luver
-
Items
18 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door luver
-
-
Hallo
toch nog een vraagje: hoe kan ik controleren of er effectief een "Systeemherstelpunt" aangemaakt is ? (want bij een eerste poging om het virus te verwijderen door ICT- kenner vonden we dit niet direct terug..)
-
Hallo
momenteel geen problemen meer !
heb jij enige tip om de risico's te verminderen:
zoals ik al vermeldde is het een EX-bedrijfslaptop
maar ik heb wel de " Live Update Symantec" Antivirus software meegekregen, dus regelmatig wordt deze ge-update
andere anti-virusprogramma's durf ik eigenlijk niet te installeren maar dat hoeft waarschijnlijk niet?
PS: ik ga zeker een donatie doen, ik veronderstel dat de medewerkers daar toch ook van genieten?
Alleszins - indien dit het einde is - een HARTELIJKE dank voor de hulp
je laat me weten wanneer ik PROBLEEM OPGELOST mag klikken?
Luver- alias Libo
-
Hallo
is dit dan het juiste.... stond helemaal onderaan de log
Zoek.exe Version 4.0.0.4 Updated 27-September-2013
Tool run by LBORNAUW on zo 29/09/2013 at 18:26:26,26.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted]
==== FireFox Fix ======================
Deleted from D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js:
user_pref("browser.startup.homepage", "Google");
user_pref("browser.search.defaulturl", "Google=");
user_pref("browser.newtab.url", "Google");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "Google=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Added to D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js:
user_pref("browser.startup.homepage", "Google");
user_pref("browser.search.defaulturl", "Google=");
user_pref("browser.newtab.url", "Google");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "Google=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
"d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4 zffxtbr@VideoDownloadConverter_4z.com" not found
"c:\program files\VideoDownloadConverter_4z" not found
==== Firefox Extensions ======================
ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default
- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
AppDir: C:\Program Files\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
==== Firefox Plugins ======================
==== EOF on zo 29/09/2013 at 18:27:28,02 ======================
gisteren was het dit logje
Tool run by LBORNAUW on za 28/09/2013 at 19:50:22,80.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted]
==== FireFox Fix ======================
Deleted from D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js:
user_pref("browser.startup.homepage", "Google");
Added to D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js:
user_pref("browser.startup.homepage", "Google");
user_pref("browser.search.defaulturl", "Google=");
user_pref("browser.newtab.url", "Google");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "Google=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
"d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\ 4 zffxtbr@VideoDownloadConverter_4z.com" not found
"c:\program files\VideoDownloadConverter_4z" not found
==== Firefox Extensions ======================
ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default
- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
AppDir: C:\Program Files\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
==== Firefox Plugins ======================
==== EOF on za 28/09/2013 at 19:51:36,02 ======================
kan je hiermee verder?
txs
-
Hierbij het logje ZOEK.EXE
Zoek.exe Version 4.0.0.2 Updated 08-March-2013
Tool run by LBORNAUW on ma 11/03/2013 at 20:06:31,13.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Safe Mode NETWORK Internet Access Detected
==== Deleting Files \ Folders ======================
"C:\ProgramData\ilbmxgyiivcwvsl" deleted
"C:\Windows\ycdnsssf.exe" deleted
"C:\Users\Public\Desktop\sample_20131103_1920.zip" deleted
"C:\ProgramData\dpdvedqxegrxgjz\be-flag.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\be-image.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\btn-green.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\corners-btn.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\corners1.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\corners2.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\corners3.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\corners4.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\ie6-7.css" deleted
"C:\ProgramData\dpdvedqxegrxgjz\jquery.main.js" deleted
"C:\ProgramData\dpdvedqxegrxgjz\main.html" deleted
"C:\ProgramData\dpdvedqxegrxgjz\McAfee.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\pays-be.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\steps-be.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\steps-en.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\steps-nl.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\style.css" deleted
"C:\ProgramData\dpdvedqxegrxgjz\tabs.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\wait.html" deleted
"C:\ProgramData\dpdvedqxegrxgjz" deleted
Zoek.exe Version 4.0.0.4 Updated 19-September-2013
Tool run by LBORNAUW on ma 23/09/2013 at 18:00:30,40.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted]
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VideoDownloadConverter_4zService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VideoDownloadConverter_4zService deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Search Scope Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader]
==== Deleting Files \ Folders ======================
"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Utilities" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Vocal Transformer" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Vocals" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\WebServer" deleted
"C:\ProgramData\laserjet" deleted
"C:\ProgramData\manual" deleted
"C:\ProgramData\vhosts" deleted
"C:\ProgramData\Widgets" deleted
"C:\ProgramData\Woodwind" deleted
"C:\ProgramData\Woodwinds" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\settings.ini" deleted
"C:\Program Files\VideoDownloadConverter_4z" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com" deleted
"C:\Program Files\Video Download Converter" deleted
"C:\Windows\system32\appdata" deleted
"C:\Program Files\VideoDownloadConverter_4z" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\Local\VideoDownloadConverter_4z" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\LocalLow\VideoDownloadConverter_4z" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\LocalLow\IncrediMail_MediaBar_Nederlands_2" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== D:\Profiles\LBORNA~1.I00\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2013-09-11 16:53:03 06EEAD5864F357ADC618F65A2F2C5156 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-11 16:53:03 00531B52C9468929F2C651B3BCADCBC9 690688 ----a-w- C:\Windows\System32\jscript.dll
2013-09-11 16:53:01 79DC575FE905D5DD5C5A4C5993A7C7F9 2876928 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-11 16:52:58 7E540E07B97DCBCF8F76FA743B486BF2 61440 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-11 16:52:58 7C63629508BB87227C3C861355A155B4 39424 ----a-w- C:\Windows\System32\jsproxy.dll
2013-09-11 16:52:56 BCA4913CDE903B4BDEEDAD1D6DBF5E2A 391168 ----a-w- C:\Windows\System32\ieui.dll
2013-09-11 16:52:52 2EC47CF6A36F6A83BB8B98C1425B4D41 493056 ----a-w- C:\Windows\System32\msfeeds.dll
2013-09-11 16:52:51 54C06D9684F3D0AD7E87502E57CC4655 42496 ----a-w- C:\Windows\System32\ie4uinit.exe
