Mededeling

**virtualJac** · 24-07-14, 07:11

Heb een gedeelte weggekregen met CCcleaner en Malwarebytes. Blijf echter last houden van pop-ups en PirritSuggestor. Bovenstaand mijn DDS log.

Ter info, betreft een bedrijfslaptop! Medewerker bij de servicebalie zou een brandprogramma met licentie installeren voor me, echter heeft hij ImgBurn Freeware geïnstalleerd en op de verkeerde 'Download' knop geklikt.

**Emphyrio** · 24-07-14, 13:34

Hoi

Een bedrijfslaptop moet behandeld worden door het bedrijf (de sysadmin).

**virtualJac** · 24-07-14, 13:48

Ik ben admin. Werk op projecten en kom zelden op hoofdkantoor, vandaar dat deze verantwoordelijkheid bij ons zelf ligt.

**Emphyrio** · 24-07-14, 14:25

Als je de Systeembeheerder van het bedrijf bent lijkt het me onwaarschijnlijk dat je dit probleem niet kan tackelen.
Tenslotte is het je (betaalde) job en wij (de behandelaars) doen dit gratis.

Ik ga even navraag doen bij onze Administrator

**virtualJac** · 24-07-14, 15:02

Dat zeg ik niet. Ik ben geen systeembeheerder. Ik ben administrator, zodat ik zelf het onderhoud/problemsolving aan mijn systeem kan doen. Hiermee ben ik ook meteen zelf verantwoordelijk. Het is me zes jaar gelukt om spywarevrij te blijven en nu door een onoplettende service medewerker is het er dan toch van gekomen.

Ik gebruik deze ook privé en voor mijn opleiding, dus los ik het liever zelf op zodat ik hier zsm weer mee aan de slag kan. Anders ben ik hem voor drie weken kwijt (bouwvakantie).

In ieder geval bedankt voor de moeite! Zou me echt enorm helpen.

**Emphyrio** · 24-07-14, 15:33

Ik zal deze pc uitzonderlijk éénmalig behandelen, mede omdat je Windows XP gebruikt.

Je werkt met een OS dat niet meer ondersteund wordt: XP
Dit OS behandelen op malware is hetzelfde als dweilen met de kraan open. Nutteloos dus

Een paar mogelijkheden opsgesomd:

- Of je koopt een nieuwe pc (ik kan me niet indenken dat een pc die draait op een XP geschikt is voor W 8.1)

- Of je zet je XP machine offline. Dus niet aan het internet (dus ook niet verbonden met andere pc's via een router die wél op het internet kunnen).

- Of (en dat is eveneens een mogelijkheid) je zet er Linux op (desnoods met Wine = Windows omgeving).

Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
.

Log enkel in als beheerder met alle rechten.
Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
Volg aandachtig de instructies die door mij worden gegeven.
Volg enkel het door mij gegeven advies op
Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
Als je iets niet weet of verstaat, vraag het dan even aub.
Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
De logs niet als bijlage, noch tussen codetags zetten aub.

.
Opmerking: Alle tools steeds uitvoeren als admin.
De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....

Stap 1:

Malware scannen en verwijderen....

Heb je MBAM reeds op je pc staan, moet je niet downloaden uiteraard.

Download Malwarebytes Anti-Malware naar je bureaublad .

Dubbelklik op mbam-setup.exe om het programma te installeren.

Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

Klik op de foto voor een vergroting...

Zorg dat er na de installatie een vinkje is geplaatst bij:

Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Zodra het programma gestart is, ga je naar het tabblad "Instellingen".

Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga naar het tabblad "Updates" en Update MBAM.
Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

.
Indien MBAM vraagt om een herstart, doe dit dan ook.
Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
In dat geval post je dus de twee logs. Dus een tweede "snelle scan" log enkel indien de VOLLEDIGE scan "iets" gevonden heeft.

De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Bij problemen!!!

.___________________________________________________________

Stap 2:

Controle op slechte toolbars...

Download AdwCleaner by Xplode naar je Bureaublad.

Sluit alle openstaande vensters
Start AdwCleaner
Klik op Scannen
Klik op Verwijderen

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
Post deze inhoud hier op het Forum.

Enkel de log na de "Verwijderen" optie heb ik nodig.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
Deze word standaard door AdwCleaner terug gezet naar Google.com
___________________________________________________________

Stap 3:

Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:

DDS is een diagnosetool en maakt gebruik van scripts.
Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.

Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
Beide logfiles sla je op je bureaublad.

Post de inhoud van DDS.txt.

De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

___________________________________________________________

Stap 4:

Download Security Check op je bureaublad via hier of hier

Start Security Check
Volg de Instructies in het scherm
Aan het eind verschijnt een log ( checkup.txt )
Plaats de inhoud ervan in je volgende antwoord.

In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
.

MBAM
AdwCleaner
DDS
checkup.txt

.
Deze logs NIET als bijlage of tussen codetags posten aub.
(Desnoods in meerdere postingen.)

Emphyrio

**virtualJac** · 25-07-14, 07:01

Malwarebytes Anti-Malware

Cyber Security Software & Anti-Malware | Malwarebytes

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from the latest cyber threats and malware, including ransomware.

