redirected naar niet gevraagde websites

Ben

05-09-2012 18:39

Hallo,
Te vinden als C:\ComboFix.txt
Gr.Ben
Antivirusprikbord.nl
koen lenaers

06-09-2012 09:55

Inderdaad
ComboFix 12-09-05.01 - Koen Lenaers 05/09/2012 16:55:26.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4086.2605
Gestart vanuit: c:\users\Koen Lenaers\Desktop\ComboFix.exe
AV: G Data AntiVirus 2012 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus 2012 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\0s0leky0.vbt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-05 to 2012-09-05 ))))))))))))))))))))))))))))))
.
.
2012-09-05 15:01 . 2012-09-05 15:01 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-09-05 15:01 . 2012-09-05 15:01 ——– d—–w- c:\users\Administrator\AppData\Local\temp
2012-09-05 09:42 . 2012-09-05 09:42 ——– d—–w- c:\windows\SysWow64\wbem\en-US
2012-09-05 09:42 . 2012-09-05 09:42 ——– d—–w- c:\windows\system32\wbem\en-US
2012-09-04 19:52 . 2012-09-04 19:53 ——– d—–w- c:\programdata\Battle.net
2012-09-04 14:23 . 2012-09-04 14:24 ——– d—–w- C:\TDSSStarter
2012-09-02 14:33 . 2012-09-04 13:28 ——– d—–w- C:\hijackthis
2012-09-02 13:04 . 2012-09-02 13:04 ——– d—–w- c:\users\Koen Lenaers\AppData\Local\G DATA
2012-09-01 13:48 . 2012-09-01 13:48 73696 —-a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-01 12:07 . 2012-09-01 12:07 ——– d—–w- c:\program files (x86)\Overwolf
2012-09-01 12:07 . 2012-09-01 12:07 ——– d—–w- c:\program files (x86)\Common Files\Overwolf
2012-09-01 12:06 . 2012-09-01 12:10 ——– d—–w- c:\users\Koen Lenaers\AppData\Local\Overwolf
2012-09-01 09:18 . 2012-09-01 09:18 ——– d—–w- c:\users\Koen Lenaers\AppData\Roaming\dvdcss
2012-08-24 12:26 . 2012-08-24 12:26 118784 –sha-r- c:\windows\SysWow64\rpcnsht.dll
2012-08-24 11:39 . 2012-08-01 22:58 9309624 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A667B630-2170-4175-A190-9E977B549203}\mpengine.dll
2012-08-21 15:12 . 2012-08-21 15:12 768848 —-a-w- c:\windows\SysWow64\msvcr100.dll
2012-08-21 15:12 . 2012-08-21 15:12 421200 —-a-w- c:\windows\SysWow64\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 14:24 . 2010-01-19 09:02 106488 —-a-w- c:\windows\system32\drivers\GRD.sys
2012-08-25 07:18 . 2012-04-02 16:05 696520 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-25 07:18 . 2011-05-14 08:56 73416 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 22:47 . 2010-01-20 10:28 62134624 —-a-w- c:\windows\system32\MRT.exe
2012-07-23 14:15 . 2010-01-20 13:41 704136 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-19 01:31 . 2012-06-16 09:41 477168 —-a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-19 01:31 . 2010-05-03 07:27 473072 —-a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2011-10-02 07:49 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 05:43 . 2012-07-11 12:04 14172672 —-a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-05_11.47.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-09-05 14:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-04 09:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-05 14:00 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-04 09:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-05 14:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-09 09:11 . 2012-09-05 15:05 64974 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-05 15:05 47304 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-19 09:02 . 2012-09-05 15:05 20320 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2851071923-2195716729-3770204004-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-09-05 11:54 93616 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-09-05 15:02 . 2012-09-05 15:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-05 11:46 . 2012-09-05 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-05 15:02 . 2012-09-05 15:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-05 11:46 . 2012-09-05 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-01-19 17:11 . 2012-09-04 09:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-01-19 17:11 . 2012-09-05 14:00 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-09-05 11:45 429976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-05 15:01 429976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-05 14:01 . 2012-09-05 14:01 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
- 2012-06-07 15:58 . 2012-06-07 15:58 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2010-10-25 23:27 . 2012-09-05 15:01 3437342 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2851071923-2195716729-3770204004-1001-8192.dat
+ 2012-09-05 14:00 . 2012-09-05 14:00 19337216 c:\windows\Installer\7b51e7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 94208 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 94208 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 94208 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“Steam”=“c:\program files (x86)\Valve\Steam\\Steam.exe”
“DDAssist”=“c:\program files (x86)\Drobo\Drobo Dashboard\DDAssist.exe”