2013-09-11 16:52:51 000B55B43992179E69C2E83CCB8F1126 33280 ----a-w- C:\Windows\System32\iernonce.dll
2013-09-11 16:52:50 43852485D0B78C021A47E9548A4CFFE0 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-11 16:52:48 E5D91D6B81A293AB6854CAD112240A4B 1141248 ----a-w- C:\Windows\System32\urlmon.dll
2013-09-11 16:52:48 3B74EADF1B70251D3CDB87BC338DC34D 109056 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-11 16:52:47 281A720B0A984E325599EE1F0342E8FB 2048000 ----a-w- C:\Windows\System32\iertutil.dll
2013-09-11 16:52:43 535F6263035F2530A62D5D64EF6E73D3 1767936 ----a-w- C:\Windows\System32\wininet.dll
2013-09-11 16:52:41 4FCC53B82D91607FB9AE24E617108BB2 13761024 ----a-w- C:\Windows\System32\ieframe.dll
2013-09-11 16:52:37 5D2D7E7850CE963C2F401D4DEE7BB32A 14332928 ----a-w- C:\Windows\System32\mshtml.dll
2013-09-11 14:26:29 E02781D4871844DCD30DF1D69A650F78 12872704 ----a-w- C:\Windows\System32\shell32.dll
2013-09-11 14:26:28 2C4A87CA8C00E98EFDCFA2E8EC9A3503 180224 ----a-w- C:\Windows\System32\shdocvw.dll
2013-09-11 14:26:12 ED880065BBB2C5F57B74F30812A65F4F 2348544 ----a-w- C:\Windows\System32\win32k.sys
2013-09-11 14:26:10 6933E2AFF444A7A95D5C67E98449163E 868352 ----a-w- C:\Windows\System32\kernel32.dll
2013-09-11 14:26:09 51BB04243DF6196C06E125898127E397 169984 ----a-w- C:\Windows\System32\winsrv.dll
2013-09-11 14:26:09 1E65CF7B26D02750544EFDD73C8118FA 293376 ----a-w- C:\Windows\System32\KernelBase.dll
2013-09-11 14:26:08 2DE16A63F71D10B42ACE01E759078600 271360 ----a-w- C:\Windows\System32\conhost.exe
====== C:\Windows\system32\drivers =====
2013-09-11 14:26:14 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-09-23 13:32:10 -------- d-----w- C:\Program Files\trend micro
2013-09-21 18:09:47 -------- d-----w- C:\Program Files\HitmanPro
======= D: =====
2013-08-30 17:21:44 9AD14308E26FD2F9BDDB5325E3A860D6 27305 ----a-w- D:\5152.gif
2013-08-30 17:15:24 FCF5235D2B3D3C3D1D72EF57D09BAE29 5086 ----a-w- D:\sinterklaas25_small.jpg
2013-08-30 10:32:51 89165F49B50AA2871CD801EA4186BC0E 10428 ----a-w- D:\Spiderman.gif
====== D:\Profiles\LBORNAUW.I0081643\AppData\Roaming ======
2013-09-22 13:55:59 B7B8E5BF252F2467F6862ABC5837D6D4 8388608 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-S-1-5-21-2387108698-3719649394-282492801-1002.dat
2013-09-21 18:49:14 D8FE52448777E7A8F1E6F9F09585F0A3 579456 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-System.dat
2013-09-09 13:08:50 -------- d-----w- D:\Profiles\LBORNAUW.I0081643\AppData\Locallow\Google
2013-09-04 14:19:21 -------- d-----w- D:\Profiles\LBORNAUW.I0081643\AppData\Local\IAC
====== D:\Profiles\LBORNAUW.I0081643 ======
2013-09-21 18:09:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2013-09-21 18:09:02 -------- d-----w- C:\ProgramData\HitmanPro
2013-09-09 13:08:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2013-09-04 14:19:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter
====== C: exe-files ==
2013-09-23 13:32:11 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\LBORNAUW.exe
2013-09-21 18:14:04 0B1CD71CE29E8123A664A5B40153D2FE 1915744 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.76\29.0.1547.76_29.0.1547.66_chrome_updater.exe
2013-09-21 18:09:49 F5BBA95472F18B6223AC2F3AED397223 106280 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe
2013-09-21 18:09:47 76ADBD909FA0898834BE3A8C0EA76609 9186416 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"iFolder"="C:\Program Files\iFolder3\iFolderApp.exe -checkautorun"
"ZenNotifyIcon"="C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe"
"NalView"="C:\Program Files\Novell\ZENworks\bin\nalview.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Nikon Message Center 2"="C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NWTRAY]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NWTRAY"
"hkey"="HKLM"
"command"="NWTRAY.EXE"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [20/09/2013 15:03]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [09/09/2011 17:51]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]
==== Firefox Extensions ======================
ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default
- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
AppDir: C:\Program Files\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
==== Firefox Plugins ======================
Profilepath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
F045DF7AF127DC4BCC53421850114E15 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
91B78790F69C250BA05836D2806BF29D - C:\Program Files\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll - HP Virtual Room Client Launcher Plugin
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
F98B0B2789436E072D7ED979C4E44D07 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
9D35E12B661581B83DD74EB910EA9E6D - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.240.7
4EBB5B4DCABEC18B29D01F9F607B0114 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java Platform SE 6 U24
7D28153B7D586330678AD522B71D89CB - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
==== Chrome Fix ======================
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_client.conduit-storage.com_0.localstorage-journal deleted successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal deleted successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
==== Empty IE Cache ======================
D:\Profiles\kind\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Profiles\LBORNAUW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Profiles\LBORNAUW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
D:\Profiles\LBORNAUW\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8 will be deleted at reboot
==== Empty FireFox Cache ======================
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Mozilla\Firefox\Profiles\cllykyzr.default\Cache emptied successfully
==== Empty Chrome Cache ======================
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8" deleted
==== EOF on ma 23/09/2013 at 18:14:59,16 ======================
Zoek.exe Version 4.0.0.4 Updated 27-September-2013
Tool run by LBORNAUW on za 28/09/2013 at 19:50:22,80.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted]
==== FireFox Fix ======================
Deleted from D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js:
user_pref("browser.startup.homepage", "Google");
Added to D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js:
user_pref("browser.startup.homepage", "Google");
user_pref("browser.search.defaulturl", "Google=");
user_pref("browser.newtab.url", "Google");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "Google=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
"d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4 zffxtbr@VideoDownloadConverter_4z.com" not found
"c:\program files\VideoDownloadConverter_4z" not found
==== Firefox Extensions ======================
ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default
- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
AppDir: C:\Program Files\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
==== Firefox Plugins ======================
==== EOF on za 28/09/2013 at 19:51:36,02 ======================
nogmaals bedankt voor het geduld....
-
hierbij het laatst-aangemaakte logje van Combofix
ComboFix 13-09-26.03 - LBORNAUW 28/09/2013 13:11:33.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.2000.918 [GMT 2:00]
Gestart vanuit: d:\profiles\LBORNAUW.I0081643\Desktop\ComboFix.exe
gebruikte Opdracht switches :: d:\profiles\LBORNAUW.I0081643\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-08-28 to 2013-09-28 ))))))))))))))))))))))))))))))
.
.