Scandatum: 25-7-2014
Scantijd: 7:26:16
Logbestand: MalwareBytes.txt
Beheerder: Ja

Versie: 2.00.2.1012
Malwaredatabase: v2014.07.25.01
Rootkitdatabase: v2014.07.17.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Self-protection: Uitgeschakeld

Besturingssysteem: Windows XP Service Pack 3
Processor: x86
Bestandssysteem: NTFS
Gebruiker: j.spr

Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 540012
Verstreken Tijd: 14 m, 53 s

Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristics: Ingeschakeld
POP: Waarschuwen
POA: Ingeschakeld

Processen: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registersleutels: 0
(No malicious items detected)

Registerwaardes: 0
(No malicious items detected)

Registerdata: 0
(No malicious items detected)

Mappen: 0
(No malicious items detected)

Bestanden: 2
PUP.Optional.Superfish.A, C:\Documents and Settings\j.spruit.LT-VSH07382\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [5f56346fadce9f97b4e3f0e9fe04c937],
PUP.Optional.Superfish.A, C:\Documents and Settings\j.spruit.LT-VSH07382\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [3c796d36cab15cdaa6f1f4e5e81a1ae6],

Fysieke Sectoren: 0
(No malicious items detected)

(end)

# AdwCleaner v3.216 - Rapport aangemaakt 25/07/2014 op 07:44:35
# Laatste Update 17/07/2014 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruikersnaam : j.spruit - LT-VSH07382
# Gestart vanuit : C:\Documents and Settings\j.spruit.LT-VSH07382\Bureaublad\adwcleaner_3.216.exe
# Optie : Verwijderen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

Map Verwijderd : C:\Program Files\driver-soft
Bestand Verwijderd : C:\WINDOWS\system32\roboot.exe

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

Sleutel Verwijderd : HKCU\Software\systweak
Sleutel Verwijderd : HKLM\Software\systweak
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v36.0.1985.125

*************************

AdwCleaner[R0].txt - [1032 octets] - [25/07/2014 07:43:16]
AdwCleaner[S0].txt - [968 octets] - [25/07/2014 07:44:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1027 octets] ##########

**virtualJac** · 25-07-14, 07:02

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.65.2
Run by j.spruit at 7:48:51 on 2014-07-25
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3014.2195 [GMT 2:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\vcsFPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\KPN\Mobiel Internet Software\BecHelperService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\KPN\Mobiel Internet Software\LoggerServer.exe
C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
C:\WINDOWS\system32\CommandControlFirmware\CommandControlFirmware.exe
C:\WINDOWS\system32\DWRCS.exe
C:\Program Files\Forefront TMG Client\FwcAgent.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files\INVENTORYCLIENT\client.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
C:\WINDOWS\CCM\CcmExec.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSUploader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\j.spruit.LT-VSH07382\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Forefront TMG Client\FwcMgmt.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSPortMonitorCommunicator.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://webwerken.vshanab.nl/
uProxyServer = hxxp=127.0.0.1:16313
uProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ips\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\common files\primavera common\java\_jvm\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spotify Web Helper] "c:\documents and settings\j.spruit.lt-vsh07382\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [ItalusUploader] c:\program files\hewlett-packard\hp designjet eprintandshare\HPePSUploader.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\jsprui~1.lt-\menust~1\progra~1\opstar~1\dropbox.lnk - c:\documents and settings\j.spruit.lt-vsh07382\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\forefr~1.lnk - c:\program files\forefront tmg client\FwcMgmt.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\update~1.lnk - c:\program files\kpn\mobiel internet software\AutoUpdateSrv.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: legalnoticecaption = V&SH Beveiligingswaarschuwing
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Verzenden naar Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: sccm102
Trusted Zone: dm311.local
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286529918364
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286530450710
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://webwerken.vshanab.nl/+CSCOL+/cscopf.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.228.12.254
TCP: Interfaces\{BE7EF984-206B-4ED2-A547-1B51FCB5ED8B} : NameServer = 192.168.192.1
TCP: Interfaces\{EF3C6F03-CC15-4FE7-BDA4-1779BD02DEBF} : DHCPNameServer = 10.228.12.254
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\bricsys\bricscad v12\BrxProtIE.dll
Notify: igfxcui - igfxdev.dll
Notify: sccmrdplauncher - SccmRdpLauncher.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SecurityProviders: SecurityProviders = credssp.dll, pwdssp.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R?2 CommandControlFirmware;CommandControlFirmware;c:\windows\system32\commandcontrolfirmware\CommandCont rolFirmware.exe [2014-7-22 60965]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymDS.sys [2013-2-8 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymEFA.sys [2013-2-8 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\bashdefs\20140703.011\BHDrvx86.sys [2014-7-22 1101616]
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\ccSetx86.sys [2013-2-8 134304]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\Ironx86.sys [2013-2-8 175264]
R2 BecHelperService;BecHelperService;c:\program files\kpn\mobiel internet software\BecHelperService.exe [2013-8-20 1917832]
R2 CmRcService;Configuration Manager Remote Control;c:\windows\ccm\remctrl\CmRcService.exe [2013-9-11 465592]
R2 FwcAgent;Forefront TMG Client Agent;c:\program files\forefront tmg client\FwcAgent.exe [2009-10-14 275424]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-9-12 227896]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2013-5-22 63448]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ccSvcHst.exe [2013-2-8 143928]
R2 SnowInventoryClient;Inventory Client;c:\program files\inventoryclient\client.exe [2012-5-9 1442304]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-8-23 2774320]
R2 WMCoreService;Mobile Broadband Service;c:\program files\ericsson\mobile broadband drivers\wmcore\wmcore.exe servicemode --> c:\program files\ericsson\mobile broadband drivers\wmcore\WMCore.exe servicemode [?]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-10-28 113664]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-11 109872]
R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [2013-2-20 88104]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-8-20 72832]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\ipsdefs\20140723.012\IDSXpx86.sys [2014-7-24 383120]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-10-8 44800]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-10-28 260864]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-10-31 144984]
R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2011-10-31 23640]
R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [2011-10-31 123208]
R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [2013-2-20 14920]
R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [2013-2-20 139080]
R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [2013-2-20 132808]
R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [2013-2-20 24904]
R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [2013-2-20 150344]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140723.025\NAVENG.SYS [2014-7-24 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140723.025\NAVEX15.SYS [2014-7-24 1612376]
S?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-26 48640]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-12-11 38912]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\coh_mon.sys --> c:\windows\system32\drivers\COH_Mon.sys [?]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys --> c:\windows\system32\drivers\e1k5132.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-8-20 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-8-20 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-8-20 117504]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\hewlett-packard\hp connection manager\hpCMSrv.exe [2011-9-13 1098296]
S3 Impcd;Impcd;c:\windows\system32\drivers\impcd.sys --> c:\windows\system32\drivers\Impcd.sys [?]
S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\drivers\netwnx32.sys --> c:\windows\system32\drivers\NETwNx32.sys [?]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\SyDvCtrl32.sys [2013-2-8 28136]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.ex e xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-07-25 05:43:28 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-25 05:43:15 -------- d-----w- C:\AdwCleaner
2014-07-24 06:03:08 -------- d--h--r- c:\documents and settings\j.spruit.lt-vsh07382\Onlangs geopend
2014-07-24 06:01:29 -------- d-----w- c:\program files\CCleaner
2014-07-23 08:05:18 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Garmin
2014-07-22 11:10:39 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-22 11:10:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-22 11:07:52 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-07-22 11:07:52 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Malwarebytes
2014-07-22 11:07:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-07-22 11:07:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-22 11:07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-07-22 07:18:10 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\VOPackage
2014-07-22 07:14:56 -------- d-----w- c:\windows\system32\CommandControlFirmware
2014-07-20 11:26:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-20 11:26:48 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
.
============= FINISH: 7:55:48,21 ===============

