Nakijken Avira Scan log

[Dippie]

Hallo forummers,

Ik heb mijn PC gescand met Avira. Hieronder de log van de scan. Ik weet niet precies of er wat moet worden verwijderd, of niet, maar ik hoop dat iemand van jullie mij daarbij kunnen helpen.

-------------------------------------------------------------------------------------------

Avira AntiVir Personal

Report file date: vrijdag 1 juli 2011 21:13

Scanning for 2870057 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7 x64

Windows version : (plain) [6.1.7600]

Boot mode : Normally booted

Username : Henderik

Computer name : DIPPIE-PC

Version information:

BUILD.DAT : 10.2.0.696 35934 Bytes 29-6-2011 17:32:00

AVSCAN.EXE : 10.3.0.7 484008 Bytes 1-7-2011 19:05:27

AVSCAN.DLL : 10.0.5.0 47464 Bytes 1-7-2011 19:05:27

LUKE.DLL : 10.3.0.5 45416 Bytes 1-7-2011 19:05:30

LUKERES.DLL : 10.0.0.1 12648 Bytes 10-2-2010 22:40:49

AVSCPLR.DLL : 10.3.0.7 119656 Bytes 1-7-2011 19:05:31

AVREG.DLL : 10.3.0.7 90472 Bytes 1-7-2011 19:05:31

VBASE000.VDF : 7.10.0.0 19875328 Bytes 6-11-2009 08:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14-12-2010 14:15:47

