Ga naar inhoud

ikzelf

Lid
  • Items

    20
  • Registratiedatum

  • Laatst bezocht

ikzelf's prestaties

  1. als ik dat mapje open: C:\Program Files\ACR38_100_122 PCSC Driver Staan daar 3 mappen: ACR38U + ACR122U + ACSCCID Zijn ze dan alle 3 geinstalleerd? ---------- Post toegevoegd om 10:04 ---------- Vorige post was om 09:53 ---------- heb nog eens extra de driver van de ACR38U gedownload. Zonder resultaat...
  2. kheb m, zie vorige post... Dus dat is ook al in orde denk ik? Zit met de handen in de haren (en kheb er al zo weinig )
  3. C:\Program Files\Belgium Identity Card smartkaartlezer vind ik niet direct... Kan dat nog anders noemen? ---------- Post toegevoegd om 09:46 ---------- Vorige post was om 09:44 ---------- gevonden: C:\Program Files\ACR38_100_122 PCSC Driver
  4. gebeurd, maar ook zonder resultaat: Krijg volgende melding: er zijn geen kaartlezers gedetecteerd Kijk de aansluiting van de kaartlezers na en/of verifieer of de smart card service gestart is...
  5. Ja hoor. Ik heb hier alle rechten voor installatie (administrator) en natuurlijk heb ik er een kaart ingestoken... Er zijn al 2 mensen van Eurosys naar dit probleem komen kijken zonder resultaat... Ik weet het niet meer
  6. zojuist eID opnieuw geinstalleerd: zonder resultaat. Er is geen kaartlezer zegt ie...
  7. nog altijd negatief... Eid geeft volgende foutmelding: Gelieve een kaartlezer aan te sluiten. Isabel geeft volgende foutmelding: Er is een probleem met de ActiveX-instellingen van uw Internet Explorer. Raadpleeg de gebruikershandleiding voor meer info.
  8. ComboFix 12-03-28.02 - Robby 29/03/2012 9:53.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1470.625 [GMT 2:00] Gestart vanuit: c:\documents and settings\robby\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\robby\Bureaublad\CFScript.txt AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\install.rdf . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))) . . 2012-03-28 11:38 . 2008-08-28 07:53 105472 ------w- c:\windows\system32\dllcache\win32spl.dll 2012-03-28 06:50 . 2012-03-28 06:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-28 06:50 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-27 10:04 . 2012-03-27 10:04 -------- d-----w- c:\windows\system32\siscardplugins 2012-03-27 10:04 . 2012-03-27 10:04 -------- d-----w- c:\windows\system32\beidpp 2012-03-27 10:04 . 2012-03-29 07:49 -------- d--h--r- c:\documents and settings\robby\Onlangs geopend 2012-03-27 09:17 . 2012-03-27 10:04 -------- d-----w- c:\program files\Belgium Identity Card 2012-03-26 14:26 . 2003-06-27 07:32 356352 ------w- c:\windows\system32\isabel_sc_csp1.dll 2012-03-26 14:26 . 2003-06-24 13:29 163840 ------w- c:\windows\system32\isabel_rip.dll 2012-03-26 14:06 . 2012-03-26 14:08 -------- dc-h--w- c:\windows\ie8 2012-03-26 12:59 . 2012-03-26 12:59 -------- d-----w- c:\windows\IIS Temporary Compressed Files 2012-03-21 12:32 . 2012-03-21 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2012-03-21 11:22 . 2012-03-21 11:22 -------- d-----w- C:\Isa_SCR 2012-03-21 11:18 . 2012-03-21 11:24 -------- d--h--r- c:\documents and settings\Administrator.RADIDOM\Onlangs geopend 2012-03-21 11:16 . 2012-03-21 11:16 -------- d-----w- c:\program files\CCleaner 2012-03-21 10:57 . 2012-03-21 10:56 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-21 10:56 . 2012-03-21 10:56 -------- d-----w- c:\program files\Java 2012-03-21 10:48 . 2012-03-21 10:48 -------- d-----w- c:\documents and settings\Administrator.RADIDOM\Local Settings\Application Data\Mozilla 2012-03-20 06:21 . 2012-03-20 06:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-03-19 09:41 . 2012-03-19 09:41 360448 ----a-w- c:\windows\system32\beid35applayer.dll 2012-03-19 09:41 . 2012-03-19 09:41 69632 ----a-w- c:\windows\system32\beidCSPlib.dll 2012-03-19 09:41 . 2012-03-19 09:41 98304 ----a-w- c:\windows\system32\Belgium Identity Card PKCS11.dll 2012-03-19 09:41 . 2012-03-19 09:41 98304 ----a-w- c:\windows\system32\beidpkcs11.dll 2012-03-19 09:41 . 2012-03-19 09:41 200704 ----a-w- c:\windows\system32\beid35cardlayer.dll 2012-03-19 09:40 . 2012-03-19 09:40 266240 ----a-w- c:\windows\system32\beid35DlgsWin32.dll 2012-03-19 09:40 . 2012-03-19 09:40 200704 ----a-w- c:\windows\system32\eidlib.dll 2012-03-19 09:40 . 2012-03-19 09:40 200704 ----a-w- c:\windows\system32\beidlib.dll 2012-03-19 09:40 . 2012-03-19 09:40 126976 ----a-w- c:\windows\system32\beid35common.dll 2012-03-16 14:23 . 