Results of screen317's Security Check version 0.99.86
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Symantec Endpoint Protection
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 65
Adobe Reader 10.1.8 Adobe Reader out of Date!
Google Chrome 35.0.1916.153
Google Chrome 36.0.1985.125
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

Na de vakantie zal ik mijn OS updaten. Betreft een vrij recente HP Probook welke wel standaard met Windows 8 geleverd is.

**Emphyrio** · 25-07-14, 07:14

Heb je deze zelf ingesteld?

uProxyServer = hxxp=127.0.0.1:16313
uProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net

Download of Update Ccleaner

Start CCleaner op.

Run Ccleaner en klik in de linkse kolom op Opties
Selecteer het tabblad Geavanceerd
Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
Selecteer het tabblad Instellingen
Haal het vinkje weg bij "Computer automatisch schoonmaken...."
Klik in de linkse kolom op Cleaner.
Klik dan achtereenvolgens op Analyseer en Schoonmaken.
Klik vervolgens in de linkse kolom op Register
Klik op Scan naar problemen.
Op de vraag of je een backup wil maken van het register, klik je "Ja".
Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

.

Download Combofix naar je bureaublad.
(Dus niet naar een download map of temp map)

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.
Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Deze kan je vinden als C:\combofix.txt.

Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

* OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.

Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
Illegal operation attempted on a registry key that has been marked for deletion.

**virtualJac** · 25-07-14, 08:26

ComboFix 14-07-24.01 - j.spruit 25-07-2014 9:19.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3014.2091 [GMT 2:00]
Gestart vanuit: c:\documents and settings\j.spruit.LT-VSH07382\Bureaublad\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Internet Explorer\SET1EC.tmp
c:\program files\Internet Explorer\SET1F0.tmp
c:\program files\Internet Explorer\SET1F1.tmp
c:\windows\system32\SET12E.tmp
c:\windows\system32\SET148.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET162.tmp
c:\windows\system32\SET164.tmp
c:\windows\system32\SET165.tmp
c:\windows\system32\SET166.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET207.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET20A.tmp
c:\windows\system32\SET20B.tmp
c:\windows\system32\SET20C.tmp
c:\windows\system32\SET20D.tmp
c:\windows\system32\SET20E.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET212.tmp
c:\windows\system32\SET213.tmp
c:\windows\system32\SET214.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET216.tmp
c:\windows\system32\SET217.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21B.tmp
c:\windows\system32\SET21C.tmp
c:\windows\system32\SET21D.tmp
c:\windows\system32\SET21E.tmp
c:\windows\system32\SET21F.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET222.tmp
c:\windows\system32\SET223.tmp
c:\windows\system32\SET224.tmp
c:\windows\system32\SET225.tmp
c:\windows\system32\SET226.tmp
c:\windows\system32\SET227.tmp
c:\windows\system32\SET228.tmp
c:\windows\system32\SET229.tmp
c:\windows\system32\SET22A.tmp
c:\windows\system32\SET22C.tmp
c:\windows\system32\SET22D.tmp
c:\windows\system32\SET22E.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET230.tmp
c:\windows\system32\SET231.tmp
c:\windows\system32\SET233.tmp
c:\windows\system32\SET234.tmp
c:\windows\system32\SET235.tmp
c:\windows\system32\SET236.tmp
c:\windows\system32\SET237.tmp
c:\windows\system32\SET238.tmp
c:\windows\system32\SET239.tmp
c:\windows\system32\SET23A.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET268.tmp
c:\windows\system32\SET276.tmp
c:\windows\system32\SET277.tmp
c:\windows\system32\SET27A.tmp
c:\windows\system32\SET283.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET28D.tmp
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2AD.tmp
c:\windows\system32\SET2B9.tmp
c:\windows\system32\SET2F1.tmp
c:\windows\system32\SET315.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET364.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-06-25 to 2014-07-25 ))))))))))))))))))))))))))))))
.
.
2014-07-25 07:13 . 2014-07-25 07:13 -------- d--h--r- c:\documents and settings\j.spruit.LT-VSH07382\Onlangs geopend
2014-07-25 05:43 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-25 05:43 . 2014-07-25 05:44 -------- d-----w- C:\AdwCleaner
2014-07-24 06:01 . 2014-07-24 06:01 -------- d-----w- c:\program files\CCleaner
2014-07-23 08:05 . 2014-07-23 08:05 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Garmin
2014-07-22 11:10 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-22 11:10 . 2014-07-22 11:10 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-22 11:07 . 2014-07-25 05:22 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-07-22 11:07 . 2014-07-22 11:10 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Malwarebytes
2014-07-22 11:07 . 2014-07-22 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-07-22 11:07 . 2014-07-22 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-07-22 11:07 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-22 07:20 . 2014-07-22 07:30 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\ImgBurn
2014-07-22 07:18 . 2014-07-22 07:18 -------- d-----w- c:\program files\ImgBurn
2014-07-22 07:18 . 2014-07-22 11:35 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\VOPackage
2014-07-22 07:14 . 2014-07-22 07:14 -------- d-----w- c:\windows\system32\CommandControlFirmware
2014-07-22 07:14 . 2014-07-22 07:14 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware
2014-07-20 11:27 . 2014-07-20 11:27 -------- d-----w- c:\program files\Common Files\Java
2014-07-20 11:26 . 2014-07-11 00:36 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-20 11:26 . 2014-07-11 01:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-06 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2014-04-22 1171000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 141656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 181592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 165720]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"ItalusUploader"="c:\program files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSUploader.exe" [2013-06-18 398336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2010-08-06 85528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\j.spruit.LT-VSH07382\Menu Start\Programma's\Opstarten\
Dropbox.lnk - c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Forefront TMG Client.lnk - c:\program files\Forefront TMG Client\FwcMgmt.exe [2011-4-11 240920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sccmrdplauncher]
2013-09-11 02:00 20664 ----a-w- c:\windows\system32\SccmRdpLauncher.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, pwdssp.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\j.spruit.LT-VSH07382\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\j.spruit.LT-VSH07382\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
"6129:TCP"= 6129:TCP

