Mededeling

Collapse
No announcement yet.

Servicedesk medewerker heeft malware geïnstalleerd.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Servicedesk medewerker heeft malware geïnstalleerd.

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.65.2
    Run by j.spruit at 8:06:44 on 2014-07-24
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3014.1861 [GMT 2:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\vcsFPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IDT\WDM\STacSV.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\KPN\Mobiel Internet Software\BecHelperService.exe
    C:\Program Files\KPN\Mobiel Internet Software\LoggerServer.exe
    C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
    C:\WINDOWS\system32\CommandControlFirmware\CommandControlFirmware.exe
    C:\WINDOWS\system32\DWRCS.exe
    C:\Program Files\Forefront TMG Client\FwcAgent.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\LxrSII1s.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Documents and Settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\OfficeQuickSoftware.exe
    c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    C:\Program Files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSUploader.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\j.spruit.LT-VSH07382\Application Data\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\Forefront TMG Client\FwcMgmt.exe
    C:\Program Files\INVENTORYCLIENT\client.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    C:\Program Files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
    C:\WINDOWS\CCM\CcmExec.exe
    C:\Documents and Settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\Dropbox.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSPortMonitorCommunicator.exe
    C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\WINDOWS\system32\DWRCST.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
    C:\Documents and Settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\JAVAKernelScreenshot.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\CCM\SCNotification.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://webwerken.vshanab.nl/
    uProxyServer = hxxp=127.0.0.1:35915
    uProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
    BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ips\IPSBHO.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\common files\primavera common\java\_jvm\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Spotify Web Helper] "c:\documents and settings\j.spruit.lt-vsh07382\application data\spotify\data\SpotifyWebHelper.exe"
    mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [ItalusUploader] c:\program files\hewlett-packard\hp designjet eprintandshare\HPePSUploader.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
    StartupFolder: c:\docume~1\jsprui~1.lt-\menust~1\progra~1\opstar~1\dropbox.lnk - c:\documents and settings\j.spruit.lt-vsh07382\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\forefr~1.lnk - c:\program files\forefront tmg client\FwcMgmt.exe
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\update~1.lnk - c:\program files\kpn\mobiel internet software\AutoUpdateSrv.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: legalnoticecaption = V&SH Beveiligingswaarschuwing
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Verzenden naar Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\program files\forefront tmg client\FwcWsp.dll
    Trusted Zone: sccm102
    Trusted Zone: dm311.local
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286529918364
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286530450710
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://webwerken.vshanab.nl/+CSCOL+/cscopf.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 10.228.12.254
    TCP: Interfaces\{BE7EF984-206B-4ED2-A547-1B51FCB5ED8B} : NameServer = 192.168.192.1
    TCP: Interfaces\{EF3C6F03-CC15-4FE7-BDA4-1779BD02DEBF} : DHCPNameServer = 10.228.12.254
    Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\bricsys\bricscad v12\BrxProtIE.dll
    Notify: igfxcui - igfxdev.dll
    Notify: sccmrdplauncher - SccmRdpLauncher.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    SecurityProviders: SecurityProviders = credssp.dll, pwdssp.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymDS.sys [2013-2-8 368288]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymEFA.sys [2013-2-8 927904]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\bashdefs\20140703.011\BHDrvx86.sys [2014-7-22 1101616]
    R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\ccSetx86.sys [2013-2-8 134304]
    R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\Ironx86.sys [2013-2-8 175264]
    R2 BecHelperService;BecHelperService;c:\program files\kpn\mobiel internet software\BecHelperService.exe [2013-8-20 1917832]
    R2 CmRcService;Configuration Manager Remote Control;c:\windows\ccm\remctrl\CmRcService.exe [2013-9-11 465592]
    R2 CommandControlFirmware;CommandControlFirmware;c:\windows\system32\commandcontrolfirmware\CommandCont rolFirmware.exe [2014-7-22 60965]
    R2 FwcAgent;Forefront TMG Client Agent;c:\program files\forefront tmg client\FwcAgent.exe [2009-10-14 275424]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-9-12 227896]
    R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2013-5-22 63448]
    R2 OfficeQuickSoftware.exe;OfficeQuickSoftware.exe;c:\documents and settings\j.spruit.lt-vsh07382\local settings\application data\officequicksoftware\OfficeQuickSoftware.exe [2014-7-22 98341]
    R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
    R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
    R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ccSvcHst.exe [2013-2-8 143928]
    R2 SnowInventoryClient;Inventory Client;c:\program files\inventoryclient\client.exe [2012-5-9 1442304]
    R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-8-23 2774320]
    R2 WMCoreService;Mobile Broadband Service;c:\program files\ericsson\mobile broadband drivers\wmcore\wmcore.exe servicemode --> c:\program files\ericsson\mobile broadband drivers\wmcore\WMCore.exe servicemode [?]
    R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-10-28 113664]
    R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-11 109872]
    R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [2013-2-20 88104]
    R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\hewlett-packard\hp connection manager\hpCMSrv.exe [2011-9-13 1098296]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-8-20 72832]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\ipsdefs\20140722.011\IDSXpx86.sys [2014-7-23 383120]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-10-8 44800]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-10-28 260864]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-10-31 144984]
    R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2011-10-31 23640]
    R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [2011-10-31 123208]
    R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [2013-2-20 14920]
    R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [2013-2-20 139080]
    R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [2013-2-20 132808]
    R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [2013-2-20 24904]
    R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [2013-2-20 150344]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140722.008\NAVENG.SYS [2014-7-23 93272]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140722.008\NAVEX15.SYS [2014-7-23 1612376]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-26 48640]
    S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-12-11 38912]
    S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\coh_mon.sys --> c:\windows\system32\drivers\COH_Mon.sys [?]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys --> c:\windows\system32\drivers\e1k5132.sys [?]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-8-20 102784]
    S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-8-20 11136]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-8-20 117504]
    S3 Impcd;Impcd;c:\windows\system32\drivers\impcd.sys --> c:\windows\system32\drivers\Impcd.sys [?]
    S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
    S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
    S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\drivers\netwnx32.sys --> c:\windows\system32\drivers\NETwNx32.sys [?]
    S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\SyDvCtrl32.sys [2013-2-8 28136]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
    S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.ex e xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"
    .
    =============== Created Last 30 ================
    .
    2014-07-24 06:03:08 -------- d--h--r- c:\documents and settings\j.spruit.lt-vsh07382\Onlangs geopend
    2014-07-24 06:01:29 -------- d-----w- c:\program files\CCleaner
    2014-07-23 08:05:18 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Garmin
    2014-07-22 11:10:39 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-07-22 11:10:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-07-22 11:07:52 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2014-07-22 11:07:52 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Malwarebytes
    2014-07-22 11:07:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2014-07-22 11:07:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-07-22 11:07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2014-07-22 07:18:10 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\VOPackage
    2014-07-22 07:14:56 -------- d-----w- c:\windows\system32\CommandControlFirmware
    2014-07-22 07:14:40 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\local settings\application data\OfficeQuickSoftware
    2014-07-22 07:14:08 18272 ----a-w- c:\windows\system32\roboot.exe
    2014-07-20 11:26:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
    2014-07-20 11:26:48 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 8:07:05,42 ===============
    If it was safe, it wasn't that fun

  • #2
    Heb een gedeelte weggekregen met CCcleaner en Malwarebytes. Blijf echter last houden van pop-ups en PirritSuggestor. Bovenstaand mijn DDS log.

    Ter info, betreft een bedrijfslaptop! Medewerker bij de servicebalie zou een brandprogramma met licentie installeren voor me, echter heeft hij ImgBurn Freeware geïnstalleerd en op de verkeerde 'Download' knop geklikt.
    Last edited by virtualJac; 24-07-14, 07:13.
    If it was safe, it wasn't that fun

    Comment


    • #3
      Hoi

      Een bedrijfslaptop moet behandeld worden door het bedrijf (de sysadmin).
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        Ik ben admin. Werk op projecten en kom zelden op hoofdkantoor, vandaar dat deze verantwoordelijkheid bij ons zelf ligt.
        Last edited by virtualJac; 24-07-14, 13:59.
        If it was safe, it wasn't that fun

        Comment


        • #5
          Als je de Systeembeheerder van het bedrijf bent lijkt het me onwaarschijnlijk dat je dit probleem niet kan tackelen.
          Tenslotte is het je (betaalde) job en wij (de behandelaars) doen dit gratis.

          Ik ga even navraag doen bij onze Administrator
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            Dat zeg ik niet. Ik ben geen systeembeheerder. Ik ben administrator, zodat ik zelf het onderhoud/problemsolving aan mijn systeem kan doen. Hiermee ben ik ook meteen zelf verantwoordelijk. Het is me zes jaar gelukt om spywarevrij te blijven en nu door een onoplettende service medewerker is het er dan toch van gekomen.

            Ik gebruik deze ook privé en voor mijn opleiding, dus los ik het liever zelf op zodat ik hier zsm weer mee aan de slag kan. Anders ben ik hem voor drie weken kwijt (bouwvakantie).

            In ieder geval bedankt voor de moeite! Zou me echt enorm helpen.
            If it was safe, it wasn't that fun

            Comment


            • #7
              Ik zal deze pc uitzonderlijk éénmalig behandelen, mede omdat je Windows XP gebruikt.

              Je werkt met een OS dat niet meer ondersteund wordt: XP
              Dit OS behandelen op malware is hetzelfde als dweilen met de kraan open. Nutteloos dus

              Een paar mogelijkheden opsgesomd:

              - Of je koopt een nieuwe pc (ik kan me niet indenken dat een pc die draait op een XP geschikt is voor W 8.1)

              - Of je zet je XP machine offline. Dus niet aan het internet (dus ook niet verbonden met andere pc's via een router die wél op het internet kunnen).

              - Of (en dat is eveneens een mogelijkheid) je zet er Linux op (desnoods met Wine = Windows omgeving).



              Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
              .
              • Log enkel in als beheerder met alle rechten.
              • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
              • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
              • Volg aandachtig de instructies die door mij worden gegeven.
              • Volg enkel het door mij gegeven advies op
              • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
              • Als je iets niet weet of verstaat, vraag het dan even aub.
              • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
              • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
              • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
              • De logs niet als bijlage, noch tussen codetags zetten aub.

              .
              Opmerking: Alle tools steeds uitvoeren als admin.
              De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

              Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



              Stap 1:

              Malware scannen en verwijderen....

              Heb je MBAM reeds op je pc staan, moet je niet downloaden uiteraard.

              Download Malwarebytes Anti-Malware naar je bureaublad .

              Dubbelklik op mbam-setup.exe om het programma te installeren.

              Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
              Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

              KLIK HIER voor een vergroting! 
              Klik op de foto voor een vergroting...

              Zorg dat er na de installatie een vinkje is geplaatst bij:
              • Update MalwareBytes' Anti-Malware
              • Start MalwareBytes' Anti-Malware
              • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.



              Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
              • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
              • Ga naar het tabblad "Updates" en Update MBAM.
              • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
              • Druk vervolgens op "Scannen" om de scan te starten.
              • Het scannen kan een tijdje duren, dus wees geduldig.
              • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
              • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
              • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

              .
              Indien MBAM vraagt om een herstart, doe dit dan ook.
              Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
              In dat geval post je dus de twee logs. Dus een tweede "snelle scan" log enkel indien de VOLLEDIGE scan "iets" gevonden heeft.

              De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


              Bij problemen!!!

              .___________________________________________________________

              Stap 2:

              Controle op slechte toolbars...

              Download AdwCleaner by Xplode naar je Bureaublad.
              • Sluit alle openstaande vensters
              • Start AdwCleaner
              • Klik op Scannen
              • Klik op Verwijderen
              • KLIK HIER voor een vergroting! 

              Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
              Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
              Post deze inhoud hier op het Forum.

              Enkel de log na de "Verwijderen" optie heb ik nodig.

              Vergeet niet om je "smileys" uit te schakelen.

              Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
              Deze word standaard door AdwCleaner terug gezet naar Google.com
              ___________________________________________________________

              Stap 3:

              Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


              DDS is een diagnosetool en maakt gebruik van scripts.
              Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


              Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
              Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
              Beide logfiles sla je op je bureaublad.

              Post de inhoud van DDS.txt.

              De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


              ___________________________________________________________

              Stap 4:

              Download Security Check op je bureaublad via hier of hier

              Start Security Check
              Volg de Instructies in het scherm
              Aan het eind verschijnt een log ( checkup.txt )
              Plaats de inhoud ervan in je volgende antwoord.


              In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
              .
              • MBAM
              • AdwCleaner
              • DDS
              • checkup.txt

              .
              Deze logs NIET als bijlage of tussen codetags posten aub.
              (Desnoods in meerdere postingen.)

              Emphyrio
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Malwarebytes Anti-Malware
                www.malwarebytes.org

                Scandatum: 25-7-2014
                Scantijd: 7:26:16
                Logbestand: MalwareBytes.txt
                Beheerder: Ja

                Versie: 2.00.2.1012
                Malwaredatabase: v2014.07.25.01
                Rootkitdatabase: v2014.07.17.01
                Licentie: Gratis
                Malwarebescherming: Uitgeschakeld
                Kwaadaardige Website Bescherming: Uitgeschakeld
                Self-protection: Uitgeschakeld

                Besturingssysteem: Windows XP Service Pack 3
                Processor: x86
                Bestandssysteem: NTFS
                Gebruiker: j.spr

                Scantype: Bedreigingsscan
                Resultaat: Voltooid
                Objecten Gescand: 540012
                Verstreken Tijd: 14 m, 53 s

                Geheugen: Ingeschakeld
                Opstarten: Ingeschakeld
                Bestandssysteem: Ingeschakeld
                Archieven: Ingeschakeld
                Rootkits: Uitgeschakeld
                Heuristics: Ingeschakeld
                POP: Waarschuwen
                POA: Ingeschakeld

                Processen: 0
                (No malicious items detected)

                Modules: 0
                (No malicious items detected)

                Registersleutels: 0
                (No malicious items detected)

                Registerwaardes: 0
                (No malicious items detected)

                Registerdata: 0
                (No malicious items detected)

                Mappen: 0
                (No malicious items detected)

                Bestanden: 2
                PUP.Optional.Superfish.A, C:\Documents and Settings\j.spruit.LT-VSH07382\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [5f56346fadce9f97b4e3f0e9fe04c937],
                PUP.Optional.Superfish.A, C:\Documents and Settings\j.spruit.LT-VSH07382\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [3c796d36cab15cdaa6f1f4e5e81a1ae6],

                Fysieke Sectoren: 0
                (No malicious items detected)


                (end)





                # AdwCleaner v3.216 - Rapport aangemaakt 25/07/2014 op 07:44:35
                # Laatste Update 17/07/2014 door Xplode
                # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
                # Gebruikersnaam : j.spruit - LT-VSH07382
                # Gestart vanuit : C:\Documents and Settings\j.spruit.LT-VSH07382\Bureaublad\adwcleaner_3.216.exe
                # Optie : Verwijderen

                ***** [ Services ] *****


                ***** [ Bestanden / Mappen ] *****

                Map Verwijderd : C:\Program Files\driver-soft
                Bestand Verwijderd : C:\WINDOWS\system32\roboot.exe

                ***** [ Snelkoppelingen ] *****


                ***** [ Register ] *****

                Sleutel Verwijderd : HKCU\Software\systweak
                Sleutel Verwijderd : HKLM\Software\systweak
                Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage

                ***** [ Browsers ] *****

                -\\ Internet Explorer v8.0.6001.18702


                -\\ Google Chrome v36.0.1985.125

                *************************

                AdwCleaner[R0].txt - [1032 octets] - [25/07/2014 07:43:16]
                AdwCleaner[S0].txt - [968 octets] - [25/07/2014 07:44:35]

                ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1027 octets] ##########
                If it was safe, it wasn't that fun