“MobileDocuments”=“c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe”
“Facebook Update”=“c:\users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe”
“Spotify”=“c:\users\Koen Lenaers\AppData\Roaming\Spotify\Spotify.exe”
“Spotify Web Helper”=“c:\users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
“iCloudServices”=“c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe”
“ApplePhotoStreams”=“c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe”
“Overwolf”=“c:\program files (x86)\Overwolf\Overwolf.exe”
.
“RoxWatchTray”=“c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
“DMXLauncher”=“c:\program files (x86)\Roxio\Media Experience\DMXLauncher.exe”
“RoxioDragToDisc”=“c:\program files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe”
“GrooveMonitor”=“c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
“beid”=“c:\program files (x86)\Belgium Identity Card\beid35gui.exe”
“G Data AntiVirus Tray Application”=“c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe”
“DivXUpdate”=“c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe”
“Razer Imperator Driver”=“c:\program files (x86)\Razer\Imperator\RazerImperatorSysTray.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“c:\program files (x86)\QuickTime\QTTask.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe”
.
c:\users\Koen Lenaers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\Dropbox.exe
Facebook Messenger.lnk - c:\users\Koen Lenaers\AppData\Local\Facebook\Messenger\2.1.4623.0\FacebookMessenger.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
SecurityProviders credssp.dll, schannel.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe
R2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
R3 ATICDSDr;ATICDSDr;c:\users\KOENLE~1\AppData\Local\Temp\ATICDSDr.sys
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys
R3 ghsmdm;Handset USB Modem;c:\windows\system32\DRIVERS\ghsmdm.sys
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Koen Lenaers\Desktop\Run\a2ddax64.sys
S1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe
S2 AVKWCtl;G Data Bestandssysteembewaker;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys
.
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-09-05 c:\windows\Tasks\asxextu.job
- c:\windows\system32\rundll32.exe
.
2012-09-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001Core.job
- c:\users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
2012-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001UA.job
- c:\users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001Core.job
- c:\users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001UA.job
- c:\users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
——— X64 Entries ———–
.
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 97792 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 97792 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 97792 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
@=“{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 97792 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“Launch LGDCore”=“c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe”
“Launch LCDMon”=“c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe”
“XeroxRegistation”=“c:\users\KOENLE~1\AppData\Local\Temp\Xerox\EReg\EReg.exe”
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: isabel.be
Trusted Zone: kbc.be
Trusted Zone: kbcgroup.eu
Trusted Zone: cbc.be\cbc-pdf
Trusted Zone: cbc.be\cbconline
Trusted Zone: cbc.be\static
Trusted Zone: cbc.be\www
Trusted Zone: cbc.eu\www
Trusted Zone: isabel.be\*.IBS6
Trusted Zone: isabel.be\gotoIBS6
Trusted Zone: isabel.be\pki
Trusted Zone: isabel.be\www
Trusted Zone: isabel.eu\upgrade
Trusted Zone: isabel.eu\www
Trusted Zone: kbc.be\kbc-pdf
Trusted Zone: kbc.be\kbconline
Trusted Zone: kbc.be\static
Trusted Zone: kbc.be\www
Trusted Zone: kbc.com\www
Trusted Zone: kbc.eu\www
Trusted Zone: kbcam.be\www
Trusted Zone: kbcam.com\www
Trusted Zone: kbcbankingforbusiness.com\www
Trusted Zone: kbcgroup.eu\multimediafiles
Trusted Zone: kbcgroup.eu\www
Trusted Zone: kbcmerchantbanking.com\www
TCP: DhcpNameServer = 195.130.130.131 195.130.131.131
FF - ProfilePath - c:\users\Koen Lenaers\AppData\Roaming\Mozilla\Firefox\Profiles\srncyjai.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
“ImagePath”=“C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe”
.
“ImagePath”=“C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe”
.
“ImagePath”=“C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe”
.
“ImagePath”=“C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
c:\program files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
.
**************************************************************************
.
Voltooingstijd: 2012-09-05 17:08:06 - machine werd herstart
ComboFix-quarantined-files.txt 2012-09-05 15:08
ComboFix2.txt 2012-09-05 11:57
.
Pre-Run: 16.233.418.752 bytes beschikbaar
Post-Run: 16.167.108.608 bytes beschikbaar
.
- - End Of File - - 45F0D10F00DEC1222AE2A4C0C28B6BD5
Ben

