Ga naar inhoud

Ecops virus


sdm

Aanbevolen berichten

Logfile

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:45:09, on 08/03/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\windows\system32\taskhost.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\windows\system32\Dwm.exe

C:\windows\system32\taskmgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\windows\system32\winver.exe

C:\windows\System32\msiexec.exe

C:\windows\System32\rundll32.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage: De Tijd

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=iexplore.exe

O1 - Hosts: 172.31.0.104 HASPROPAD99 #PRE

O1 - Hosts: 172.31.0.72 MAILANET1 #PRE

O1 - Hosts: 172.31.0.73 MAILANET2 #PRE

O1 - Hosts: 172.31.0.74 MAILANET3 #PRE

O1 - Hosts: 172.31.0.80 ESDANET1 #PRE

O1 - Hosts: 172.31.0.81 ESDANET2 #PRE

O1 - Hosts: 172.31.0.82 ESDANET3 #PRE

O1 - Hosts: 172.31.0.146 HASPROTAR01 #PRE

O1 - Hosts: 172.31.0.121 HTSASWAN1 #PRE

O1 - Hosts: 172.31.243.198 RB_TEMPO

O1 - Hosts: 212.79.87.30 HASPROCES01

O1 - Hosts: 212.79.87.30 pop.portima.be

O1 - Hosts: 212.79.84.49 HASPROPAR04 #PRE

O1 - Hosts: 212.79.84.50 HASPROPAR03 #PRE

O1 - Hosts: 212.79.87.140 HASPROXY

O1 - Hosts: 212.79.84.63 Ben.portima.be

O1 - Hosts: 212.79.84.63 E-support.portima.be

O1 - Hosts: 212.79.84.37 prod.asweb.portima.be

O1 - Hosts: 212.79.93.10 my.nateus.nateusgroep.portima

O1 - Hosts: 212.79.93.10 pro.nateus.nateusgroep.portima

O1 - Hosts: 212.79.93.10 login.nateusgroep.portima

O1 - Hosts: 212.79.93.10 loans.nateus.nateusgroep.portima

O1 - Hosts: 212.79.94.41 www.front-office.rp.axa.portima

O1 - Hosts: 212.79.94.41 www.front-office.axa.be

O1 - Hosts: 212.79.94.41 www.phoenixiard.rp.axa.portima

O1 - Hosts: 212.79.94.52 fws.axa.be

O1 - Hosts: 212.79.94.41 www.fe.axa.be

O1 - Hosts: 212.79.93.10 my.audi.nateusgroep.portima

O1 - Hosts: 212.79.93.10 pro.audi.nateusgroep.portima

O1 - Hosts: 212.79.93.10 pro.nateus.be

O1 - Hosts: 212.79.93.10 login.nateus.be

O1 - Hosts: 212.79.94.36 www.efl.axa.be

O1 - Hosts: 212.79.87.152 smtp.portima.be

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [HP Connection Manager.exe] "C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe"

O4 - HKLM\..\Run: [PTNMWND] "C:\Program Files\Brother\ES Status Monitor\ptnmwnd.exe" Brother QL-580N /AUTORUN

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [isaKbcCertUpdate] C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe

O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden

O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"

O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d

O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe

O4 - HKCU\..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

O4 - HKCU\..\Run: [spotify] "C:\Users\sdm\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

O4 - HKLM\..\Policies\Explorer\Run: [lytafxhgl] C:\windows\system32\RICHEDK.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: CRMDocumentPreview - Snelkoppeling.lnk = C:\Program Files\crm\insusoft\docpreview\CRMDocumentPreview.exe

O4 - Startup: Dropbox.lnk = C:\Users\sdm\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Insusoft.lnk = C:\Program Files\crm\insusoft\Insusoft.exe

O4 - Startup: Microsoft Outlook 2010.lnk = ?

O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: ASWeb.lnk = C:\AnetLP\Assurnet\AsWeb\AsWebNotifier.exe

O4 - Global Startup: Bluetooth.lnk = ?

