Ga naar inhoud

Politievirus - geen VEILIGE MODUS


Aanbevolen berichten

Hierbij het logje van Combofix....

ComboFix 13-09-26.03 - LBORNAUW 26/09/2013 19:26:05.1.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.2000.985 [GMT 2:00]

Gestart vanuit: d:\profiles\LBORNAUW.I0081643\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\x86

c:\windows\system32\x86\dfmirage.dll

c:\windows\system32\x86\dfmirage.sys

d:\profiles\LBORNAUW.I0081643\AppData\Local\assembly\tmp

d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Microsoft\Windows\Recent\arch.arch.be.url

d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Microsoft\Windows\Recent\WO I Opleidingskampen.url

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-08-26 to 2013-09-26 ))))))))))))))))))))))))))))))

.

.

2013-09-26 17:39 . 2013-09-26 17:39 -------- d-----w- d:\profiles\LBORNAUW\AppData\Local\temp

2013-09-26 17:39 . 2013-09-26 17:39 -------- d-----w- d:\profiles\kind\AppData\Local\temp

2013-09-26 17:39 . 2013-09-26 17:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-09-26 17:39 . 2013-09-26 17:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-09-25 15:20 . 2013-09-25 15:21 -------- d-----w- C:\EEK

2013-09-24 16:32 . 2013-09-24 16:32 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Programs

2013-09-24 12:51 . 2013-09-24 12:51 -------- d-----w- c:\programdata\Oracle

2013-09-24 12:45 . 2013-09-24 12:45 -------- d-----w- c:\program files\Common Files\Java

2013-09-24 12:45 . 2013-09-24 12:44 868264 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-09-24 12:45 . 2013-09-24 12:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-09-23 16:11 . 2013-09-23 16:00 24064 ----a-w- c:\windows\zoek-delete.exe

2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- c:\program files\trend micro

2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- C:\rsit

2013-09-22 11:33 . 2013-09-22 15:51 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2013-09-21 18:09 . 2013-09-21 18:09 -------- d-----w- c:\program files\HitmanPro

2013-09-21 18:09 . 2013-09-22 14:00 -------- d-----w- c:\programdata\HitmanPro

2013-09-11 16:53 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-09-11 16:53 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\system32\jscript9.dll

2013-09-11 16:53 . 2013-08-10 03:58 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2013-09-04 14:19 . 2013-09-04 14:19 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\IAC

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-24 12:44 . 2011-04-27 09:30 790440 ----a-w- c:\windows\system32\deployJava1.dll

2013-09-20 13:03 . 2012-04-02 15:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-20 13:03 . 2011-08-24 11:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-07-25 08:57 . 2013-08-15 08:40 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-19 01:41 . 2013-08-15 08:40 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-09 05:03 . 2013-08-15 08:41 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-09 05:03 . 2013-08-15 08:40 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-07-09 04:53 . 2013-08-15 08:40 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-07-09 04:52 . 2013-08-15 08:41 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-07-09 04:50 . 2013-08-15 08:41 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-07-09 04:46 . 2013-08-15 08:41 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-07-09 04:46 . 2013-08-15 08:41 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-09 04:46 . 2013-08-15 08:41 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-06 05:05 . 2013-08-15 08:40 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-03-11 18:16 . 2013-03-12 18:49 1263226 ----a-w- c:\program files\zoek.exe

2013-03-11 17:29 . 2013-03-11 17:29 388608 ----a-w- c:\program files\HijackThis.exe

2010-10-11 00:29 . 2010-10-11 00:29 114688 ----a-w- c:\program files\ad_ff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder0]

@="{AA81D830-3B41-497c-B508-E9D02F8DF421}"

[HKEY_CLASSES_ROOT\CLSID\{AA81D830-3B41-497c-B508-E9D02F8DF421}]

2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder1]

@="{AA81D831-3B41-497c-B508-E9D02F8DF421}"

[HKEY_CLASSES_ROOT\CLSID\{AA81D831-3B41-497c-B508-E9D02F8DF421}]

2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-09 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-08 115560]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"iFolder"="c:\program files\iFolder3\iFolderApp.exe" [2010-11-01 1521152]

"ZenNotifyIcon"="c:\program files\Novell\Zenworks\bin\ZenNotifyIcon.exe" [2011-02-23 147456]

"NalView"="c:\program files\Novell\ZENworks\bin\nalview.exe" [2011-02-24 54784]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 175640]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 169496]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\bin\NalShell.dll" [2011-02-24 933888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LCredMgr]

2010-10-11 00:29 61440 ----a-w- c:\program files\Novell\CASA\bin\lcredmgr.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 ZenV1_0 ncv1_0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]