06-09-2012 12:11

Hallo,
Dit heb je zelf ingesteld denk ik:
Trusted Zone: isabel.be
Trusted Zone: kbc.be
Trusted Zone: kbcgroup.eu
Trusted Zone: cbc.be\cbc-pdf
Trusted Zone: cbc.be\cbconline
Trusted Zone: cbc.be\static
Trusted Zone: cbc.be\www
Trusted Zone: cbc.eu\www
Trusted Zone: isabel.be\*.IBS6
Trusted Zone: isabel.be\gotoIBS6
Trusted Zone: isabel.be\pki
Trusted Zone: isabel.be\www
Trusted Zone: isabel.eu\upgrade
Trusted Zone: isabel.eu\www
Trusted Zone: kbc.be\kbc-pdf
Trusted Zone: kbc.be\kbconline
Trusted Zone: kbc.be\static
Trusted Zone: kbc.be\www
Trusted Zone: kbc.com\www
Trusted Zone: kbc.eu\www
Trusted Zone: kbcam.be\www
Trusted Zone: kbcam.com\www
Trusted Zone: kbcbankingforbusiness.com\www
Trusted Zone: kbcgroup.eu\multimediafiles
Trusted Zone: kbcgroup.eu\www
Trusted Zone: kbcmerchantbanking.com\www
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
c:\windows\Tasks\asxextu*.job;
emptytemp;
emptyclsid;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht en vertel hoe het nu gaat.
Gr.Ben
Antivirusprikbord.nl
Koen Lenaers

06-09-2012 16:22

Zoek.exe Version 3.0.0.3 Updated 04-SEPT-2012
Tool run by Koen Lenaers on do 06/09/2012 at 16:11:21,64.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running from: C:\Users\Koen Lenaers\AppData\Local\Temp\zoek.exe
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\KOENLE~1\AppData\Local\Temp successfully emptied
Ik krijg nog steeds die unknown malware popup van g data,zou dit misschien een false positive kunnen zijn?
Ben

06-09-2012 17:27

Hallo,
Ik ben nog niet tevreden:
Open een kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster:
File::
c:\windows\Tasks\asxextu.job
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord en vertel hoe het gaat.
Gr.Ben
Antivirusprikbord.nl
Koen Lenaers