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.agf.assurnet

O15 - Trusted Zone: http://www.agf2.assurnet

O15 - Trusted Zone: http://*.aginsurance.portima

O15 - Trusted Zone: http://*.allianz.assurnet

O15 - Trusted Zone: http://www.allianz2.assurnet

O15 - Trusted Zone: http://*.allianz2.assurnet

O15 - Trusted Zone: http://*.aragb2b.be

O15 - Trusted Zone: http://*.avero.be

O15 - Trusted Zone: http://*.axa.be

O15 - Trusted Zone: http://*.axa.portima

O15 - Trusted Zone: http://demo.brio.be

O15 - Trusted Zone: http://*.brio.be

O15 - Trusted Zone: http://*.brioplus.be

O15 - Trusted Zone: http://*.das.be

O15 - Trusted Zone: http://*.feprabel.be

O15 - Trusted Zone: http://*.fortisag.assurnet

O15 - Trusted Zone: http://*.foyer.lu

O15 - Trusted Zone: http://*.nateus.be

O15 - Trusted Zone: http://*.nateusgroep.portima

O15 - Trusted Zone: http://*.port-e-key.be

O15 - Trusted Zone: http://*.portigate.be

O15 - Trusted Zone: http://briotraining.portima.be

O15 - Trusted Zone: http://*.portima.be

O15 - Trusted Zone: http://*.portima.com

O15 - Trusted Zone: http://www.prolinknet.assurnet

O15 - Trusted Zone: http://*.vivium.be

O15 - Trusted Zone: http://*.vivium.portima

O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM)

O15 - Trusted Zone: CBC (HKLM)

O15 - Trusted Zone: Welcome to Isabel (HKLM)

O15 - Trusted Zone: http://upgrade.isabel.eu (HKLM)

O15 - Trusted Zone: Welcome to Isabel (HKLM)

O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM)

O15 - Trusted Zone: KBC (HKLM)

O15 - Trusted Zone: KBC Asset Management (HKLM)

O15 - Trusted Zone: http://www.kbcam.com (HKLM)

O15 - Trusted Zone: KBC Merchant Banking (HKLM)

O15 - Trusted Zone: KBC Merchant Banking (HKLM)

O16 - DPF: Mercator.Portal.CA.Client.CAB - https://registratie.mercator.be/Mercator.Portal.CA.Client.CAB

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://srvvdw:4343/officescan/console/ClientInstall/WinNTChk.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://srvvdw:4343/officescan/console/ClientInstall/setup.cab

O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab

O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} (Encrypt Class) - https://srvvdw:4343/SMB/console/html/root/AtxEnc.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Vandewalle.local

O17 - HKLM\Software\..\Telephony: DomainName = Vandewalle.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Vandewalle.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Vandewalle.local

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Vandewalle.local

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: EgisNotify - C:\Program Files\Hewlett-Packard\HP SimplePass Identity Protection\EgisNotify.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\windows\system32\Hpservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe

O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

O23 - Service: Portima Middleware Server Engine ASWeb (PortimaMiddlewareServerEngineASWeb) - GamConsult - C:\AnetLP\Assurnet\AW_Common\portima.middleware.server.engine.exe

O23 - Service: Portima Middleware Server Engine AuthProxy (PortimaMiddlewareServerEngineAuthProxy) - GamConsult - C:\AnetLP\Assurnet\AW_Common\portima.middleware.server.engine.exe

O23 - Service: Qualcomm Gobi 2000 Download Service (HP) (QDLService2kHP) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe

O23 - Service: HP Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe

O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe

O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe

--

End of file - 19579 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=iexplore.exe

O4 - HKLM\..\Policies\Explorer\Run: [lytafxhgl] C:\windows\system32\RICHEDK.exe

O4 - Startup: Microsoft Outlook 2010.lnk = ?

O4 - Global Startup: Bluetooth.lnk = ?

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

Beste

alvast dank voor uw interventie. Hierbij de gevraagde logs.