                Comment


                • #9
                  DDS (Ver_2012-11-20.01) - NTFS_x86
                  Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.65.2
                  Run by j.spruit at 7:48:51 on 2014-07-25
                  Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3014.2195 [GMT 2:00]
                  .
                  AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
                  FW: Symantec Endpoint Protection *Enabled*
                  .
                  ============== Running Processes ================
                  .
                  C:\WINDOWS\system32\vcsFPService.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\IDT\WDM\STacSV.exe
                  C:\Program Files\LSI SoftModem\agrsmsvc.exe
                  C:\Program Files\KPN\Mobiel Internet Software\BecHelperService.exe
                  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
                  C:\Program Files\KPN\Mobiel Internet Software\LoggerServer.exe
                  C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
                  C:\WINDOWS\system32\CommandControlFirmware\CommandControlFirmware.exe
                  C:\WINDOWS\system32\DWRCS.exe
                  C:\Program Files\Forefront TMG Client\FwcAgent.exe
                  C:\Program Files\Google\Update\GoogleUpdate.exe
                  C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
                  C:\Program Files\Java\jre7\bin\jqs.exe
                  C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
                  C:\WINDOWS\system32\LxrSII1s.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
                  c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
                  C:\WINDOWS\system32\DWRCST.exe
                  C:\WINDOWS\system32\WgaTray.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
                  C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
                  C:\Program Files\INVENTORYCLIENT\client.exe
                  C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
                  C:\Program Files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
                  C:\WINDOWS\CCM\CcmExec.exe
                  C:\WINDOWS\system32\AESTFltr.exe
                  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  C:\WINDOWS\system32\igfxtray.exe
                  C:\WINDOWS\system32\hkcmd.exe
                  C:\WINDOWS\system32\igfxpers.exe
                  C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
                  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
                  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
                  C:\Program Files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSUploader.exe
                  C:\Program Files\Common Files\Java\Java Update\jusched.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Documents and Settings\j.spruit.LT-VSH07382\Application Data\Spotify\Data\SpotifyWebHelper.exe
                  C:\Program Files\Forefront TMG Client\FwcMgmt.exe
                  c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                  C:\WINDOWS\system32\wbem\wmiprvse.exe
                  C:\Documents and Settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\Dropbox.exe
                  C:\Program Files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSPortMonitorCommunicator.exe
                  C:\WINDOWS\System32\svchost.exe -k netsvcs
                  C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
                  C:\WINDOWS\system32\svchost.exe -k NetworkService
                  C:\WINDOWS\system32\svchost.exe -k LocalService
                  C:\WINDOWS\system32\svchost.exe -k LocalService
                  C:\WINDOWS\system32\svchost.exe -k imgsvc
                  .
                  ============== Pseudo HJT Report ===============
                  .
                  uStart Page = hxxp://webwerken.vshanab.nl/
                  uProxyServer = hxxp=127.0.0.1:16313
                  uProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
                  BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ips\IPSBHO.dll
                  BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
                  BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                  BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
                  BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\common files\primavera common\java\_jvm\lib\deploy\jqs\ie\jqs_plugin.dll
                  BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                  TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                  TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                  uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
                  uRun: [Spotify Web Helper] "c:\documents and settings\j.spruit.lt-vsh07382\application data\spotify\data\SpotifyWebHelper.exe"
                  mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
                  mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
                  mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
                  mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
                  mRun: [Persistence] c:\windows\system32\igfxpers.exe
                  mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe
                  mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
                  mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
                  mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
                  mRun: [ItalusUploader] c:\program files\hewlett-packard\hp designjet eprintandshare\HPePSUploader.exe
                  mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
                  mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
                  dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
                  dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
                  StartupFolder: c:\docume~1\jsprui~1.lt-\menust~1\progra~1\opstar~1\dropbox.lnk - c:\documents and settings\j.spruit.lt-vsh07382\application data\dropbox\bin\Dropbox.exe
                  StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\forefr~1.lnk - c:\program files\forefront tmg client\FwcMgmt.exe
                  StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\update~1.lnk - c:\program files\kpn\mobiel internet software\AutoUpdateSrv.exe
                  uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
                  mPolicies-System: legalnoticecaption = V&SH Beveiligingswaarschuwing
                  mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
                  IE: Converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
                  IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                  IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                  IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
                  IE: Toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
                  IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
                  IE: Verzenden naar Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
                  IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                  IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
                  IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
                  IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
                  Trusted Zone: sccm102
                  Trusted Zone: dm311.local
                  DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286529918364
                  DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286530450710
                  DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
                  DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://webwerken.vshanab.nl/+CSCOL+/cscopf.cab
                  DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
                  DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
                  TCP: NameServer = 10.228.12.254
                  TCP: Interfaces\{BE7EF984-206B-4ED2-A547-1B51FCB5ED8B} : NameServer = 192.168.192.1
                  TCP: Interfaces\{EF3C6F03-CC15-4FE7-BDA4-1779BD02DEBF} : DHCPNameServer = 10.228.12.254
                  Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\bricsys\bricscad v12\BrxProtIE.dll
                  Notify: igfxcui - igfxdev.dll
                  Notify: sccmrdplauncher - SccmRdpLauncher.dll
                  SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
                  SecurityProviders: SecurityProviders = credssp.dll, pwdssp.dll
                  mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                  .
                  ============= SERVICES / DRIVERS ===============
                  .
                  R?2 CommandControlFirmware;CommandControlFirmware;c:\windows\system32\commandcontrolfirmware\CommandCont rolFirmware.exe [2014-7-22 60965]
                  R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymDS.sys [2013-2-8 368288]
                  R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymEFA.sys [2013-2-8 927904]
                  R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\bashdefs\20140703.011\BHDrvx86.sys [2014-7-22 1101616]
                  R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\ccSetx86.sys [2013-2-8 134304]
                  R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
                  R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\Ironx86.sys [2013-2-8 175264]
                  R2 BecHelperService;BecHelperService;c:\program files\kpn\mobiel internet software\BecHelperService.exe [2013-8-20 1917832]
                  R2 CmRcService;Configuration Manager Remote Control;c:\windows\ccm\remctrl\CmRcService.exe [2013-9-11 465592]
                  R2 FwcAgent;Forefront TMG Client Agent;c:\program files\forefront tmg client\FwcAgent.exe [2009-10-14 275424]
                  R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-9-12 227896]
                  R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2013-5-22 63448]
                  R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
                  R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
                  R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ccSvcHst.exe [2013-2-8 143928]
                  R2 SnowInventoryClient;Inventory Client;c:\program files\inventoryclient\client.exe [2012-5-9 1442304]
                  R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-8-23 2774320]
                  R2 WMCoreService;Mobile Broadband Service;c:\program files\ericsson\mobile broadband drivers\wmcore\wmcore.exe servicemode --> c:\program files\ericsson\mobile broadband drivers\wmcore\WMCore.exe servicemode [?]
                  R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-10-28 113664]
                  R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
                  R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-11 109872]
                  R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [2013-2-20 88104]
                  R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-8-20 72832]
                  R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\ipsdefs\20140723.012\IDSXpx86.sys [2014-7-24 383120]
                  R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-10-8 44800]
                  R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-10-28 260864]
                  R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-10-31 144984]
                  R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2011-10-31 23640]
                  R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [2011-10-31 123208]
                  R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [2013-2-20 14920]
                  R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [2013-2-20 139080]
                  R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [2013-2-20 132808]
                  R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [2013-2-20 24904]
                  R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [2013-2-20 150344]
                  R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140723.025\NAVENG.SYS [2014-7-24 93272]
                  R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140723.025\NAVEX15.SYS [2014-7-24 1612376]
                  S?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                  S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-26 48640]
                  S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-12-11 38912]
                  S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\coh_mon.sys --> c:\windows\system32\drivers\COH_Mon.sys [?]
                  S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys --> c:\windows\system32\drivers\e1k5132.sys [?]
                  S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-8-20 102784]
                  S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-8-20 11136]
                  S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-8-20 117504]
                  S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\hewlett-packard\hp connection manager\hpCMSrv.exe [2011-9-13 1098296]
                  S3 Impcd;Impcd;c:\windows\system32\drivers\impcd.sys --> c:\windows\system32\drivers\Impcd.sys [?]
                  S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
                  S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
                  S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\drivers\netwnx32.sys --> c:\windows\system32\drivers\NETwNx32.sys [?]
                  S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\SyDvCtrl32.sys [2013-2-8 28136]
                  S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
                  S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
                  S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.ex e xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
                  .
                  =============== File Associations ===============
                  .
                  FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"
                  .
                  =============== Created Last 30 ================
                  .
                  2014-07-25 05:43:28 536576 ----a-w- c:\windows\system32\sqlite3.dll
                  2014-07-25 05:43:15 -------- d-----w- C:\AdwCleaner
                  2014-07-24 06:03:08 -------- d--h--r- c:\documents and settings\j.spruit.lt-vsh07382\Onlangs geopend
                  2014-07-24 06:01:29 -------- d-----w- c:\program files\CCleaner
                  2014-07-23 08:05:18 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Garmin
                  2014-07-22 11:10:39 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
                  2014-07-22 11:10:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
                  2014-07-22 11:07:52 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
                  2014-07-22 11:07:52 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Malwarebytes
                  2014-07-22 11:07:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
                  2014-07-22 11:07:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
                  2014-07-22 11:07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
                  2014-07-22 07:18:10 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\VOPackage
                  2014-07-22 07:14:56 -------- d-----w- c:\windows\system32\CommandControlFirmware
                  2014-07-20 11:26:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
                  2014-07-20 11:26:48 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
                  .
                  ==================== Find3M ====================
                  .
                  .
                  ============= FINISH: 7:55:48,21 ===============



                  Results of screen317's Security Check version 0.99.86
                  Windows XP Service Pack 3 x86
                  Internet Explorer 8
                  ``````````````Antivirus/Firewall Check:``````````````
                  Windows Security Center service is not running! This report may not be accurate!
                  Symantec Endpoint Protection
                  Antivirus up to date!
                  `````````Anti-malware/Other Utilities Check:`````````
                  CCleaner
                  Java 7 Update 65
                  Adobe Reader 10.1.8 Adobe Reader out of Date!
                  Google Chrome 35.0.1916.153
                  Google Chrome 36.0.1985.125
                  ````````Process Check: objlist.exe by Laurent````````
                  Norton ccSvcHst.exe
                  `````````````````System Health check`````````````````
                  Total Fragmentation on Drive C::
                  ````````````````````End of Log``````````````````````





                  Na de vakantie zal ik mijn OS updaten. Betreft een vrij recente HP Probook welke wel standaard met Windows 8 geleverd is.
                  If it was safe, it wasn't that fun

                  Comment


                  • #10
                    Heb je deze zelf ingesteld?

                    uProxyServer = hxxp=127.0.0.1:16313
                    uProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net



                    Download of Update Ccleaner

                    Start CCleaner op.
                    • Run Ccleaner en klik in de linkse kolom op Opties
                    • Selecteer het tabblad Geavanceerd
                    • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                    • Selecteer het tabblad Instellingen
                    • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                    • Klik in de linkse kolom op Cleaner.
                    • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                    • Klik vervolgens in de linkse kolom op Register
                    • Klik op Scan naar problemen.
                    • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                    • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                    .


                    Download Combofix naar je bureaublad.
                    (Dus niet naar een download map of temp map)

                    Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                    Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

                    Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                    Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                    Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                    Als Combofix vraagt om een update, dan staat je dit toe.

                    Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                    Deze kan je vinden als C:\combofix.txt.