06-09-2012 18:02

ComboFix 12-09-06.01 - Koen Lenaers 06/09/2012 17:38:30.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4086.2490
Gestart vanuit: c:\users\Koen Lenaers\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Koen Lenaers\Desktop\CFScript.txt
AV: G Data AntiVirus 2012 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus 2012 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
“c:\windows\Tasks\asxextu.job”
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\asxextu.job
c:\windows\TEMP\6eyfoy8m.vbt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-06 to 2012-09-06 ))))))))))))))))))))))))))))))
.
.
2012-09-06 15:44 . 2012-09-06 15:44 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-09-06 15:44 . 2012-09-06 15:44 ——– d—–w- c:\users\Administrator\AppData\Local\temp
2012-09-06 14:12 . 2012-09-06 15:46 ——– d—–w- c:\users\Koen Lenaers\AppData\Local\Temp
2012-09-06 14:12 . 2012-09-06 14:11 167424 —-a-w- c:\windows\zoek-delete.exe
2012-09-05 09:42 . 2012-09-05 09:42 ——– d—–w- c:\windows\SysWow64\wbem\en-US
2012-09-05 09:42 . 2012-09-05 09:42 ——– d—–w- c:\windows\system32\wbem\en-US
2012-09-04 19:52 . 2012-09-04 19:53 ——– d—–w- c:\programdata\Battle.net
2012-09-04 14:23 . 2012-09-04 14:24 ——– d—–w- C:\TDSSStarter
2012-09-02 14:33 . 2012-09-04 13:28 ——– d—–w- C:\hijackthis
2012-09-02 13:04 . 2012-09-02 13:04 ——– d—–w- c:\users\Koen Lenaers\AppData\Local\G DATA
2012-09-01 13:48 . 2012-09-01 13:48 73696 —-a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-01 12:07 . 2012-09-01 12:07 ——– d—–w- c:\program files (x86)\Overwolf
2012-09-01 12:07 . 2012-09-01 12:07 ——– d—–w- c:\program files (x86)\Common Files\Overwolf
2012-09-01 12:06 . 2012-09-01 12:10 ——– d—–w- c:\users\Koen Lenaers\AppData\Local\Overwolf
2012-09-01 09:18 . 2012-09-01 09:18 ——– d—–w- c:\users\Koen Lenaers\AppData\Roaming\dvdcss
2012-08-24 12:26 . 2012-08-24 12:26 118784 –sha-r- c:\windows\SysWow64\rpcnsht.dll
2012-08-21 15:12 . 2012-08-21 15:12 768848 —-a-w- c:\windows\SysWow64\msvcr100.dll
2012-08-21 15:12 . 2012-08-21 15:12 421200 —-a-w- c:\windows\SysWow64\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 14:24 . 2010-01-19 09:02 106488 —-a-w- c:\windows\system32\drivers\GRD.sys
2012-08-25 07:18 . 2012-04-02 16:05 696520 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-25 07:18 . 2011-05-14 08:56 73416 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 22:47 . 2010-01-20 10:28 62134624 —-a-w- c:\windows\system32\MRT.exe
2012-08-01 22:58 . 2012-08-24 11:39 9309624 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A667B630-2170-4175-A190-9E977B549203}\mpengine.dll
2012-07-23 14:15 . 2010-01-20 13:41 704136 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-19 01:31 . 2012-06-16 09:41 477168 —-a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-19 01:31 . 2010-05-03 07:27 473072 —-a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2011-10-02 07:49 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 05:43 . 2012-07-11 12:04 14172672 —-a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-05_11.47.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-09-06 13:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-04 09:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-06 13:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-06 13:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-04 09:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-09 09:11 . 2012-09-06 15:47 65384 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-06 15:47 47384 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-19 09:02 . 2012-09-06 15:47 20534 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2851071923-2195716729-3770204004-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-09-05 11:54 93616 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-09-06 15:45 . 2012-09-06 15:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-05 11:46 . 2012-09-05 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-06 15:45 . 2012-09-06 15:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-05 11:46 . 2012-09-05 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-08 11:45 . 2012-09-06 09:52 789314 c:\windows\SysWOW64\sig.bin
+ 2010-01-19 17:11 . 2012-09-06 13:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-01-19 17:11 . 2012-09-04 09:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-09-05 11:45 429976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-06 15:44 429976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-06-07 15:58 . 2012-06-07 15:58 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-09-05 14:01 . 2012-09-05 14:01 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2010-10-25 23:27 . 2012-09-06 15:44 3763820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2851071923-2195716729-3770204004-1001-8192.dat
+ 2011-04-18 22:23 . 2012-09-06 14:12 2870404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2851071923-2195716729-3770204004-1001-12288.dat
+ 2012-09-05 14:00 . 2012-09-05 14:00 19337216 c:\windows\Installer\7b51e7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 94208 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 94208 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 94208 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“Steam”=“c:\program files (x86)\Valve\Steam\\Steam.exe”