2013-09-28 11:26 . 2013-09-28 11:26 -------- d-----w- d:\profiles\LBORNAUW\AppData\Local\temp
2013-09-28 11:26 . 2013-09-28 11:26 -------- d-----w- d:\profiles\kind\AppData\Local\temp
2013-09-28 11:26 . 2013-09-28 11:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-28 11:26 . 2013-09-28 11:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-09-25 15:20 . 2013-09-25 15:21 -------- d-----w- C:\EEK
2013-09-24 16:32 . 2013-09-24 16:32 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Programs
2013-09-24 12:51 . 2013-09-24 12:51 -------- d-----w- c:\programdata\Oracle
2013-09-24 12:45 . 2013-09-24 12:45 -------- d-----w- c:\program files\Common Files\Java
2013-09-24 12:45 . 2013-09-24 12:44 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-24 12:45 . 2013-09-24 12:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-23 16:11 . 2013-09-23 16:00 24064 ----a-w- c:\windows\zoek-delete.exe
2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- c:\program files\trend micro
2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- C:\rsit
2013-09-22 11:33 . 2013-09-22 15:51 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-09-21 18:09 . 2013-09-21 18:09 -------- d-----w- c:\program files\HitmanPro
2013-09-21 18:09 . 2013-09-22 14:00 -------- d-----w- c:\programdata\HitmanPro
2013-09-11 16:53 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-11 16:53 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-11 16:53 . 2013-08-10 03:58 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-09-04 14:19 . 2013-09-04 14:19 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\IAC
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-24 12:44 . 2011-04-27 09:30 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-20 13:03 . 2012-04-02 15:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-20 13:03 . 2011-08-24 11:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 08:57 . 2013-08-15 08:40 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-15 08:40 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-15 08:41 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-15 08:40 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-15 08:40 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-15 08:41 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-15 08:41 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-15 08:41 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-15 08:41 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 08:41 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-15 08:40 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-11 18:16 . 2013-03-12 18:49 1263226 ----a-w- c:\program files\zoek.exe
2013-03-11 17:29 . 2013-03-11 17:29 388608 ----a-w- c:\program files\HijackThis.exe
2010-10-11 00:29 . 2010-10-11 00:29 114688 ----a-w- c:\program files\ad_ff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder0]
@="{AA81D830-3B41-497c-B508-E9D02F8DF421}"
[HKEY_CLASSES_ROOT\CLSID\{AA81D830-3B41-497c-B508-E9D02F8DF421}]
2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder1]
@="{AA81D831-3B41-497c-B508-E9D02F8DF421}"
[HKEY_CLASSES_ROOT\CLSID\{AA81D831-3B41-497c-B508-E9D02F8DF421}]
2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-08 115560]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iFolder"="c:\program files\iFolder3\iFolderApp.exe" [2010-11-01 1521152]
"ZenNotifyIcon"="c:\program files\Novell\Zenworks\bin\ZenNotifyIcon.exe" [2011-02-23 147456]
"NalView"="c:\program files\Novell\ZENworks\bin\nalview.exe" [2011-02-24 54784]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 169496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\bin\NalShell.dll" [2011-02-24 933888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LCredMgr]
2010-10-11 00:29 61440 ----a-w- c:\program files\Novell\CASA\bin\lcredmgr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ZenV1_0 ncv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
2011-04-01 18:35 35928 ----a-w- c:\windows\System32\nwtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Novell ZENworks Image-Safe Data Service;Novell ZENworks ISD Service;c:\program files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [2011-02-23 90112]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2012-04-30 37632]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-09-24 50200]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 e1kexpress;Stuurprogramma K voor Intel® PRO/1000 PCI Express-netwerkverbinding;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]
R3 hugoio;hugoio;c:\windows\system32\drivers\hugoio.sys [2012-04-30 9760]
R3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1343400]
R3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2011-04-27 196608]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2011-04-01 91224]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2011-04-01 110680]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2011-04-01 22616]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-09-21 106280]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-04-01 88664]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-04-01 59992]
S2 Novell Identity Store;Novell Identity Store;c:\program files\Novell\CASA\bin\micasad.exe [2010-10-11 245760]
S2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\Novell\ZENworks\bin\ZenworksWindowsService.exe [2011-02-23 28672]
S2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\Novell\ZENworks\bin\nzrWinVNC.exe [2011-02-24 1839104]
S2 WNTHW;WNTHW;c:\windows\system32\DRIVERS\WNTHW.SYS [2011-02-14 9176]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2011-04-01 16984]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2011-02-14 34128]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-09-22 221912]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-26 108120]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 18:14 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:03]
.
2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51]
.
2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://google.be/
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: dexia.be
Trusted Zone: dexia.be\directnet
Trusted Zone: vdab.be\cmgmtprd
Trusted Zone: vdab.be\crm
Trusted Zone: vdab.be\intranet
Trusted Zone: vdab.be\iprint7
Trusted Zone: vdab.be\mijnpersoneelsdossier
Trusted Zone: vdab.be\sieb8acc01
TCP: DhcpNameServer = 195.130.130.2 195.130.131.2
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - ExtSQL: 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com
FF - ExtSQL: !HIDDEN! 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\program files\Novell\ZENworks\bin\nzrSwitcher.dll
.
- - - - - - - > 'lsass.exe'(600)
c:\windows\system32\ZenV1_0.DLL
c:\windows\system32\ncv1_0.DLL
.
- - - - - - - > 'Explorer.exe'(4076)
c:\program files\iFolder3\iFolderShell.dll
c:\program files\Novell\ZENworks\bin\NLS\English\NalUIRes.dll
.
Voltooingstijd: 2013-09-28 13:31:39
ComboFix-quarantined-files.txt 2013-09-28 11:31
ComboFix2.txt 2013-09-27 13:28
ComboFix3.txt 2013-09-26 17:44
.
Pre-Run: 34.401.239.040 bytes beschikbaar
Post-Run: 34.336.153.600 bytes beschikbaar
.
- - End Of File - - DD2E13FBE016EF98C82CCF23E7D3302E
A36C5E4F47E84449FF07ED3517B43A31
-
Hierbij nogmaals het Combofix-logje
MAAR: ik heb wel de SYMANTEC- antivirus afgezet maar ONMIDDELLIJK TERUG GEACTIVEERD want ik kreeg terug melding dat er een file "blocked" is (uit vrees dat er terug zo'n virus aan het aanvallen is
) ... speelt dat een rol bij de scanning? ComboFix 13-09-26.03 - LBORNAUW 27/09/2013 15:02:40.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.2000.881 [GMT 2:00]
Gestart vanuit: d:\profiles\LBORNAUW.I0081643\Desktop\ComboFix.exe
gebruikte Opdracht switches :: d:\profiles\LBORNAUW.I0081643\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-08-27 to 2013-09-27 ))))))))))))))))))))))))))))))
.
.