VBASE002.VDF : 7.11.3.0 1950720 Bytes 9-2-2011 14:15:47

VBASE003.VDF : 7.11.5.225 1980416 Bytes 7-4-2011 19:05:22

VBASE004.VDF : 7.11.8.178 2354176 Bytes 31-5-2011 19:05:22

VBASE005.VDF : 7.11.8.179 2048 Bytes 31-5-2011 19:05:22

VBASE006.VDF : 7.11.8.180 2048 Bytes 31-5-2011 19:05:22

VBASE007.VDF : 7.11.8.181 2048 Bytes 31-5-2011 19:05:22

VBASE008.VDF : 7.11.8.182 2048 Bytes 31-5-2011 19:05:22

VBASE009.VDF : 7.11.8.183 2048 Bytes 31-5-2011 19:05:22

VBASE010.VDF : 7.11.8.184 2048 Bytes 31-5-2011 19:05:22

VBASE011.VDF : 7.11.8.185 2048 Bytes 31-5-2011 19:05:22

VBASE012.VDF : 7.11.8.186 2048 Bytes 31-5-2011 19:05:23

VBASE013.VDF : 7.11.8.222 121856 Bytes 2-6-2011 19:05:23

VBASE014.VDF : 7.11.9.7 134656 Bytes 4-6-2011 19:05:23

VBASE015.VDF : 7.11.9.42 136192 Bytes 6-6-2011 19:05:23

VBASE016.VDF : 7.11.9.72 117248 Bytes 7-6-2011 19:05:23

VBASE017.VDF : 7.11.9.107 130560 Bytes 9-6-2011 19:05:23

VBASE018.VDF : 7.11.9.143 132096 Bytes 10-6-2011 19:05:23

VBASE019.VDF : 7.11.9.172 141824 Bytes 14-6-2011 19:05:23

VBASE020.VDF : 7.11.9.214 144896 Bytes 15-6-2011 19:05:23

VBASE021.VDF : 7.11.9.244 196608 Bytes 16-6-2011 19:05:23

VBASE022.VDF : 7.11.10.28 152576 Bytes 20-6-2011 19:05:23

VBASE023.VDF : 7.11.10.53 210432 Bytes 21-6-2011 19:05:23

VBASE024.VDF : 7.11.10.88 132096 Bytes 24-6-2011 19:05:24

VBASE025.VDF : 7.11.10.112 138752 Bytes 27-6-2011 19:05:24

VBASE026.VDF : 7.11.10.148 162304 Bytes 29-6-2011 19:05:24

VBASE027.VDF : 7.11.10.158 168448 Bytes 29-6-2011 19:05:24

VBASE028.VDF : 7.11.10.188 175616 Bytes 1-7-2011 19:05:24

VBASE029.VDF : 7.11.10.189 2048 Bytes 1-7-2011 19:05:24

VBASE030.VDF : 7.11.10.190 2048 Bytes 1-7-2011 19:05:24

VBASE031.VDF : 7.11.10.197 24064 Bytes 1-7-2011 19:05:24

Engineversion : 8.2.5.34

AEVDF.DLL : 8.1.2.1 106868 Bytes 28-3-2011 14:15:27

AESCRIPT.DLL : 8.1.3.69 1614203 Bytes 1-7-2011 19:05:25

AESCN.DLL : 8.1.7.2 127349 Bytes 28-3-2011 14:15:27

AESBX.DLL : 8.2.1.34 323957 Bytes 1-7-2011 19:05:25

AERDL.DLL : 8.1.9.12 639348 Bytes 1-7-2011 19:05:25

AEPACK.DLL : 8.2.6.9 557429 Bytes 1-7-2011 19:05:25

AEOFFICE.DLL : 8.1.1.25 205178 Bytes 1-7-2011 19:05:24

AEHEUR.DLL : 8.1.2.136 3584376 Bytes 1-7-2011 19:05:24

AEHELP.DLL : 8.1.17.2 246135 Bytes 1-7-2011 19:05:24

AEGEN.DLL : 8.1.5.6 401780 Bytes 1-7-2011 19:05:24

AEEMU.DLL : 8.1.3.0 393589 Bytes 28-3-2011 14:15:19

AECORE.DLL : 8.1.21.1 196983 Bytes 1-7-2011 19:05:24

AEBB.DLL : 8.1.1.0 53618 Bytes 28-3-2011 14:15:19

AVWINLL.DLL : 10.0.0.0 19304 Bytes 28-3-2011 14:15:31

AVPREF.DLL : 10.0.3.2 44904 Bytes 1-7-2011 19:05:27

AVREP.DLL : 10.0.0.10 174120 Bytes 1-7-2011 19:05:31

AVARKT.DLL : 10.0.26.1 255336 Bytes 1-7-2011 19:05:26

AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 1-7-2011 19:05:26

SQLITE3.DLL : 3.6.19.0 355688 Bytes 17-6-2010 13:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 28-3-2011 14:15:30

NETNT.DLL : 10.0.0.0 11624 Bytes 28-3-2011 14:15:39

RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 1-7-2011 19:05:20

RCTEXT.DLL : 10.0.64.0 97640 Bytes 1-7-2011 19:05:20

Configuration settings for the scan:

Jobname.............................: Local Drives

Configuration file..................: C:\program files (x86)\avira\antivir desktop\alldrives.avp

Logging.............................: Default

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:, E:, F:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: Advanced

Start of the scan: vrijdag 1 juli 2011 21:13

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'UNS.exe' - '1' Module(s) have been scanned

Scan process 'SyncServer.exe' - '1' Module(s) have been scanned

Scan process 'distnoted.exe' - '1' Module(s) have been scanned

Scan process 'distnoted.exe' - '1' Module(s) have been scanned

Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned

Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'hpwuschd2.exe' - '1' Module(s) have been scanned

Scan process 'reader_sl.exe' - '1' Module(s) have been scanned

Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned

Scan process 'HPMSGSVC.exe' - '1' Module(s) have been scanned

Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned

Scan process 'DTShellHlp.exe' - '1' Module(s) have been scanned

Scan process 'Dropbox.exe' - '1' Module(s) have been scanned

Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned

Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned

Scan process 'TeamViewer_Service.exe' - '1' Module(s) have been scanned

Scan process 'SeaPort.exe' - '1' Module(s) have been scanned

Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned

Scan process 'LMS.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'HPWMISVC.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'HPDrvMntSvc.exe' - '1' Module(s) have been scanned

Scan process 'ezSharedSvcHost.exe' - '1' Module(s) have been scanned

Scan process 'cronsvc.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

C:\Program Files (x86)\ShoppingReport2\Bin\2.7.37\ShoppingReport.dll

[DETECTION] Contains virus patterns of Adware ADWARE/Agent.1142656

The registry was scanned ( '885' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\$Recycle.Bin\S-1-5-21-3071908032-778698134-2147762986-1000\$RBI6SW6.com

[DETECTION] Contains code of the Eicar-Test-Signature virus

C:\$Recycle.Bin\S-1-5-21-3071908032-778698134-2147762986-1000\$RFKHYIB.zip

[0] Archive type: ZIP

--> Nfs.2.serial.keys.gen.exe

[DETECTION] Is the TR/Diple.qtn Trojan

C:\$Recycle.Bin\S-1-5-21-3071908032-778698134-2147762986-1000\$RW8J1C8.zip

[0] Archive type: ZIP

--> Nfs.Need.For.Speed.Shift.serial.keygen.by.F4CG.exe

[DETECTION] Is the TR/Diple.qtn Trojan

C:\$Recycle.Bin\S-1-5-21-3071908032-778698134-2147762986-1000\$R7FQTRG.gen\Nfs.2.serial.keys.gen.exe

[DETECTION] Is the TR/Diple.qtn Trojan

C:\Program Files (x86)\ShoppingReport2\Uninst.exe

[0] Archive type: NSIS

--> [PluginsDir]/InstallerHelperPlugin.dll

[DETECTION] Contains virus patterns of Adware ADWARE/Hotbar.GG.3

C:\Program Files (x86)\ShoppingReport2\Bin\2.7.37\ShoppingReport.dll

[DETECTION] Contains virus patterns of Adware ADWARE/Agent.1142656

C:\Users\Henderik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C16AQ38Q\sstoolbar[1].exe

C:\Users\Henderik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUWDH9TY\index[1].htm

[DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus

C:\Users\Henderik\Downloads\AIO_CDB_Net_Full_Win_WW_130_141.exe.crdownload

[WARNING] The file could not be read!