2012-03-16 14:23 -------- d-sh--w- c:\documents and settings\Administrator.RADIDOM\IECompatCache 2012-03-16 13:40 . 2012-03-27 09:17 -------- d-----w- C:\drivers 2012-03-16 13:40 . 2012-03-16 13:40 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys 2012-03-16 13:40 . 2011-05-12 10:02 37632 ----a-w- c:\windows\system32\drivers\a38usb.sys 2012-03-16 13:40 . 2011-05-12 10:02 110592 ----a-w- c:\windows\system32\usbr38.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-27 10:08 . 2011-05-19 05:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-21 10:56 . 2010-06-18 08:27 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-21 14:52 . 2012-02-21 14:52 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS 2012-02-21 14:52 . 2012-02-21 14:52 10672 ----a-w- c:\windows\system32\sysferThunk.dll 2012-02-21 14:52 . 2012-02-20 07:22 90032 ----a-w- c:\windows\system32\drivers\SysPlant.sys 2012-02-21 14:52 . 2012-02-20 07:22 374704 ----a-w- c:\windows\system32\sysfer.dll 2012-02-21 14:52 . 2011-09-29 21:55 241584 ----a-w- c:\windows\system32\SymVPN.dll 2012-02-21 06:32 . 2010-10-04 11:07 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-02-21 06:32 . 2010-10-04 11:07 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-02-03 09:57 . 2004-08-04 02:00 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-01-30 13:43 . 2012-01-30 13:43 758904 ----a-w- c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys 2012-01-30 13:43 . 2012-01-30 13:43 370552 ----a-w- c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\symtdi.sys 2012-01-30 13:43 . 2012-01-30 13:43 522872 ----a-w- c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\srtsp.sys 2012-01-30 13:43 . 2012-01-30 13:43 340088 ----a-w- c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys 2012-01-30 13:43 . 2012-01-30 13:43 31864 ----a-w- c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\srtspx.sys 2012-01-30 13:43 . 2012-01-30 13:43 137336 ----a-w- c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys 2012-01-30 13:43 . 2012-01-30 13:43 121136 ----a-w- c:\windows\system32\drivers\teefer.sys 2012-01-11 19:07 . 2012-02-22 12:48 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2004-08-04 02:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Express ClickYes"="c:\program files\Express ClickYes\ClickYes.exe" [2004-06-10 32768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Seagull Drivers"="ssdal_nc.exe startup" [X] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2011-12-02 24576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-14 413696] "KASHERSYS909995750701040"="c:\program files\Kaseya\Agent\KaUsrTsk.exe" [2011-08-24 409600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "beidsccertprop"="c:\program files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe" [2012-02-21 31768] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-10-29 245760] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920] UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2011-12-2 409088] UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2011-12-2 34304] . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAERSYS909995750701040] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^robby^Menu Start^Programma's^Opstarten^Microsoft Outlook.lnk] path=c:\documents and settings\robby\Menu Start\Programma's\Opstarten\Microsoft Outlook.lnk backup=c:\windows\pss\Microsoft Outlook.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-14 08:21 413696 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "c:\\Documents and Settings\\robby\\Local Settings\\Apps\\2.0\\XWMXYDLH.5N5\\9TP6Z54Q.VEW\\dias..tion_0d036ce74f0f2abc_0001.0002_4931b3f276dd0895\\DIAS.NET.exe"= "c:\\Documents and Settings\\robby\\Local Settings\\Apps\\2.0\\XWMXYDLH.5N5\\9TP6Z54Q.VEW\\dias..tion_0d036ce74f0f2abc_0001.0002_4931b3f3775c1855\\DIAS.NET.