2013-09-27 13:23 . 2013-09-27 13:23 -------- d-----w- d:\profiles\LBORNAUW\AppData\Local\temp
2013-09-27 13:23 . 2013-09-27 13:23 -------- d-----w- d:\profiles\kind\AppData\Local\temp
2013-09-27 13:23 . 2013-09-27 13:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-27 13:23 . 2013-09-27 13:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-09-25 15:20 . 2013-09-25 15:21 -------- d-----w- C:\EEK
2013-09-24 16:32 . 2013-09-24 16:32 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Programs
2013-09-24 12:51 . 2013-09-24 12:51 -------- d-----w- c:\programdata\Oracle
2013-09-24 12:45 . 2013-09-24 12:45 -------- d-----w- c:\program files\Common Files\Java
2013-09-24 12:45 . 2013-09-24 12:44 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-24 12:45 . 2013-09-24 12:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-23 16:11 . 2013-09-23 16:00 24064 ----a-w- c:\windows\zoek-delete.exe
2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- c:\program files\trend micro
2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- C:\rsit
2013-09-22 11:33 . 2013-09-22 15:51 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-09-21 18:09 . 2013-09-21 18:09 -------- d-----w- c:\program files\HitmanPro
2013-09-21 18:09 . 2013-09-22 14:00 -------- d-----w- c:\programdata\HitmanPro
2013-09-11 16:53 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-11 16:53 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-11 16:53 . 2013-08-10 03:58 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-09-04 14:19 . 2013-09-04 14:19 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\IAC
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-24 12:44 . 2011-04-27 09:30 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-20 13:03 . 2012-04-02 15:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-20 13:03 . 2011-08-24 11:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 08:57 . 2013-08-15 08:40 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-15 08:40 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-15 08:41 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-15 08:40 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-15 08:40 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-15 08:41 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-15 08:41 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-15 08:41 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-15 08:41 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 08:41 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-15 08:40 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-11 18:16 . 2013-03-12 18:49 1263226 ----a-w- c:\program files\zoek.exe
2013-03-11 17:29 . 2013-03-11 17:29 388608 ----a-w- c:\program files\HijackThis.exe
2010-10-11 00:29 . 2010-10-11 00:29 114688 ----a-w- c:\program files\ad_ff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder0]
@="{AA81D830-3B41-497c-B508-E9D02F8DF421}"
[HKEY_CLASSES_ROOT\CLSID\{AA81D830-3B41-497c-B508-E9D02F8DF421}]
2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder1]
@="{AA81D831-3B41-497c-B508-E9D02F8DF421}"
[HKEY_CLASSES_ROOT\CLSID\{AA81D831-3B41-497c-B508-E9D02F8DF421}]
2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-08 115560]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iFolder"="c:\program files\iFolder3\iFolderApp.exe" [2010-11-01 1521152]
"ZenNotifyIcon"="c:\program files\Novell\Zenworks\bin\ZenNotifyIcon.exe" [2011-02-23 147456]
"NalView"="c:\program files\Novell\ZENworks\bin\nalview.exe" [2011-02-24 54784]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 169496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\bin\NalShell.dll" [2011-02-24 933888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LCredMgr]
2010-10-11 00:29 61440 ----a-w- c:\program files\Novell\CASA\bin\lcredmgr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ZenV1_0 ncv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
2011-04-01 18:35 35928 ----a-w- c:\windows\System32\nwtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Novell ZENworks Image-Safe Data Service;Novell ZENworks ISD Service;c:\program files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [2011-02-23 90112]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2012-04-30 37632]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-09-24 50200]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 e1kexpress;Stuurprogramma K voor Intel® PRO/1000 PCI Express-netwerkverbinding;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]
R3 hugoio;hugoio;c:\windows\system32\drivers\hugoio.sys [2012-04-30 9760]
R3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1343400]
R3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2011-04-27 196608]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2011-04-01 91224]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2011-04-01 110680]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2011-04-01 22616]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-09-21 106280]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-04-01 88664]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-04-01 59992]
S2 Novell Identity Store;Novell Identity Store;c:\program files\Novell\CASA\bin\micasad.exe [2010-10-11 245760]
S2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\Novell\ZENworks\bin\ZenworksWindowsService.exe [2011-02-23 28672]
S2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\Novell\ZENworks\bin\nzrWinVNC.exe [2011-02-24 1839104]
S2 WNTHW;WNTHW;c:\windows\system32\DRIVERS\WNTHW.SYS [2011-02-14 9176]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2011-04-01 16984]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2011-02-14 34128]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-09-22 221912]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-26 108120]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 18:14 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:03]
.
2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51]
.
2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://google.be/
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: dexia.be
Trusted Zone: dexia.be\directnet
Trusted Zone: vdab.be\cmgmtprd
Trusted Zone: vdab.be\crm
Trusted Zone: vdab.be\intranet
Trusted Zone: vdab.be\iprint7
Trusted Zone: vdab.be\mijnpersoneelsdossier
Trusted Zone: vdab.be\sieb8acc01
TCP: DhcpNameServer = 195.130.130.2 195.130.131.2
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - ExtSQL: 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com
FF - ExtSQL: !HIDDEN! 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\program files\Novell\ZENworks\bin\nzrSwitcher.dll
.
- - - - - - - > 'lsass.exe'(596)
c:\windows\system32\ZenV1_0.DLL
c:\windows\system32\ncv1_0.DLL
.
- - - - - - - > 'Explorer.exe'(3576)
c:\program files\iFolder3\iFolderShell.dll
c:\program files\Novell\ZENworks\bin\NLS\English\NalUIRes.dll
.
Voltooingstijd: 2013-09-27 15:28:17
ComboFix-quarantined-files.txt 2013-09-27 13:28
ComboFix2.txt 2013-09-26 17:44
.
Pre-Run: 34.045.857.792 bytes beschikbaar
Post-Run: 34.379.804.672 bytes beschikbaar
.
- - End Of File - - C5F000B4763266B15ED5F47D39FD6A77
A36C5E4F47E84449FF07ED3517B43A31
-
Hierbij het logje van Combofix....
ComboFix 13-09-26.03 - LBORNAUW 26/09/2013 19:26:05.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.2000.985 [GMT 2:00]
Gestart vanuit: d:\profiles\LBORNAUW.I0081643\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\x86
c:\windows\system32\x86\dfmirage.dll
c:\windows\system32\x86\dfmirage.sys
d:\profiles\LBORNAUW.I0081643\AppData\Local\assembly\tmp
d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Microsoft\Windows\Recent\arch.arch.be.url
d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Microsoft\Windows\Recent\WO I Opleidingskampen.url
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-08-26 to 2013-09-26 ))))))))))))))))))))))))))))))
.
.