2011-04-01 18:35 35928 ----a-w- c:\windows\System32\nwtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 Novell ZENworks Image-Safe Data Service;Novell ZENworks ISD Service;c:\program files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [2011-02-23 90112]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2012-04-30 37632]

R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-09-24 50200]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 e1kexpress;Stuurprogramma K voor Intel® PRO/1000 PCI Express-netwerkverbinding;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]

R3 hugoio;hugoio;c:\windows\system32\drivers\hugoio.sys [2012-04-30 9760]

R3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1343400]

R3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2011-04-27 196608]

S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2011-04-01 91224]

S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2011-04-01 110680]

S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2011-04-01 22616]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]

S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-09-21 106280]

S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-04-01 88664]

S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-04-01 59992]

S2 Novell Identity Store;Novell Identity Store;c:\program files\Novell\CASA\bin\micasad.exe [2010-10-11 245760]

S2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\Novell\ZENworks\bin\ZenworksWindowsService.exe [2011-02-23 28672]

S2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\Novell\ZENworks\bin\nzrWinVNC.exe [2011-02-24 1839104]

S2 WNTHW;WNTHW;c:\windows\system32\DRIVERS\WNTHW.SYS [2011-02-14 9176]

S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2011-04-01 16984]

S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2011-02-14 34128]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-09-22 221912]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-26 108120]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - nciom

*Deregistered* - ncp

*Deregistered* - ncpl

*Deregistered* - ndm

*Deregistered* - ndmndap

*Deregistered* - ndslpp

*Deregistered* - niam

*Deregistered* - nipctl

*Deregistered* - nscm

*Deregistered* - nsns

*Deregistered* - nsvccost

*Deregistered* - xtxplat

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-21 18:14 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:03]

.

2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51]

.

2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.be/

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Trusted Zone: dexia.be

Trusted Zone: dexia.be\directnet

Trusted Zone: vdab.be\cmgmtprd

Trusted Zone: vdab.be\crm

Trusted Zone: vdab.be\intranet

Trusted Zone: vdab.be\iprint7

Trusted Zone: vdab.be\mijnpersoneelsdossier

Trusted Zone: vdab.be\sieb8acc01

TCP: DhcpNameServer = 195.130.130.2 195.130.131.2

DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

FF - ProfilePath - d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - ExtSQL: 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com

FF - ExtSQL: !HIDDEN! 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

SafeBoot-CleanHlp

SafeBoot-CleanHlp.sys

SafeBoot-Symantec Antvirus

AddRemove-PRO-GEN 3.0 X_PG30_is1 - x:\pg30\unins000.exe

AddRemove-VDC_is1 - c:\program files\Video Download Converter\unins000.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(664)

c:\program files\Novell\ZENworks\bin\nzrSwitcher.dll

.

- - - - - - - > 'lsass.exe'(600)

c:\windows\system32\ZenV1_0.DLL

c:\windows\system32\ncv1_0.DLL

.

Voltooingstijd: 2013-09-26 19:44:34

ComboFix-quarantined-files.txt 2013-09-26 17:44

.

Pre-Run: 34.768.211.968 bytes beschikbaar

Post-Run: 34.655.121.408 bytes beschikbaar

.

- - End Of File - - 9C9A1C9473F523B7E4887AE9D1782653

A36C5E4F47E84449FF07ED3517B43A31

Link naar reactie
Delen op andere sites

  • Reacties 34
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Schakel alle antivirus- en antispywareprogramma's uit, want deze kunnen namelijk conflicteren met ComboFix.

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Open een nieuw leeg Kladblok scherm, kopieer en plak hierin de volgende code.

 
Firefox::
FF - ExtSQL: 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4 zffxtbr@VideoDownloadConverter_4z.com
FF - ExtSQL: !HIDDEN! 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

CFScript.gif

Nu zal ComboFix vanzelf worden gestart.

Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.

Link naar reactie
Delen op andere sites

Hierbij nogmaals het Combofix-logje

MAAR: ik heb wel de SYMANTEC- antivirus afgezet maar ONMIDDELLIJK TERUG GEACTIVEERD want ik kreeg terug melding dat er een file "blocked" is (uit vrees dat er terug zo'n virus aan het aanvallen is :dong: ) ... speelt dat een rol bij de scanning?

ComboFix 13-09-26.03 - LBORNAUW 27/09/2013 15:02:40.2.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.2000.881 [GMT 2:00]

Gestart vanuit: d:\profiles\LBORNAUW.I0081643\Desktop\ComboFix.exe

gebruikte Opdracht switches :: d:\profiles\LBORNAUW.I0081643\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-08-27 to 2013-09-27 ))))))))))))))))))))))))))))))

.