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [30/01/2012 15:43 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [30/01/2012 15:43 758904] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120317.011\BHDrvx86.sys [20/03/2012 8:23 820856] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [30/01/2012 15:43 137336] R2 KAERSYS909995750701040;iVITa Agent;c:\program files\Kaseya\Agent\AgentMon.exe [26/06/2008 7:31 851968] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/03/2012 8:50 652360] R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?] R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [30/01/2012 15:43 137224] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [16/03/2012 15:40 37632] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23/02/2012 10:11 106104] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120327.002\IDSXpx86.sys [28/03/2012 0:44 356280] R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [26/06/2008 7:31 17920] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/03/2012 8:50 20464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/04/2011 8:49 136176] S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/04/2011 8:49 136176] S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\DRIVERS\RtsUCcid.sys --> c:\windows\system32\DRIVERS\RtsUCcid.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?] S3 RtsUIr;Realtek IR Driver;c:\windows\system32\DRIVERS\RtsUIr.sys --> c:\windows\system32\DRIVERS\RtsUIr.sys [?] S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?] S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SyDvCtrl32.sys [30/01/2012 15:43 23984] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2012-03-15 c:\windows\Tasks\$$$ntbackup_temp$$$.job - c:\windows\system32\ntbackup.exe [2004-08-04 17:03] . 2012-03-15 c:\windows\Tasks\Auto BU FJA.job - c:\windows\system32\ntbackup.exe [2004-08-04 17:03] . 2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 06:49] . 2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 06:49] . 2012-03-29 c:\windows\Tasks\User_Feed_Synchronization-{A04675B2-1E0D-4594-B02D-C40D66781ED9}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:25508 Trusted Zone: fgov.be\*.minfin Trusted Zone: fgov.be\ccff02.minfin Trusted Zone: fgov.be\minfin Trusted Zone: google.be\www Trusted Zone: isabel.be\business Trusted Zone: isabel.be\www Trusted Zone: myisabel.be\business Trusted Zone: myisabel.be\www TCP: DhcpNameServer = 10.0.0.1 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {1D46BE0D-C314-4E20-A291-D1E66265725A} - hxxps://business.isabel.be/OfficeSignTestYourSignature/CAB-APP/CryptoActiveX.ocx DPF: {B5C31DCB-8469-4EB7-8355-EBBD63944C18} - hxxps://business.isabel.be/OfficeSignRegistration/CAB-APP/UTCRegistration.cab FF - ProfilePath - c:\documents and settings\robby\Application Data\Mozilla\Firefox\Profiles\dge0jpzh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-29 10:00 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService] "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService] "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1993962763-1214440339-839522115-1171\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(940) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2012-03-29 10:03:31 ComboFix-quarantined-files.txt 2012-03-29 08:03 ComboFix2.txt 2012-03-29 07:09 . Pre-Run: 54.583.754.752 bytes beschikbaar Post-Run: 54.579.318.784 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - 014A1F16F1E7EE26B6A135019A19F661
  9. ComboFix 12-03-28.02 - Robby 29/03/2012 8:54.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1470.627 [GMT 2:00] Gestart vanuit: c:\documents and settings\robby\Bureaublad\ComboFix.exe AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\10.tmp C:\100.tmp C:\101.tmp C:\102.tmp C:\103.tmp C:\104.tmp C:\105.tmp C:\106.tmp C:\107.tmp C:\108.tmp C:\109.tmp C:\10A.tmp C:\10B.tmp C:\10C.tmp C:\10D.tmp C:\10E.tmp C:\10F.tmp C:\11.tmp C:\110.tmp C:\111.tmp C:\112.tmp C:\113.tmp C:\114.tmp C:\115.tmp C:\116.tmp C:\117.tmp C:\118.tmp C:\119.tmp C:\11A.tmp C:\11B.tmp C:\11C.tmp C:\11D.tmp C:\11E.tmp C:\11F.tmp C:\12.tmp C:\120.tmp C:\121.tmp C:\122.tmp C:\123.tmp C:\124.tmp C:\125.tmp C:\126.tmp C:\127.tmp C:\128.tmp C:\129.tmp C:\12A.tmp C:\12B.tmp C:\12C.tmp C:\12D.tmp C:\12E.tmp C:\12F.tmp C:\13.tmp C:\130.tmp C:\131.tmp C:\132.tmp C:\133.tmp C:\134.tmp C:\135.tmp C:\136.tmp C:\137.tmp C:\138.tmp C:\139.tmp C:\13A.tmp C:\13B.tmp C:\13C.tmp C:\13D.tmp C:\13E.tmp C:\13F.tmp C:\14.tmp C:\140.tmp C:\141.tmp C:\142.tmp C:\143.tmp C:\144.tmp C:\145.tmp C:\146.tmp C:\147.tmp C:\148.tmp C:\149.tmp C:\14A.tmp C:\14B.tmp C:\14C.tmp C:\14D.tmp C:\14E.tmp C:\14F.tmp C:\15.tmp C:\150.tmp C:\151.tmp C:\152.tmp C:\153.tmp C:\154.tmp C:\155.tmp C:\156.tmp C:\157.tmp C:\158.tmp C:\159.tmp C:\15A.tmp C:\15B.tmp C:\15C.tmp C:\15D.tmp C:\15E.tmp C:\15F.tmp C:\16.tmp C:\160.tmp C:\161.tmp C:\162.tmp C:\163.tmp C:\164.tmp C:\165.tmp C:\166.tmp C:\167.tmp C:\168.tmp