2013-09-26 17:39 . 2013-09-26 17:39 -------- d-----w- d:\profiles\LBORNAUW\AppData\Local\temp
2013-09-26 17:39 . 2013-09-26 17:39 -------- d-----w- d:\profiles\kind\AppData\Local\temp
2013-09-26 17:39 . 2013-09-26 17:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-26 17:39 . 2013-09-26 17:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-09-25 15:20 . 2013-09-25 15:21 -------- d-----w- C:\EEK
2013-09-24 16:32 . 2013-09-24 16:32 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Programs
2013-09-24 12:51 . 2013-09-24 12:51 -------- d-----w- c:\programdata\Oracle
2013-09-24 12:45 . 2013-09-24 12:45 -------- d-----w- c:\program files\Common Files\Java
2013-09-24 12:45 . 2013-09-24 12:44 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-24 12:45 . 2013-09-24 12:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-23 16:11 . 2013-09-23 16:00 24064 ----a-w- c:\windows\zoek-delete.exe
2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- c:\program files\trend micro
2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- C:\rsit
2013-09-22 11:33 . 2013-09-22 15:51 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-09-21 18:09 . 2013-09-21 18:09 -------- d-----w- c:\program files\HitmanPro
2013-09-21 18:09 . 2013-09-22 14:00 -------- d-----w- c:\programdata\HitmanPro
2013-09-11 16:53 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-11 16:53 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-11 16:53 . 2013-08-10 03:58 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-09-04 14:19 . 2013-09-04 14:19 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\IAC
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-24 12:44 . 2011-04-27 09:30 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-20 13:03 . 2012-04-02 15:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-20 13:03 . 2011-08-24 11:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 08:57 . 2013-08-15 08:40 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-15 08:40 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-15 08:41 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-15 08:40 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-15 08:40 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-15 08:41 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-15 08:41 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-15 08:41 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-15 08:41 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 08:41 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-15 08:40 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-11 18:16 . 2013-03-12 18:49 1263226 ----a-w- c:\program files\zoek.exe
2013-03-11 17:29 . 2013-03-11 17:29 388608 ----a-w- c:\program files\HijackThis.exe
2010-10-11 00:29 . 2010-10-11 00:29 114688 ----a-w- c:\program files\ad_ff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder0]
@="{AA81D830-3B41-497c-B508-E9D02F8DF421}"
[HKEY_CLASSES_ROOT\CLSID\{AA81D830-3B41-497c-B508-E9D02F8DF421}]
2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder1]
@="{AA81D831-3B41-497c-B508-E9D02F8DF421}"
[HKEY_CLASSES_ROOT\CLSID\{AA81D831-3B41-497c-B508-E9D02F8DF421}]
2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-08 115560]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iFolder"="c:\program files\iFolder3\iFolderApp.exe" [2010-11-01 1521152]
"ZenNotifyIcon"="c:\program files\Novell\Zenworks\bin\ZenNotifyIcon.exe" [2011-02-23 147456]
"NalView"="c:\program files\Novell\ZENworks\bin\nalview.exe" [2011-02-24 54784]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 169496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\bin\NalShell.dll" [2011-02-24 933888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LCredMgr]
2010-10-11 00:29 61440 ----a-w- c:\program files\Novell\CASA\bin\lcredmgr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ZenV1_0 ncv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
2011-04-01 18:35 35928 ----a-w- c:\windows\System32\nwtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Novell ZENworks Image-Safe Data Service;Novell ZENworks ISD Service;c:\program files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [2011-02-23 90112]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2012-04-30 37632]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-09-24 50200]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 e1kexpress;Stuurprogramma K voor Intel® PRO/1000 PCI Express-netwerkverbinding;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]
R3 hugoio;hugoio;c:\windows\system32\drivers\hugoio.sys [2012-04-30 9760]
R3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1343400]
R3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2011-04-27 196608]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2011-04-01 91224]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2011-04-01 110680]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2011-04-01 22616]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-09-21 106280]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-04-01 88664]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-04-01 59992]
S2 Novell Identity Store;Novell Identity Store;c:\program files\Novell\CASA\bin\micasad.exe [2010-10-11 245760]
S2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\Novell\ZENworks\bin\ZenworksWindowsService.exe [2011-02-23 28672]
S2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\Novell\ZENworks\bin\nzrWinVNC.exe [2011-02-24 1839104]
S2 WNTHW;WNTHW;c:\windows\system32\DRIVERS\WNTHW.SYS [2011-02-14 9176]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2011-04-01 16984]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2011-02-14 34128]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-09-22 221912]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-26 108120]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 18:14 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:03]
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51]
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://google.be/
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: dexia.be
Trusted Zone: dexia.be\directnet
Trusted Zone: vdab.be\cmgmtprd
Trusted Zone: vdab.be\crm
Trusted Zone: vdab.be\intranet
Trusted Zone: vdab.be\iprint7
Trusted Zone: vdab.be\mijnpersoneelsdossier
Trusted Zone: vdab.be\sieb8acc01
TCP: DhcpNameServer = 195.130.130.2 195.130.131.2
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - ExtSQL: 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com
FF - ExtSQL: !HIDDEN! 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-Symantec Antvirus
AddRemove-PRO-GEN 3.0 X_PG30_is1 - x:\pg30\unins000.exe
AddRemove-VDC_is1 - c:\program files\Video Download Converter\unins000.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\program files\Novell\ZENworks\bin\nzrSwitcher.dll
.
- - - - - - - > 'lsass.exe'(600)
c:\windows\system32\ZenV1_0.DLL
c:\windows\system32\ncv1_0.DLL
.
Voltooingstijd: 2013-09-26 19:44:34
ComboFix-quarantined-files.txt 2013-09-26 17:44
.
Pre-Run: 34.768.211.968 bytes beschikbaar
Post-Run: 34.655.121.408 bytes beschikbaar
.