ameWare Mini Remote Control Service
"1745:UDP"= 1745:UDP:Client Notification Channel
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymDS.sys [8-2-2013 16:20 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymEFA.sys [8-2-2013 16:20 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140703.011\BHDrvx86.sys [22-7-2014 8:42 1101616]
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys [8-2-2013 16:20 134304]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15-2-2007 19:00 26624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.sys [8-2-2013 16:20 175264]
R2 BecHelperService;BecHelperService;c:\program files\KPN\Mobiel Internet Software\BecHelperService.exe [20-8-2013 8:44 1917832]
R2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe [11-9-2013 4:00 465592]
R2 CommandControlFirmware;CommandControlFirmware;c:\windows\system32\CommandControlFirmware\CommandCont rolFirmware.exe [22-7-2014 9:14 60965]
R2 FwcAgent;Forefront TMG Client Agent;c:\program files\Forefront TMG Client\FwcAgent.exe [14-10-2009 3:08 275424]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [12-9-2011 18:55 227896]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [22-5-2013 9:46 63448]
R2 OfficeQuickSoftware.exe;OfficeQuickSoftware.exe;c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\OfficeQuickSoftware.exe [22-7-2014 9:14 98341]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [8-2-2013 16:20 143928]
R2 SnowInventoryClient;Inventory Client;c:\program files\INVENTORYCLIENT\client.exe [9-5-2012 0:00 1442304]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [23-8-2011 5:23 2774320]
R2 WMCoreService;Mobile Broadband Service;c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode --> c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode [?]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [28-10-2011 16:25 113664]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [7-2-2007 19:00 3712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11-6-2014 11:00 109872]
R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [20-2-2013 16:35 88104]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [13-9-2011 17:49 1098296]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [20-8-2013 8:44 72832]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140723.012\IDSXpx86.sys [24-7-2014 11:02 383120]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [8-10-2010 14:50 44800]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [28-10-2011 16:28 260864]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [31-10-2011 14:25 144984]
R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [31-10-2011 14:25 23640]
R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [31-10-2011 14:31 123208]
R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [20-2-2013 16:35 14920]
R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [20-2-2013 16:35 139080]
R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [20-2-2013 16:35 132808]
R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [20-2-2013 16:35 24904]
R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [20-2-2013 16:35 150344]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2-2-2006 0:49 204800]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [26-10-2009 14:39 48640]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [11-12-2009 21:54 38912]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k5132.sys --> c:\windows\system32\DRIVERS\e1k5132.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [20-8-2013 8:44 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [20-8-2013 8:44 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [20-8-2013 8:44 117504]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys --> c:\windows\system32\DRIVERS\Impcd.sys [?]
S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [2-8-2012 12:24 48744]
S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [2-8-2012 12:24 48744]
S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETwNx32.sys --> c:\windows\system32\DRIVERS\NETwNx32.sys [?]
S3 RgFltX86;RgFltX86;\??\c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\RgFltX86.sys --> c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\RgFltX86.sys [?]
S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SyDvCtrl32.sys [8-2-2013 16:20 28136]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.ex e XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-20 11:44 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 06:05]
.
2014-07-25 c:\windows\Tasks\Configuration Manager Health Evaluation.job
- c:\windows\CCM\CcmEval.exe [2013-09-11 02:00]
.
2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-21 14:49]
.
2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-21 14:49]
.
2014-07-25 c:\windows\Tasks\User_Feed_Synchronization-{B88E3456-E757-48EE-8C50-908901138682}.job
- c:\windows\system32\msfeedssync.exe [2009-04-06 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://webwerken.vshanab.nl/
uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
uInternet Settings,ProxyServer = http=127.0.0.1:23182
IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: sccm102
Trusted Zone: dm311.local
Trusted Zone: dm311.local\vsh-iws
Trusted Zone: vshanab.nl\webwerken
TCP: DhcpNameServer = 10.228.12.254
TCP: Interfaces\{BE7EF984-206B-4ED2-A547-1B51FCB5ED8B}: NameServer = 192.168.192.1
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://webwerken.vshanab.nl/+CSCOL+/cscopf.cab
.
.
------- Bestandsassociaties -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS VERWIJDERD - - - -
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Update-agent.lnk - c:\program files\KPN\Mobiel Internet Software\AutoUpdateSrv.exe
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-25 09:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
.
c:\docume~1\JSPRUI~1.LT-\LOCALS~1\Temp\catchme.dll 53248 bytes executable
.
Scan succesvol afgerond
verborgen bestanden: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(1716)
c:\windows\system32\SccmRdpLauncher.dll
.
Voltooingstijd: 2014-07-25 09:25:23
ComboFix-quarantined-files.txt 2014-07-25 07:25
.
Pre-Run: 246.408.007.680 bytes beschikbaar
Post-Run: 246.786.486.272 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8F3E4DE767D470E6E313868EE7E405EB
A36C5E4F47E84449FF07ED3517B43A31