.

2013-09-27 13:23 . 2013-09-27 13:23 -------- d-----w- d:\profiles\LBORNAUW\AppData\Local\temp

2013-09-27 13:23 . 2013-09-27 13:23 -------- d-----w- d:\profiles\kind\AppData\Local\temp

2013-09-27 13:23 . 2013-09-27 13:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-09-27 13:23 . 2013-09-27 13:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-09-25 15:20 . 2013-09-25 15:21 -------- d-----w- C:\EEK

2013-09-24 16:32 . 2013-09-24 16:32 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Programs

2013-09-24 12:51 . 2013-09-24 12:51 -------- d-----w- c:\programdata\Oracle

2013-09-24 12:45 . 2013-09-24 12:45 -------- d-----w- c:\program files\Common Files\Java

2013-09-24 12:45 . 2013-09-24 12:44 868264 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-09-24 12:45 . 2013-09-24 12:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-09-23 16:11 . 2013-09-23 16:00 24064 ----a-w- c:\windows\zoek-delete.exe

2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- c:\program files\trend micro

2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- C:\rsit

2013-09-22 11:33 . 2013-09-22 15:51 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2013-09-21 18:09 . 2013-09-21 18:09 -------- d-----w- c:\program files\HitmanPro

2013-09-21 18:09 . 2013-09-22 14:00 -------- d-----w- c:\programdata\HitmanPro

2013-09-11 16:53 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-09-11 16:53 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\system32\jscript9.dll

2013-09-11 16:53 . 2013-08-10 03:58 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2013-09-04 14:19 . 2013-09-04 14:19 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\IAC

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-24 12:44 . 2011-04-27 09:30 790440 ----a-w- c:\windows\system32\deployJava1.dll

2013-09-20 13:03 . 2012-04-02 15:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-20 13:03 . 2011-08-24 11:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-07-25 08:57 . 2013-08-15 08:40 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-19 01:41 . 2013-08-15 08:40 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-09 05:03 . 2013-08-15 08:41 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-09 05:03 . 2013-08-15 08:40 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-07-09 04:53 . 2013-08-15 08:40 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-07-09 04:52 . 2013-08-15 08:41 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-07-09 04:50 . 2013-08-15 08:41 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-07-09 04:46 . 2013-08-15 08:41 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-07-09 04:46 . 2013-08-15 08:41 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-09 04:46 . 2013-08-15 08:41 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-06 05:05 . 2013-08-15 08:40 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-03-11 18:16 . 2013-03-12 18:49 1263226 ----a-w- c:\program files\zoek.exe

2013-03-11 17:29 . 2013-03-11 17:29 388608 ----a-w- c:\program files\HijackThis.exe

2010-10-11 00:29 . 2010-10-11 00:29 114688 ----a-w- c:\program files\ad_ff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder0]

@="{AA81D830-3B41-497c-B508-E9D02F8DF421}"

[HKEY_CLASSES_ROOT\CLSID\{AA81D830-3B41-497c-B508-E9D02F8DF421}]

2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder1]

@="{AA81D831-3B41-497c-B508-E9D02F8DF421}"

[HKEY_CLASSES_ROOT\CLSID\{AA81D831-3B41-497c-B508-E9D02F8DF421}]

2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-09 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-08 115560]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"iFolder"="c:\program files\iFolder3\iFolderApp.exe" [2010-11-01 1521152]

"ZenNotifyIcon"="c:\program files\Novell\Zenworks\bin\ZenNotifyIcon.exe" [2011-02-23 147456]

"NalView"="c:\program files\Novell\ZENworks\bin\nalview.exe" [2011-02-24 54784]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 175640]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 169496]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\bin\NalShell.dll" [2011-02-24 933888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LCredMgr]

2010-10-11 00:29 61440 ----a-w- c:\program files\Novell\CASA\bin\lcredmgr.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 ZenV1_0 ncv1_0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]

2011-04-01 18:35 35928 ----a-w- c:\windows\System32\nwtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 Novell ZENworks Image-Safe Data Service;Novell ZENworks ISD Service;c:\program files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [2011-02-23 90112]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2012-04-30 37632]

R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-09-24 50200]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 e1kexpress;Stuurprogramma K voor Intel® PRO/1000 PCI Express-netwerkverbinding;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]

R3 hugoio;hugoio;c:\windows\system32\drivers\hugoio.sys [2012-04-30 9760]

R3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1343400]

R3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2011-04-27 196608]

S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2011-04-01 91224]

S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2011-04-01 110680]

S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2011-04-01 22616]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]