- - End Of File - - 9C9A1C9473F523B7E4887AE9D1782653
A36C5E4F47E84449FF07ED3517B43A31
-
Hallo
na scan hierbij het rapport:
Emsisoft Emergency Kit - Versie 4.0
Laatste Update: 25/09/2013 17:24:46
Gebruikersaccount: I0081643\LBORNAUW
Scaninstellingen:
Scanmodus: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, D:\
Detecteer PUPs: Uit
Scan archieven: Aan
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
Scan gestart: 25/09/2013 17:26:19
D:\$RECYCLE.BIN\S-1-5-21-2387108698-3719649394-282492801-1002\$RAPTCWN.zip -> zoek.exe Ontdekt: Trojan.Generic.9589320 (
D:\$RECYCLE.BIN\S-1-5-21-2387108698-3719649394-282492801-1002\$RAPTCWN.zip -> zoek.com Ontdekt: Trojan.Generic.9589320 (
D:\$RECYCLE.BIN\S-1-5-21-2387108698-3719649394-282492801-1002\$RAPTCWN.zip -> zoek.scr Ontdekt: Trojan.Generic.9589320 (
D:\$RECYCLE.BIN\S-1-5-21-2387108698-3719649394-282492801-1002\$RDL8IJC.exe Ontdekt: Trojan.Generic.9589320 (
D:\$RECYCLE.BIN\S-1-5-21-2387108698-3719649394-282492801-1002\$RKZWMBS.scr Ontdekt: Trojan.Generic.9589320 (
D:\$RECYCLE.BIN\S-1-5-21-2387108698-3719649394-282492801-1002\$RXU5Y2N.com Ontdekt: Trojan.Generic.9589320 (
Gescand: 497581
Gevonden: 6
Scan geëindigd: 25/09/2013 18:47:00
Scantijd: 1:20:41
In quarantaine geplaatst 0
-
Ziehier het TDSS killer - rapportje
11:05:54.0134 1312 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:05:55.0522 1312 ============================================================
11:05:55.0522 1312 Current date / time: 2013/09/25 11:05:55.0522
11:05:55.0522 1312 SystemInfo:
11:05:55.0522 1312
11:05:55.0522 1312 OS Version: 6.1.7601 ServicePack: 1.0
11:05:55.0522 1312 Product type: Workstation
11:05:55.0522 1312 ComputerName: I0081643
11:05:55.0522 1312 UserName: LBORNAUW
11:05:55.0522 1312 Windows directory: C:\Windows
11:05:55.0522 1312 System windows directory: C:\Windows
11:05:55.0522 1312 Processor architecture: Intel x86
11:05:55.0522 1312 Number of processors: 2
11:05:55.0522 1312 Page size: 0x1000
11:05:55.0522 1312 Boot type: Normal boot
11:05:55.0522 1312 ============================================================
11:05:57.0426 1312 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:05:57.0426 1312 ============================================================
11:05:57.0426 1312 \Device\Harddisk0\DR0:
11:05:57.0426 1312 MBR partitions:
11:05:57.0426 1312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7800000
11:05:57.0426 1312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7800800, BlocksNum 0x66F8000
11:05:57.0426 1312 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xDEF8800, BlocksNum 0x96000
11:05:57.0426 1312 ============================================================
11:05:57.0488 1312 C: <-> \Device\Harddisk0\DR0\Partition1
11:05:57.0566 1312 D: <-> \Device\Harddisk0\DR0\Partition2
11:05:57.0691 1312 ============================================================
11:05:57.0691 1312 Initialize success
11:05:57.0691 1312 ============================================================
11:06:54.0085 2584 ============================================================
11:06:54.0085 2584 Scan started
11:06:54.0085 2584 Mode: Manual; SigCheck; TDLFS;
11:06:54.0085 2584 ============================================================
11:06:54.0912 2584 ================ Scan system memory ========================
11:06:54.0912 2584 System memory - ok
11:06:54.0912 2584 ================ Scan services =============================
11:06:55.0161 2584 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:06:55.0333 2584 1394ohci - ok
11:06:55.0364 2584 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:06:55.0380 2584 ACPI - ok
11:06:55.0411 2584 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:06:55.0458 2584 AcpiPmi - ok
11:06:55.0473 2584 [ 5F92E1E98EC2F4E6FE13D19AA3E24AD7 ] ACSSCR C:\Windows\system32\DRIVERS\a38usb.sys
11:06:55.0598 2584 ACSSCR - ok
11:06:55.0692 2584 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:06:55.0707 2584 AdobeARMservice - ok
11:06:55.0770 2584 [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:06:55.0801 2584 AdobeFlashPlayerUpdateSvc - ok
11:06:55.0832 2584 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:06:55.0910 2584 adp94xx - ok
11:06:55.0972 2584 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:06:56.0191 2584 adpahci - ok
11:06:56.0269 2584 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:06:56.0347 2584 adpu320 - ok
11:06:56.0394 2584 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:06:56.0503 2584 AeLookupSvc - ok
11:06:56.0550 2584 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
11:06:56.0596 2584 AFD - ok
11:06:56.0628 2584 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
11:06:56.0659 2584 agp440 - ok
11:06:56.0674 2584 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:06:56.0737 2584 aic78xx - ok
11:06:56.0768 2584 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
11:06:56.0862 2584 ALG - ok
11:06:56.0893 2584 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
11:06:56.0955 2584 aliide - ok
11:06:56.0986 2584 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:06:57.0064 2584 amdagp - ok
11:06:57.0080 2584 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
11:06:57.0127 2584 amdide - ok
11:06:57.0142 2584 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:06:57.0189 2584 AmdK8 - ok
11:06:57.0205 2584 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:06:57.0267 2584 AmdPPM - ok
11:06:57.0298 2584 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:06:57.0330 2584 amdsata - ok
11:06:57.0361 2584 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:06:57.0392 2584 amdsbs - ok
11:06:57.0408 2584 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:06:57.0423 2584 amdxata - ok
11:06:57.0423 2584 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
11:06:57.0470 2584 AppID - ok
11:06:57.0501 2584 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:06:57.0579 2584 AppIDSvc - ok
11:06:57.0626 2584 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
11:06:57.0704 2584 Appinfo - ok
11:06:57.0720 2584 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
11:06:57.0829 2584 AppMgmt - ok
11:06:57.0860 2584 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
11:06:57.0938 2584 arc - ok
11:06:57.0985 2584 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:06:58.0156 2584 arcsas - ok
11:06:58.0328 2584 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:06:58.0375 2584 aspnet_state - ok
11:06:58.0406 2584 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:06:58.0453 2584 AsyncMac - ok
11:06:58.0500 2584 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
11:06:58.0531 2584 atapi - ok
11:06:58.0578 2584 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:06:58.0702 2584 AudioEndpointBuilder - ok
11:06:58.0702 2584 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:06:58.0734 2584 Audiosrv - ok
11:06:58.0765 2584 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:06:58.0843 2584 AxInstSV - ok
11:06:58.0890 2584 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
11:06:58.0952 2584 b06bdrv - ok
11:06:58.0999 2584 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:06:59.0061 2584 b57nd60x - ok
11:06:59.0124 2584 [ EB7C2DADF52F50F69F198C14C3556DC1 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
11:06:59.0217 2584 BCM43XX - ok
11:06:59.0280 2584 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
11:06:59.0404 2584 BDESVC - ok
11:06:59.0436 2584 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
11:06:59.0482 2584 Beep - ok
11:06:59.0514 2584 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
11:06:59.0638 2584 BFE - ok
11:06:59.0685 2584 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
11:06:59.0763 2584 BITS - ok
11:06:59.0810 2584 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:06:59.0857 2584 blbdrive - ok
11:06:59.0888 2584 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:06:59.0904 2584 bowser - ok
11:06:59.0919 2584 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:06:59.0982 2584 BrFiltLo - ok
11:06:59.0997 2584 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:07:00.0044 2584 BrFiltUp - ok
11:07:00.0075 2584 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
11:07:00.0169 2584 Browser - ok
11:07:00.0200 2584 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:07:00.0278 2584 Brserid - ok