C:\169.tmp C:\16A.tmp C:\16B.tmp C:\16C.tmp C:\16D.tmp C:\16E.tmp C:\16F.tmp C:\17.tmp C:\170.tmp C:\171.tmp C:\172.tmp C:\173.tmp C:\174.tmp C:\175.tmp C:\176.tmp C:\177.tmp C:\178.tmp C:\179.tmp C:\17A.tmp C:\17B.tmp C:\17C.tmp C:\17D.tmp C:\17E.tmp C:\17F.tmp C:\18.tmp C:\180.tmp C:\181.tmp C:\182.tmp C:\183.tmp C:\184.tmp C:\185.tmp C:\186.tmp C:\187.tmp C:\188.tmp C:\189.tmp C:\18A.tmp C:\18B.tmp C:\18C.tmp C:\18D.tmp C:\18E.tmp C:\18F.tmp C:\19.tmp C:\190.tmp C:\191.tmp C:\192.tmp C:\193.tmp C:\194.tmp C:\195.tmp C:\196.tmp C:\197.tmp C:\198.tmp C:\199.tmp C:\19A.tmp C:\19B.tmp C:\19C.tmp C:\19D.tmp C:\19E.tmp C:\19F.tmp C:\1A.tmp C:\1A0.tmp C:\1A1.tmp C:\1A2.tmp C:\1A3.tmp C:\1A4.tmp C:\1A5.tmp C:\1A6.tmp C:\1A7.tmp C:\1A8.tmp C:\1A9.tmp C:\1AA.tmp C:\1AB.tmp C:\1AC.tmp C:\1AD.tmp C:\1AE.tmp C:\1AF.tmp C:\1B.tmp C:\1B0.tmp C:\1B1.tmp C:\1B2.tmp C:\1B3.tmp C:\1B4.tmp C:\1B5.tmp C:\1B6.tmp C:\1B7.tmp C:\1B8.tmp C:\1B9.tmp C:\1BA.tmp C:\1BB.tmp C:\1BC.tmp C:\1BD.tmp C:\1BE.tmp C:\1BF.tmp C:\1C.tmp C:\1C0.tmp C:\1C1.tmp C:\1C2.tmp C:\1C3.tmp C:\1C4.tmp C:\1C5.tmp C:\1C6.tmp C:\1C7.tmp C:\1C8.tmp C:\1C9.tmp C:\1CA.tmp C:\1CB.tmp C:\1CC.tmp C:\1CD.tmp C:\1CE.tmp C:\1CF.tmp C:\1D.tmp C:\1D0.tmp C:\1D1.tmp C:\1D2.tmp C:\1D3.tmp C:\1D4.tmp C:\1D5.tmp C:\1D6.tmp C:\1D7.tmp C:\1D8.tmp C:\1D9.tmp C:\1DA.tmp C:\1DB.tmp C:\1DC.tmp C:\1DD.tmp C:\1DE.tmp C:\1DF.tmp C:\1E.tmp C:\1E0.tmp C:\1E1.tmp C:\1E2.tmp C:\1E3.tmp C:\1E4.tmp C:\1E5.tmp C:\1E6.tmp C:\1E7.tmp C:\1E8.tmp C:\1E9.tmp C:\1EA.tmp C:\1EB.tmp C:\1EC.tmp C:\1ED.tmp C:\1EE.tmp C:\1EF.tmp C:\1F.tmp C:\1F0.tmp C:\1F1.tmp C:\1F2.tmp C:\1F3.tmp C:\1F4.tmp C:\1F5.tmp C:\1F6.tmp C:\1F7.tmp C:\1F8.tmp C:\1F9.tmp C:\1FA.tmp C:\1FB.tmp C:\1FC.tmp C:\1FD.tmp C:\1FE.tmp C:\1FF.tmp C:\20.tmp C:\200.tmp C:\201.tmp C:\202.tmp C:\203.tmp C:\204.tmp C:\205.tmp C:\206.tmp C:\207.tmp C:\208.tmp C:\209.tmp C:\20A.tmp C:\20B.tmp C:\20C.tmp C:\20D.tmp C:\20E.tmp C:\20F.tmp C:\21.tmp C:\210.tmp C:\211.tmp C:\212.tmp C:\213.tmp C:\214.tmp C:\215.tmp C:\216.tmp C:\217.tmp C:\218.tmp C:\219.tmp C:\21A.tmp C:\21B.tmp C:\21C.tmp C:\21D.tmp C:\21E.tmp C:\21F.tmp C:\22.tmp C:\220.tmp C:\221.tmp C:\222.tmp C:\223.tmp C:\224.tmp C:\225.tmp C:\226.tmp C:\227.tmp C:\228.tmp C:\229.tmp C:\22A.tmp C:\22B.tmp C:\22C.tmp C:\22D.tmp C:\22E.tmp C:\22F.tmp C:\23.tmp C:\230.tmp C:\231.tmp C:\232.tmp C:\233.tmp C:\234.tmp C:\235.tmp C:\236.tmp C:\237.tmp C:\238.tmp C:\239.tmp C:\23A.tmp C:\23B.tmp C:\23C.tmp C:\23D.tmp C:\23E.tmp C:\23F.tmp C:\24.tmp C:\240.tmp C:\241.tmp C:\242.tmp C:\243.tmp C:\244.tmp C:\245.tmp C:\246.tmp C:\247.tmp C:\248.tmp C:\249.tmp C:\24A.tmp C:\24B.tmp C:\24C.tmp C:\24D.tmp C:\24E.tmp C:\24F.tmp C:\25.tmp C:\250.tmp C:\251.tmp C:\252.tmp C:\253.tmp C:\254.tmp C:\255.tmp C:\256.tmp C:\257.tmp C:\258.tmp C:\259.tmp C:\25A.tmp C:\25B.tmp C:\25C.tmp C:\25D.tmp C:\25E.tmp C:\25F.tmp C:\26.tmp C:\260.tmp C:\261.tmp C:\262.tmp C:\263.tmp C:\264.tmp C:\265.tmp C:\266.tmp C:\267.tmp C:\268.tmp C:\269.tmp C:\26A.tmp C:\26B.tmp C:\26C.tmp C:\26E.tmp C:\26F.tmp C:\27.tmp C:\270.tmp C:\271.tmp C:\272.tmp C:\273.tmp C:\274.tmp C:\275.tmp C:\276.tmp C:\277.tmp C:\278.tmp C:\279.tmp C:\27B.tmp C:\27C.tmp C:\27D.tmp C:\27E.tmp C:\27F.tmp C:\28.tmp C:\280.tmp C:\281.tmp C:\282.tmp C:\283.tmp C:\284.tmp C:\285.tmp C:\288.tmp C:\28E.tmp C:\28F.tmp C:\29.tmp C:\290.tmp C:\291.tmp C:\292.tmp C:\293.tmp C:\296.tmp C:\297.tmp C:\298.tmp C:\29B.tmp C:\29E.tmp C:\2A.tmp C:\2A1.tmp C:\2A5.tmp C:\2A6.tmp C:\2AC.tmp C:\2AE.tmp C:\2AF.tmp C:\2B.tmp C:\2B3.tmp C:\2B4.tmp C:\2B5.tmp C:\2B7.tmp C:\2BA.tmp C:\2BB.tmp C:\2BC.tmp C:\2BD.tmp C:\2C.tmp C:\2C0.tmp C:\2C1.tmp C:\2C2.tmp C:\2C3.tmp C:\2C8.tmp C:\2C9.tmp C:\2D.tmp C:\2D0.tmp C:\2D5.tmp C:\2D6.tmp C:\2E.tmp C:\2F.tmp C:\3.tmp C:\30.tmp C:\32.tmp C:\33.tmp C:\34.tmp C:\35.tmp C:\36.tmp C:\37.tmp C:\38.tmp C:\39.tmp C:\3A.tmp C:\3B.tmp C:\3C.tmp C:\3D.tmp C:\3E.tmp C:\3F.tmp C:\40.tmp C:\41.tmp C:\42.tmp C:\43.tmp C:\44.tmp C:\45.tmp C:\46.tmp C:\47.tmp C:\48.tmp C:\49.tmp C:\4A.tmp C:\4B.tmp C:\4C.tmp C:\4D.tmp C:\4E.tmp C:\4F.tmp C:\5.tmp C:\50.tmp C:\51.tmp C:\52.tmp C:\53.tmp C:\54.tmp C:\55.tmp C:\56.tmp C:\57.tmp C:\58.tmp C:\59.tmp C:\5A.tmp C:\5B.tmp C:\5C.tmp C:\5D.tmp C:\5E.tmp C:\5F.tmp C:\6.tmp C:\60.tmp C:\61.tmp C:\62.tmp C:\63.tmp C:\64.tmp C:\65.tmp C:\66.tmp C:\67.tmp C:\68.tmp C:\69.tmp C:\6A.tmp C:\6B.tmp C:\6C.tmp C:\6D.tmp C:\6E.tmp C:\6F.tmp C:\7.tmp