S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-09-21 106280]

S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-04-01 88664]

S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-04-01 59992]

S2 Novell Identity Store;Novell Identity Store;c:\program files\Novell\CASA\bin\micasad.exe [2010-10-11 245760]

S2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\Novell\ZENworks\bin\ZenworksWindowsService.exe [2011-02-23 28672]

S2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\Novell\ZENworks\bin\nzrWinVNC.exe [2011-02-24 1839104]

S2 WNTHW;WNTHW;c:\windows\system32\DRIVERS\WNTHW.SYS [2011-02-14 9176]

S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2011-04-01 16984]

S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2011-02-14 34128]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-09-22 221912]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-26 108120]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - nciom

*Deregistered* - ncp

*Deregistered* - ncpl

*Deregistered* - ndm

*Deregistered* - ndmndap

*Deregistered* - ndslpp

*Deregistered* - niam

*Deregistered* - nipctl

*Deregistered* - nscm

*Deregistered* - nsns

*Deregistered* - nsvccost

*Deregistered* - xtxplat

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-21 18:14 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:03]

.

2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51]

.

2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.be/

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Trusted Zone: dexia.be

Trusted Zone: dexia.be\directnet

Trusted Zone: vdab.be\cmgmtprd

Trusted Zone: vdab.be\crm

Trusted Zone: vdab.be\intranet

Trusted Zone: vdab.be\iprint7

Trusted Zone: vdab.be\mijnpersoneelsdossier

Trusted Zone: vdab.be\sieb8acc01

TCP: DhcpNameServer = 195.130.130.2 195.130.131.2

DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

FF - ProfilePath - d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - ExtSQL: 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com

FF - ExtSQL: !HIDDEN! 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(680)

c:\program files\Novell\ZENworks\bin\nzrSwitcher.dll

.

- - - - - - - > 'lsass.exe'(596)

c:\windows\system32\ZenV1_0.DLL

c:\windows\system32\ncv1_0.DLL

.

- - - - - - - > 'Explorer.exe'(3576)

c:\program files\iFolder3\iFolderShell.dll

c:\program files\Novell\ZENworks\bin\NLS\English\NalUIRes.dll

.

Voltooingstijd: 2013-09-27 15:28:17

ComboFix-quarantined-files.txt 2013-09-27 13:28

ComboFix2.txt 2013-09-26 17:44

.

Pre-Run: 34.045.857.792 bytes beschikbaar

Post-Run: 34.379.804.672 bytes beschikbaar

.

- - End Of File - - C5F000B4763266B15ED5F47D39FD6A77

A36C5E4F47E84449FF07ED3517B43A31

Link naar reactie
Delen op andere sites

Die file blocked zal waarschijnlijk van Combofix geweest zijn, want het verwijderen is niet gelukt.

Daarom dat je antivirus bij dergelijke tools steeds moet uitgeschakeld blijven. Want veel van die tools worden ten onrechte zelf vaak als "virus" aanzien doordat zij aanpassingen doen aan je systeem.

Kan je voorgaande instructie nogmaals uitvoeren? (Dit zijn slechts 2 resantjes, verder is er geen malware meer aanwezig op je systeem)

Link naar reactie
Delen op andere sites

hierbij het laatst-aangemaakte logje van Combofix

ComboFix 13-09-26.03 - LBORNAUW 28/09/2013 13:11:33.3.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.2000.918 [GMT 2:00]

Gestart vanuit: d:\profiles\LBORNAUW.I0081643\Desktop\ComboFix.exe

gebruikte Opdracht switches :: d:\profiles\LBORNAUW.I0081643\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-08-28 to 2013-09-28 ))))))))))))))))))))))))))))))

.

.

2013-09-28 11:26 . 2013-09-28 11:26 -------- d-----w- d:\profiles\LBORNAUW\AppData\Local\temp

2013-09-28 11:26 . 2013-09-28 11:26 -------- d-----w- d:\profiles\kind\AppData\Local\temp

2013-09-28 11:26 . 2013-09-28 11:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-09-28 11:26 . 2013-09-28 11:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-09-25 15:20 . 2013-09-25 15:21 -------- d-----w- C:\EEK

2013-09-24 16:32 . 2013-09-24 16:32 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Programs

2013-09-24 12:51 . 2013-09-24 12:51 -------- d-----w- c:\programdata\Oracle

2013-09-24 12:45 . 2013-09-24 12:45 -------- d-----w- c:\program files\Common Files\Java

2013-09-24 12:45 . 2013-09-24 12:44 868264 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-09-24 12:45 . 2013-09-24 12:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-09-23 16:11 . 2013-09-23 16:00 24064 ----a-w- c:\windows\zoek-delete.exe