11:07:00.0294 2584 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:07:00.0325 2584 BrSerWdm - ok
11:07:00.0340 2584 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:07:00.0387 2584 BrUsbMdm - ok
11:07:00.0403 2584 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:07:00.0450 2584 BrUsbSer - ok
11:07:00.0481 2584 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:07:00.0512 2584 BTHMODEM - ok
11:07:00.0559 2584 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
11:07:00.0606 2584 bthserv - ok
11:07:00.0652 2584 [ F3E5C6CEEC35C3F65221100B00AFB5F9 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
11:07:00.0684 2584 ccEvtMgr - ok
11:07:00.0699 2584 [ F3E5C6CEEC35C3F65221100B00AFB5F9 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
11:07:00.0715 2584 ccSetMgr - ok
11:07:00.0730 2584 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:07:00.0777 2584 cdfs - ok
11:07:00.0808 2584 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:07:00.0855 2584 cdrom - ok
11:07:00.0886 2584 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
11:07:00.0933 2584 CertPropSvc - ok
11:07:00.0964 2584 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
11:07:01.0011 2584 circlass - ok
11:07:01.0027 2584 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
11:07:01.0042 2584 CLFS - ok
11:07:01.0105 2584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:07:01.0167 2584 clr_optimization_v2.0.50727_32 - ok
11:07:01.0198 2584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:07:01.0276 2584 clr_optimization_v4.0.30319_32 - ok
11:07:01.0308 2584 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:07:01.0339 2584 CmBatt - ok
11:07:01.0386 2584 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:07:01.0448 2584 cmdide - ok
11:07:01.0479 2584 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
11:07:01.0526 2584 CNG - ok
11:07:01.0542 2584 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:07:01.0557 2584 Compbatt - ok
11:07:01.0573 2584 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:07:01.0620 2584 CompositeBus - ok
11:07:01.0635 2584 COMSysApp - ok
11:07:01.0666 2584 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:07:01.0682 2584 crcdisk - ok
11:07:01.0744 2584 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:07:01.0776 2584 CryptSvc - ok
11:07:01.0807 2584 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
11:07:01.0854 2584 CSC - ok
11:07:01.0900 2584 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
11:07:01.0947 2584 CscService - ok
11:07:01.0978 2584 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
11:07:01.0994 2584 ctxusbm - ok
11:07:02.0025 2584 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
11:07:02.0072 2584 DcomLaunch - ok
11:07:02.0119 2584 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
11:07:02.0197 2584 defragsvc - ok
11:07:02.0244 2584 [ 699EF0FD9AE72B7F5AD756E382C73E0E ] dfmirage C:\Windows\system32\DRIVERS\dfmirage.sys
11:07:02.0244 2584 dfmirage - ok
11:07:02.0290 2584 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:07:02.0353 2584 DfsC - ok
11:07:02.0384 2584 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:07:02.0446 2584 Dhcp - ok
11:07:02.0462 2584 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
11:07:02.0509 2584 discache - ok
11:07:02.0524 2584 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
11:07:02.0540 2584 Disk - ok
11:07:02.0556 2584 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
11:07:02.0634 2584 dmvsc - ok
11:07:02.0665 2584 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:07:02.0758 2584 Dnscache - ok
11:07:02.0790 2584 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
11:07:02.0852 2584 dot3svc - ok
11:07:02.0883 2584 [ B5E479EB83707DD698F66953E922042C ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
11:07:02.0930 2584 dot4 - ok
11:07:02.0946 2584 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:07:02.0992 2584 Dot4Print - ok
11:07:03.0024 2584 [ 9F7DE667C505CE6500BECDD8E11644D7 ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
11:07:03.0070 2584 Dot4Scan - ok
11:07:03.0086 2584 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
11:07:03.0117 2584 dot4usb - ok
11:07:03.0148 2584 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
11:07:03.0195 2584 DPS - ok
11:07:03.0211 2584 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:07:03.0258 2584 drmkaud - ok
11:07:03.0304 2584 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:07:03.0382 2584 DXGKrnl - ok
11:07:03.0398 2584 [ 3EA531906572FFD549B72A10F828E58C ] e1kexpress C:\Windows\system32\DRIVERS\e1k6032.sys
11:07:03.0445 2584 e1kexpress - ok
11:07:03.0476 2584 [ 44A91D98D6719B49BCD649A863225B5C ] e1yexpress C:\Windows\system32\DRIVERS\e1y6232.sys
11:07:03.0507 2584 e1yexpress - ok
11:07:03.0538 2584 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
11:07:03.0570 2584 EapHost - ok
11:07:03.0694 2584 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
11:07:03.0975 2584 ebdrv - ok
11:07:04.0022 2584 [ E1E3804F7C59EA3E14637C2A763F65E2 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:07:04.0084 2584 eeCtrl - ok
11:07:04.0131 2584 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
11:07:04.0194 2584 EFS - ok
11:07:04.0272 2584 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:07:04.0443 2584 ehRecvr - ok
11:07:04.0474 2584 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
11:07:04.0537 2584 ehSched - ok
11:07:04.0584 2584 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:07:04.0630 2584 elxstor - ok
11:07:04.0662 2584 [ 6D84DFC3B5C5052881BF50470D0C03D1 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:07:04.0677 2584 EraserUtilRebootDrv - ok
11:07:04.0693 2584 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:07:04.0740 2584 ErrDev - ok
11:07:04.0771 2584 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
11:07:04.0818 2584 EventSystem - ok
11:07:04.0833 2584 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
11:07:04.0880 2584 exfat - ok
11:07:04.0911 2584 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:07:04.0942 2584 fastfat - ok
11:07:04.0974 2584 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
11:07:05.0052 2584 Fax - ok
11:07:05.0083 2584 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
11:07:05.0114 2584 fdc - ok
11:07:05.0145 2584 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
11:07:05.0223 2584 fdPHost - ok
11:07:05.0239 2584 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
11:07:05.0270 2584 FDResPub - ok
11:07:05.0286 2584 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:07:05.0301 2584 FileInfo - ok
11:07:05.0301 2584 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:07:05.0364 2584 Filetrace - ok
11:07:05.0364 2584 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:07:05.0426 2584 flpydisk - ok
11:07:05.0442 2584 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:07:05.0473 2584 FltMgr - ok
11:07:05.0520 2584 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
11:07:05.0676 2584 FontCache - ok
11:07:05.0754 2584 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:07:05.0785 2584 FontCache3.0.0.0 - ok
11:07:05.0800 2584 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:07:05.0832 2584 FsDepends - ok
11:07:05.0894 2584 [ 2B3BF55BA74EB8118F67AB2B450B8EA9 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
11:07:05.0910 2584 fssfltr - ok
11:07:06.0034 2584 [ B6AB40819ECEC4BA07266EC0EBBC85A7 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:07:06.0112 2584 fsssvc - ok
11:07:06.0159 2584 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:07:06.0175 2584 Fs_Rec - ok
11:07:06.0222 2584 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:07:06.0237 2584 fvevol - ok
11:07:06.0268 2584 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:07:06.0315 2584 gagp30kx - ok
11:07:06.0346 2584 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
11:07:06.0378 2584 giveio ( UnsignedFile.Multi.Generic ) - warning
11:07:06.0378 2584 giveio - detected UnsignedFile.Multi.Generic (1)
11:07:06.0424 2584 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
11:07:06.0471 2584 gpsvc - ok
11:07:06.0565 2584 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:07:06.0580 2584 gupdate - ok
