sdm
-
Items
5 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door sdm
-
-
Beste,
PC is op een paar dagen tijd heel traag geworden.
Diverse antivirussen gedraaid, één en ander verwijderd, hij blijft traag.
Kan u de HijackLog eens bekijken? Alvast bedankt.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:48:47, on 13/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
F:\drivers\Spyware\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vdwalle.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 172.31.243.198 RB_TEMPO
O1 - Hosts: 212.79.93.10 my.nateus.nateusgroep.portima
O1 - Hosts: 212.79.93.10 pro.nateus.nateusgroep.portima
O1 - Hosts: 212.79.93.10 login.nateusgroep.portima
O1 - Hosts: 212.79.93.10 loans.nateus.nateusgroep.portima
O1 - Hosts: 212.79.94.52 fws.axa.be
O1 - Hosts: 212.79.94.41 www.fe.axa.be
O1 - Hosts: 212.79.93.10 my.audi.nateusgroep.portima
O1 - Hosts: 212.79.93.10 pro.audi.nateusgroep.portima
O1 - Hosts: 212.79.94.193 Webfs2.agf.be
O1 - Hosts: 212.79.94.194 hydrafs2.agf.be
O1 - Hosts: 212.79.93.10 pro.nateus.be
O1 - Hosts: 212.79.93.10 login.nateus.be
O1 - Hosts: 212.79.94.41 www.front-office.rp.axa.portima
O1 - Hosts: 212.79.94.41 www.front-office.axa.be
O1 - Hosts: 212.79.94.41 www.phoenixiard.rp.axa.portima
O1 - Hosts: 212.79.94.36 www.efl.axa.be
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ASP] "C:\ProgramData\f5730f\AntivirusSP.exe" /s
O4 - Global Startup: ASWeb.lnk = C:\AnetLP\Assurnet\AsWeb\AsWebNotifier.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.agf.assurnet
O15 - Trusted Zone: http://www.agf2.assurnet
O15 - Trusted Zone: http://*.aginsurance.portima
O15 - Trusted Zone: http://*.allianz.assurnet
O15 - Trusted Zone: http://www.allianz2.assurnet
O15 - Trusted Zone: http://*.allianz2.assurnet
O15 - Trusted Zone: http://*.aragb2b.be
O15 - Trusted Zone: http://*.avero.be
O15 - Trusted Zone: http://*.axa.be
O15 - Trusted Zone: http://*.axa.portima
O15 - Trusted Zone: http://demo.brio.be
O15 - Trusted Zone: http://*.brio.be
O15 - Trusted Zone: http://*.brioplus.be
O15 - Trusted Zone: http://*.das.be
O15 - Trusted Zone: http://*.feprabel.be
O15 - Trusted Zone: http://*.fortisag.assurnet
O15 - Trusted Zone: http://*.foyer.lu
O15 - Trusted Zone: http://*.nateus.be
O15 - Trusted Zone: http://*.nateusgroep.portima
O15 - Trusted Zone: http://*.port-e-key.be
O15 - Trusted Zone: http://*.portigate.be
O15 - Trusted Zone: http://briotraining.portima.be
O15 - Trusted Zone: http://*.portima.be
O15 - Trusted Zone: http://*.portima.com
O15 - Trusted Zone: http://www.prolinknet.assurnet
O15 - Trusted Zone: http://*.vivium.be
O15 - Trusted Zone: http://*.vivium.portima
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: Mercator.Portal.CA.Client.CAB - https://registratie.mercator.be/Mercator.Portal.CA.Client.CAB
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://srvvdw.vandewalle.local:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://srvvdw.vandewalle.local:4343/officescan/console/ClientInstall/setup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Vandewalle.local
O17 - HKLM\Software\..\Telephony: DomainName = Vandewalle.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Vandewalle.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Vandewalle.local
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Portima Middleware Server Engine ASWeb (PortimaMiddlewareServerEngineASWeb) - GamConsult - C:\AnetLP\Assurnet\AW_Common\portima.middleware.server.engine.exe
O23 - Service: Portima Middleware Server Engine AuthProxy (PortimaMiddlewareServerEngineAuthProxy) - GamConsult - C:\AnetLP\Assurnet\AW_Common\portima.middleware.server.engine.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
--
End of file - 9101 bytes
-
Beste,
het lijkt allemaal opgelost.
Hartelijk dank!
-
Beste
alvast dank voor uw interventie. Hierbij de gevraagde logs.
Log Malware
Malwarebytes Anti-Malware 1.60.1.1000
Databaseversie: v2012.03.09.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
sdm :: VDW-PORT-1 [administrator]
09/03/2012 08:51:13
mbam-log-2012-03-09 (08-51-13).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 250176
Verstreken tijd: 10 minuut/minuten, 21 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Log Hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:04:12, on 09/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\winver.exe
C:\windows\System32\msiexec.exe
C:\windows\System32\rundll32.exe
C:\HijackThis\HijackThis.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\spool\DRIVERS\W32X86\3\hpmup094.bin
C:\windows\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage: De Tijd
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 172.31.0.104 HASPROPAD99 #PRE
O1 - Hosts: 172.31.0.72 MAILANET1 #PRE
O1 - Hosts: 172.31.0.73 MAILANET2 #PRE
O1 - Hosts: 172.31.0.74 MAILANET3 #PRE
O1 - Hosts: 172.31.0.80 ESDANET1 #PRE
O1 - Hosts: 172.31.0.81 ESDANET2 #PRE
O1 - Hosts: 172.31.0.82 ESDANET3 #PRE
O1 - Hosts: 172.31.0.146 HASPROTAR01 #PRE
O1 - Hosts: 172.31.0.121 HTSASWAN1 #PRE
O1 - Hosts: 172.31.243.198 RB_TEMPO
O1 - Hosts: 212.79.87.30 HASPROCES01
O1 - Hosts: 212.79.87.30 pop.portima.be
O1 - Hosts: 212.79.84.49 HASPROPAR04 #PRE
O1 - Hosts: 212.79.84.50 HASPROPAR03 #PRE
O1 - Hosts: 212.79.87.140 HASPROXY
O1 - Hosts: 212.79.84.63 Ben.portima.be
O1 - Hosts: 212.79.84.63 E-support.portima.be
O1 - Hosts: 212.79.84.37 prod.asweb.portima.be
O1 - Hosts: 212.79.93.10 my.nateus.nateusgroep.portima
O1 - Hosts: 212.79.93.10 pro.nateus.nateusgroep.portima
O1 - Hosts: 212.79.93.10 login.nateusgroep.portima
O1 - Hosts: 212.79.93.10 loans.nateus.nateusgroep.portima
O1 - Hosts: 212.79.94.41 www.front-office.rp.axa.portima
O1 - Hosts: 212.79.94.41 www.front-office.axa.be
O1 - Hosts: 212.79.94.41 www.phoenixiard.rp.axa.portima
O1 - Hosts: 212.79.94.52 fws.axa.be
O1 - Hosts: 212.79.94.41 www.fe.axa.be
O1 - Hosts: 212.79.93.10 my.audi.nateusgroep.portima
O1 - Hosts: 212.79.93.10 pro.audi.nateusgroep.portima
O1 - Hosts: 212.79.93.10 pro.nateus.be
O1 - Hosts: 212.79.93.10 login.nateus.be
O1 - Hosts: 212.79.94.36 www.efl.axa.be
O1 - Hosts: 212.79.87.152 smtp.portima.be
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [HP Connection Manager.exe] "C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe"
O4 - HKLM\..\Run: [PTNMWND] "C:\Program Files\Brother\ES Status Monitor\ptnmwnd.exe" Brother QL-580N /AUTORUN
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [isaKbcCertUpdate] C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe
O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
O4 - HKCU\..\Run: [spotify] "C:\Users\sdm\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CRMDocumentPreview - Snelkoppeling.lnk = C:\Program Files\crm\insusoft\docpreview\CRMDocumentPreview.exe
O4 - Startup: Dropbox.lnk = C:\Users\sdm\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Insusoft.lnk = C:\Program Files\crm\insusoft\Insusoft.exe
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: ASWeb.lnk = C:\AnetLP\Assurnet\AsWeb\AsWebNotifier.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.agf.assurnet
O15 - Trusted Zone: http://www.agf2.assurnet
O15 - Trusted Zone: http://*.aginsurance.portima
O15 - Trusted Zone: http://*.allianz.assurnet
O15 - Trusted Zone: http://www.allianz2.assurnet
O15 - Trusted Zone: http://*.allianz2.assurnet
O15 - Trusted Zone: http://*.aragb2b.be
O15 - Trusted Zone: http://*.avero.be
O15 - Trusted Zone: http://*.axa.be
O15 - Trusted Zone: http://*.axa.portima
O15 - Trusted Zone: http://demo.brio.be
O15 - Trusted Zone: http://*.brio.be
O15 - Trusted Zone: http://*.brioplus.be
O15 - Trusted Zone: http://*.das.be
O15 - Trusted Zone: http://*.feprabel.be
O15 - Trusted Zone: http://*.fortisag.assurnet
O15 - Trusted Zone: http://*.foyer.lu
O15 - Trusted Zone: http://*.nateus.be
O15 - Trusted Zone: http://*.nateusgroep.portima
O15 - Trusted Zone: http://*.port-e-key.be
O15 - Trusted Zone: http://*.portigate.be
O15 - Trusted Zone: http://briotraining.portima.be
O15 - Trusted Zone: http://*.portima.be
O15 - Trusted Zone: http://*.portima.com
O15 - Trusted Zone: http://www.prolinknet.assurnet
O15 - Trusted Zone: http://*.vivium.be
O15 - Trusted Zone: http://*.vivium.portima
O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM)
O15 - Trusted Zone: CBC (HKLM)
O15 - Trusted Zone: Welcome to Isabel (HKLM)
O15 - Trusted Zone: http://upgrade.isabel.eu (HKLM)
O15 - Trusted Zone: Welcome to Isabel (HKLM)
O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM)
O15 - Trusted Zone: KBC (HKLM)
O15 - Trusted Zone: KBC Asset Management (HKLM)
O15 - Trusted Zone: http://www.kbcam.com (HKLM)
O15 - Trusted Zone: KBC Merchant Banking (HKLM)
O15 - Trusted Zone: KBC Merchant Banking (HKLM)
O16 - DPF: Mercator.Portal.CA.Client.CAB - https://registratie.mercator.be/Mercator.Portal.CA.Client.CAB
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://srvvdw:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://srvvdw:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} (Encrypt Class) - https://srvvdw:4343/SMB/console/html/root/AtxEnc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Vandewalle.local
O17 - HKLM\Software\..\Telephony: DomainName = Vandewalle.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Vandewalle.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Vandewalle.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Vandewalle.local
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: EgisNotify - C:\Program Files\Hewlett-Packard\HP SimplePass Identity Protection\EgisNotify.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\windows\system32\Hpservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Portima Middleware Server Engine ASWeb (PortimaMiddlewareServerEngineASWeb) - GamConsult - C:\AnetLP\Assurnet\AW_Common\portima.middleware.server.engine.exe
O23 - Service: Portima Middleware Server Engine AuthProxy (PortimaMiddlewareServerEngineAuthProxy) - GamConsult - C:\AnetLP\Assurnet\AW_Common\portima.middleware.server.engine.exe
O23 - Service: Qualcomm Gobi 2000 Download Service (HP) (QDLService2kHP) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
O23 - Service: HP Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
--
End of file - 19455 bytes
-
Logfile
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:45:09, on 08/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\winver.exe
C:\windows\System32\msiexec.exe
C:\windows\System32\rundll32.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage: De Tijd
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=iexplore.exe
O1 - Hosts: 172.31.0.104 HASPROPAD99 #PRE
O1 - Hosts: 172.31.0.72 MAILANET1 #PRE
O1 - Hosts: 172.31.0.73 MAILANET2 #PRE
O1 - Hosts: 172.31.0.74 MAILANET3 #PRE
O1 - Hosts: 172.31.0.80 ESDANET1 #PRE
O1 - Hosts: 172.31.0.81 ESDANET2 #PRE
O1 - Hosts: 172.31.0.82 ESDANET3 #PRE
O1 - Hosts: 172.31.0.146 HASPROTAR01 #PRE
O1 - Hosts: 172.31.0.121 HTSASWAN1 #PRE
O1 - Hosts: 172.31.243.198 RB_TEMPO
O1 - Hosts: 212.79.87.30 HASPROCES01
O1 - Hosts: 212.79.87.30 pop.portima.be
O1 - Hosts: 212.79.84.49 HASPROPAR04 #PRE
O1 - Hosts: 212.79.84.50 HASPROPAR03 #PRE
O1 - Hosts: 212.79.87.140 HASPROXY
O1 - Hosts: 212.79.84.63 Ben.portima.be
O1 - Hosts: 212.79.84.63 E-support.portima.be
O1 - Hosts: 212.79.84.37 prod.asweb.portima.be
O1 - Hosts: 212.79.93.10 my.nateus.nateusgroep.portima
O1 - Hosts: 212.79.93.10 pro.nateus.nateusgroep.portima
O1 - Hosts: 212.79.93.10 login.nateusgroep.portima
O1 - Hosts: 212.79.93.10 loans.nateus.nateusgroep.portima
O1 - Hosts: 212.79.94.41 www.front-office.rp.axa.portima
O1 - Hosts: 212.79.94.41 www.front-office.axa.be
O1 - Hosts: 212.79.94.41 www.phoenixiard.rp.axa.portima
O1 - Hosts: 212.79.94.52 fws.axa.be
O1 - Hosts: 212.79.94.41 www.fe.axa.be
O1 - Hosts: 212.79.93.10 my.audi.nateusgroep.portima
O1 - Hosts: 212.79.93.10 pro.audi.nateusgroep.portima
O1 - Hosts: 212.79.93.10 pro.nateus.be
O1 - Hosts: 212.79.93.10 login.nateus.be
O1 - Hosts: 212.79.94.36 www.efl.axa.be
O1 - Hosts: 212.79.87.152 smtp.portima.be
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [HP Connection Manager.exe] "C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe"
O4 - HKLM\..\Run: [PTNMWND] "C:\Program Files\Brother\ES Status Monitor\ptnmwnd.exe" Brother QL-580N /AUTORUN
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [isaKbcCertUpdate] C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe
O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
O4 - HKCU\..\Run: [spotify] "C:\Users\sdm\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKLM\..\Policies\Explorer\Run: [lytafxhgl] C:\windows\system32\RICHEDK.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CRMDocumentPreview - Snelkoppeling.lnk = C:\Program Files\crm\insusoft\docpreview\CRMDocumentPreview.exe
O4 - Startup: Dropbox.lnk = C:\Users\sdm\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Insusoft.lnk = C:\Program Files\crm\insusoft\Insusoft.exe
O4 - Startup: Microsoft Outlook 2010.lnk = ?
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: ASWeb.lnk = C:\AnetLP\Assurnet\AsWeb\AsWebNotifier.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.agf.assurnet
O15 - Trusted Zone: http://www.agf2.assurnet
O15 - Trusted Zone: http://*.aginsurance.portima
O15 - Trusted Zone: http://*.allianz.assurnet
O15 - Trusted Zone: http://www.allianz2.assurnet
O15 - Trusted Zone: http://*.allianz2.assurnet
O15 - Trusted Zone: http://*.aragb2b.be
O15 - Trusted Zone: http://*.avero.be
O15 - Trusted Zone: http://*.axa.be
O15 - Trusted Zone: http://*.axa.portima
O15 - Trusted Zone: http://demo.brio.be
O15 - Trusted Zone: http://*.brio.be
O15 - Trusted Zone: http://*.brioplus.be
O15 - Trusted Zone: http://*.das.be
O15 - Trusted Zone: http://*.feprabel.be
O15 - Trusted Zone: http://*.fortisag.assurnet
O15 - Trusted Zone: http://*.foyer.lu
O15 - Trusted Zone: http://*.nateus.be
O15 - Trusted Zone: http://*.nateusgroep.portima
O15 - Trusted Zone: http://*.port-e-key.be
O15 - Trusted Zone: http://*.portigate.be
O15 - Trusted Zone: http://briotraining.portima.be
O15 - Trusted Zone: http://*.portima.be
O15 - Trusted Zone: http://*.portima.com
O15 - Trusted Zone: http://www.prolinknet.assurnet
O15 - Trusted Zone: http://*.vivium.be
O15 - Trusted Zone: http://*.vivium.portima
O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM)
O15 - Trusted Zone: CBC (HKLM)
O15 - Trusted Zone: Welcome to Isabel (HKLM)
O15 - Trusted Zone: http://upgrade.isabel.eu (HKLM)
O15 - Trusted Zone: Welcome to Isabel (HKLM)
O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM)
O15 - Trusted Zone: KBC (HKLM)
O15 - Trusted Zone: KBC Asset Management (HKLM)
O15 - Trusted Zone: http://www.kbcam.com (HKLM)
O15 - Trusted Zone: KBC Merchant Banking (HKLM)
O15 - Trusted Zone: KBC Merchant Banking (HKLM)
O16 - DPF: Mercator.Portal.CA.Client.CAB - https://registratie.mercator.be/Mercator.Portal.CA.Client.CAB
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://srvvdw:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://srvvdw:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} (Encrypt Class) - https://srvvdw:4343/SMB/console/html/root/AtxEnc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Vandewalle.local
O17 - HKLM\Software\..\Telephony: DomainName = Vandewalle.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Vandewalle.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Vandewalle.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Vandewalle.local
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: EgisNotify - C:\Program Files\Hewlett-Packard\HP SimplePass Identity Protection\EgisNotify.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\windows\system32\Hpservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Portima Middleware Server Engine ASWeb (PortimaMiddlewareServerEngineASWeb) - GamConsult - C:\AnetLP\Assurnet\AW_Common\portima.middleware.server.engine.exe
O23 - Service: Portima Middleware Server Engine AuthProxy (PortimaMiddlewareServerEngineAuthProxy) - GamConsult - C:\AnetLP\Assurnet\AW_Common\portima.middleware.server.engine.exe
O23 - Service: Qualcomm Gobi 2000 Download Service (HP) (QDLService2kHP) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
O23 - Service: HP Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
--
End of file - 19579 bytes
Trage PC
in Archief Windows Algemeen
Geplaatst:
Beste,
PC krijg ik eigenlijk alleen nog deftig (naar snelheid toe) opgestart in veilige modus.
Hierbij de gevraagde logs.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.07.07
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
annick :: VDW-WIN7-2 [limited]
14/03/2012 13:41:18
mbam-log-2012-03-14 (13-41-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 140469
Time elapsed: 1 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 16
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|0 (Security.Hijack) -> Data: msseces.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|1 (Security.Hijack) -> Data: MSASCui.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|2 (Security.Hijack) -> Data: ekrn.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|3 (Security.Hijack) -> Data: egui.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|4 (Security.Hijack) -> Data: avgnt.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|5 (Security.Hijack) -> Data: avcenter.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|6 (Security.Hijack) -> Data: avscan.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|7 (Security.Hijack) -> Data: avgfrw.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|8 (Security.Hijack) -> Data: avgui.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|9 (Security.Hijack) -> Data: avgtray.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|10 (Security.Hijack) -> Data: avgscanx.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|11 (Security.Hijack) -> Data: avgcfgex.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|12 (Security.Hijack) -> Data: avgemc.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|13 (Security.Hijack) -> Data: avgchsvx.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|14 (Security.Hijack) -> Data: avgcmgr.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|15 (Security.Hijack) -> Data: avgwdsvc.exe -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:52:39, on 14/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
F:\drivers\Spyware\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vdwalle.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
O1 - Hosts: 172.31.243.198 RB_TEMPO
O1 - Hosts: 212.79.93.10 my.nateus.nateusgroep.portima
O1 - Hosts: 212.79.93.10 pro.nateus.nateusgroep.portima
O1 - Hosts: 212.79.93.10 login.nateusgroep.portima
O1 - Hosts: 212.79.93.10 loans.nateus.nateusgroep.portima
O1 - Hosts: 212.79.94.52 fws.axa.be
O1 - Hosts: 212.79.94.41 www.fe.axa.be
O1 - Hosts: 212.79.93.10 my.audi.nateusgroep.portima
O1 - Hosts: 212.79.93.10 pro.audi.nateusgroep.portima
O1 - Hosts: 212.79.94.193 Webfs2.agf.be
O1 - Hosts: 212.79.94.194 hydrafs2.agf.be
O1 - Hosts: 212.79.93.10 pro.nateus.be
O1 - Hosts: 212.79.93.10 login.nateus.be
O1 - Hosts: 212.79.94.41 www.front-office.rp.axa.portima
O1 - Hosts: 212.79.94.41 www.front-office.axa.be
O1 - Hosts: 212.79.94.41 www.phoenixiard.rp.axa.portima
O1 - Hosts: 212.79.94.36 www.efl.axa.be
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ASP] "C:\ProgramData\f5730f\AntivirusSP.exe" /s
O4 - Global Startup: ASWeb.lnk = C:\AnetLP\Assurnet\AsWeb\AsWebNotifier.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.agf.assurnet
O15 - Trusted Zone: http://www.agf2.assurnet
O15 - Trusted Zone: http://*.aginsurance.portima
O15 - Trusted Zone: http://*.allianz.assurnet
O15 - Trusted Zone: http://www.allianz2.assurnet
O15 - Trusted Zone: http://*.allianz2.assurnet
O15 - Trusted Zone: http://*.aragb2b.be
O15 - Trusted Zone: http://*.avero.be
O15 - Trusted Zone: http://*.axa.be
O15 - Trusted Zone: http://*.axa.portima
O15 - Trusted Zone: http://demo.brio.be
O15 - Trusted Zone: http://*.brio.be
O15 - Trusted Zone: http://*.brioplus.be
O15 - Trusted Zone: http://*.das.be
O15 - Trusted Zone: http://*.feprabel.be
O15 - Trusted Zone: http://*.fortisag.assurnet
O15 - Trusted Zone: http://*.foyer.lu
O15 - Trusted Zone: http://*.nateus.be
O15 - Trusted Zone: http://*.nateusgroep.portima
O15 - Trusted Zone: http://*.port-e-key.be
O15 - Trusted Zone: http://*.portigate.be
O15 - Trusted Zone: http://briotraining.portima.be
O15 - Trusted Zone: http://*.portima.be
O15 - Trusted Zone: http://*.portima.com
O15 - Trusted Zone: http://www.prolinknet.assurnet
O15 - Trusted Zone: http://*.vivium.be
O15 - Trusted Zone: http://*.vivium.portima
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: Mercator.Portal.CA.Client.CAB - https://registratie.mercator.be/Mercator.Portal.CA.Client.CAB
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://srvvdw.vandewalle.local:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://srvvdw.vandewalle.local:4343/officescan/console/ClientInstall/setup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Vandewalle.local
O17 - HKLM\Software\..\Telephony: DomainName = Vandewalle.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Vandewalle.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Vandewalle.local
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Portima Middleware Server Engine ASWeb (PortimaMiddlewareServerEngineASWeb) - GamConsult - C:\AnetLP\Assurnet\AW_Common\portima.middleware.server.engine.exe
O23 - Service: Portima Middleware Server Engine AuthProxy (PortimaMiddlewareServerEngineAuthProxy) - GamConsult - C:\AnetLP\Assurnet\AW_Common\portima.middleware.server.engine.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
--
End of file - 9051 bytes