C:\Users\Henderik\Downloads\XvidSetup.exe

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware

Begin scan in 'D:\' <RECOVERY>

Begin scan in 'E:\'

Search path E:\ could not be opened!

System error [21]: Het apparaat is niet klaar.

Begin scan in 'F:\'

Search path F:\ could not be opened!

System error [21]: Het apparaat is niet klaar.

Beginning disinfection:

C:\Users\Henderik\Downloads\XvidSetup.exe

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '4b238abc.qua'.

C:\Users\Henderik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUWDH9TY\index[1].htm

[DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus

[NOTE] The file was moved to the quarantine directory under the name '53b1a51c.qua'.

C:\Users\Henderik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C16AQ38Q\sstoolbar[1].exe

[DETECTION] Contains virus patterns of Adware ADWARE/Rubar.a.9

[NOTE] The file was moved to the quarantine directory under the name '011efff1.qua'.

C:\Program Files (x86)\ShoppingReport2\Uninst.exe

[DETECTION] Contains virus patterns of Adware ADWARE/Hotbar.GG.3

[NOTE] The file was moved to the quarantine directory under the name '67dcb036.qua'.

C:\$Recycle.Bin\S-1-5-21-3071908032-778698134-2147762986-1000\$R7FQTRG.gen\Nfs.2.serial.keys.gen.exe

[DETECTION] Is the TR/Diple.qtn Trojan

[NOTE] The file was moved to the quarantine directory under the name '22ae9d00.qua'.

C:\$Recycle.Bin\S-1-5-21-3071908032-778698134-2147762986-1000\$RW8J1C8.zip

[DETECTION] Is the TR/Diple.qtn Trojan

[NOTE] The file was moved to the quarantine directory under the name '5d51ac8d.qua'.

C:\$Recycle.Bin\S-1-5-21-3071908032-778698134-2147762986-1000\$RFKHYIB.zip

[DETECTION] Is the TR/Diple.qtn Trojan

[NOTE] The file was moved to the quarantine directory under the name '11d880c7.qua'.

C:\$Recycle.Bin\S-1-5-21-3071908032-778698134-2147762986-1000\$RBI6SW6.com

[DETECTION] Contains code of the Eicar-Test-Signature virus

[NOTE] The file was moved to the quarantine directory under the name '6dc4c097.qua'.

C:\Program Files (x86)\ShoppingReport2\Bin\2.7.37\ShoppingReport.dll

[DETECTION] Contains virus patterns of Adware ADWARE/Agent.1142656

[NOTE] The registration entry <HKEY_USERS\S-1-5-21-3071908032-778698134-2147762986-1000\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}> was successfully repaired.

[NOTE] The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}> was successfully repaired.

[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6}\ClsidExtension> was successfully repaired.

[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419d-92AD-ECDFD5244D6D}\ClsidExtension> was successfully repaired.

[NOTE] The registration entry <HKEY_USERS\S-1-5-21-3071908032-778698134-2147762986-1000\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}> was successfully repaired.

[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754}> was successfully repaired.

[NOTE] The file was moved to the quarantine directory under the name '40b3ec7d.qua'.

End of the scan: vrijdag 1 juli 2011 22:28

Used time: 1:13:20 Hour(s)

The scan has been done completely.

33158 Scanned directories

933313 Files were scanned

10 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

9 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

933303 Files not concerned

9428 Archives were scanned

1 Warnings

9 Notes

-------------------------------------------------------------------------------------------

Groet,

Doemar

1 juli 2011 aangepast door Dippie

[kape]

De probleembestanden werden door Avira naar de quarantaine geplaatst. Dus lijkt alles nu wel OK te zijn. Of zijn er nog merkbare problemen met deze PC ?

[Dippie]

Ik heb nog wel problemen met mijn laptop.

1. Als ik op een link in Google klik, krijg ik eerst een (meestal onbereikbare) reclamesite te zien. Als ik de pagina daarna ververs, komt de eigenlijke pagina wel tevoorschijn.

2. Als ik mijn laptop sluit (door de klep naar beneden te doen), dan sluit de laptop af. Ik heb wel de instellingen zo gezet dat hij dan op slaapstand zou moeten komen te staan. Als ik de laptop op de slaapstand zet via de start-knop, dan kan ik de klep wel gewoon sluiten zonder dat de laptop zichzelf afsluit.

Ik heb in ditzelfde topic nog een forum open, waarin ook HJT logjes staan. Lijkt me een beetje dubbelop om in beide topic's HJT logjes te plaatsen.

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Dippie]

Nadat ik ComboFix had geïnstalleerd, en hij bezig was met scannen is mijn laptop vastgelopen. Dit betekende het einde van z'n leven. Gelukkig heb ik nog back-ups kunnen maken en nu is Windows 7 opnieuw geïnstalleerd op mijn pc. Ik zal binnenkort de back-ups terug op mijn laptop zetten.

Jullie in ieder geval heel erg bedankt voor jullie hulp!