**virtualJac** · 25-07-14, 08:29

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.65.2
Run by j.spruit at 9:27:52 on 2014-07-25
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3014.2093 [GMT 2:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\vcsFPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\KPN\Mobiel Internet Software\BecHelperService.exe
C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
C:\WINDOWS\system32\DWRCS.exe
C:\Program Files\Forefront TMG Client\FwcAgent.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\WINDOWS\system32\DWRCST.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files\INVENTORYCLIENT\client.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
C:\WINDOWS\CCM\CcmExec.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSUploader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Forefront TMG Client\FwcMgmt.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\CCM\SCNotification.exe
C:\WINDOWS\system32\CommandControlFirmware\CommandControlFirmware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://webwerken.vshanab.nl/
uProxyServer = hxxp=127.0.0.1:23182
uProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ips\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\common files\primavera common\java\_jvm\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Spotify Web Helper] "c:\documents and settings\j.spruit.lt-vsh07382\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [ItalusUploader] c:\program files\hewlett-packard\hp designjet eprintandshare\HPePSUploader.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\jsprui~1.lt-\menust~1\progra~1\opstar~1\dropbox.lnk - c:\documents and settings\j.spruit.lt-vsh07382\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\forefr~1.lnk - c:\program files\forefront tmg client\FwcMgmt.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: legalnoticecaption = V&SH Beveiligingswaarschuwing
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Verzenden naar Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: sccm102
Trusted Zone: dm311.local
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286529918364
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286530450710
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://webwerken.vshanab.nl/+CSCOL+/cscopf.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.228.12.254
TCP: Interfaces\{BE7EF984-206B-4ED2-A547-1B51FCB5ED8B} : NameServer = 192.168.192.1
TCP: Interfaces\{EF3C6F03-CC15-4FE7-BDA4-1779BD02DEBF} : DHCPNameServer = 10.228.12.254
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\bricsys\bricscad v12\BrxProtIE.dll
Notify: igfxcui - igfxdev.dll
Notify: sccmrdplauncher - SccmRdpLauncher.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SecurityProviders: SecurityProviders = credssp.dll, pwdssp.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymDS.sys [2013-2-8 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymEFA.sys [2013-2-8 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\bashdefs\20140703.011\BHDrvx86.sys [2014-7-22 1101616]
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\ccSetx86.sys [2013-2-8 134304]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\Ironx86.sys [2013-2-8 175264]
R2 BecHelperService;BecHelperService;c:\program files\kpn\mobiel internet software\BecHelperService.exe [2013-8-20 1917832]
R2 CmRcService;Configuration Manager Remote Control;c:\windows\ccm\remctrl\CmRcService.exe [2013-9-11 465592]
R2 CommandControlFirmware;CommandControlFirmware;c:\windows\system32\commandcontrolfirmware\CommandCont rolFirmware.exe [2014-7-22 60965]
R2 FwcAgent;Forefront TMG Client Agent;c:\program files\forefront tmg client\FwcAgent.exe [2009-10-14 275424]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-9-12 227896]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2013-5-22 63448]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ccSvcHst.exe [2013-2-8 143928]
R2 SnowInventoryClient;Inventory Client;c:\program files\inventoryclient\client.exe [2012-5-9 1442304]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-8-23 2774320]
R2 WMCoreService;Mobile Broadband Service;c:\program files\ericsson\mobile broadband drivers\wmcore\wmcore.exe servicemode --> c:\program files\ericsson\mobile broadband drivers\wmcore\WMCore.exe servicemode [?]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-10-28 113664]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-11 109872]
R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [2013-2-20 88104]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\hewlett-packard\hp connection manager\hpCMSrv.exe [2011-9-13 1098296]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-8-20 72832]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\ipsdefs\20140723.012\IDSXpx86.sys [2014-7-24 383120]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-10-8 44800]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-10-28 260864]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-10-31 144984]
R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2011-10-31 23640]
R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [2011-10-31 123208]
R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [2013-2-20 14920]
R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [2013-2-20 139080]
R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [2013-2-20 132808]
R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [2013-2-20 24904]
R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [2013-2-20 150344]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140723.025\NAVENG.SYS [2014-7-24 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140723.025\NAVEX15.SYS [2014-7-24 1612376]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-26 48640]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-12-11 38912]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\coh_mon.sys --> c:\windows\system32\drivers\COH_Mon.sys [?]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys --> c:\windows\system32\drivers\e1k5132.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-8-20 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-8-20 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-8-20 117504]
S3 Impcd;Impcd;c:\windows\system32\drivers\impcd.sys --> c:\windows\system32\drivers\Impcd.sys [?]
S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\drivers\netwnx32.sys --> c:\windows\system32\drivers\NETwNx32.sys [?]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\SyDvCtrl32.sys [2013-2-8 28136]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.ex e xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-07-25 07:18:47 -------- d-sha-r- C:\cmdcons
2014-07-25 07:16:41 98816 ----a-w- c:\windows\sed.exe
2014-07-25 07:16:41 256000 ----a-w- c:\windows\PEV.exe
2014-07-25 07:16:41 208896 ----a-w- c:\windows\MBR.exe
2014-07-25 07:13:33 -------- d--h--r- c:\documents and settings\j.spruit.lt-vsh07382\Onlangs geopend
2014-07-25 05:43:28 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-25 05:43:15 -------- d-----w- C:\AdwCleaner
2014-07-24 06:01:29 -------- d-----w- c:\program files\CCleaner
2014-07-23 08:05:18 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Garmin
2014-07-22 11:10:39 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-22 11:10:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-22 11:07:52 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-07-22 11:07:52 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Malwarebytes
2014-07-22 11:07:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-07-22 11:07:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-22 11:07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-07-22 07:18:10 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\VOPackage
2014-07-22 07:14:56 -------- d-----w- c:\windows\system32\CommandControlFirmware
2014-07-20 11:26:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-20 11:26:48 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
.
============= FINISH: 9:28:00,21 ===============