                    Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                    * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                    • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                    • Illegal operation attempted on a registry key that has been marked for deletion.
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      ComboFix 14-07-24.01 - j.spruit 25-07-2014 9:19.1.4 - x86
                      Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3014.2091 [GMT 2:00]
                      Gestart vanuit: c:\documents and settings\j.spruit.LT-VSH07382\Bureaublad\ComboFix.exe
                      AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
                      FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
                      * Nieuw herstelpunt werd aangemaakt
                      .
                      .
                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      c:\documents and settings\All Users\Application Data\TEMP
                      c:\program files\Internet Explorer\SET1EC.tmp
                      c:\program files\Internet Explorer\SET1F0.tmp
                      c:\program files\Internet Explorer\SET1F1.tmp
                      c:\windows\system32\SET12E.tmp
                      c:\windows\system32\SET148.tmp
                      c:\windows\system32\SET161.tmp
                      c:\windows\system32\SET162.tmp
                      c:\windows\system32\SET164.tmp
                      c:\windows\system32\SET165.tmp
                      c:\windows\system32\SET166.tmp
                      c:\windows\system32\SET174.tmp
                      c:\windows\system32\SET195.tmp
                      c:\windows\system32\SET1AC.tmp
                      c:\windows\system32\SET1B2.tmp
                      c:\windows\system32\SET207.tmp
                      c:\windows\system32\SET208.tmp
                      c:\windows\system32\SET209.tmp
                      c:\windows\system32\SET20A.tmp
                      c:\windows\system32\SET20B.tmp
                      c:\windows\system32\SET20C.tmp
                      c:\windows\system32\SET20D.tmp
                      c:\windows\system32\SET20E.tmp
                      c:\windows\system32\SET20F.tmp
                      c:\windows\system32\SET212.tmp
                      c:\windows\system32\SET213.tmp
                      c:\windows\system32\SET214.tmp
                      c:\windows\system32\SET215.tmp
                      c:\windows\system32\SET216.tmp
                      c:\windows\system32\SET217.tmp
                      c:\windows\system32\SET219.tmp
                      c:\windows\system32\SET21B.tmp
                      c:\windows\system32\SET21C.tmp
                      c:\windows\system32\SET21D.tmp
                      c:\windows\system32\SET21E.tmp
                      c:\windows\system32\SET21F.tmp
                      c:\windows\system32\SET221.tmp
                      c:\windows\system32\SET222.tmp
                      c:\windows\system32\SET223.tmp
                      c:\windows\system32\SET224.tmp
                      c:\windows\system32\SET225.tmp
                      c:\windows\system32\SET226.tmp
                      c:\windows\system32\SET227.tmp
                      c:\windows\system32\SET228.tmp
                      c:\windows\system32\SET229.tmp
                      c:\windows\system32\SET22A.tmp
                      c:\windows\system32\SET22C.tmp
                      c:\windows\system32\SET22D.tmp
                      c:\windows\system32\SET22E.tmp
                      c:\windows\system32\SET22F.tmp
                      c:\windows\system32\SET230.tmp
                      c:\windows\system32\SET231.tmp
                      c:\windows\system32\SET233.tmp
                      c:\windows\system32\SET234.tmp
                      c:\windows\system32\SET235.tmp
                      c:\windows\system32\SET236.tmp
                      c:\windows\system32\SET237.tmp
                      c:\windows\system32\SET238.tmp
                      c:\windows\system32\SET239.tmp
                      c:\windows\system32\SET23A.tmp
                      c:\windows\system32\SET23B.tmp
                      c:\windows\system32\SET23C.tmp
                      c:\windows\system32\SET268.tmp
                      c:\windows\system32\SET276.tmp
                      c:\windows\system32\SET277.tmp
                      c:\windows\system32\SET27A.tmp
                      c:\windows\system32\SET283.tmp
                      c:\windows\system32\SET286.tmp
                      c:\windows\system32\SET287.tmp
                      c:\windows\system32\SET28D.tmp
                      c:\windows\system32\SET2AC.tmp
                      c:\windows\system32\SET2AD.tmp
                      c:\windows\system32\SET2B9.tmp
                      c:\windows\system32\SET2F1.tmp
                      c:\windows\system32\SET315.tmp
                      c:\windows\system32\SET32C.tmp
                      c:\windows\system32\SET364.tmp
                      .
                      .
                      (((((((((((((((((((( Bestanden Gemaakt van 2014-06-25 to 2014-07-25 ))))))))))))))))))))))))))))))
                      .
                      .
                      2014-07-25 07:13 . 2014-07-25 07:13 -------- d--h--r- c:\documents and settings\j.spruit.LT-VSH07382\Onlangs geopend
                      2014-07-25 05:43 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
                      2014-07-25 05:43 . 2014-07-25 05:44 -------- d-----w- C:\AdwCleaner
                      2014-07-24 06:01 . 2014-07-24 06:01 -------- d-----w- c:\program files\CCleaner
                      2014-07-23 08:05 . 2014-07-23 08:05 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Garmin
                      2014-07-22 11:10 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
                      2014-07-22 11:10 . 2014-07-22 11:10 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
                      2014-07-22 11:07 . 2014-07-25 05:22 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
                      2014-07-22 11:07 . 2014-07-22 11:10 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Malwarebytes
                      2014-07-22 11:07 . 2014-07-22 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
                      2014-07-22 11:07 . 2014-07-22 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
                      2014-07-22 11:07 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
                      2014-07-22 07:20 . 2014-07-22 07:30 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\ImgBurn
                      2014-07-22 07:18 . 2014-07-22 07:18 -------- d-----w- c:\program files\ImgBurn
                      2014-07-22 07:18 . 2014-07-22 11:35 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\VOPackage
                      2014-07-22 07:14 . 2014-07-22 07:14 -------- d-----w- c:\windows\system32\CommandControlFirmware
                      2014-07-22 07:14 . 2014-07-22 07:14 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware
                      2014-07-20 11:27 . 2014-07-20 11:27 -------- d-----w- c:\program files\Common Files\Java
                      2014-07-20 11:26 . 2014-07-11 00:36 145408 ----a-w- c:\windows\system32\javacpl.cpl
                      2014-07-20 11:26 . 2014-07-11 01:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
                      .
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      .
                      ------- Sigcheck -------
                      Note: Unsigned files aren't necessarily malware.
                      .
                      [-] 2009-04-06 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
                      .
                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                      REGEDIT4
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt1"]
                      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                      2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt2"]
                      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                      2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt3"]
                      @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
                      2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt4"]
                      @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
                      2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt5"]
                      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                      2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt6"]
                      @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
                      2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt7"]
                      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                      2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt8"]
                      @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
                      2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                      .
                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "Spotify Web Helper"="c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2014-04-22 1171000]
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280]
                      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
                      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 141656]
                      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 181592]
                      "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 165720]
                      "HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
                      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
                      "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
                      "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
                      "ItalusUploader"="c:\program files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSUploader.exe" [2013-06-18 398336]
                      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
                      "DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2010-08-06 85528]
                      .
                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
                      .
                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
                      "_nltide_2"="shell32" [X]
                      .
                      c:\documents and settings\j.spruit.LT-VSH07382\Menu Start\Programma's\Opstarten\
                      Dropbox.lnk - c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
                      .
                      c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
                      Forefront TMG Client.lnk - c:\program files\Forefront TMG Client\FwcMgmt.exe [2011-4-11 240920]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sccmrdplauncher]
                      2013-09-11 02:00 20664 ----a-w- c:\windows\system32\SccmRdpLauncher.dll
                      .
                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
                      SecurityProviders credssp.dll, pwdssp.dll
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                      @="Driver"
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                      "DisableMonitoring"=dword:00000001
                      .
                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                      "EnableFirewall"= 0 (0x0)
                      "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
                      .
                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                      "%windir%\\system32\\sessmgr.exe"=
                      "c:\\Documents and Settings\\j.spruit.LT-VSH07382\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
                      "c:\\Documents and Settings\\j.spruit.LT-VSH07382\\Application Data\\Spotify\\spotify.exe"=
