C4EF21B5104902A18985B71 442832 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avghook.dll
2012-09-17 10:10:32 7332FDC0E78EC6AFC59C5AEA9F5C194E 179208 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avrep.dll
2012-09-17 10:10:32 72D13102CE7816D278B8A8F1A2A1460A 47568 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwebloader.dll
2012-09-17 10:10:32 6AF1B712694BBEC84FC3E345DAE9B151 63480 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avsmtp.dll
2012-09-17 10:10:32 64605B72B605DEDE66D38E3D7094E73B 606578 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aesbx.dll
2012-09-17 10:10:32 5FCCC46F49096CE17775781A77B99132 20432 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccavscanexrc.dll
2012-09-17 10:10:32 58937CDA132C2D6E20D828766ABC31EF 97064 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avscplr.dll
2012-09-17 10:10:32 572B2D80C15F505379050667EC316DF7 5280120 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aeheur.dll
2012-09-17 10:10:32 53E56450DA16A1A7F0D002F511113F67 36000 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-09-17 10:10:32 52D797E419C6DF5BC36DABAE33D5FA40 20944 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avconfigrc.dll
2012-09-17 10:10:32 4418D5E1AEF2DE478F2DFA84E1854E4F 434549 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aegen.dll
2012-09-17 10:10:32 4200272EE793C5E139365E0AFE9AAB5B 67024 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avipc.dll
2012-09-17 10:10:32 35049F84D4E2FDE962E5C37456EA26A4 50640 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avmres.dll
2012-09-17 10:10:32 306FAEF4FBBE5ED9BDED9C50BA679E1F 490488 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avbb.dll
2012-09-17 10:10:32 1AE773142781013F32AE19D0404879FA 81360 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avgio.dll
2012-09-17 10:10:32 197215658B8015182192E1EBCA3BBCC3 246440 ----a-w- C:\Program Files\Avira\AntiVir Desktop\apnic.dll
2012-09-17 10:10:32 0E00CC947C128E07F297F2695B592A97 33744 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avinet.dll
2012-09-17 10:10:32 09EAC8CD3AC38E7A8298C8DAD012E969 1715152 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwebloadergui.dll
2012-09-17 10:10:32 0928862DB6AF0152DC75CD85E35A9BC8 21968 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwebgrc.dll
2012-09-17 10:10:32 0798951AE42D1161CF1E6CF4280CC8EB 201078 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aecore.dll
2012-09-17 10:10:32 022A2974F0F6EF0D9F8781E6C6EE2FB6 27344 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avwinll.dll
2012-09-17 10:10:32 01BDDCB32F78945604B3A67FED497DB3 131280 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avesvc.dll
2012-09-17 10:10:32 011C74CF75EA6E0B5AB816E2D94F8257 131444 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aescn.dll
2012-09-17 10:10:32 0109C5101DD4520719F912A32DED5946 258422 ----a-w- C:\Program Files\Avira\AntiVir Desktop\aehelp.dll
2012-09-17 09:14:07 65E794E86468B61F2BC79ABC48BC4433 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-16 17:41:46 36673291647DA77D43D01CA5ECC7FE93 73696 ----a-w- C:\Program Files\Mozilla Firefox\breakpadinjector.dll

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1202760800-3644983721-2447136914-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25/08/2011 00:16]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25/08/2011 00:16]

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jona\AppData\Local\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Jona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

Juisterr · 18 sep 2012

Aan een HijackThis logje heb ik helemaal niks, die is schoon.

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier 2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

BelgiumTJ · 18 sep 2012

ComboFix 12-09-18.06 - Jona 18/09/2012 20:27:36.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1043.18.2046.1404 [GMT 2:00]
Gestart vanuit: c:\users\Jona\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-18 to 2012-09-18 ))))))))))))))))))))))))))))))
.
.
2012-09-18 18:30 . 2012-09-18 18:31 -------- d-----w- c:\users\Jona\AppData\Local\temp
2012-09-18 18:30 . 2012-09-18 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-17 20:43 . 2012-09-17 20:42 178176 ----a-w- c:\windows\zoek-delete.exe
2012-09-17 10:12 . 2012-09-17 10:12 -------- d-----w- c:\users\Jona\AppData\Roaming\Avira
2012-09-17 10:10 . 2012-09-07 18:26 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-17 10:10 . 2012-09-07 18:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-17 10:10 . 2012-09-07 18:26 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-17 10:10 . 2012-09-17 10:10 -------- d-----w- c:\programdata\Avira
2012-09-17 10:10 . 2012-09-17 10:10 -------- d-----w- c:\program files\Avira
2012-09-17 09:14 . 2012-09-17 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 09:14 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-16 17:41 . 2012-09-16 17:41 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-15 11:07 . 2012-09-15 11:07 -------- d-----w- c:\users\Jona\AppData\Roaming\Malwarebytes
2012-09-15 11:07 . 2012-09-15 11:07 -------- d-----w- c:\programdata\Malwarebytes
2012-08-21 20:04 . 2012-08-21 20:04 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-21 20:04 . 2012-08-21 20:04 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-16 17:41 . 2011-11-02 20:45 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
R2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-24 22:16]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-24 22:16]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jona\AppData\Roaming\Mozilla\Firefox\Profiles\b21wleu0.default\
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-09-18 20:32:14
ComboFix-quarantined-files.txt 2012-09-18 18:32
.
Pre-Run: 173.162.782.720 bytes beschikbaar
Post-Run: 173.113.491.456 bytes beschikbaar
.
- - End Of File - - 0AE078AFD1D293A8147DE3BFC6BF402E

Juisterr · 19 sep 2012

Vertel even hoe het nu gaat.

BelgiumTJ · 19 sep 2012

Voor het moment geen schermen meer gekregen à la betaal €100,...
Ik heb wel nog voor dat als ik een pagina open het lijkt alsof hij herlaadt. Krijg dan voor een fractie van een seconde een witte pagina, daarna gaat m'n pagina open. Voor het virus had ik dit niet.

Juisterr · 20 sep 2012

Doe eens een Windows update.

BelgiumTJ · 21 sep 2012

Bedankt Juisterr! Je doet dat hier fantastisch

Juisterr · 23 sep 2012

Goed om te horen.

Archief - FCCU

BelgiumTJ

Legacy Member

Juisterr

Legacy Member

BelgiumTJ

Legacy Member

Juisterr

Legacy Member

BelgiumTJ

Legacy Member

BelgiumTJ

Legacy Member

Juisterr

Legacy Member

BelgiumTJ

Legacy Member

Juisterr

Legacy Member

BelgiumTJ

Legacy Member

Juisterr

Legacy Member

BelgiumTJ

Legacy Member

Juisterr

Legacy Member