2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- c:\program files\trend micro

2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- C:\rsit

2013-09-22 11:33 . 2013-09-22 15:51 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2013-09-21 18:09 . 2013-09-21 18:09 -------- d-----w- c:\program files\HitmanPro

2013-09-21 18:09 . 2013-09-22 14:00 -------- d-----w- c:\programdata\HitmanPro

2013-09-11 16:53 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-09-11 16:53 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\system32\jscript9.dll

2013-09-11 16:53 . 2013-08-10 03:58 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2013-09-04 14:19 . 2013-09-04 14:19 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\IAC

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-24 12:44 . 2011-04-27 09:30 790440 ----a-w- c:\windows\system32\deployJava1.dll

2013-09-20 13:03 . 2012-04-02 15:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-20 13:03 . 2011-08-24 11:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-07-25 08:57 . 2013-08-15 08:40 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-19 01:41 . 2013-08-15 08:40 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-09 05:03 . 2013-08-15 08:41 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-09 05:03 . 2013-08-15 08:40 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-07-09 04:53 . 2013-08-15 08:40 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-07-09 04:52 . 2013-08-15 08:41 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-07-09 04:50 . 2013-08-15 08:41 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-07-09 04:46 . 2013-08-15 08:41 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-07-09 04:46 . 2013-08-15 08:41 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-09 04:46 . 2013-08-15 08:41 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-06 05:05 . 2013-08-15 08:40 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-03-11 18:16 . 2013-03-12 18:49 1263226 ----a-w- c:\program files\zoek.exe

2013-03-11 17:29 . 2013-03-11 17:29 388608 ----a-w- c:\program files\HijackThis.exe

2010-10-11 00:29 . 2010-10-11 00:29 114688 ----a-w- c:\program files\ad_ff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder0]

@="{AA81D830-3B41-497c-B508-E9D02F8DF421}"

[HKEY_CLASSES_ROOT\CLSID\{AA81D830-3B41-497c-B508-E9D02F8DF421}]

2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder1]

@="{AA81D831-3B41-497c-B508-E9D02F8DF421}"

[HKEY_CLASSES_ROOT\CLSID\{AA81D831-3B41-497c-B508-E9D02F8DF421}]

2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-09 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-08 115560]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"iFolder"="c:\program files\iFolder3\iFolderApp.exe" [2010-11-01 1521152]

"ZenNotifyIcon"="c:\program files\Novell\Zenworks\bin\ZenNotifyIcon.exe" [2011-02-23 147456]

"NalView"="c:\program files\Novell\ZENworks\bin\nalview.exe" [2011-02-24 54784]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 175640]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 169496]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\bin\NalShell.dll" [2011-02-24 933888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LCredMgr]

2010-10-11 00:29 61440 ----a-w- c:\program files\Novell\CASA\bin\lcredmgr.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 ZenV1_0 ncv1_0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]

2011-04-01 18:35 35928 ----a-w- c:\windows\System32\nwtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 Novell ZENworks Image-Safe Data Service;Novell ZENworks ISD Service;c:\program files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [2011-02-23 90112]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2012-04-30 37632]

R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-09-24 50200]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 e1kexpress;Stuurprogramma K voor Intel® PRO/1000 PCI Express-netwerkverbinding;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]

R3 hugoio;hugoio;c:\windows\system32\drivers\hugoio.sys [2012-04-30 9760]

R3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1343400]

R3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2011-04-27 196608]

S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2011-04-01 91224]

S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2011-04-01 110680]

S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2011-04-01 22616]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]

S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-09-21 106280]

S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-04-01 88664]

S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-04-01 59992]

S2 Novell Identity Store;Novell Identity Store;c:\program files\Novell\CASA\bin\micasad.exe [2010-10-11 245760]

S2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\Novell\ZENworks\bin\ZenworksWindowsService.exe [2011-02-23 28672]

S2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\Novell\ZENworks\bin\nzrWinVNC.exe [2011-02-24 1839104]

S2 WNTHW;WNTHW;c:\windows\system32\DRIVERS\WNTHW.SYS [2011-02-14 9176]

S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2011-04-01 16984]

S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2011-02-14 34128]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-09-22 221912]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-26 108120]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - nciom

*Deregistered* - ncp

*Deregistered* - ncpl

*Deregistered* - ndm

*Deregistered* - ndmndap

*Deregistered* - ndslpp

*Deregistered* - niam

*Deregistered* - nipctl

*Deregistered* - nscm

*Deregistered* - nsns

*Deregistered* - nsvccost

*Deregistered* - xtxplat

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-21 18:14 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:03]

.