“DDAssist”=“c:\program files (x86)\Drobo\Drobo Dashboard\DDAssist.exe”
“MobileDocuments”=“c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe”
“Facebook Update”=“c:\users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe”
“Spotify”=“c:\users\Koen Lenaers\AppData\Roaming\Spotify\Spotify.exe”
“Spotify Web Helper”=“c:\users\Koen Lenaers\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
“iCloudServices”=“c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe”
“ApplePhotoStreams”=“c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe”
“Overwolf”=“c:\program files (x86)\Overwolf\Overwolf.exe”
.
“RoxWatchTray”=“c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
“DMXLauncher”=“c:\program files (x86)\Roxio\Media Experience\DMXLauncher.exe”
“RoxioDragToDisc”=“c:\program files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe”
“GrooveMonitor”=“c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
“beid”=“c:\program files (x86)\Belgium Identity Card\beid35gui.exe”
“G Data AntiVirus Tray Application”=“c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe”
“DivXUpdate”=“c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe”
“Razer Imperator Driver”=“c:\program files (x86)\Razer\Imperator\RazerImperatorSysTray.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“c:\program files (x86)\QuickTime\QTTask.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe”
.
c:\users\Koen Lenaers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\Dropbox.exe
Facebook Messenger.lnk - c:\users\Koen Lenaers\AppData\Local\Facebook\Messenger\2.1.4623.0\FacebookMessenger.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
SecurityProviders credssp.dll, schannel.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe
R2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
R3 ATICDSDr;ATICDSDr;c:\users\KOENLE~1\AppData\Local\Temp\ATICDSDr.sys
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys
R3 ghsmdm;Handset USB Modem;c:\windows\system32\DRIVERS\ghsmdm.sys
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Koen Lenaers\Desktop\Run\a2ddax64.sys
S1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe
S2 AVKWCtl;G Data Bestandssysteembewaker;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys
.
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001Core.job
- c:\users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
2012-09-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001UA.job
- c:\users\Koen Lenaers\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001Core.job
- c:\users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2851071923-2195716729-3770204004-1001UA.job
- c:\users\Koen Lenaers\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
——— X64 Entries ———–
.
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 97792 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 97792 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 97792 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
@=“{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}”
2012-06-30 04:19 97792 —-a-w- c:\users\Koen Lenaers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“Launch LGDCore”=“c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe”
“Launch LCDMon”=“c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe”
“XeroxRegistation”=“c:\users\KOENLE~1\AppData\Local\Temp\Xerox\EReg\EReg.exe”
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: isabel.be
Trusted Zone: kbc.be
Trusted Zone: kbcgroup.eu
Trusted Zone: cbc.be\cbc-pdf
Trusted Zone: cbc.be\cbconline
Trusted Zone: cbc.be\static
Trusted Zone: cbc.be\www
Trusted Zone: cbc.eu\www
Trusted Zone: isabel.be\*.IBS6
Trusted Zone: isabel.be\gotoIBS6
Trusted Zone: isabel.be\pki
Trusted Zone: isabel.be\www
Trusted Zone: isabel.eu\upgrade
Trusted Zone: isabel.eu\www
Trusted Zone: kbc.be\kbc-pdf
Trusted Zone: kbc.be\kbconline
Trusted Zone: kbc.be\static
Trusted Zone: kbc.be\www
Trusted Zone: kbc.com\www
Trusted Zone: kbc.eu\www
Trusted Zone: kbcam.be\www
Trusted Zone: kbcam.com\www
Trusted Zone: kbcbankingforbusiness.com\www
Trusted Zone: kbcgroup.eu\multimediafiles
Trusted Zone: kbcgroup.eu\www
Trusted Zone: kbcmerchantbanking.com\www
TCP: DhcpNameServer = 195.130.130.131 195.130.131.131
FF - ProfilePath - c:\users\Koen Lenaers\AppData\Roaming\Mozilla\Firefox\Profiles\srncyjai.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
“ImagePath”=“C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe”
.
“ImagePath”=“C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe”
.
“ImagePath”=“C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe”
.
“ImagePath”=“C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
c:\program files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
.
**************************************************************************
.
Voltooingstijd: 2012-09-06 17:50:15 - machine werd herstart
ComboFix-quarantined-files.txt 2012-09-06 15:50
ComboFix2.txt 2012-09-05 15:08
ComboFix3.txt 2012-09-05 11:57
.
Pre-Run: 15.578.509.312 bytes beschikbaar
Post-Run: 15.268.384.768 bytes beschikbaar
.
- - End Of File - - 5B94FAFA356BFC47CFAA5455260086E6
pop up blijft komen in ie9 ik word wel niet meer geredirect,niet op ie en op firefox
Koen
Ben