Log Malware

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Databaseversie: v2012.03.09.02

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

sdm :: VDW-PORT-1 [administrator]

09/03/2012 08:51:13

mbam-log-2012-03-09 (08-51-13).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 250176

Verstreken tijd: 10 minuut/minuten, 21 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Log Hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:04:12, on 09/03/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\windows\system32\taskhost.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\windows\system32\Dwm.exe

C:\windows\system32\taskmgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\windows\system32\winver.exe

C:\windows\System32\msiexec.exe

C:\windows\System32\rundll32.exe

C:\HijackThis\HijackThis.exe

C:\windows\system32\NOTEPAD.EXE

C:\windows\system32\spool\DRIVERS\W32X86\3\hpmup094.bin

C:\windows\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage: De Tijd

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 172.31.0.104 HASPROPAD99 #PRE

O1 - Hosts: 172.31.0.72 MAILANET1 #PRE

O1 - Hosts: 172.31.0.73 MAILANET2 #PRE

O1 - Hosts: 172.31.0.74 MAILANET3 #PRE

O1 - Hosts: 172.31.0.80 ESDANET1 #PRE

O1 - Hosts: 172.31.0.81 ESDANET2 #PRE

O1 - Hosts: 172.31.0.82 ESDANET3 #PRE

O1 - Hosts: 172.31.0.146 HASPROTAR01 #PRE

O1 - Hosts: 172.31.0.121 HTSASWAN1 #PRE

O1 - Hosts: 172.31.243.198 RB_TEMPO

O1 - Hosts: 212.79.87.30 HASPROCES01

O1 - Hosts: 212.79.87.30 pop.portima.be

O1 - Hosts: 212.79.84.49 HASPROPAR04 #PRE

O1 - Hosts: 212.79.84.50 HASPROPAR03 #PRE

O1 - Hosts: 212.79.87.140 HASPROXY

O1 - Hosts: 212.79.84.63 Ben.portima.be

O1 - Hosts: 212.79.84.63 E-support.portima.be

O1 - Hosts: 212.79.84.37 prod.asweb.portima.be

O1 - Hosts: 212.79.93.10 my.nateus.nateusgroep.portima

O1 - Hosts: 212.79.93.10 pro.nateus.nateusgroep.portima

O1 - Hosts: 212.79.93.10 login.nateusgroep.portima

O1 - Hosts: 212.79.93.10 loans.nateus.nateusgroep.portima

O1 - Hosts: 212.79.94.41 www.front-office.rp.axa.portima

O1 - Hosts: 212.79.94.41 www.front-office.axa.be

O1 - Hosts: 212.79.94.41 www.phoenixiard.rp.axa.portima

O1 - Hosts: 212.79.94.52 fws.axa.be

O1 - Hosts: 212.79.94.41 www.fe.axa.be

O1 - Hosts: 212.79.93.10 my.audi.nateusgroep.portima

O1 - Hosts: 212.79.93.10 pro.audi.nateusgroep.portima

O1 - Hosts: 212.79.93.10 pro.nateus.be

O1 - Hosts: 212.79.93.10 login.nateus.be

O1 - Hosts: 212.79.94.36 www.efl.axa.be

O1 - Hosts: 212.79.87.152 smtp.portima.be

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [HP Connection Manager.exe] "C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe"

O4 - HKLM\..\Run: [PTNMWND] "C:\Program Files\Brother\ES Status Monitor\ptnmwnd.exe" Brother QL-580N /AUTORUN

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [isaKbcCertUpdate] C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe

O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden

O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"

O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d

O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe

O4 - HKCU\..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

O4 - HKCU\..\Run: [spotify] "C:\Users\sdm\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: CRMDocumentPreview - Snelkoppeling.lnk = C:\Program Files\crm\insusoft\docpreview\CRMDocumentPreview.exe

O4 - Startup: Dropbox.lnk = C:\Users\sdm\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Insusoft.lnk = C:\Program Files\crm\insusoft\Insusoft.exe

O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: ASWeb.lnk = C:\AnetLP\Assurnet\AsWeb\AsWebNotifier.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.agf.assurnet

O15 - Trusted Zone: http://www.agf2.assurnet

O15 - Trusted Zone: http://*.aginsurance.portima

O15 - Trusted Zone: http://*.allianz.assurnet

O15 - Trusted Zone: http://www.allianz2.assurnet

O15 - Trusted Zone: http://*.allianz2.assurnet

O15 - Trusted Zone: http://*.aragb2b.be

O15 - Trusted Zone: http://*.avero.be

O15 - Trusted Zone: http://*.axa.be

O15 - Trusted Zone: http://*.axa.portima

O15 - Trusted Zone: http://demo.brio.be

O15 - Trusted Zone: http://*.brio.be

O15 - Trusted Zone: http://*.brioplus.be

O15 - Trusted Zone: http://*.das.be

O15 - Trusted Zone: http://*.feprabel.be

O15 - Trusted Zone: http://*.fortisag.assurnet

O15 - Trusted Zone: http://*.foyer.lu

O15 - Trusted Zone: http://*.nateus.be

O15 - Trusted Zone: http://*.nateusgroep.portima

O15 - Trusted Zone: http://*.port-e-key.be

O15 - Trusted Zone: http://*.portigate.be

O15 - Trusted Zone: http://briotraining.portima.be

O15 - Trusted Zone: http://*.portima.be

O15 - Trusted Zone: http://*.portima.com

O15 - Trusted Zone: http://www.prolinknet.assurnet

O15 - Trusted Zone: http://*.vivium.be

O15 - Trusted Zone: http://*.vivium.portima

O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM)

O15 - Trusted Zone: CBC (HKLM)

O15 - Trusted Zone: Welcome to Isabel (HKLM)

O15 - Trusted Zone: http://upgrade.isabel.eu (HKLM)

O15 - Trusted Zone: Welcome to Isabel (HKLM)

O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM)

O15 - Trusted Zone: KBC (HKLM)

O15 - Trusted Zone: KBC Asset Management (HKLM)

O15 - Trusted Zone: http://www.kbcam.com (HKLM)

O15 - Trusted Zone: KBC Merchant Banking (HKLM)

O15 - Trusted Zone: KBC Merchant Banking (HKLM)

O16 - DPF: Mercator.Portal.CA.Client.CAB - https://registratie.mercator.be/Mercator.Portal.CA.Client.CAB

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://srvvdw:4343/officescan/console/ClientInstall/WinNTChk.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://srvvdw:4343/officescan/console/ClientInstall/setup.cab

O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab

O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} (Encrypt Class) - https://srvvdw:4343/SMB/console/html/root/AtxEnc.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Vandewalle.local

O17 - HKLM\Software\..\Telephony: DomainName = Vandewalle.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Vandewalle.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Vandewalle.local

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Vandewalle.local

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: EgisNotify - C:\Program Files\Hewlett-Packard\HP SimplePass Identity Protection\EgisNotify.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\windows\system32\Hpservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe

O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

O23 - Service: Portima Middleware Server Engine ASWeb (PortimaMiddlewareServerEngineASWeb) - GamConsult - C:\AnetLP\Assurnet\AW_Common\portima.middleware.server.engine.exe

O23 - Service: Portima Middleware Server Engine AuthProxy (PortimaMiddlewareServerEngineAuthProxy) - GamConsult - C:\AnetLP\Assurnet\AW_Common\portima.middleware.server.engine.exe

O23 - Service: Qualcomm Gobi 2000 Download Service (HP) (QDLService2kHP) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe

O23 - Service: HP Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe

O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe

O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe

--

End of file - 19455 bytes

Link naar reactie
Delen op andere sites

Prima, zo ... dan gaan we nog even de restjes van de besmetting opruimen :

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit

  • via Start -> Configuratiescherm -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  • Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  • Klik op "Toepassen" en "OK".
  • Herstart nu de PC.

Indien dit allemaal probleemloos verlopen is, mag je hieronder definitief op "markeer als opgelost" tokkelen !

aangepast door kape
Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.