2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51]

.

2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.be/

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Trusted Zone: dexia.be

Trusted Zone: dexia.be\directnet

Trusted Zone: vdab.be\cmgmtprd

Trusted Zone: vdab.be\crm

Trusted Zone: vdab.be\intranet

Trusted Zone: vdab.be\iprint7

Trusted Zone: vdab.be\mijnpersoneelsdossier

Trusted Zone: vdab.be\sieb8acc01

TCP: DhcpNameServer = 195.130.130.2 195.130.131.2

DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

FF - ProfilePath - d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - ExtSQL: 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com

FF - ExtSQL: !HIDDEN! 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(808)

c:\program files\Novell\ZENworks\bin\nzrSwitcher.dll

.

- - - - - - - > 'lsass.exe'(600)

c:\windows\system32\ZenV1_0.DLL

c:\windows\system32\ncv1_0.DLL

.

- - - - - - - > 'Explorer.exe'(4076)

c:\program files\iFolder3\iFolderShell.dll

c:\program files\Novell\ZENworks\bin\NLS\English\NalUIRes.dll

.

Voltooingstijd: 2013-09-28 13:31:39

ComboFix-quarantined-files.txt 2013-09-28 11:31

ComboFix2.txt 2013-09-27 13:28

ComboFix3.txt 2013-09-26 17:44

.

Pre-Run: 34.401.239.040 bytes beschikbaar

Post-Run: 34.336.153.600 bytes beschikbaar

.

- - End Of File - - DD2E13FBE016EF98C82CCF23E7D3302E

A36C5E4F47E84449FF07ED3517B43A31

Link naar reactie
Delen op andere sites

Start 51a612a8b27e2-Zoek.pngZoek.exe nogmaals met het onderstaande script.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe

(hier of hier) kan je lezen hoe je dat doet.


  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
     
    d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4 zffxtbr@VideoDownloadConverter_4z.com;fs
    c:\program files\VideoDownloadConverter_4z;fs
    FFdefaults;
    


  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Link naar reactie
Delen op andere sites

Hierbij het logje ZOEK.EXE

Zoek.exe Version 4.0.0.2 Updated 08-March-2013

Tool run by LBORNAUW on ma 11/03/2013 at 20:06:31,13.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86

Running in: Safe Mode NETWORK Internet Access Detected

==== Deleting Files \ Folders ======================

"C:\ProgramData\ilbmxgyiivcwvsl" deleted

"C:\Windows\ycdnsssf.exe" deleted

"C:\Users\Public\Desktop\sample_20131103_1920.zip" deleted

"C:\ProgramData\dpdvedqxegrxgjz\be-flag.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\be-image.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\btn-green.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\corners-btn.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\corners1.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\corners2.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\corners3.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\corners4.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\ie6-7.css" deleted

"C:\ProgramData\dpdvedqxegrxgjz\jquery.main.js" deleted

"C:\ProgramData\dpdvedqxegrxgjz\main.html" deleted

"C:\ProgramData\dpdvedqxegrxgjz\McAfee.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\pays-be.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\steps-be.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\steps-en.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\steps-nl.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\style.css" deleted

"C:\ProgramData\dpdvedqxegrxgjz\tabs.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\wait.html" deleted

"C:\ProgramData\dpdvedqxegrxgjz" deleted

Zoek.exe Version 4.0.0.4 Updated 19-September-2013

Tool run by LBORNAUW on ma 23/09/2013 at 18:00:30,40.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted]

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VideoDownloadConverter_4zService deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VideoDownloadConverter_4zService deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Search Scope Monitor]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader]

==== Deleting Files \ Folders ======================

"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Utilities" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Vocal Transformer" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Vocals" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\WebServer" deleted

"C:\ProgramData\laserjet" deleted

"C:\ProgramData\manual" deleted

"C:\ProgramData\vhosts" deleted

"C:\ProgramData\Widgets" deleted

"C:\ProgramData\Woodwind" deleted

"C:\ProgramData\Woodwinds" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\settings.ini" deleted

"C:\Program Files\VideoDownloadConverter_4z" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com" deleted

"C:\Program Files\Video Download Converter" deleted

"C:\Windows\system32\appdata" deleted

"C:\Program Files\VideoDownloadConverter_4z" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\Local\VideoDownloadConverter_4z" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\LocalLow\VideoDownloadConverter_4z" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\LocalLow\IncrediMail_MediaBar_Nederlands_2" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== D:\Profiles\LBORNA~1.I00\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

2013-09-11 16:53:03 06EEAD5864F357ADC618F65A2F2C5156 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-09-11 16:53:03 00531B52C9468929F2C651B3BCADCBC9 690688 ----a-w- C:\Windows\System32\jscript.dll