06-09-2012 19:14

Hallo,
We gaan eerst opruimen en kijken wat IE dan doet.
Anders licht het toch aan een beveiligings instelling of false positive.
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
1. De volgende programma's en bijbehorende log bestanden mag je verwijderen.
• DDS
• EmsisoftEmergencyKit
• TDSSKStarter.exe
• AdwCleaner via de uninstal functie als je het programma opstart.
• zoek.exe
• ComboFix via de onderstaande instructies.
Verwijder ComboFix, kopiëer het onderstaande commando met (Ctrl + C):
Combofix /Uninstall (let op!!! de spatie voor /Uninstall)
Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.
2. Download Ccleaner
Bij het installeren van de nieuwste Ccleaner wordt nu ook Google Chrome (helaas) mee geinstalleerd.
Je moet tijdens het installeren een vinkje weg halen, zodat Google Chrome niet geinstalleerd word.
Installeer CCleaner en start CCleaner op.
• Klik in de linkse kolom op Cleaner.
• Klik achtereenvolgens op Analyseren en Opschonen.
• Klik vervolgens in de linkse kolom op Register en klik op Scan naar problemen.
• Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK.
• Dan krijg je de vraag om een back-up te maken, klik op JA en kies dan Herstel alle geselecteerde fouten.
• Sluit hierna CCleaner af.
Verwijder ook nog even je systeemherstelpunten en maak een nieuwe aan.
Leeg hierna je prullenbak.
Want hierin kunnen nog besmettingen zitten.
Gr.Ben
Antivirusprikbord.nl
koen lenaers

06-09-2012 19:42

Hallo Ben,
alles uitgevoerd, maar de pop up blijft helaas,ik veronderstel dat het een false positive is
Ik wil je toch uitvoerig bedanken voor de tijd en geduld die je hier hebt ingestoken.
Ik weet waar ik ik in de toekomst moet zijn bij nieuwe virusproblemen.
nogmaals bedankt en het ga je goed
Koen
Ben

06-09-2012 20:02

Hallo,
Doe af en toe voor de zekerheid een online scan(tu)
Bedankt en graag gedaan.
Gr.Ben
Antivirusprikbord.nl
Ben

11-09-2012 13:35

Omdat dit topic is opgelost word het gesloten.
Wilt U Uw topic als nog weer openen, stuur dan een privé bericht naar Ben of Huib (fazantje).
Zij zullen dan het “slotje” er van af halen en het topic is weer geopend.
Gr.Ben
Antivirusprikbord.nl

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

redirected naar niet gevraagde websites

Ben

koen lenaers

Ben

Koen Lenaers

Ben

Koen Lenaers

Ben

koen lenaers

Ben

Ben