                      "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
                      .
                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                      "3389:TCP"= 3389:TCPxpsp2res.dll,-22009
                      "6129:TCP"= 6129:TCPameWare Mini Remote Control Service
                      "1745:UDP"= 1745:UDP:Client Notification Channel
                      .
                      R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymDS.sys [8-2-2013 16:20 368288]
                      R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymEFA.sys [8-2-2013 16:20 927904]
                      R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140703.011\BHDrvx86.sys [22-7-2014 8:42 1101616]
                      R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys [8-2-2013 16:20 134304]
                      R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15-2-2007 19:00 26624]
                      R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.sys [8-2-2013 16:20 175264]
                      R2 BecHelperService;BecHelperService;c:\program files\KPN\Mobiel Internet Software\BecHelperService.exe [20-8-2013 8:44 1917832]
                      R2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe [11-9-2013 4:00 465592]
                      R2 CommandControlFirmware;CommandControlFirmware;c:\windows\system32\CommandControlFirmware\CommandCont rolFirmware.exe [22-7-2014 9:14 60965]
                      R2 FwcAgent;Forefront TMG Client Agent;c:\program files\Forefront TMG Client\FwcAgent.exe [14-10-2009 3:08 275424]
                      R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [12-9-2011 18:55 227896]
                      R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [22-5-2013 9:46 63448]
                      R2 OfficeQuickSoftware.exe;OfficeQuickSoftware.exe;c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\OfficeQuickSoftware.exe [22-7-2014 9:14 98341]
                      R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
                      R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [8-2-2013 16:20 143928]
                      R2 SnowInventoryClient;Inventory Client;c:\program files\INVENTORYCLIENT\client.exe [9-5-2012 0:00 1442304]
                      R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [23-8-2011 5:23 2774320]
                      R2 WMCoreService;Mobile Broadband Service;c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode --> c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode [?]
                      R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [28-10-2011 16:25 113664]
                      R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [7-2-2007 19:00 3712]
                      R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11-6-2014 11:00 109872]
                      R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [20-2-2013 16:35 88104]
                      R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [13-9-2011 17:49 1098296]
                      R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [20-8-2013 8:44 72832]
                      R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140723.012\IDSXpx86.sys [24-7-2014 11:02 383120]
                      R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [8-10-2010 14:50 44800]
                      R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [28-10-2011 16:28 260864]
                      R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [31-10-2011 14:25 144984]
                      R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [31-10-2011 14:25 23640]
                      R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [31-10-2011 14:31 123208]
                      R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [20-2-2013 16:35 14920]
                      R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [20-2-2013 16:35 139080]
                      R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [20-2-2013 16:35 132808]
                      R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [20-2-2013 16:35 24904]
                      R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [20-2-2013 16:35 150344]
                      S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2-2-2006 0:49 204800]
                      S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [26-10-2009 14:39 48640]
                      S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [11-12-2009 21:54 38912]
                      S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
                      S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k5132.sys --> c:\windows\system32\DRIVERS\e1k5132.sys [?]
                      S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [20-8-2013 8:44 102784]
                      S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [20-8-2013 8:44 11136]
                      S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [20-8-2013 8:44 117504]
                      S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys --> c:\windows\system32\DRIVERS\Impcd.sys [?]
                      S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [2-8-2012 12:24 48744]
                      S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [2-8-2012 12:24 48744]
                      S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETwNx32.sys --> c:\windows\system32\DRIVERS\NETwNx32.sys [?]
                      S3 RgFltX86;RgFltX86;\??\c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\RgFltX86.sys --> c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\RgFltX86.sys [?]
                      S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SyDvCtrl32.sys [8-2-2013 16:20 28136]
                      S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.ex e XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                      2014-07-20 11:44 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
                      .
                      Inhoud van de 'Gedeelde Taken' map
                      .
                      2014-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
                      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 06:05]
                      .
                      2014-07-25 c:\windows\Tasks\Configuration Manager Health Evaluation.job
                      - c:\windows\CCM\CcmEval.exe [2013-09-11 02:00]
                      .
                      2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                      - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-21 14:49]
                      .
                      2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                      - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-21 14:49]
                      .
                      2014-07-25 c:\windows\Tasks\User_Feed_Synchronization-{B88E3456-E757-48EE-8C50-908901138682}.job
                      - c:\windows\system32\msfeedssync.exe [2009-04-06 02:31]
                      .
                      .
                      ------- Bijkomende Scan -------
                      .
                      uStart Page = hxxp://webwerken.vshanab.nl/
                      uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
                      uInternet Settings,ProxyServer = http=127.0.0.1:23182
                      IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
                      IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                      IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                      IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
                      IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
                      IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
                      IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                      Trusted Zone: sccm102
                      Trusted Zone: dm311.local
                      Trusted Zone: dm311.local\vsh-iws
                      Trusted Zone: vshanab.nl\webwerken
                      TCP: DhcpNameServer = 10.228.12.254
                      TCP: Interfaces\{BE7EF984-206B-4ED2-A547-1B51FCB5ED8B}: NameServer = 192.168.192.1
                      DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://webwerken.vshanab.nl/+CSCOL+/cscopf.cab
                      .
                      .
                      ------- Bestandsassociaties -------
                      .
                      .scr=DWGTrueViewScriptFile
                      .
                      - - - - ORPHANS VERWIJDERD - - - -
                      .
                      c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Update-agent.lnk - c:\program files\KPN\Mobiel Internet Software\AutoUpdateSrv.exe
                      SafeBoot-ccEvtMgr
                      SafeBoot-ccSetMgr
                      SafeBoot-Symantec Antivirus
                      SafeBoot-Symantec Antvirus
                      AddRemove-LSI Soft Modem - c:\windows\agrsmdel
                      .
                      .
                      .
                      **************************************************************************
                      .
                      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2014-07-25 09:24
                      Windows 5.1.2600 Service Pack 3 NTFS
                      .
                      scannen van verborgen processen ...
                      .
                      scannen van verborgen autostart items ...
                      .
                      scannen van verborgen bestanden ...
                      .
                      .
                      c:\docume~1\JSPRUI~1.LT-\LOCALS~1\Temp\catchme.dll 53248 bytes executable
                      .
                      Scan succesvol afgerond
                      verborgen bestanden: 1
                      .
                      **************************************************************************
                      .
                      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
                      "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1"
                      --
                      .
                      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
                      "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe\" /prefetch:1"
                      .
                      --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                      .
                      [HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
                      "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                      00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
                      .
                      --------------------- DLLs Geladen Onder Lopende Processen ---------------------
                      .
                      - - - - - - - > 'winlogon.exe'(1716)
                      c:\windows\system32\SccmRdpLauncher.dll
                      .
                      Voltooingstijd: 2014-07-25 09:25:23
                      ComboFix-quarantined-files.txt 2014-07-25 07:25
                      .
                      Pre-Run: 246.408.007.680 bytes beschikbaar
                      Post-Run: 246.786.486.272 bytes beschikbaar
                      .
                      WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
                      [boot loader]
                      timeout=2
                      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
                      [operating systems]
                      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
                      UnsupportedDebug="do not select this" /debug
                      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
                      .
                      - - End Of File - - 8F3E4DE767D470E6E313868EE7E405EB
                      A36C5E4F47E84449FF07ED3517B43A31
                      If it was safe, it wasn't that fun

                      Comment


                      • #12
                        DDS (Ver_2012-11-20.01) - NTFS_x86
                        Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.65.2
                        Run by j.spruit at 9:27:52 on 2014-07-25
                        Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3014.2093 [GMT 2:00]
                        .
                        AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
                        FW: Symantec Endpoint Protection *Disabled*
                        .
                        ============== Running Processes ================
                        .
                        C:\WINDOWS\system32\vcsFPService.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\Program Files\IDT\WDM\STacSV.exe
                        C:\Program Files\LSI SoftModem\agrsmsvc.exe
                        C:\Program Files\KPN\Mobiel Internet Software\BecHelperService.exe
                        C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
                        C:\WINDOWS\system32\DWRCS.exe
                        C:\Program Files\Forefront TMG Client\FwcAgent.exe
                        C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
                        C:\Program Files\Java\jre7\bin\jqs.exe
                        C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
                        C:\WINDOWS\system32\LxrSII1s.exe
                        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
                        c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
                        C:\WINDOWS\system32\DWRCST.exe
                        C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
                        C:\Program Files\INVENTORYCLIENT\client.exe
                        C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
                        C:\Program Files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
                        C:\WINDOWS\CCM\CcmExec.exe
                        C:\WINDOWS\system32\AESTFltr.exe
                        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                        C:\WINDOWS\system32\igfxtray.exe
                        C:\WINDOWS\system32\hkcmd.exe
                        C:\WINDOWS\system32\igfxpers.exe
                        C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
                        C:\Program Files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSUploader.exe
                        C:\Program Files\Common Files\Java\Java Update\jusched.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Forefront TMG Client\FwcMgmt.exe
                        c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                        C:\WINDOWS\system32\wbem\wmiprvse.exe
                        C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
                        C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
                        C:\WINDOWS\system32\wbem\wmiprvse.exe
                        C:\WINDOWS\system32\wbem\wmiprvse.exe
                        C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
                        C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
                        C:\WINDOWS\System32\alg.exe
                        C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
                        C:\WINDOWS\system32\wbem\unsecapp.exe
                        C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
                        C:\WINDOWS\system32\wbem\wmiprvse.exe
                        C:\WINDOWS\system32\wbem\wmiprvse.exe
                        C:\WINDOWS\CCM\SCNotification.exe
                        C:\WINDOWS\system32\CommandControlFirmware\CommandControlFirmware.exe
                        C:\WINDOWS\system32\wuauclt.exe
                        C:\WINDOWS\explorer.exe
                        C:\WINDOWS\System32\svchost.exe -k netsvcs
                        C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
                        C:\WINDOWS\system32\svchost.exe -k NetworkService
                        C:\WINDOWS\system32\svchost.exe -k LocalService
                        C:\WINDOWS\system32\svchost.exe -k LocalService
                        C:\WINDOWS\system32\svchost.exe -k imgsvc
                        .
                        ============== Pseudo HJT Report ===============
                        .
                        uStart Page = hxxp://webwerken.vshanab.nl/
                        uProxyServer = hxxp=127.0.0.1:23182
                        uProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
                        BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ips\IPSBHO.dll
                        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
                        BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
                        BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\common files\primavera common\java\_jvm\lib\deploy\jqs\ie\jqs_plugin.dll
                        BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                        TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                        TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                        uRun: [Spotify Web Helper] "c:\documents and settings\j.spruit.lt-vsh07382\application data\spotify\data\SpotifyWebHelper.exe"
                        mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
                        mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
                        mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
                        mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
                        mRun: [Persistence] c:\windows\system32\igfxpers.exe
                        mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe
                        mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
                        mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
                        mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
                        mRun: [ItalusUploader] c:\program files\hewlett-packard\hp designjet eprintandshare\HPePSUploader.exe
                        mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
                        mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
                        dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
                        dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
                        StartupFolder: c:\docume~1\jsprui~1.lt-\menust~1\progra~1\opstar~1\dropbox.lnk - c:\documents and settings\j.spruit.lt-vsh07382\application data\dropbox\bin\Dropbox.exe
                        StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\forefr~1.lnk - c:\program files\forefront tmg client\FwcMgmt.exe
                        uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                        uPolicies-Explorer: NoDriveAutoRun = dword:67108863
                        uPolicies-Explorer: NoDrives = dword:0
                        mPolicies-Explorer: NoDriveAutoRun = dword:67108863
                        mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                        mPolicies-Explorer: NoDrives = dword:0
                        mPolicies-System: legalnoticecaption = V&SH Beveiligingswaarschuwing
                        mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                        mPolicies-Explorer: NoDriveAutoRun = dword:67108863
                        IE: Converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
                        IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                        IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                        IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
                        IE: Toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
                        IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
                        IE: Verzenden naar Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
                        IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                        IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
                        IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
                        IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
                        Trusted Zone: sccm102
                        Trusted Zone: dm311.local
                        DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286529918364
                        DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286530450710
                        DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
                        DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://webwerken.vshanab.nl/+CSCOL+/cscopf.cab
                        DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
                        DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
                        TCP: NameServer = 10.228.12.254
                        TCP: Interfaces\{BE7EF984-206B-4ED2-A547-1B51FCB5ED8B} : NameServer = 192.168.192.1
                        TCP: Interfaces\{EF3C6F03-CC15-4FE7-BDA4-1779BD02DEBF} : DHCPNameServer = 10.228.12.254
                        Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\bricsys\bricscad v12\BrxProtIE.dll
                        Notify: igfxcui - igfxdev.dll
                        Notify: sccmrdplauncher - SccmRdpLauncher.dll
                        SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
                        SecurityProviders: SecurityProviders = credssp.dll, pwdssp.dll
                        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                        .
                        ============= SERVICES / DRIVERS ===============
                        .
                        R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymDS.sys [2013-2-8 368288]
                        R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymEFA.sys [2013-2-8 927904]
                        R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\bashdefs\20140703.011\BHDrvx86.sys [2014-7-22 1101616]
                        R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\ccSetx86.sys [2013-2-8 134304]
                        R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
                        R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\Ironx86.sys [2013-2-8 175264]
                        R2 BecHelperService;BecHelperService;c:\program files\kpn\mobiel internet software\BecHelperService.exe [2013-8-20 1917832]
                        R2 CmRcService;Configuration Manager Remote Control;c:\windows\ccm\remctrl\CmRcService.exe [2013-9-11 465592]
                        R2 CommandControlFirmware;CommandControlFirmware;c:\windows\system32\commandcontrolfirmware\CommandCont rolFirmware.exe [2014-7-22 60965]
                        R2 FwcAgent;Forefront TMG Client Agent;c:\program files\forefront tmg client\FwcAgent.exe [2009-10-14 275424]
                        R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-9-12 227896]
                        R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2013-5-22 63448]
                        R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
                        R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ccSvcHst.exe [2013-2-8 143928]
                        R2 SnowInventoryClient;Inventory Client;c:\program files\inventoryclient\client.exe [2012-5-9 1442304]
                        R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-8-23 2774320]
                        R2 WMCoreService;Mobile Broadband Service;c:\program files\ericsson\mobile broadband drivers\wmcore\wmcore.exe servicemode --> c:\program files\ericsson\mobile broadband drivers\wmcore\WMCore.exe servicemode [?]
                        R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-10-28 113664]
                        R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
                        R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-11 109872]
                        R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [2013-2-20 88104]
                        R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\hewlett-packard\hp connection manager\hpCMSrv.exe [2011-9-13 1098296]
                        R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-8-20 72832]
                        R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\ipsdefs\20140723.012\IDSXpx86.sys [2014-7-24 383120]
                        R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-10-8 44800]
                        R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-10-28 260864]
                        R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-10-31 144984]
                        R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2011-10-31 23640]
                        R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [2011-10-31 123208]
                        R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [2013-2-20 14920]
                        R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [2013-2-20 139080]
                        R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [2013-2-20 132808]
                        R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [2013-2-20 24904]
                        R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [2013-2-20 150344]
                        R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140723.025\NAVENG.SYS [2014-7-24 93272]
                        R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140723.025\NAVEX15.SYS [2014-7-24 1612376]
                        R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
                        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                        S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
                        S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-26 48640]
                        S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-12-11 38912]
                        S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\coh_mon.sys --> c:\windows\system32\drivers\COH_Mon.sys [?]
                        S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys --> c:\windows\system32\drivers\e1k5132.sys [?]
                        S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-8-20 102784]
                        S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-8-20 11136]
                        S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-8-20 117504]
                        S3 Impcd;Impcd;c:\windows\system32\drivers\impcd.sys --> c:\windows\system32\drivers\Impcd.sys [?]
                        S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
                        S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
                        S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\drivers\netwnx32.sys --> c:\windows\system32\drivers\NETwNx32.sys [?]
                        S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\SyDvCtrl32.sys [2013-2-8 28136]
                        S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
                        S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.ex e xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
                        .
                        =============== File Associations ===============
                        .
                        FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"
                        .
                        =============== Created Last 30 ================
                        .
                        2014-07-25 07:18:47 -------- d-sha-r- C:\cmdcons
                        2014-07-25 07:16:41 98816 ----a-w- c:\windows\sed.exe
                        2014-07-25 07:16:41 256000 ----a-w- c:\windows\PEV.exe
                        2014-07-25 07:16:41 208896 ----a-w- c:\windows\MBR.exe
                        2014-07-25 07:13:33 -------- d--h--r- c:\documents and settings\j.spruit.lt-vsh07382\Onlangs geopend
                        2014-07-25 05:43:28 536576 ----a-w- c:\windows\system32\sqlite3.dll
                        2014-07-25 05:43:15 -------- d-----w- C:\AdwCleaner
                        2014-07-24 06:01:29 -------- d-----w- c:\program files\CCleaner
                        2014-07-23 08:05:18 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Garmin
                        2014-07-22 11:10:39 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
                        2014-07-22 11:10:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
                        2014-07-22 11:07:52 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
                        2014-07-22 11:07:52 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Malwarebytes
                        2014-07-22 11:07:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
                        2014-07-22 11:07:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
                        2014-07-22 11:07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
                        2014-07-22 07:18:10 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\VOPackage
                        2014-07-22 07:14:56 -------- d-----w- c:\windows\system32\CommandControlFirmware
                        2014-07-20 11:26:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
                        2014-07-20 11:26:48 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
                        .
                        ==================== Find3M ====================
                        .
                        .
                        ============= FINISH: 9:28:00,21 ===============