2013-09-11 16:53:01 79DC575FE905D5DD5C5A4C5993A7C7F9 2876928 ----a-w- C:\Windows\System32\jscript9.dll

2013-09-11 16:52:58 7E540E07B97DCBCF8F76FA743B486BF2 61440 ----a-w- C:\Windows\System32\iesetup.dll

2013-09-11 16:52:58 7C63629508BB87227C3C861355A155B4 39424 ----a-w- C:\Windows\System32\jsproxy.dll

2013-09-11 16:52:56 BCA4913CDE903B4BDEEDAD1D6DBF5E2A 391168 ----a-w- C:\Windows\System32\ieui.dll

2013-09-11 16:52:52 2EC47CF6A36F6A83BB8B98C1425B4D41 493056 ----a-w- C:\Windows\System32\msfeeds.dll

2013-09-11 16:52:51 54C06D9684F3D0AD7E87502E57CC4655 42496 ----a-w- C:\Windows\System32\ie4uinit.exe

2013-09-11 16:52:51 000B55B43992179E69C2E83CCB8F1126 33280 ----a-w- C:\Windows\System32\iernonce.dll

2013-09-11 16:52:50 43852485D0B78C021A47E9548A4CFFE0 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-09-11 16:52:48 E5D91D6B81A293AB6854CAD112240A4B 1141248 ----a-w- C:\Windows\System32\urlmon.dll

2013-09-11 16:52:48 3B74EADF1B70251D3CDB87BC338DC34D 109056 ----a-w- C:\Windows\System32\iesysprep.dll

2013-09-11 16:52:47 281A720B0A984E325599EE1F0342E8FB 2048000 ----a-w- C:\Windows\System32\iertutil.dll

2013-09-11 16:52:43 535F6263035F2530A62D5D64EF6E73D3 1767936 ----a-w- C:\Windows\System32\wininet.dll

2013-09-11 16:52:41 4FCC53B82D91607FB9AE24E617108BB2 13761024 ----a-w- C:\Windows\System32\ieframe.dll

2013-09-11 16:52:37 5D2D7E7850CE963C2F401D4DEE7BB32A 14332928 ----a-w- C:\Windows\System32\mshtml.dll

2013-09-11 14:26:29 E02781D4871844DCD30DF1D69A650F78 12872704 ----a-w- C:\Windows\System32\shell32.dll

2013-09-11 14:26:28 2C4A87CA8C00E98EFDCFA2E8EC9A3503 180224 ----a-w- C:\Windows\System32\shdocvw.dll

2013-09-11 14:26:12 ED880065BBB2C5F57B74F30812A65F4F 2348544 ----a-w- C:\Windows\System32\win32k.sys

2013-09-11 14:26:10 6933E2AFF444A7A95D5C67E98449163E 868352 ----a-w- C:\Windows\System32\kernel32.dll

2013-09-11 14:26:09 51BB04243DF6196C06E125898127E397 169984 ----a-w- C:\Windows\System32\winsrv.dll

2013-09-11 14:26:09 1E65CF7B26D02750544EFDD73C8118FA 293376 ----a-w- C:\Windows\System32\KernelBase.dll

2013-09-11 14:26:08 2DE16A63F71D10B42ACE01E759078600 271360 ----a-w- C:\Windows\System32\conhost.exe

====== C:\Windows\system32\drivers =====

2013-09-11 14:26:14 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-09-23 13:32:10 -------- d-----w- C:\Program Files\trend micro

2013-09-21 18:09:47 -------- d-----w- C:\Program Files\HitmanPro

======= D: =====

2013-08-30 17:21:44 9AD14308E26FD2F9BDDB5325E3A860D6 27305 ----a-w- D:\5152.gif

2013-08-30 17:15:24 FCF5235D2B3D3C3D1D72EF57D09BAE29 5086 ----a-w- D:\sinterklaas25_small.jpg

2013-08-30 10:32:51 89165F49B50AA2871CD801EA4186BC0E 10428 ----a-w- D:\Spiderman.gif

====== D:\Profiles\LBORNAUW.I0081643\AppData\Roaming ======

2013-09-22 13:55:59 B7B8E5BF252F2467F6862ABC5837D6D4 8388608 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-S-1-5-21-2387108698-3719649394-282492801-1002.dat

2013-09-21 18:49:14 D8FE52448777E7A8F1E6F9F09585F0A3 579456 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-System.dat

2013-09-09 13:08:50 -------- d-----w- D:\Profiles\LBORNAUW.I0081643\AppData\Locallow\Google