C:\70.tmp C:\71.tmp C:\72.tmp C:\73.tmp C:\74.tmp C:\75.tmp C:\76.tmp C:\77.tmp C:\78.tmp C:\79.tmp C:\7A.tmp C:\7B.tmp C:\7C.tmp C:\7D.tmp C:\7E.tmp C:\7F.tmp C:\8.tmp C:\80.tmp C:\81.tmp C:\82.tmp C:\83.tmp C:\84.tmp C:\85.tmp C:\86.tmp C:\87.tmp C:\88.tmp C:\89.tmp C:\90.tmp C:\91.tmp C:\92.tmp C:\93.tmp C:\94.tmp C:\95.tmp C:\96.tmp C:\97.tmp C:\98.tmp C:\99.tmp C:\9A.tmp C:\9B.tmp C:\9C.tmp C:\9D.tmp C:\9E.tmp C:\9F.tmp C:\B0.tmp C:\B1.tmp C:\B2.tmp C:\B3.tmp C:\B4.tmp C:\B5.tmp C:\B6.tmp C:\B7.tmp C:\B8.tmp C:\B9.tmp C:\BA.tmp C:\BB.tmp C:\BC.tmp C:\BD.tmp C:\BE.tmp C:\BF.tmp C:\C0.tmp C:\C1.tmp C:\C2.tmp C:\C3.tmp C:\C4.tmp C:\C5.tmp C:\C6.tmp C:\C7.tmp C:\C8.tmp C:\C9.tmp C:\CA.tmp C:\CB.tmp C:\CC.tmp C:\CD.tmp C:\CE.tmp C:\CF.tmp C:\D.tmp C:\D0.tmp C:\D1.tmp C:\D2.tmp C:\D3.tmp C:\D4.tmp C:\D5.tmp C:\D6.tmp C:\D7.tmp C:\D8.tmp C:\D9.tmp C:\DA.tmp C:\DB.tmp C:\DC.tmp C:\DD.tmp C:\DE.tmp C:\DF.tmp c:\documents and settings\All Users\Application Data\dc2ea8 c:\documents and settings\All Users\Application Data\dc2ea8\51.mof c:\documents and settings\All Users\Application Data\dc2ea8\BackUp\C&C DIAS LocalServer.lnk c:\documents and settings\All Users\Application Data\dc2ea8\BackUp\Service Manager.lnk c:\documents and settings\All Users\Application Data\dc2ea8\BackUp\Snelkoppeling naar Microsoft Outlook.lnk c:\documents and settings\All Users\Application Data\dc2ea8\BackUp\UPS WorldShip Messaging Utility.lnk c:\documents and settings\All Users\Application Data\dc2ea8\BackUp\UPS WorldShip PLD Reminder Utility.lnk c:\documents and settings\All Users\Application Data\dc2ea8\mozcrt19.dll c:\documents and settings\All Users\Application Data\dc2ea8\pexjzxuuexzj.ini c:\documents and settings\All Users\Application Data\dc2ea8\SMS.ico c:\documents and settings\All Users\Application Data\dc2ea8\SMSSys\fgq234.gf c:\documents and settings\All Users\Application Data\dc2ea8\sqlite3.dll c:\documents and settings\frans\GoToAssistDownloadHelper.exe c:\documents and settings\frans\Mijn documenten\~WRL0939.tmp C:\E.tmp C:\E0.tmp C:\E1.tmp C:\E2.tmp C:\E3.tmp C:\E4.tmp C:\E5.tmp C:\E6.tmp C:\E7.tmp C:\E8.tmp C:\E9.tmp C:\EA.tmp C:\EB.tmp C:\EC.tmp C:\ED.tmp C:\EE.tmp C:\EF.tmp C:\F.tmp C:\F0.tmp C:\F1.tmp C:\F2.tmp C:\F3.tmp C:\F4.tmp C:\F5.tmp C:\F6.tmp C:\F7.tmp C:\F8.tmp C:\F9.tmp C:\FA.tmp C:\FB.tmp C:\FC.tmp C:\FD.tmp C:\FE.tmp C:\FF.tmp c:\windows\IsUn0413.exe c:\windows\system32\Cache . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))) . . 2012-03-28 11:38 . 2008-08-28 07:53 105472 ------w- c:\windows\system32\dllcache\win32spl.dll 2012-03-28 06:50 . 2012-03-28 06:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-28 06:50 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-27 10:04 . 2012-03-27 10:04 -------- d-----w- c:\windows\system32\siscardplugins 2012-03-27 10:04 . 2012-03-27 10:04 -------- d-----w- c:\windows\system32\beidpp 2012-03-27 10:04 . 2012-03-29 06:04 -------- d--h--r- c:\documents and settings\robby\Onlangs geopend 2012-03-27 09:17 . 2012-03-27 10:04 -------- d-----w- c:\program files\Belgium Identity Card 2012-03-26 14:26 . 2003-06-27 07:32 356352 ------w- c:\windows\system32\isabel_sc_csp1.dll 2012-03-26 14:26 . 2003-06-24 13:29 163840 ------w- c:\windows\system32\isabel_rip.dll 2012-03-26 14:06 . 2012-03-26 14:08 -------- dc-h--w- c:\windows\ie8 2012-03-26 12:59 . 2012-03-26 12:59 -------- d-----w- c:\windows\IIS Temporary Compressed Files 2012-03-21 12:32 . 2012-03-21 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2012-03-21 11:22 . 2012-03-21 11:22 -------- d-----w- C:\Isa_SCR 2012-03-21 11:18 . 2012-03-21 11:24 -------- d--h--r- c:\documents and settings\Administrator.RADIDOM\Onlangs geopend 2012-03-21 11:16 . 2012-03-21 11:16 -------- d-----w- c:\program files\CCleaner 2012-03-21 10:57 . 2012-03-21 10:56 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-21 10:56 . 2012-03-21 10:56 -------- d-----w- c:\program files\Java 2012-03-21 10:48 . 2012-03-21 10:48 -------- d-----w- c:\documents and settings\Administrator.RADIDOM\Local Settings\Application Data\Mozilla 2012-03-20 06:21 . 2012-03-20 06:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-03-19 09:41 . 2012-03-19 09:41 360448 ----a-w- c:\windows\system32\beid35applayer.dll 2012-03-19 09:41 . 2012-03-19 09:41 69632 ----a-w- c:\windows\system32\beidCSPlib.dll 2012-03-19 09:41 . 2012-03-19 09:41 98304 ----a-w- c:\windows\system32\Belgium Identity Card PKCS11.dll 2012-03-19 09:41 . 