En nee, had zelf een andere Proxy staan. De PirritSuggestor is in ieder geval weg! Bedankt daarvoor.

**Emphyrio** · 25-07-14, 08:39

Schakel je beveiligingssoftware uit.

Note: Dit script is speciaal bedoeld voor deze PC,
gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

Open een kladblokbestand.
Kopieer het onderstaande en plak dit in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

KillAll::
ClearJavaCache::
DDS::
uProxyServer =-
uProxyOverride =-

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

Open IE
Ga naar Extra > Internetopties > Tabblad Verbindingen.
Klik op LAN-instellingen.
Onder Automatische configuratie moet enkel Instellingen automatisch detecteren aan staan.
Onder Proxyserver mag er niets aangevinkt zijn.

Sluiten door OK > Toepassen > OK

Maak een nieuwe DDS log en post deze ook.

**virtualJac** · 25-07-14, 09:16

ComboFix 14-07-24.01 - j.spruit 25-07-2014 9:56.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3014.1474 [GMT 2:00]
Gestart vanuit: c:\documents and settings\j.spruit.LT-VSH07382\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\j.spruit.LT-VSH07382\Bureaublad\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-06-25 to 2014-07-25 ))))))))))))))))))))))))))))))
.
.
2014-07-25 07:13 . 2014-07-25 07:53 -------- d--h--r- c:\documents and settings\j.spruit.LT-VSH07382\Onlangs geopend
2014-07-25 05:43 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-25 05:43 . 2014-07-25 05:44 -------- d-----w- C:\AdwCleaner
2014-07-24 06:01 . 2014-07-24 06:01 -------- d-----w- c:\program files\CCleaner
2014-07-23 08:05 . 2014-07-23 08:05 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Garmin
2014-07-22 11:10 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-22 11:10 . 2014-07-22 11:10 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-22 11:07 . 2014-07-25 05:22 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-07-22 11:07 . 2014-07-22 11:10 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Malwarebytes
2014-07-22 11:07 . 2014-07-22 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-07-22 11:07 . 2014-07-22 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-07-22 11:07 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-22 07:20 . 2014-07-22 07:30 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\ImgBurn
2014-07-22 07:18 . 2014-07-22 07:18 -------- d-----w- c:\program files\ImgBurn
2014-07-22 07:18 . 2014-07-22 11:35 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\VOPackage
2014-07-22 07:14 . 2014-07-22 07:14 -------- d-----w- c:\windows\system32\CommandControlFirmware
2014-07-22 07:14 . 2014-07-22 07:14 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware
2014-07-20 11:27 . 2014-07-20 11:27 -------- d-----w- c:\program files\Common Files\Java
2014-07-20 11:26 . 2014-07-11 00:36 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-20 11:26 . 2014-07-11 01:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-06 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2014-04-22 1171000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 141656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 181592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 165720]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"ItalusUploader"="c:\program files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSUploader.exe" [2013-06-18 398336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2010-08-06 85528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\j.spruit.LT-VSH07382\Menu Start\Programma's\Opstarten\
Dropbox.lnk - c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Forefront TMG Client.lnk - c:\program files\Forefront TMG Client\FwcMgmt.exe [2011-4-11 240920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sccmrdplauncher]
2013-09-11 02:00 20664 ----a-w- c:\windows\system32\SccmRdpLauncher.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, pwdssp.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\j.spruit.LT-VSH07382\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\j.spruit.LT-VSH07382\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
"6129:TCP"= 6129:TCP