2013-09-04 14:19:21 -------- d-----w- D:\Profiles\LBORNAUW.I0081643\AppData\Local\IAC

====== D:\Profiles\LBORNAUW.I0081643 ======

2013-09-21 18:09:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2013-09-21 18:09:02 -------- d-----w- C:\ProgramData\HitmanPro

2013-09-09 13:08:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2013-09-04 14:19:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter

====== C: exe-files ==

2013-09-23 13:32:11 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\LBORNAUW.exe

2013-09-21 18:14:04 0B1CD71CE29E8123A664A5B40153D2FE 1915744 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.76\29.0.1547.76_29.0.1547.66_chrome_updater.exe

2013-09-21 18:09:49 F5BBA95472F18B6223AC2F3AED397223 106280 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe

2013-09-21 18:09:47 76ADBD909FA0898834BE3A8C0EA76609 9186416 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"iFolder"="C:\Program Files\iFolder3\iFolderApp.exe -checkautorun"

"ZenNotifyIcon"="C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe"

"NalView"="C:\Program Files\Novell\ZENworks\bin\nalview.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

"Nikon Message Center 2"="C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NWTRAY]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NWTRAY"

"hkey"="HKLM"

"command"="NWTRAY.EXE"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [20/09/2013 15:03]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [09/09/2011 17:51]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]

==== Firefox Extensions ======================

ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default

- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

AppDir: C:\Program Files\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

==== Firefox Plugins ======================

Profilepath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default

E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash

148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update

7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4

9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4

5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4

3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4

A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4

F045DF7AF127DC4BCC53421850114E15 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In

C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery

91B78790F69C250BA05836D2806BF29D - C:\Program Files\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll - HP Virtual Room Client Launcher Plugin

6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director

F98B0B2789436E072D7ED979C4E44D07 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

9D35E12B661581B83DD74EB910EA9E6D - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.240.7

4EBB5B4DCABEC18B29D01F9F607B0114 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java Platform SE 6 U24

7D28153B7D586330678AD522B71D89CB - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

==== Chrome Fix ======================

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_client.conduit-storage.com_0.localstorage-journal deleted successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal deleted successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Empty IE Cache ======================

D:\Profiles\kind\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

D:\Profiles\LBORNAUW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

D:\Profiles\LBORNAUW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

D:\Profiles\LBORNAUW\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8 will be deleted at reboot

==== Empty FireFox Cache ======================

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Mozilla\Firefox\Profiles\cllykyzr.default\Cache emptied successfully

==== Empty Chrome Cache ======================

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8" deleted

==== EOF on ma 23/09/2013 at 18:14:59,16 ======================

Zoek.exe Version 4.0.0.4 Updated 27-September-2013

Tool run by LBORNAUW on za 28/09/2013 at 19:50:22,80.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted]

==== FireFox Fix ======================

Deleted from D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js:

user_pref("browser.startup.homepage", "Google");

Added to D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

"d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4 zffxtbr@VideoDownloadConverter_4z.com" not found

"c:\program files\VideoDownloadConverter_4z" not found

==== Firefox Extensions ======================

ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default

- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

AppDir: C:\Program Files\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

==== Firefox Plugins ======================

==== EOF on za 28/09/2013 at 19:51:36,02 ======================

nogmaals bedankt voor het geduld....

Link naar reactie
Delen op andere sites

Hallo

is dit dan het juiste.... stond helemaal onderaan de log :-)

Zoek.exe Version 4.0.0.4 Updated 27-September-2013

Tool run by LBORNAUW on zo 29/09/2013 at 18:26:26,26.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted]

==== FireFox Fix ======================

Deleted from D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Added to D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

"d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4 zffxtbr@VideoDownloadConverter_4z.com" not found

"c:\program files\VideoDownloadConverter_4z" not found

==== Firefox Extensions ======================

ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default

- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

AppDir: C:\Program Files\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

==== Firefox Plugins ======================

==== EOF on zo 29/09/2013 at 18:27:28,02 ======================

gisteren was het dit logje

Tool run by LBORNAUW on za 28/09/2013 at 19:50:22,80.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted]

==== FireFox Fix ======================

Deleted from D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js:

user_pref("browser.startup.homepage", "Google");

Added to D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

"d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\ 4 zffxtbr@VideoDownloadConverter_4z.com" not found

"c:\program files\VideoDownloadConverter_4z" not found

==== Firefox Extensions ======================

ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default

- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

AppDir: C:\Program Files\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

==== Firefox Plugins ======================

==== EOF on za 28/09/2013 at 19:51:36,02 ======================

kan je hiermee verder?

txs

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.