2012-03-19 09:41 98304 ----a-w- c:\windows\system32\beidpkcs11.dll 2012-03-19 09:41 . 2012-03-19 09:41 200704 ----a-w- c:\windows\system32\beid35cardlayer.dll 2012-03-19 09:40 . 2012-03-19 09:40 266240 ----a-w- c:\windows\system32\beid35DlgsWin32.dll 2012-03-19 09:40 . 2012-03-19 09:40 200704 ----a-w- c:\windows\system32\eidlib.dll 2012-03-19 09:40 . 2012-03-19 09:40 200704 ----a-w- c:\windows\system32\beidlib.dll 2012-03-19 09:40 . 2012-03-19 09:40 126976 ----a-w- c:\windows\system32\beid35common.dll 2012-03-16 14:23 . 2012-03-16 14:23 -------- d-sh--w- c:\documents and settings\Administrator.RADIDOM\IECompatCache 2012-03-16 13:40 . 2012-03-27 09:17 -------- d-----w- C:\drivers 2012-03-16 13:40 . 2012-03-16 13:40 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys 2012-03-16 13:40 . 2011-05-12 10:02 37632 ----a-w- c:\windows\system32\drivers\a38usb.sys 2012-03-16 13:40 . 2011-05-12 10:02 110592 ----a-w- c:\windows\system32\usbr38.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-27 10:08 . 2011-05-19 05:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-21 10:56 . 2010-06-18 08:27 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-21 14:52 . 2012-02-21 14:52 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS 2012-02-21 14:52 . 2012-02-21 14:52 10672 ----a-w- c:\windows\system32\sysferThunk.dll 2012-02-21 14:52 . 2012-02-20 07:22 90032 ----a-w- c:\windows\system32\drivers\SysPlant.sys 2012-02-21 14:52 . 2012-02-20 07:22 374704 ----a-w- c:\windows\system32\sysfer.dll 2012-02-21 14:52 . 2011-09-29 21:55 241584 ----a-w- c:\windows\system32\SymVPN.dll 2012-02-21 06:32 . 2010-10-04 11:07 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-02-21 06:32 . 2010-10-04 11:07 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-02-03 09:57 . 2004-08-04 02:00 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-01-30 13:43 . 2012-01-30 13:43 758904 ----a-w- c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys 2012-01-30 13:43 . 2012-01-30 13:43 370552 ----a-w- c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\symtdi.sys 2012-01-30 13:43 . 2012-01-30 13:43 522872 ----a-w- c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\srtsp.sys 2012-01-30 13:43 . 2012-01-30 13:43 340088 ----a-w- c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys 2012-01-30 13:43 . 2012-01-30 13:43 31864 ----a-w- c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\srtspx.sys 2012-01-30 13:43 . 2012-01-30 13:43 137336 ----a-w- c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys 2012-01-30 13:43 . 2012-01-30 13:43 121136 ----a-w- c:\windows\system32\drivers\teefer.sys 2012-01-11 19:07 . 2012-02-22 12:48 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2004-08-04 02:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Express ClickYes"="c:\program files\Express ClickYes\ClickYes.exe" [2004-06-10 32768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Seagull Drivers"="ssdal_nc.exe startup" [X] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2011-12-02 24576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-14 413696] "KASHERSYS909995750701040"="c:\program files\Kaseya\Agent\KaUsrTsk.exe" [2011-08-24 409600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "beidsccertprop"="c:\program files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe" [2012-02-21 31768] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-10-29 245760] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920] UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2011-12-2 409088] UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2011-12-2 34304] . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAERSYS909995750701040] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^robby^Menu Start^Programma's^Opstarten^Microsoft Outlook.lnk] path=c:\documents and settings\robby\Menu Start\Programma's\Opstarten\Microsoft Outlook.lnk backup=c:\windows\pss\Microsoft Outlook.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-14 08:21 413696 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "c:\\Documents and Settings\\robby\\Local Settings\\Apps\\2.0\\XWMXYDLH.5N5\\9TP6Z54Q.VEW\\dias..tion_0d036ce74f0f2abc_0001.0002_4931b3f276dd0895\\DIAS.NET.exe"= "c:\\Documents and Settings\\robby\\Local Settings\\Apps\\2.0\\XWMXYDLH.5N5\\9TP6Z54Q.VEW\\dias..tion_0d036ce74f0f2abc_0001.0002_4931b3f3775c1855\\DIAS.NET.