ameWare Mini Remote Control Service
"1745:UDP"= 1745:UDP:Client Notification Channel
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymDS.sys [8-2-2013 16:20 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymEFA.sys [8-2-2013 16:20 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140703.011\BHDrvx86.sys [22-7-2014 8:42 1101616]
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys [8-2-2013 16:20 134304]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15-2-2007 19:00 26624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.sys [8-2-2013 16:20 175264]
R2 BecHelperService;BecHelperService;c:\program files\KPN\Mobiel Internet Software\BecHelperService.exe [20-8-2013 8:44 1917832]
R2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe [11-9-2013 4:00 465592]
R2 CommandControlFirmware;CommandControlFirmware;c:\windows\system32\CommandControlFirmware\CommandCont rolFirmware.exe [22-7-2014 9:14 60965]
R2 FwcAgent;Forefront TMG Client Agent;c:\program files\Forefront TMG Client\FwcAgent.exe [14-10-2009 3:08 275424]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [12-9-2011 18:55 227896]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [22-5-2013 9:46 63448]
R2 OfficeQuickSoftware.exe;OfficeQuickSoftware.exe;c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\OfficeQuickSoftware.exe [22-7-2014 9:14 98341]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2-2-2006 0:49 204800]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [8-2-2013 16:20 143928]
R2 SnowInventoryClient;Inventory Client;c:\program files\INVENTORYCLIENT\client.exe [9-5-2012 0:00 1442304]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [23-8-2011 5:23 2774320]
R2 WMCoreService;Mobile Broadband Service;c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode --> c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode [?]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [28-10-2011 16:25 113664]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [7-2-2007 19:00 3712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11-6-2014 11:00 109872]
R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [20-2-2013 16:35 88104]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [13-9-2011 17:49 1098296]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [20-8-2013 8:44 72832]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140723.012\IDSXpx86.sys [24-7-2014 11:02 383120]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [8-10-2010 14:50 44800]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [28-10-2011 16:28 260864]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [31-10-2011 14:25 144984]
R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [31-10-2011 14:25 23640]
R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [31-10-2011 14:31 123208]
R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [20-2-2013 16:35 14920]
R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [20-2-2013 16:35 139080]
R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [20-2-2013 16:35 132808]
R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [20-2-2013 16:35 24904]
R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [20-2-2013 16:35 150344]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [26-10-2009 14:39 48640]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [11-12-2009 21:54 38912]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k5132.sys --> c:\windows\system32\DRIVERS\e1k5132.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [20-8-2013 8:44 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [20-8-2013 8:44 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [20-8-2013 8:44 117504]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys --> c:\windows\system32\DRIVERS\Impcd.sys [?]
S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [2-8-2012 12:24 48744]
S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [2-8-2012 12:24 48744]
S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETwNx32.sys --> c:\windows\system32\DRIVERS\NETwNx32.sys [?]
S3 RgFltX86;RgFltX86;\??\c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\RgFltX86.sys --> c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\RgFltX86.sys [?]
S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SyDvCtrl32.sys [8-2-2013 16:20 28136]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.ex e XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-20 11:44 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 06:05]
.
2014-07-25 c:\windows\Tasks\Configuration Manager Health Evaluation.job
- c:\windows\CCM\CcmEval.exe [2013-09-11 02:00]
.
2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-21 14:49]
.
2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-21 14:49]
.
2014-07-25 c:\windows\Tasks\User_Feed_Synchronization-{B88E3456-E757-48EE-8C50-908901138682}.job
- c:\windows\system32\msfeedssync.exe [2009-04-06 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://webwerken.vshanab.nl/
uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
uInternet Settings,ProxyServer = http=127.0.0.1:39486
IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: sccm102
Trusted Zone: dm311.local
Trusted Zone: dm311.local\vsh-iws
Trusted Zone: vshanab.nl\webwerken
TCP: DhcpNameServer = 10.228.12.254
TCP: Interfaces\{BE7EF984-206B-4ED2-A547-1B51FCB5ED8B}: NameServer = 192.168.192.1
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://webwerken.vshanab.nl/+CSCOL+/cscopf.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-25 10:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(1716)
c:\windows\system32\SccmRdpLauncher.dll
.
- - - - - - - > 'explorer.exe'(5848)
c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files\KPN\Mobiel Internet Software\LoggerServer.exe
c:\windows\system32\DWRCS.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
c:\windows\CCM\CcmExec.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\Dropbox.exe
c:\program files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSPortMonitorCommunicator.exe
c:\program files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\JAVAKernelScreenshot.exe
c:\windows\system32\msiexec.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
.
**************************************************************************
.
Voltooingstijd: 2014-07-25 10:10:50 - machine werd herstart
ComboFix-quarantined-files.txt 2014-07-25 08:10
ComboFix2.txt 2014-07-25 07:25
.
Pre-Run: 246.328.147.968 bytes beschikbaar
Post-Run: 246.742.675.456 bytes beschikbaar
.
- - End Of File - - 0E918EBAFB2F8088084DBDC0CE16836E
A36C5E4F47E84449FF07ED3517B43A31