                        En nee, had zelf een andere Proxy staan. De PirritSuggestor is in ieder geval weg! Bedankt daarvoor.
                        If it was safe, it wasn't that fun

                        Comment


                        • #13
                          Schakel je beveiligingssoftware uit.

                          Note: Dit script is speciaal bedoeld voor deze PC,
                          gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.


                          Open een kladblokbestand.
                          Kopieer het onderstaande en plak dit in het kladblokbestand.
                          Sla het kladblokbestand op als CFScript.txt
                          Code:
                          KillAll::
                          ClearJavaCache::
                          DDS::
                          uProxyServer =-
                          uProxyOverride =-
                          Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



                          ComboFix zal opnieuw starten.
                          Als Combofix vraagt om een update, dan staat je dit toe.

                          Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

                          • Open IE
                          • Ga naar Extra > Internetopties > Tabblad Verbindingen.
                          • Klik op LAN-instellingen.
                          • Onder Automatische configuratie moet enkel Instellingen automatisch detecteren aan staan.
                          • Onder Proxyserver mag er niets aangevinkt zijn.

                          Sluiten door OK > Toepassen > OK


                          Maak een nieuwe DDS log en post deze ook.
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            ComboFix 14-07-24.01 - j.spruit 25-07-2014 9:56.2.4 - x86
                            Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3014.1474 [GMT 2:00]
                            Gestart vanuit: c:\documents and settings\j.spruit.LT-VSH07382\Bureaublad\ComboFix.exe
                            gebruikte Opdracht switches :: c:\documents and settings\j.spruit.LT-VSH07382\Bureaublad\CFScript.txt
                            AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
                            FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
                            .
                            .
                            (((((((((((((((((((( Bestanden Gemaakt van 2014-06-25 to 2014-07-25 ))))))))))))))))))))))))))))))
                            .
                            .
                            2014-07-25 07:13 . 2014-07-25 07:53 -------- d--h--r- c:\documents and settings\j.spruit.LT-VSH07382\Onlangs geopend
                            2014-07-25 05:43 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
                            2014-07-25 05:43 . 2014-07-25 05:44 -------- d-----w- C:\AdwCleaner
                            2014-07-24 06:01 . 2014-07-24 06:01 -------- d-----w- c:\program files\CCleaner
                            2014-07-23 08:05 . 2014-07-23 08:05 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Garmin
                            2014-07-22 11:10 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
                            2014-07-22 11:10 . 2014-07-22 11:10 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
                            2014-07-22 11:07 . 2014-07-25 05:22 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
                            2014-07-22 11:07 . 2014-07-22 11:10 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Malwarebytes
                            2014-07-22 11:07 . 2014-07-22 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
                            2014-07-22 11:07 . 2014-07-22 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
                            2014-07-22 11:07 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
                            2014-07-22 07:20 . 2014-07-22 07:30 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\ImgBurn
                            2014-07-22 07:18 . 2014-07-22 07:18 -------- d-----w- c:\program files\ImgBurn
                            2014-07-22 07:18 . 2014-07-22 11:35 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\VOPackage
                            2014-07-22 07:14 . 2014-07-22 07:14 -------- d-----w- c:\windows\system32\CommandControlFirmware
                            2014-07-22 07:14 . 2014-07-22 07:14 -------- d-----w- c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware
                            2014-07-20 11:27 . 2014-07-20 11:27 -------- d-----w- c:\program files\Common Files\Java
                            2014-07-20 11:26 . 2014-07-11 00:36 145408 ----a-w- c:\windows\system32\javacpl.cpl
                            2014-07-20 11:26 . 2014-07-11 01:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
                            .
                            .
                            .
                            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            .
                            ------- Sigcheck -------
                            Note: Unsigned files aren't necessarily malware.
                            .
                            [-] 2009-04-06 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
                            .
                            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                            REGEDIT4
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt1"]
                            @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                            [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                            2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt2"]
                            @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                            [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                            2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt3"]
                            @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
                            [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
                            2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt4"]
                            @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
                            [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
                            2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt5"]
                            @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                            [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                            2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt6"]
                            @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
                            [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
                            2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt7"]
                            @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                            [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                            2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt8"]
                            @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
                            [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
                            2014-06-24 22:04 131480 ----a-w- c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                            .
                            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "Spotify Web Helper"="c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2014-04-22 1171000]
                            .
                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280]
                            "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
                            "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 141656]
                            "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 181592]
                            "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 165720]
                            "HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
                            "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
                            "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
                            "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
                            "ItalusUploader"="c:\program files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSUploader.exe" [2013-06-18 398336]
                            "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
                            "DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2010-08-06 85528]
                            .
                            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                            "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
                            .
                            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
                            "_nltide_2"="shell32" [X]
                            .
                            c:\documents and settings\j.spruit.LT-VSH07382\Menu Start\Programma's\Opstarten\
                            Dropbox.lnk - c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
                            .
                            c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
                            Forefront TMG Client.lnk - c:\program files\Forefront TMG Client\FwcMgmt.exe [2011-4-11 240920]
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sccmrdplauncher]
                            2013-09-11 02:00 20664 ----a-w- c:\windows\system32\SccmRdpLauncher.dll
                            .
                            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
                            SecurityProviders credssp.dll, pwdssp.dll
                            .
                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                            @="Driver"
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                            "DisableMonitoring"=dword:00000001
                            .
                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                            "EnableFirewall"= 0 (0x0)
                            "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
                            .
                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                            "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                            "%windir%\\system32\\sessmgr.exe"=
                            "c:\\Documents and Settings\\j.spruit.LT-VSH07382\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
                            "c:\\Documents and Settings\\j.spruit.LT-VSH07382\\Application Data\\Spotify\\spotify.exe"=
                            "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
                            .
                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                            "3389:TCP"= 3389:TCPxpsp2res.dll,-22009
                            "6129:TCP"= 6129:TCPameWare Mini Remote Control Service
                            "1745:UDP"= 1745:UDP:Client Notification Channel
                            .
                            R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymDS.sys [8-2-2013 16:20 368288]
                            R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymEFA.sys [8-2-2013 16:20 927904]
                            R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140703.011\BHDrvx86.sys [22-7-2014 8:42 1101616]
                            R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys [8-2-2013 16:20 134304]
                            R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15-2-2007 19:00 26624]
                            R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.sys [8-2-2013 16:20 175264]
                            R2 BecHelperService;BecHelperService;c:\program files\KPN\Mobiel Internet Software\BecHelperService.exe [20-8-2013 8:44 1917832]
                            R2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe [11-9-2013 4:00 465592]
                            R2 CommandControlFirmware;CommandControlFirmware;c:\windows\system32\CommandControlFirmware\CommandCont rolFirmware.exe [22-7-2014 9:14 60965]
                            R2 FwcAgent;Forefront TMG Client Agent;c:\program files\Forefront TMG Client\FwcAgent.exe [14-10-2009 3:08 275424]
                            R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [12-9-2011 18:55 227896]
                            R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [22-5-2013 9:46 63448]
                            R2 OfficeQuickSoftware.exe;OfficeQuickSoftware.exe;c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\OfficeQuickSoftware.exe [22-7-2014 9:14 98341]
                            R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
                            R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2-2-2006 0:49 204800]
                            R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [8-2-2013 16:20 143928]
                            R2 SnowInventoryClient;Inventory Client;c:\program files\INVENTORYCLIENT\client.exe [9-5-2012 0:00 1442304]
                            R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [23-8-2011 5:23 2774320]
                            R2 WMCoreService;Mobile Broadband Service;c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode --> c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode [?]
                            R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [28-10-2011 16:25 113664]
                            R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [7-2-2007 19:00 3712]
                            R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11-6-2014 11:00 109872]
                            R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [20-2-2013 16:35 88104]
                            R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [13-9-2011 17:49 1098296]
                            R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [20-8-2013 8:44 72832]
                            R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140723.012\IDSXpx86.sys [24-7-2014 11:02 383120]
                            R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [8-10-2010 14:50 44800]
                            R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [28-10-2011 16:28 260864]
                            R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [31-10-2011 14:25 144984]
                            R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [31-10-2011 14:25 23640]
                            R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [31-10-2011 14:31 123208]
                            R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [20-2-2013 16:35 14920]
                            R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [20-2-2013 16:35 139080]
                            R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [20-2-2013 16:35 132808]
                            R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [20-2-2013 16:35 24904]
                            R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [20-2-2013 16:35 150344]
                            S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [26-10-2009 14:39 48640]
                            S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [11-12-2009 21:54 38912]
                            S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
                            S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k5132.sys --> c:\windows\system32\DRIVERS\e1k5132.sys [?]
                            S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [20-8-2013 8:44 102784]
                            S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [20-8-2013 8:44 11136]
                            S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [20-8-2013 8:44 117504]
                            S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys --> c:\windows\system32\DRIVERS\Impcd.sys [?]
                            S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [2-8-2012 12:24 48744]
                            S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [2-8-2012 12:24 48744]
                            S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETwNx32.sys --> c:\windows\system32\DRIVERS\NETwNx32.sys [?]
                            S3 RgFltX86;RgFltX86;\??\c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\RgFltX86.sys --> c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\RgFltX86.sys [?]
                            S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SyDvCtrl32.sys [8-2-2013 16:20 28136]
                            S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.ex e XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
                            .
                            --- Andere Services/Drivers In Geheugen ---
                            .
                            *NewlyCreated* - WS2IFSL
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                            2014-07-20 11:44 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
                            .
                            Inhoud van de 'Gedeelde Taken' map
                            .
                            2014-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
                            - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 06:05]
                            .
                            2014-07-25 c:\windows\Tasks\Configuration Manager Health Evaluation.job
                            - c:\windows\CCM\CcmEval.exe [2013-09-11 02:00]
                            .
                            2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                            - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-21 14:49]
                            .
                            2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                            - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-21 14:49]
                            .
                            2014-07-25 c:\windows\Tasks\User_Feed_Synchronization-{B88E3456-E757-48EE-8C50-908901138682}.job
                            - c:\windows\system32\msfeedssync.exe [2009-04-06 02:31]
                            .
                            .
                            ------- Bijkomende Scan -------
                            .
                            uStart Page = hxxp://webwerken.vshanab.nl/
                            uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
                            uInternet Settings,ProxyServer = http=127.0.0.1:39486
                            IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
                            IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                            IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                            IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
                            IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
                            IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
                            IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                            Trusted Zone: sccm102
                            Trusted Zone: dm311.local
                            Trusted Zone: dm311.local\vsh-iws
                            Trusted Zone: vshanab.nl\webwerken
                            TCP: DhcpNameServer = 10.228.12.254
                            TCP: Interfaces\{BE7EF984-206B-4ED2-A547-1B51FCB5ED8B}: NameServer = 192.168.192.1
                            DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://webwerken.vshanab.nl/+CSCOL+/cscopf.cab
                            .
                            .
                            **************************************************************************
                            .
                            catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                            Rootkit scan 2014-07-25 10:07
                            Windows 5.1.2600 Service Pack 3 NTFS
                            .
                            scannen van verborgen processen ...
                            .
                            scannen van verborgen autostart items ...
                            .
                            scannen van verborgen bestanden ...
                            .
                            Scan succesvol afgerond
                            verborgen bestanden: 0
                            .
                            **************************************************************************
                            .
                            [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
                            "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1"
                            --
                            .
                            [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
                            "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe\" /prefetch:1"
                            .
                            --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                            .
                            [HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
                            "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                            00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
                            .
                            --------------------- DLLs Geladen Onder Lopende Processen ---------------------
                            .
                            - - - - - - - > 'winlogon.exe'(1716)
                            c:\windows\system32\SccmRdpLauncher.dll
                            .
                            - - - - - - - > 'explorer.exe'(5848)
                            c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\DropboxExt.24.dll
                            c:\windows\system32\AcSignIcon.dll
                            c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
                            c:\windows\system32\msi.dll
                            c:\windows\system32\webcheck.dll
                            c:\windows\system32\wpdshserviceobj.dll
                            c:\windows\system32\btncopy.dll
                            c:\windows\system32\portabledevicetypes.dll
                            c:\windows\system32\portabledeviceapi.dll
                            .
                            ------------------------ Andere Aktieve Processen ------------------------
                            .
                            c:\program files\IDT\WDM\STacSV.exe
                            c:\program files\LSI SoftModem\agrsmsvc.exe
                            c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
                            c:\program files\KPN\Mobiel Internet Software\LoggerServer.exe
                            c:\windows\system32\DWRCS.exe
                            c:\program files\Java\jre7\bin\jqs.exe
                            c:\windows\system32\LxrSII1s.exe
                            c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
                            c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
                            c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
                            c:\windows\CCM\CcmExec.exe
                            c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                            c:\documents and settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\Dropbox.exe
                            c:\program files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSPortMonitorCommunicator.exe
                            c:\program files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
                            c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
                            c:\documents and settings\j.spruit.LT-VSH07382\Local Settings\Application Data\OfficeQuickSoftware\JAVAKernelScreenshot.exe
                            c:\windows\system32\msiexec.exe
                            c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
                            c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
                            c:\windows\system32\wbem\unsecapp.exe
                            c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
                            .
                            **************************************************************************
                            .
                            Voltooingstijd: 2014-07-25 10:10:50 - machine werd herstart
                            ComboFix-quarantined-files.txt 2014-07-25 08:10
                            ComboFix2.txt 2014-07-25 07:25
                            .
                            Pre-Run: 246.328.147.968 bytes beschikbaar
                            Post-Run: 246.742.675.456 bytes beschikbaar
                            .
                            - - End Of File - - 0E918EBAFB2F8088084DBDC0CE16836E
                            A36C5E4F47E84449FF07ED3517B43A31
                            If it was safe, it wasn't that fun

                            Comment


                            • #15
                              DDS (Ver_2012-11-20.01) - NTFS_x86
                              Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.65.2
                              Run by j.spruit at 10:27:37 on 2014-07-25
                              Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3014.2010 [GMT 2:00]
                              .
                              AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
                              FW: Symantec Endpoint Protection *Enabled*
                              .
                              ============== Running Processes ================
                              .
                              C:\WINDOWS\system32\vcsFPService.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\Program Files\IDT\WDM\STacSV.exe
                              C:\Program Files\LSI SoftModem\agrsmsvc.exe
                              C:\Program Files\KPN\Mobiel Internet Software\BecHelperService.exe
                              C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
                              C:\Program Files\KPN\Mobiel Internet Software\LoggerServer.exe
                              C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
                              C:\WINDOWS\system32\CommandControlFirmware\CommandControlFirmware.exe
                              C:\WINDOWS\system32\DWRCS.exe
                              C:\Program Files\Forefront TMG Client\FwcAgent.exe
                              C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
                              C:\Program Files\Java\jre7\bin\jqs.exe
                              C:\WINDOWS\system32\LxrSII1s.exe
                              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
                              c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
                              C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
                              C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
                              C:\Program Files\INVENTORYCLIENT\client.exe
                              C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
                              C:\Program Files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe
                              C:\WINDOWS\CCM\CcmExec.exe
                              C:\WINDOWS\system32\AESTFltr.exe
                              C:\WINDOWS\system32\wbem\wmiprvse.exe
                              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                              C:\WINDOWS\system32\igfxtray.exe
                              C:\WINDOWS\system32\hkcmd.exe
                              C:\WINDOWS\system32\igfxpers.exe
                              c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                              C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
                              C:\Program Files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSUploader.exe
                              C:\Program Files\Common Files\Java\Java Update\jusched.exe
                              C:\WINDOWS\system32\DWRCST.exe
                              C:\Documents and Settings\j.spruit.LT-VSH07382\Application Data\Spotify\Data\SpotifyWebHelper.exe
                              C:\Program Files\Forefront TMG Client\FwcMgmt.exe
                              C:\Documents and Settings\j.spruit.LT-VSH07382\Application Data\Dropbox\bin\Dropbox.exe
                              C:\Program Files\Hewlett-Packard\HP Designjet ePrintAndShare\HPePSPortMonitorCommunicator.exe
                              C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
                              C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
                              C:\WINDOWS\system32\wbem\wmiprvse.exe
                              C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
                              C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
                              C:\WINDOWS\System32\alg.exe
                              C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
                              C:\WINDOWS\system32\wbem\unsecapp.exe
                              C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
                              C:\WINDOWS\system32\wbem\wmiprvse.exe
                              C:\WINDOWS\explorer.exe
                              C:\WINDOWS\system32\wbem\wmiprvse.exe
                              C:\Program Files\Microsoft Policy Platform\policyHost.exe
                              C:\WINDOWS\system32\wbem\wmiprvse.exe
                              C:\WINDOWS\CCM\SCNotification.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              C:\WINDOWS\system32\svchost.exe -k DcomLaunch
                              C:\WINDOWS\system32\svchost.exe -k rpcss
                              C:\WINDOWS\System32\svchost.exe -k netsvcs
                              C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
                              C:\WINDOWS\system32\svchost.exe -k NetworkService
                              C:\WINDOWS\system32\svchost.exe -k LocalService
                              C:\WINDOWS\system32\svchost.exe -k LocalService
                              C:\WINDOWS\system32\svchost.exe -k imgsvc
                              .
                              ============== Pseudo HJT Report ===============
                              .
                              uStart Page = hxxp://webwerken.vshanab.nl/
                              uProxyServer = hxxp=127.0.0.1:39486
                              uProxyOverride = *origin.com;*ea.com;*akamaihd.net
                              BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ips\IPSBHO.dll
                              BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
                              BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                              BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
                              BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\common files\primavera common\java\_jvm\lib\deploy\jqs\ie\jqs_plugin.dll
                              BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                              TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                              TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                              uRun: [Spotify Web Helper] "c:\documents and settings\j.spruit.lt-vsh07382\application data\spotify\data\SpotifyWebHelper.exe"
                              uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
                              mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
                              mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
                              mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
                              mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
                              mRun: [Persistence] c:\windows\system32\igfxpers.exe
                              mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe
                              mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
                              mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
                              mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
                              mRun: [ItalusUploader] c:\program files\hewlett-packard\hp designjet eprintandshare\HPePSUploader.exe
                              mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
                              mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
                              dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
                              dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
                              StartupFolder: c:\docume~1\jsprui~1.lt-\menust~1\progra~1\opstar~1\dropbox.lnk - c:\documents and settings\j.spruit.lt-vsh07382\application data\dropbox\bin\Dropbox.exe
                              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\forefr~1.lnk - c:\program files\forefront tmg client\FwcMgmt.exe
                              uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                              uPolicies-Explorer: NoDriveAutoRun = dword:67108863
                              uPolicies-Explorer: NoDrives = dword:0
                              mPolicies-Explorer: NoDriveAutoRun = dword:67108863
                              mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                              mPolicies-Explorer: NoDrives = dword:0
                              mPolicies-System: legalnoticecaption = V&SH Beveiligingswaarschuwing
                              mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                              mPolicies-Explorer: NoDriveAutoRun = dword:67108863
                              IE: Converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
                              IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                              IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                              IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
                              IE: Toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
                              IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
                              IE: Verzenden naar Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
                              IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                              IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
                              IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
                              IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
                              Trusted Zone: sccm102
                              Trusted Zone: dm311.local
                              DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286529918364
                              DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286530450710
                              DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
                              DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://webwerken.vshanab.nl/+CSCOL+/cscopf.cab
                              DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
                              DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
                              TCP: NameServer = 10.228.12.254
                              TCP: Interfaces\{BE7EF984-206B-4ED2-A547-1B51FCB5ED8B} : NameServer = 192.168.192.1
                              TCP: Interfaces\{EF3C6F03-CC15-4FE7-BDA4-1779BD02DEBF} : DHCPNameServer = 10.228.12.254
                              Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\bricsys\bricscad v12\BrxProtIE.dll
                              Notify: igfxcui - igfxdev.dll
                              Notify: sccmrdplauncher - SccmRdpLauncher.dll
                              SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
                              SecurityProviders: SecurityProviders = credssp.dll, pwdssp.dll
                              mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                              .
                              ============= SERVICES / DRIVERS ===============
                              .
                              R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymDS.sys [2013-2-8 368288]
                              R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymEFA.sys [2013-2-8 927904]
                              R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\bashdefs\20140703.011\BHDrvx86.sys [2014-7-22 1101616]
                              R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\ccSetx86.sys [2013-2-8 134304]
                              R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
                              R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\Ironx86.sys [2013-2-8 175264]
                              R2 BecHelperService;BecHelperService;c:\program files\kpn\mobiel internet software\BecHelperService.exe [2013-8-20 1917832]
                              R2 CmRcService;Configuration Manager Remote Control;c:\windows\ccm\remctrl\CmRcService.exe [2013-9-11 465592]
                              R2 CommandControlFirmware;CommandControlFirmware;c:\windows\system32\commandcontrolfirmware\CommandCont rolFirmware.exe [2014-7-22 60965]
                              R2 FwcAgent;Forefront TMG Client Agent;c:\program files\forefront tmg client\FwcAgent.exe [2009-10-14 275424]
                              R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-9-12 227896]
                              R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2013-5-22 63448]
                              R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
                              R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
                              R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ccSvcHst.exe [2013-2-8 143928]
                              R2 SnowInventoryClient;Inventory Client;c:\program files\inventoryclient\client.exe [2012-5-9 1442304]
                              R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-8-23 2774320]
                              R2 WMCoreService;Mobile Broadband Service;c:\program files\ericsson\mobile broadband drivers\wmcore\wmcore.exe servicemode --> c:\program files\ericsson\mobile broadband drivers\wmcore\WMCore.exe servicemode [?]
                              R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-10-28 113664]
                              R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
                              R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-11 109872]
                              R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [2013-2-20 88104]
                              R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\hewlett-packard\hp connection manager\hpCMSrv.exe [2011-9-13 1098296]
                              R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-8-20 72832]
                              R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\ipsdefs\20140723.012\IDSXpx86.sys [2014-7-24 383120]
                              R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-10-8 44800]
                              R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-10-28 260864]
                              R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-10-31 144984]
                              R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2011-10-31 23640]
                              R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
                              R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [2011-10-31 123208]
                              R3 Mbm4mdfl;HP Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [2013-2-20 14920]
                              R3 Mbm4mdm;HP Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [2013-2-20 139080]
                              R3 Mbm4mgmt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [2013-2-20 132808]
                              R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [2013-2-20 24904]
                              R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [2013-2-20 150344]
                              R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140723.025\NAVENG.SYS [2014-7-24 93272]
                              R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140723.025\NAVEX15.SYS [2014-7-24 1612376]
                              R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
                              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                              S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-26 48640]
                              S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-12-11 38912]
                              S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\coh_mon.sys --> c:\windows\system32\drivers\COH_Mon.sys [?]
                              S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys --> c:\windows\system32\drivers\e1k5132.sys [?]
                              S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-8-20 102784]
                              S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-8-20 11136]
                              S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-8-20 117504]
                              S3 Impcd;Impcd;c:\windows\system32\drivers\impcd.sys --> c:\windows\system32\drivers\Impcd.sys [?]
                              S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\microsoft policy platform\policyHost.exe [2012-8-2 48744]
                              S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\drivers\netwnx32.sys --> c:\windows\system32\drivers\NETwNx32.sys [?]
                              S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\SyDvCtrl32.sys [2013-2-8 28136]
                              S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
                              S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.ex e xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
                              .
                              =============== File Associations ===============
                              .
                              FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"
                              .
                              =============== Created Last 30 ================
                              .
                              2014-07-25 07:18:47 -------- d-sha-r- C:\cmdcons
                              2014-07-25 07:16:41 98816 ----a-w- c:\windows\sed.exe
                              2014-07-25 07:16:41 256000 ----a-w- c:\windows\PEV.exe
                              2014-07-25 07:16:41 208896 ----a-w- c:\windows\MBR.exe
                              2014-07-25 07:13:33 -------- d--h--r- c:\documents and settings\j.spruit.lt-vsh07382\Onlangs geopend
                              2014-07-25 05:43:28 536576 ----a-w- c:\windows\system32\sqlite3.dll
                              2014-07-25 05:43:15 -------- d-----w- C:\AdwCleaner
                              2014-07-24 06:01:29 -------- d-----w- c:\program files\CCleaner
                              2014-07-23 08:05:18 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Garmin
                              2014-07-22 11:10:39 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
                              2014-07-22 11:10:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
                              2014-07-22 11:07:52 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
                              2014-07-22 11:07:52 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\Malwarebytes
                              2014-07-22 11:07:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
                              2014-07-22 11:07:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
                              2014-07-22 11:07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
                              2014-07-22 07:18:10 -------- d-----w- c:\documents and settings\j.spruit.lt-vsh07382\application data\VOPackage
                              2014-07-22 07:14:56 -------- d-----w- c:\windows\system32\CommandControlFirmware
                              2014-07-20 11:26:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
                              2014-07-20 11:26:48 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
                              .
                              ==================== Find3M ====================
                              .
                              .
                              ============= FINISH: 10:27:45,57 ===============






                              Helaas is de Pirrit weer terug.
                              Last edited by virtualJac; 25-07-14, 09:28.
                              If it was safe, it wasn't that fun

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X