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [30/01/2012 15:43 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [30/01/2012 15:43 758904] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120317.011\BHDrvx86.sys [20/03/2012 8:23 820856] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [30/01/2012 15:43 137336] R2 KAERSYS909995750701040;iVITa Agent;c:\program files\Kaseya\Agent\AgentMon.exe [26/06/2008 7:31 851968] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/03/2012 8:50 652360] R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?] R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [30/01/2012 15:43 137224] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [16/03/2012 15:40 37632] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23/02/2012 10:11 106104] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120327.002\IDSXpx86.sys [28/03/2012 0:44 356280] R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [26/06/2008 7:31 17920] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/03/2012 8:50 20464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/04/2011 8:49 136176] S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/04/2011 8:49 136176] S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\DRIVERS\RtsUCcid.sys --> c:\windows\system32\DRIVERS\RtsUCcid.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?] S3 RtsUIr;Realtek IR Driver;c:\windows\system32\DRIVERS\RtsUIr.sys --> c:\windows\system32\DRIVERS\RtsUIr.sys [?] S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?] S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SyDvCtrl32.sys [30/01/2012 15:43 23984] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2012-03-15 c:\windows\Tasks\$$$ntbackup_temp$$$.job - c:\windows\system32\ntbackup.exe [2004-08-04 17:03] . 2012-03-15 c:\windows\Tasks\Auto BU FJA.job - c:\windows\system32\ntbackup.exe [2004-08-04 17:03] . 2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 06:49] . 2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 06:49] . 2012-03-29 c:\windows\Tasks\User_Feed_Synchronization-{A04675B2-1E0D-4594-B02D-C40D66781ED9}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:25508 Trusted Zone: fgov.be\*.minfin Trusted Zone: fgov.be\ccff02.minfin Trusted Zone: fgov.be\minfin Trusted Zone: google.be\www Trusted Zone: isabel.be\business Trusted Zone: isabel.be\www Trusted Zone: myisabel.be\business Trusted Zone: myisabel.be\www TCP: DhcpNameServer = 10.0.0.1 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {1D46BE0D-C314-4E20-A291-D1E66265725A} - hxxps://business.isabel.be/OfficeSignTestYourSignature/CAB-APP/CryptoActiveX.ocx DPF: {B5C31DCB-8469-4EB7-8355-EBBD63944C18} - hxxps://business.isabel.be/OfficeSignRegistration/CAB-APP/UTCRegistration.cab FF - ProfilePath - c:\documents and settings\robby\Application Data\Mozilla\Firefox\Profiles\dge0jpzh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) SafeBoot-ccEvtMgr SafeBoot-ccSetMgr SafeBoot-Symantec Antivirus SafeBoot-Symantec Antvirus AddRemove-Software Setup - c:\windows\IsUn0413.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-29 09:06 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService] "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService] "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1993962763-1214440339-839522115-1171\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(940) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2012-03-29 09:09:49 ComboFix-quarantined-files.txt 2012-03-29 07:09 . Pre-Run: 54.161.162.240 bytes beschikbaar Post-Run: 54.580.326.400 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - A78DB8651D2FBE0E7470BB73FAA1A87C
  10. GEbeurd. Herstart was niet nodig, er werd niets gevonden door MBAM. Ziehier log: Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000 www.malwarebytes.org Databaseversie: v2012.03.28.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Robby :: SHIPP-SUPERV [administrator] Realtime bescherming: Uitgeschakeld 28/03/2012 8:52:28 mbam-log-2012-03-28 (08-52-28).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 278838 Verstreken tijd: 7 minuut/minuten, 31 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Dan de nieuwe scan van HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:03:23, on 28/03/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Kaseya\Agent\AgentMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe C:\WINDOWS\system32\scardsvr.