**virtualJac** · 25-07-14, 09:17

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.65.2
Run by j.spruit at 10:27:37 on 2014-07-25
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3014.2010 [GMT 2:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\vcsFPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\KPN\Mobiel Internet Software\BecHelperService.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\KPN\Mobiel Internet Software\LoggerServer.exe
C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
C:\WINDOWS\system32\CommandControlFirmware\CommandControlFirmware.exe
C:\WINDOWS\system32\DWRCS.exe
C:\Program Files\Forefront TMG Client\FwcAgent.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files\INVENTORYCLIENT\client.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
C:\WINDOWS\CCM\CcmExec.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSUploader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\DWRCST.exe
C:\Documents and Settings\j.spruit.LT-VSH07382\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Forefront TMG Client\FwcMgmt.exe
C:\Documents and Settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSPortMonitorCommunicator.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Policy Platform\policyHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\CCM\SCNotification.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://webwerken.vshanab.nl/
uProxyServer = hxxp=127.0.0.1:39486
uProxyOverride = *origin.com;*ea.com;*akamaihd.net
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ips\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\common files\primavera common\java\_jvm\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Spotify Web Helper] "c:\documents and settings\j.spruit.lt-vsh07382\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [ItalusUploader] c:\program files\hewlett-packard\hp designjet eprintandshare\HPePSUploader.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\jsprui~1.lt-\menust~1\progra~1\opstar~1\dropbox.lnk - c:\documents and settings\j.spruit.lt-vsh07382\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\forefr~1.lnk - c:\program files\forefront tmg client\FwcMgmt.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: legalnoticecaption = V&SH Beveiligingswaarschuwing
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Verzenden naar Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: sccm102
Trusted Zone: dm311.local
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286529918364
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286530450710
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://webwerken.vshanab.nl/+CSCOL+/cscopf.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.228.12.254
TCP: Interfaces\{BE7EF984-206B-4ED2-A547-1B51FCB5ED8B} : NameServer = 192.168.192.1
TCP: Interfaces\{EF3C6F03-CC15-4FE7-BDA4-1779BD02DEBF} : DHCPNameServer = 10.228.12.254
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\bricsys\bricscad v12\BrxProtIE.dll
Notify: igfxcui - igfxdev.dll
Notify: sccmrdplauncher - SccmRdpLauncher.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SecurityProviders: SecurityProviders = credssp.dll, pwdssp.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymDS.sys [2013-2-8 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymEFA.sys [2013-2-8 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\bashdefs\20140703.011\BHDrvx86.sys [2014-7-22 1101616]
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\ccSetx86.sys [2013-2-8 134304]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\Ironx86.sys [2013-2-8 175264]
R2 BecHelperService;BecHelperService;c:\program files\kpn\mobiel internet software\BecHelperService.exe [2013-8-20 1917832]
R2 CmRcService;Configuration Manager Remote Control;c:\windows\ccm\remctrl\CmRcService.exe [2013-9-11 465592]
R2 CommandControlFirmware;CommandControlFirmware;c:\windows\system32\commandcontrolfirmware\CommandCont rolFirmware.exe [2014-7-22 60965]
R2 FwcAgent;Forefront TMG Client Agent;c:\program files\forefront tmg client\FwcAgent.exe [2009-10-14 275424]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-9-12 227896]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2013-5-22 63448]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ccSvcHst.exe [2013-2-8 143928]
R2 SnowInventoryClient;Inventory Client;c:\program files\inventoryclient\client.exe [2012-5-9 1442304]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-8-23 2774320]
R2 WMCoreService;Mobile Broadband Service;c:\program files\ericsson\mobile broadband drivers\wmcore\wmcore.exe servicemode --> c:\program files\ericsson\mobile broadband drivers\wmcore\WMCore.exe servicemode [?]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-10-28 113664]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-11 109872]
R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [2013-2-20 88104]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\hewlett-packard\hp connection manager\hpCMSrv.exe [2011-9-13 1098296]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-8-20 72832]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\ipsdefs\20140723.012\IDSXpx86.sys [2014-7-24 383120]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-10-8 44800]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-10-28 260864]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-10-31 144984]
R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2011-10-31 23640]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [2011-10-31 123208]
R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [2013-2-20 14920]
R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [2013-2-20 139080]
R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [2013-2-20 132808]
R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [2013-2-20 24904]
R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [2013-2-20 150344]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140723.025\NAVENG.SYS [2014-7-24 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140723.025\NAVEX15.SYS [2014-7-24 1612376]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-26 48640]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-12-11 38912]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\coh_mon.sys --> c:\windows\system32\drivers\COH_Mon.sys [?]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys --> c:\windows\system32\drivers\e1k5132.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-8-20 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-8-20 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-8-20 117504]
S3 Impcd;Impcd;c:\windows\system32\drivers\impcd.sys --> c:\windows\system32\drivers\Impcd.sys [?]
S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\drivers\netwnx32.sys --> c:\windows\system32\drivers\NETwNx32.sys [?]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\SyDvCtrl32.sys [2013-2-8 28136]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.ex e xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-07-25 07:18:47 -------- d-sha-r- C:\cmdcons
2014-07-25 07:16:41 98816 ----a-w- c:\windows\sed.exe
2014-07-25 07:16:41 256000 ----a-w- c:\windows\PEV.exe
2014-07-25 07:16:41 208896 ----a-w- c:\windows\MBR.exe
2014-07-25 07:13:33 -------- d--h--r- c:\documents and settings\j.spruit.lt-vsh07382\Onlangs geopend
2014-07-25 05:43:28 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-25 05:43:15 -------- d-----w- C:\AdwCleaner
2014-07-24 06:01:29 -------- d-----w- c:\program files\CCleaner
2014-07-23 08:05:18 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Garmin
2014-07-22 11:10:39 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-22 11:10:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-22 11:07:52 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-07-22 11:07:52 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Malwarebytes
2014-07-22 11:07:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-07-22 11:07:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-22 11:07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-07-22 07:18:10 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\VOPackage
2014-07-22 07:14:56 -------- d-----w- c:\windows\system32\CommandControlFirmware
2014-07-20 11:26:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-20 11:26:48 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
.
============= FINISH: 10:27:45,57 ===============

Helaas is de Pirrit weer terug.

Mededeling

Servicedesk medewerker heeft malware geïnstalleerd.

Servicedesk medewerker heeft malware geïnstalleerd.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment