Ga naar inhoud

Klaas56

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    8

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Klaas56

  1. Klaas56
    Bedankt voor de goede hulp.
  2. Klaas56
    Avast geinstalleerd Volledige systeemscan uitgevoerd: "Geen bedreiging gevonden" Avast gedeinstalleerd Herstart computer Opnieuw scan gedaan met AVG De Rootkit meldingen zijn nu op wonderbaarlijke wijze verdwenen. Dus het lijkt mij ook dat het probleem nu inderdaad als opgelost kan worden beschouwd.
  3. Klaas56
    Emsisoft Emergency Kit scan uitgevoerd. Melding: Geen verdachte bestanden ontdekt tijdens de scan. Logbestand bijgevoegd Computer herstart AVG scan uitgevoerd Nog steeds rootkit meldingen. Meldingen bijgevoegd Ook uitgevoerd scan Emsisoft Emergency kit HiJackFree Het op het scherm getoonde logbestand toont een aantal rood gemarkeerde regels Deze regels hebben betrekking op AVG en betreft de volgende bestanden. Alle zijn gemarkeerd als zichtbaar "Nee" avgemcx.exe avgidsagent.exe avgnsx.exe avgrsx.exe avgtray.exe avgui.exe Logbestand bijgevoegd Klaas Ridderikhoff Logbestand Emsisoft Emergency Kit: Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 13-10-2012 18:49:07 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 16-10-2012 15:57:02 Gescand 706254 Gevonden 0 Scan geëindigd: 16-10-2012 17:35:15 Scantijd: 1:38:13 AVG Rootkit meldingen: "";"C:\Windows\System32\Drivers\sppb.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortWritePortUchar -> sppb.sys +0x26D2";"Object is verborgen" "";"C:\Windows\System32\Drivers\sppb.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortReadPortUchar -> sppb.sys +0x2040";"Object is verborgen" "";"C:\Windows\System32\Drivers\sppb.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortWritePortBufferUshort -> sppb.sys +0x27FC";"Object is verborgen" "";"C:\Windows\System32\Drivers\sppb.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortReadPortUshort -> sppb.sys +0x20BE";"Object is verborgen" "";"C:\Windows\System32\Drivers\sppb.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortReadPortBufferUshort -> sppb.sys +0x213C";"Object is verborgen" "";"C:\Windows\System32\Drivers\sppb.sys";"Inline koppelpunt ataport.SYS DllUnload -> sppb.sys +0x2F8AE";"Object is verborgen" "";"C:\Windows\System32\Drivers\sppb.sys";"i8042prt.sys, koppelpunt import HAL.dll READ_PORT_UCHAR -> sppb.sys +0x12048";"Object is verborgen" Emsisoft HiJackFree logbestand: Logbestand van HiJackFree v4.5 Scan opgeslagen om 22:16:07, Datum 16-10-2012 Platform: Windows Vista32 Service Pack 2 (Windows NT 6.0.6002) MSIE: Internet Explorer v 9.0 Service Pack 2 (9.0.8112.16421) Lopende processen: C:\Windows\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\System32\csrss.exe C:\Windows\System32\wininit.exe C:\Windows\System32\csrss.exe C:\Windows\System32\services.exe C:\Windows\System32\lsass.exe C:\Windows\System32\lsm.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\SLsvc.exe C:\Windows\System32\svchost.exe C:\Windows\System32\winlogon.exe C:\Windows\System32\svchost.exe C:\Windows\System32\wlanext.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\svchost.exe C:\Program Files\Fingerprint Reader Suite\upeksvr.exe C:\Windows\System32\AEstSrv.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Windows\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Planisware\Planisware Application Server\basis\OPX2Connect\opx2connect.exe C:\Program Files\Planisware\Planisware Application Server\basis\OPX2HTTPServer\bin\httpd.exe C:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE C:\Program Files\Planisware\Planisware Application Server\basis\OPX2HTTPServer\bin\httpd.exe C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Windows\System32\stacsv.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Windows\System32\svchost.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\Windows\System32\vmnat.exe C:\Windows\System32\svchost.exe C:\Windows\System32\SearchIndexer.exe C:\Windows\System32\vmnetdhcp.exe C:\Program Files\VMware\VMware Player\vmware-authd.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\taskeng.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\System32\taskeng.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Windows\System32\dwm.exe C:\Windows\explorer.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\OEM02Mon.exe C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\VMware\VMware Player\hqtray.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\ApntEx.exe C:\Program Files\DellTPad\hidfind.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Nuance\PaperPort\pptd40nt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE C:\Windows\System32\spool\drivers\w32x86\3\CNAC9SWK.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Fingerprint Reader Suite\psqltray.exe C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\MyTomTom 3\MyTomTomSA.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\wbem\WmiPrvSE.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe C:\Windows\System32\svchost.exe C:\Program Files\AVG\AVG2012\avgui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Klaas\Desktop\EmsisoftEmergencyKit\start.exe C:\Install\Capture C:\Users\Klaas\Desktop\EmsisoftEmergencyKit\Run\a2HiJackFree.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Standaard) = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKLM\..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe O4 - HKLM\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O7 - Regedit - Ingeschakeld O8 - Extra contextmenu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra contextmenu item: Openen in PDF Viewer Plus - res://C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm O8 - Extra contextmenu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra contextmenu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBAR.ICO O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico O9 - Extra "Tools" menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico O14 - IERESET.INF: SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm O14 - IERESET.INF: CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm O15 - Vertrouwde Zone: http://wiki.intus.nl O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} (Cisco SSL VPN Relay Loader) - https://vpn1.prvlimburg.nl/+CSCOL+/csvrloader32.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} (CSD ActiveX Installer) - https://vpn1.prvlimburg.nl/CACHE/sdesktop/install/binaries/instweb.cab O20 - Winlogon Notify: psfus - C:\Windows\system32\psqlpwd.dll O21 - ShellServiceObjectDelayLoad: WebCheck - O22 - SharedTaskScheduler: Component Categories cache daemon - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Application Experience-service - C:\Windows\system32\svchost.exe O23 - Service: Andrea ST Filters Service - C:\Windows\system32\aestsrv.exe O23 - Service: Application Layer Gateway-service - C:\Windows\System32\alg.exe O23 - Service: Application Information-service - C:\Windows\system32\svchost.exe O23 - Service: Windows Audio-service - C:\Windows\System32\svchost.exe O23 - Service: Windows Audio-service - C:\Windows\System32\svchost.exe O23 - Service: AVGIDSAgent - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Background Intelligent Transfer Service - C:\Windows\System32\svchost.exe O23 - Service: DLL-bestand voor Computer Browser-service - C:\Windows\system32\svchost.exe O23 - Service: Bluetooth Support-service - C:\Windows\system32\svchost.exe O23 - Service: Microsoft Smartcard Certificate Propagation-service - C:\Windows\system32\svchost.exe O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe O23 - Service: COMSysApp - C:\Windows\system32\dllhost.exe O23 - Service: Cryptografische services - C:\Windows\system32\svchost.exe O23 - Service: DFSR - C:\Windows\system32\DFSR.exe O23 - Service: DHCP Client-service - C:\Windows\system32\svchost.exe O23 - Service: API DLL van DNS Client - C:\Windows\system32\svchost.exe O23 - Service: Wired AutoConfig-service - C:\Windows\system32\svchost.exe O23 - Service: Microsoft EAPHost-service - C:\Windows\System32\svchost.exe O23 - Service: Windows Media Center Receiver-service - C:\Windows\ehome\ehRecvr.exe O23 - Service: Windows Media Center Scheduler-service - C:\Windows\ehome\ehsched.exe O23 - Service: Windows Media Center Service Launcher - C:\Windows\\system32\svchost.exe O23 - Service: ReadyBoost-service - C:\Windows\system32\svchost.exe O23 - Service: Event Logging-service - C:\Windows\System32\svchost.exe O23 - Service: EventSystem - C:\Windows\system32\svchost.exe O23 - Service: Intel® PROSet/Wireless Event Log - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: WS Discovery-service - C:\Windows\system32\svchost.exe O23 - Service: Function Discovery Resource Publication-service - C:\Windows\system32\svchost.exe O23 - Service: Windows Font Cache-service - C:\Windows\system32\svchost.exe O23 - Service: Windows Presentation Foundation-host - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe O23 - Service: Google Update Service (gupdate1c8f0be5291664b) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HID-service - C:\Windows\system32\svchost.exe O23 - Service: Sleutelbeheerservice - C:\Windows\System32\svchost.exe O23 - Service: Intel® Matrix Storage Event Monitor - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe O23 - Service: IKE-extensie - C:\Windows\system32\svchost.exe O23 - Service: DLL voor PnP-X IP Bus Enumerator - C:\Windows\system32\svchost.exe O23 - Service: Service die IPv6-connectiviteit via een IPv4-netwerk biedt. - C:\Windows\System32\svchost.exe O23 - Service: KeyIso - C:\Windows\system32\lsass.exe O23 - Service: KtmRm - C:\Windows\System32\svchost.exe O23 - Service: DLL-bestand voor Server-service - C:\Windows\system32\svchost.exe O23 - Service: DLL-bestand voor Workstation-service - C:\Windows\System32\svchost.exe O23 - Service: Bronnen voor verkennen van Link-layer - C:\Windows\System32\svchost.exe O23 - Service: DLL-bestand voor TCPIP NetBios Transport Services - C:\Windows\system32\svchost.exe O23 - Service: Media Center-bronnen - C:\Windows\system32\svchost.exe O23 - Service: Multimedia Class Scheduler-service - C:\Windows\system32\svchost.exe O23 - Service: Mozilla Maintenance Service - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: API van Windows Firewall - C:\Windows\system32\svchost.exe O23 - Service: MSDTC - C:\Windows\System32\msdtc.exe O23 - Service: API voor iSCSI-ontdekking - C:\Windows\system32\svchost.exe O23 - Service: Internationale berichten van Windows® Installer - C:\Windows\system32\msiexec.exe O23 - Service: Quarantine Agent Service Run-Time - C:\Windows\System32\svchost.exe O23 - Service: Dll-bestand voor NetLogon-services - C:\Windows\system32\lsass.exe O23 - Service: Netwerkverbindingsbeheer - C:\Windows\System32\svchost.exe O23 - Service: Gebruikersinterface van beheer van netwerkprofiel - C:\Windows\System32\svchost.exe O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe O23 - Service: Network Location Awareness 2 - C:\Windows\System32\svchost.exe O23 - Service: Network Store Interface RPC-server - C:\Windows\system32\svchost.exe O23 - Service: Microsoft Office Diagnostics Service - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE O23 - Service: OPX2Connectbasis - C:\Program Files\Planisware\Planisware Application Server\basis\OPX2Connect\OPX2Connect.exe O23 - Service: OPX2HTTPServerbasis - C:\Program Files\Planisware\Planisware Application Server\basis\OPX2HTTPServer\bin\httpd.exe O23 - Service: OPX2IntranetServerdemo - C:\Program Files\Planisware\Planisware Application Server\demo\OPX2Modules\startintranet.exe O23 - Service: OPX2IntranetServerMOBWEG5_218 - C:\Program Files\Planisware\Planisware Application Server\MOBWEG5_218\OPX2Modules\startintranet.exe O23 - Service: OPX2IntranetServersp2_1 - C:\Program Files\Planisware\Planisware Application Server\sp2_1\OPX2Modules\startintranet.exe O23 - Service: OracleJobSchedulerXE - c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe O23 - Service: OracleMTSRecoveryService - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXETNSListener - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: Office Source Engine - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE O23 - Service: Peer-to-Peer-services - C:\Windows\System32\svchost.exe O23 - Service: Peer-to-Peer-services - C:\Windows\System32\svchost.exe O23 - Service: Program Compatibility Assistant-service - C:\Windows\system32\svchost.exe O23 - Service: PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver - c:\program files\dell support center\pcdsrvc.pkms O23 - Service: PDFProFiltSrvPP - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe O23 - Service: Prestatielogboeken en signalen - C:\Windows\System32\svchost.exe O23 - Service: Plug en Play-service in gebruikersmodus - C:\Windows\system32\svchost.exe O23 - Service: Peer-to-Peer-services - C:\Windows\System32\svchost.exe O23 - Service: Peer-to-Peer-services - C:\Windows\System32\svchost.exe O23 - Service: DLL-beleidsarchiefbestand - C:\Windows\system32\svchost.exe O23 - Service: Userenv - C:\Windows\system32\svchost.exe O23 - Service: Standaardprovider van Beveiligde opslag - C:\Windows\system32\lsass.exe O23 - Service: Windows NT - C:\Windows\\system32\svchost.exe O23 - Service: Beheer van automatisch inbellen van Externe toegang - C:\Windows\system32\svchost.exe O23 - Service: Verbindingsbeheer voor RAS - C:\Windows\system32\svchost.exe O23 - Service: Dynamisch interfacebeheer - C:\Windows\system32\svchost.exe O23 - Service: RemoteRegistry - C:\Windows\system32\svchost.exe O23 - Service: Rpc Locator - C:\Windows\system32\locator.exe O23 - Service: Smartcard-bronbeheerserver - C:\Windows\system32\svchost.exe O23 - Service: Task Scheduler-service - C:\Windows\System32\svchost.exe O23 - Service: Microsoft Smartcard Certificate Propagation-service - C:\Windows\system32\svchost.exe O23 - Service: Microsoft® Windows Back-up-service - C:\Windows\system32\svchost.exe O23 - Service: System Event Notification-service (SENS) - C:\Windows\system32\svchost.exe O23 - Service: ServiceLayer - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Terminal Services Configuration-service - C:\Windows\System32\svchost.exe O23 - Service: Helper-onderdelen voor Microsoft NAT - C:\Windows\System32\svchost.exe O23 - Service: DLL-bestand voor Windows Shell Services - C:\Windows\System32\svchost.exe O23 - Service: Skype Updater - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Microsoft Software Licensing Service - C:\Windows\system32\SLsvc.exe O23 - Service: Gebruikersinterface van kennisgevingsservice van softwarelicenties - C:\Windows\system32\svchost.exe O23 - Service: SNMP Trap - C:\Windows\System32\snmptrap.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: DLL-bestand voor SSDP-service - C:\Windows\system32\svchost.exe O23 - Service: Maakt het gebruik van SSTP (Secure Socket Tunneling Protocol) mogelijk om verbinding te maken met externe computers (via VPN). - C:\Windows\system32\svchost.exe O23 - Service: SigmaTel Audio Service - C:\Windows\system32\STacSV.exe O23 - Service: Still Image-apparatenservice - C:\Windows\system32\svchost.exe O23 - Service: stllssvr - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Microsoft®-softwareleverancier voor Volume Shadow Copy-service - C:\Windows\System32\svchost.exe O23 - Service: Host voor Superfetch-service - C:\Windows\system32\svchost.exe O23 - Service: Microsoft Tablet PC Input Service - C:\Windows\System32\svchost.exe O23 - Service: Microsoft® Windows Telefoonserver - C:\Windows\System32\svchost.exe O23 - Service: TBS-service - C:\Windows\System32\svchost.exe O23 - Service: TeamViewer 6 - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: Beheer van externe verbindingen via Terminal Server - C:\Windows\System32\svchost.exe O23 - Service: DLL-bestand voor Windows Shell Services - C:\Windows\System32\svchost.exe O23 - Service: Multimedia Class Scheduler-service - C:\Windows\system32\svchost.exe O23 - Service: TomTomHOMEService - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Detectie van interactieve services - C:\Windows\system32\UI0Detect.exe O23 - Service: UPnP-apparaathost - C:\Windows\system32\svchost.exe O23 - Service: Beheer van bureaubladvensters - C:\Windows\System32\svchost.exe O23 - Service: Virtual Disk-service - C:\Windows\System32\vds.exe O23 - Service: VMware Authorization Service - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - C:\Windows\system32\vmnat.exe O23 - Service: Microsoft® Volume Shadow Copy-service - C:\Windows\system32\vssvc.exe O23 - Service: Windows Time-service - C:\Windows\system32\svchost.exe O23 - Service: Windows Connect Now - Config Registrar-service - C:\Windows\System32\svchost.exe O23 - Service: WcsPlugInService DLL - C:\Windows\system32\svchost.exe O23 - Service: Dll-bestand voor Web DAV-service - C:\Windows\system32\svchost.exe O23 - Service: Event Collector-service - C:\Windows\system32\svchost.exe O23 - Service: Probleemrapporten en oplossingen - C:\Windows\System32\svchost.exe O23 - Service: Windows Error Reporting-service - C:\Windows\System32\svchost.exe O23 - Service: Windows Defender - C:\Windows\System32\svchost.exe O23 - Service: Windows HTTP-services - C:\Windows\system32\svchost.exe O23 - Service: WMI - C:\Windows\system32\svchost.exe O23 - Service: WSMan Service - C:\Windows\System32\svchost.exe O23 - Service: DLL-bestand van Windows WLAN AutoConfig-service - C:\Windows\system32\svchost.exe O23 - Service: WMI Performance Reverse Adapter - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: Windows Media Player Network Sharing-service - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: WPC Filtering-service - C:\Windows\system32\svchost.exe O23 - Service: Inventarisatie van draagbare apparaat - C:\Windows\system32\svchost.exe O23 - Service: Windows Security Center-service - C:\Windows\System32\svchost.exe O23 - Service: Indexeerfunctie van Microsoft Windows Search - C:\Windows\system32\SearchIndexer.exe O23 - Service: Windows Update-agent - C:\Windows\system32\svchost.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework-service - C:\Windows\system32\svchost.exe
  4. Klaas56
    Het bestand spop.sys, zoals gemeld in de AVG scan komt niet voor in de map C:\Windows\System32\Drivers\ Ik zie dat de bestandsnamen in de AVG log steeds veranderen. Wanneer ik de AVG scans in deze correspondentie naloop dan zie ik achtereenvolgens genoemd, de bestanden: spjj.sys spjz.sys spop.sys Nu zie alleen de volgende, vergelijkbare bestanden (beginnend met "sp"): spsys.sys sptd.sys spldr.sys Scan met Jotti op deze bestanden geeft de volgende resultaten: spsys.sys: geen problemen gevonden sptd.sys: is in gebruik; kan niet worden gescand (ik zie alleen niet in welk programma het dan wordt gebruikt, er staat verder niets open spldr.sys: geen problemen gevonden. Klaas Ridderikhoff
  5. Klaas56
    Ja, de rootkit meldingen zijn nog steeds aanwezxig in AVG Zie hieronder Klaas Ridderikhoff AVG-meldingen: "";"C:\Windows\System32\Drivers\spop.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortWritePortUchar -> spop.sys +0x26D2";"Object is verborgen" "";"C:\Windows\System32\Drivers\spop.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortReadPortUchar -> spop.sys +0x2040";"Object is verborgen" "";"C:\Windows\System32\Drivers\spop.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortWritePortBufferUshort -> spop.sys +0x27FC";"Object is verborgen" "";"C:\Windows\System32\Drivers\spop.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortReadPortUshort -> spop.sys +0x20BE";"Object is verborgen" "";"C:\Windows\System32\Drivers\spop.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortReadPortBufferUshort -> spop.sys +0x213C";"Object is verborgen" "";"C:\Windows\System32\Drivers\spop.sys";"Inline koppelpunt ataport.SYS DllUnload -> spop.sys +0x2F8AE";"Object is verborgen" "";"C:\Windows\System32\Drivers\spop.sys";"i8042prt.sys, koppelpunt import HAL.dll READ_PORT_UCHAR -> spop.sys +0x12048";"Object is verborgen"
  6. Klaas56
    Bijgevoegd het logbestand van Combofix. Klaas Ridderikhoff Logbestand Combofix: ComboFix 12-10-14.03 - Klaas 14-10-2012 23:31:13.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3581.2011 [GMT 2:00] Gestart vanuit: c:\users\Klaas\Desktop\ComboFix.exe AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Klaas\AppData\Local\Microsoft\Windows\Temporary Internet Files\ab_1D5F.tmp c:\users\Klaas\AppData\Local\Microsoft\Windows\Temporary Internet Files\simpleadblock.msi . . (((((((((((((((((((( Bestanden Gemaakt van 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))) . . 2012-10-14 22:01 . 2012-10-14 22:14 -------- d-----w- c:\users\Klaas\AppData\Local\temp 2012-10-14 22:01 . 2012-10-14 22:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-14 11:22 . 2012-10-14 11:22 -------- d-----w- c:\users\Klaas\AppData\Roaming\Malwarebytes 2012-10-14 11:21 . 2012-10-14 11:21 -------- d-----w- c:\programdata\Malwarebytes 2012-10-14 11:21 . 2012-10-14 11:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-14 11:21 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-14 10:46 . 2012-10-14 21:27 -------- d-----w- C:\Virusbestrijding 2012-10-13 20:19 . 2012-10-13 20:19 388096 ----a-r- c:\users\Klaas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-10-13 20:19 . 2012-10-13 20:19 -------- d-----w- c:\program files\Trend Micro 2012-10-10 07:09 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 07:09 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 07:09 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 07:09 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 07:09 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 07:09 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-10 07:09 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-08 09:03 . 2012-10-08 09:04 -------- d-----w- C:\PW5_EXPLORER 2012-09-29 11:30 . 2012-09-29 11:30 -------- d-----w- c:\program files\Common Files\Simple Adblock 2012-09-22 15:27 . 2012-08-24 06:51 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-09-22 15:27 . 2012-08-24 06:53 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-09-22 15:15 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-22 13:10 . 2012-08-24 06:48 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-09-22 13:10 . 2012-08-24 06:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-09-22 13:10 . 2012-08-24 06:49 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-09-22 13:10 . 2012-08-24 06:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-09-22 12:57 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-09-22 12:57 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-09-22 12:57 . 2012-08-24 07:34 748680 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2012-09-22 12:57 . 2012-08-24 06:59 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-09-22 12:57 . 2012-08-24 06:52 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2012-09-19 07:14 . 2012-09-19 07:14 -------- d-----w- c:\users\Klaas\AppData\Local\Macromedia . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-11 09:30 . 2012-10-11 09:30 2869301 ----a-w- C:\Intus_5.2.4.94_Updates.zip 2012-10-11 08:53 . 2012-10-11 08:53 247800 ----a-w- C:\intranet-2012-10-11-16400.zip 2012-10-09 12:27 . 2012-03-30 12:34 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 12:27 . 2011-05-18 20:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-24 13:43 . 2012-08-24 13:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-07-26 01:21 . 2012-07-26 01:21 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2008-12-17 09:58 . 2008-06-30 07:28 454656 ----a-w- c:\program files\putty.exe 2012-09-13 11:31 . 2011-04-01 07:53 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768] "MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864] "PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-04-09 166432] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-09 13515296] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-09 92704] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-04-09 92704] "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-05-15 55856] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2008-09-05 406944] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368] "PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984] "PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CleanupNortelVPN.bat [2011-11-9 923] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280] NewShortcut1.lnk - c:\program files\Planisware\Planisware Application Server\sp2_1\OPX2Modules\bin\dispatch.exe [2012-2-28 102447] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "DisableCAD"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-04-16 22:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Klaas\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:27] . 2012-10-13 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-28 07:29] . 2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-28 06:00] . 2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-28 06:00] . 2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2369209473-2982782404-3643323082-1010Core.job - c:\users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22 07:12] . 2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2369209473-2982782404-3643323082-1010UA.job - c:\users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22 07:12] . . ------- Bijkomende Scan ------- . uStart Page = about:blank IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Openen in PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: intus.nl\wiki TCP: DhcpNameServer = 192.168.1.254 DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn1.prvlimburg.nl/+CSCOL+/csvrloader32.cab DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} - hxxps://vpn1.prvlimburg.nl/CACHE/sdesktop/install/binaries/instweb.cab FF - ProfilePath - c:\users\Klaas\AppData\Roaming\Mozilla\Firefox\Profiles\6fqr777b.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4da6f619&i=23&tp=ab&nt=1&q= FF - ExtSQL: 2012-08-31 09:02; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\program files\AVG\AVG2012\Firefox\DoNotTrack FF - ExtSQL: 2012-09-08 18:01; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: !HIDDEN! 2009-08-28 00:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe AddRemove-{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995} - c:\program files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe AddRemove-{65D0C510-D7B6-4438-9FC8-E6B91115AB0D} - c:\program files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe AddRemove-{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745} - c:\program files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-10-15 00:14 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'lsass.exe'(1044) c:\windows\system32\psqlpwd.dll c:\program files\Fingerprint Reader Suite\homefus2.dll c:\program files\Fingerprint Reader Suite\infra.dll c:\program files\Fingerprint Reader Suite\remote.dll . Voltooingstijd: 2012-10-15 00:18:18 ComboFix-quarantined-files.txt 2012-10-14 22:18 . Pre-Run: 81.822.404.608 bytes beschikbaar Post-Run: 98.072.768.512 bytes beschikbaar . - - End Of File - - 342DD80DB406983E86CBE12D031D6D86
  7. Klaas56
    De Malwarebytes scan uitgevoerd; logbestand bijgevoegd Herstart computer Scan HiJackIt uitgevoerd; logbestand bijgevoegd Scan AVG uitgevoerd; rootkit meldingen zijn nog aanwezig; meldingen bijgevoegd. Klaas Ridderikhoff logbestand malwarebytes: Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.0.1400 www.malwarebytes.org Databaseversie: v2012.10.14.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Klaas :: LAPTOP_KR [administrator] Realtime bescherming: Ingeschakeld 14-10-2012 13:38:27 mbam-log-2012-10-14 (13-38-27).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 519267 Verstreken tijd: 2 uur/uren, 12 minuut/minuten, 54 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 1 HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logbestand HiJackIt: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:21:25, on 14-10-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\OEM02Mon.exe C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\VMware\VMware Player\hqtray.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Fingerprint Reader Suite\psqltray.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Nuance\PaperPort\pptd40nt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAC9SWK.EXE C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\MyTomTom 3\MyTomTomSA.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\ehome\ehmsas.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\AVG\AVG2012\avgui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: CleanupNortelVPN.bat O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NewShortcut1.lnk = ? O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Openen in PDF Viewer Plus - res://C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://wiki.intus.nl O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} (Cisco SSL VPN Relay Loader) - https://vpn1.prvlimburg.nl/+CSCOL+/csvrloader32.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} (CSD ActiveX Installer) - https://vpn1.prvlimburg.nl/CACHE/sdesktop/install/binaries/instweb.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate1c8f0be5291664b) (gupdate1c8f0be5291664b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: OPX2Connectbasis - Planisware - C:\Program Files\Planisware\Planisware Application Server\basis\OPX2Connect\OPX2Connect.exe O23 - Service: OPX2HTTPServerbasis - Apache Software Foundation - C:\Program Files\Planisware\Planisware Application Server\basis\OPX2HTTPServer\bin\httpd.exe O23 - Service: OPX2IntranetServerdemo - Planisware - C:\Program Files\Planisware\Planisware Application Server\demo\OPX2Modules\startintranet.exe O23 - Service: OPX2IntranetServerMOBWEG5_218 - Planisware - C:\Program Files\Planisware\Planisware Application Server\MOBWEG5_218\OPX2Modules\startintranet.exe O23 - Service: OPX2IntranetServersp2_1 - Planisware - C:\Program Files\Planisware\Planisware Application Server\sp2_1\OPX2Modules\startintranet.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing) O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe -- End of file - 15017 bytes AVG rootkit meldingen: "";"C:\Windows\System32\Drivers\spjz.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortWritePortUchar -> spjz.sys +0x26D2";"Object is verborgen" "";"C:\Windows\System32\Drivers\spjz.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortReadPortUchar -> spjz.sys +0x2040";"Object is verborgen" "";"C:\Windows\System32\Drivers\spjz.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortWritePortBufferUshort -> spjz.sys +0x27FC";"Object is verborgen" "";"C:\Windows\System32\Drivers\spjz.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortReadPortUshort -> spjz.sys +0x20BE";"Object is verborgen" "";"C:\Windows\System32\Drivers\spjz.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortReadPortBufferUshort -> spjz.sys +0x213C";"Object is verborgen" "";"C:\Windows\System32\Drivers\spjz.sys";"Inline koppelpunt ataport.SYS DllUnload -> spjz.sys +0x2F8AE";"Object is verborgen" "";"C:\Windows\System32\Drivers\spjz.sys";"i8042prt.sys, koppelpunt import HAL.dll READ_PORT_UCHAR -> spjz.sys +0x12048";"Object is verborgen"
  8. Klaas56
    Na een scan in AVG zijn er 7 potentieel gevaarlijke rootkits gedecteerd. De objecten zijn verborgen en kunnen niet worden verwijderd Ik heb met HiJackit een logfile gemaakt en deze in dit bericht gekopieerd. Hoe kunnen deze rootkits worden verwijderd? Klaas Ridderikhoff AVG log: "C:\Windows\System32\Drivers\spjj.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortWritePortUchar -> spjj.sys +0x26D2" "C:\Windows\System32\Drivers\spjj.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortReadPortUchar -> spjj.sys +0x2040" "C:\Windows\System32\Drivers\spjj.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortWritePortBufferUshort -> spjj.sys +0x27FC" "C:\Windows\System32\Drivers\spjj.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortReadPortUshort -> spjj.sys +0x20BE" "C:\Windows\System32\Drivers\spjj.sys";"atapi.sys, koppelpunt import ataport.SYS AtaPortReadPortBufferUshort -> spjj.sys +0x213C" "C:\Windows\System32\Drivers\spjj.sys";"Inline koppelpunt ataport.SYS DllUnload -> spjj.sys +0x2F8AE" "C:\Windows\System32\Drivers\spjj.sys";"i8042prt.sys, koppelpunt import HAL.dll READ_PORT_UCHAR -> spjj.sys +0x12048" ----------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:26:48, on 13-10-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\OEM02Mon.exe C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\VMware\VMware Player\hqtray.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Nuance\PaperPort\pptd40nt.exe C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\MyTomTom 3\MyTomTomSA.exe C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\capture.exe C:\Program Files\Fingerprint Reader Suite\psqltray.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAC9SWK.EXE C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: capture.exe O4 - Startup: CleanupNortelVPN.bat O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NewShortcut1.lnk = ? O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Openen in PDF Viewer Plus - res://C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://wiki.intus.nl O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} (Cisco SSL VPN Relay Loader) - https://vpn1.prvlimburg.nl/+CSCOL+/csvrloader32.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} (CSD ActiveX Installer) - https://vpn1.prvlimburg.nl/CACHE/sdesktop/install/binaries/instweb.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate1c8f0be5291664b) (gupdate1c8f0be5291664b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: OPX2Connectbasis - Planisware - C:\Program Files\Planisware\Planisware Application Server\basis\OPX2Connect\OPX2Connect.exe O23 - Service: OPX2HTTPServerbasis - Apache Software Foundation - C:\Program Files\Planisware\Planisware Application Server\basis\OPX2HTTPServer\bin\httpd.exe O23 - Service: OPX2IntranetServerdemo - Planisware - C:\Program Files\Planisware\Planisware Application Server\demo\OPX2Modules\startintranet.exe O23 - Service: OPX2IntranetServerMOBWEG5_218 - Planisware - C:\Program Files\Planisware\Planisware Application Server\MOBWEG5_218\OPX2Modules\startintranet.exe O23 - Service: OPX2IntranetServersp2_1 - Planisware - C:\Program Files\Planisware\Planisware Application Server\sp2_1\OPX2Modules\startintranet.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing) O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe -- End of file - 15168 bytes
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.