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\UPS\WSTD\UPSNA1Msgr.exe C:\Program Files\Kaseya\Agent\KaUsrTsk.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Express ClickYes\ClickYes.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE C:\UPS\WSTD\WSTDMessaging.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Documents and Settings\robby\Bureaublad\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25508 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [seagull Drivers] ssdal_nc.exe startup O4 - HKLM\..\Run: [KASHERSYS909995750701040] "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [beidsccertprop] C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://ccff02.minfin.fgov.be O15 - Trusted Zone: Google O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {1D46BE0D-C314-4E20-A291-D1E66265725A} - https://business.isabel.be/OfficeSignTestYourSignature/CAB-APP/CryptoActiveX.ocx O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://ccff02.minfin.fgov.be/CCFF_Authentication/views/login/signature/capicom.cab O16 - DPF: {B5C31DCB-8469-4EB7-8355-EBBD63944C18} (UTCRegistration Control) - https://business.isabel.be/OfficeSignRegistration/CAB-APP/UTCRegistration.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radidom.local O17 - HKLM\Software\..\Telephony: DomainName = radidom.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = radidom.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = radidom.local O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: iVITa Agent (KAERSYS909995750701040) - Kaseya International Limited - C:\Program Files\Kaseya\Agent\AgentMon.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe -- End of file - 8943 bytes Ben benieuwd wat jullie nu ervan maken... Bedankt!
  11. Voila gebeurd, zie hieronder: Ik ben benieuwd of jullie dit kunnen oplossen! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:06:20, on 27/03/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Kaseya\Agent\AgentMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\scardsvr.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\UPS\WSTD\UPSNA1Msgr.exe C:\Program Files\Kaseya\Agent\KaUsrTsk.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Express ClickYes\ClickYes.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE C:\UPS\WSTD\WSTDMessaging.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Business Solutions-Navision\Client\fin.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\robby\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25508 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [seagull Drivers] ssdal_nc.exe startup O4 - HKLM\..\Run: [KASHERSYS909995750701040] "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [beidsccertprop] C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: C&C DIAS LocalServer.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://ccff02.minfin.fgov.be O15 - Trusted Zone: Google O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {1D46BE0D-C314-4E20-A291-D1E66265725A} - https://business.isabel.be/OfficeSignTestYourSignature/CAB-APP/CryptoActiveX.ocx O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab O16 - DPF: {4B758C1A-F709-4E56-8CC8-CCEE93673B04} (SafePatchCtl Class) - 404.php O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://ccff02.minfin.fgov.be/CCFF_Authentication/views/login/signature/capicom.cab O16 - DPF: {B5C31DCB-8469-4EB7-8355-EBBD63944C18} (UTCRegistration Control) - https://business.isabel.be/OfficeSignRegistration/CAB-APP/UTCRegistration.cab O16 - DPF: {C04A4463-FF10-4E86-90DE-B07FB9F5AB9C} (SafePatchCtl Class) - 404.php O16 - DPF: {D5B10227-87FD-4480-A267-115657ADD704} - 404.php O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radidom.local O17 - HKLM\Software\..\Telephony: DomainName = radidom.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = radidom.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = radidom.local O20 - Winlogon Notify: SEP - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: iVITa Agent (KAERSYS909995750701040) - Kaseya International Limited - C:\Program Files\Kaseya\Agent\AgentMon.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe -- End of file - 9808 bytes
  12. geprobeerd, maar ook negatief! :'( Maar ik denk dat we het probleem ergens anders moeten zoeken... Als E-ID ook niet werkt heeft dit niets met ISABEL te maken denk ik??
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.