11:07:06.0580 2584 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:07:06.0596 2584 gupdatem - ok
11:07:06.0643 2584 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:07:06.0658 2584 gusvc - ok
11:07:06.0674 2584 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:07:06.0721 2584 hcw85cir - ok
11:07:06.0752 2584 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:07:06.0799 2584 HdAudAddService - ok
11:07:06.0830 2584 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:07:06.0877 2584 HDAudBus - ok
11:07:06.0892 2584 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:07:06.0939 2584 HidBatt - ok
11:07:06.0955 2584 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:07:07.0002 2584 HidBth - ok
11:07:07.0017 2584 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
11:07:07.0064 2584 HidIr - ok
11:07:07.0095 2584 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
11:07:07.0142 2584 hidserv - ok
11:07:07.0158 2584 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:07:07.0189 2584 HidUsb - ok
11:07:07.0236 2584 [ F5BBA95472F18B6223AC2F3AED397223 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
11:07:07.0251 2584 HitmanProScheduler - ok
11:07:07.0282 2584 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:07:07.0376 2584 hkmsvc - ok
11:07:07.0392 2584 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:07:07.0454 2584 HomeGroupListener - ok
11:07:07.0485 2584 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:07:07.0532 2584 HomeGroupProvider - ok
11:07:07.0548 2584 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:07:07.0641 2584 HpSAMD - ok
11:07:07.0688 2584 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:07:07.0719 2584 HTTP - ok
11:07:07.0750 2584 [ 7DECCB2612255F4B538976AD25DA0D29 ] hugoio C:\Windows\system32\drivers\hugoio.sys
11:07:07.0766 2584 hugoio - ok
11:07:07.0782 2584 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:07:07.0797 2584 hwpolicy - ok
11:07:07.0828 2584 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:07:07.0860 2584 i8042prt - ok
11:07:07.0906 2584 [ D80AA0907748D7CC8EFAB3773F32629B ] iaStor C:\Windows\system32\drivers\iaStor.sys
11:07:07.0922 2584 iaStor - ok
11:07:07.0969 2584 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:07:08.0062 2584 iaStorV - ok
11:07:08.0125 2584 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:07:08.0172 2584 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:07:08.0172 2584 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:07:08.0234 2584 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:07:08.0406 2584 idsvc - ok
11:07:08.0640 2584 [ 0DAB2D553BE272359BCCE55C3449937E ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
11:07:08.0936 2584 igfx - ok
11:07:08.0998 2584 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:07:09.0045 2584 iirsp - ok
11:07:09.0076 2584 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
11:07:09.0139 2584 IKEEXT - ok
11:07:09.0186 2584 [ 5CF0990FC1F6676F7B00366AB224DA92 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
11:07:09.0217 2584 IntcHdmiAddService - ok
11:07:09.0248 2584 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
11:07:09.0295 2584 intelide - ok
11:07:09.0326 2584 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:07:09.0342 2584 intelppm - ok
11:07:09.0373 2584 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:07:09.0607 2584 IPBusEnum - ok
11:07:09.0654 2584 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:07:09.0700 2584 IpFilterDriver - ok
11:07:09.0747 2584 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:07:09.0794 2584 iphlpsvc - ok
11:07:09.0825 2584 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:07:09.0841 2584 IPMIDRV - ok
11:07:09.0872 2584 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:07:09.0919 2584 IPNAT - ok
11:07:09.0934 2584 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:07:09.0981 2584 IRENUM - ok
11:07:09.0997 2584 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:07:10.0012 2584 isapnp - ok
11:07:10.0044 2584 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:07:10.0090 2584 iScsiPrt - ok
11:07:10.0122 2584 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:07:10.0122 2584 kbdclass - ok
11:07:10.0153 2584 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:07:10.0200 2584 kbdhid - ok
11:07:10.0215 2584 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
11:07:10.0231 2584 KeyIso - ok
11:07:10.0278 2584 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:07:10.0293 2584 KSecDD - ok
11:07:10.0309 2584 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:07:10.0324 2584 KSecPkg - ok
11:07:10.0371 2584 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
11:07:10.0418 2584 KtmRm - ok
11:07:10.0465 2584 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
11:07:10.0496 2584 LanmanServer - ok
11:07:10.0543 2584 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:07:10.0590 2584 LanmanWorkstation - ok
11:07:10.0730 2584 [ F3FE36DDE7F59B7D4F9581C920670198 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
11:07:10.0855 2584 LiveUpdate - ok
11:07:10.0886 2584 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:07:10.0933 2584 lltdio - ok
11:07:10.0964 2584 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:07:11.0026 2584 lltdsvc - ok
11:07:11.0042 2584 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
11:07:11.0089 2584 lmhosts - ok
11:07:11.0120 2584 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:07:11.0198 2584 LSI_FC - ok
11:07:11.0214 2584 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:07:11.0354 2584 LSI_SAS - ok
11:07:11.0385 2584 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:07:11.0401 2584 LSI_SAS2 - ok
11:07:11.0416 2584 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:07:11.0448 2584 LSI_SCSI - ok
11:07:11.0463 2584 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
11:07:11.0510 2584 luafv - ok
11:07:11.0557 2584 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:07:11.0588 2584 Mcx2Svc - ok
11:07:11.0604 2584 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
11:07:11.0635 2584 megasas - ok
11:07:11.0650 2584 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:07:11.0806 2584 MegaSR - ok
11:07:11.0853 2584 Microsoft SharePoint Workspace Audit Service - ok
11:07:11.0884 2584 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
11:07:11.0931 2584 MMCSS - ok
11:07:11.0947 2584 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
11:07:11.0994 2584 Modem - ok
11:07:12.0009 2584 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:07:12.0040 2584 monitor - ok
11:07:12.0072 2584 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:07:12.0087 2584 mouclass - ok
11:07:12.0087 2584 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:07:12.0134 2584 mouhid - ok
11:07:12.0150 2584 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:07:12.0165 2584 mountmgr - ok
11:07:12.0228 2584 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:07:12.0243 2584 MozillaMaintenance - ok
11:07:12.0259 2584 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
11:07:12.0306 2584 mpio - ok
11:07:12.0321 2584 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:07:12.0368 2584 mpsdrv - ok
11:07:12.0415 2584 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:07:12.0462 2584 MpsSvc - ok
11:07:12.0508 2584 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:07:12.0540 2584 MRxDAV - ok
11:07:12.0571 2584 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:07:12.0602 2584 mrxsmb - ok
11:07:12.0618 2584 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:07:12.0649 2584 mrxsmb10 - ok
11:07:12.0680 2584 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:07:12.0696 2584 mrxsmb20 - ok
11:07:12.0727 2584 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
11:07:12.0742 2584 msahci - ok
11:07:12.0774 2584 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:07:12.0836 2584 msdsm - ok
11:07:12.0867 2584 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
11:07:12.0930 2584 MSDTC - ok
11:07:12.0961 2584 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:07:13.0008 2584 Msfs - ok
11:07:13.0023 2584 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:07:13.0070 2584 mshidkmdf - ok
11:07:13.0101 2584 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:07:13.0117 2584 msisadrv - ok
11:07:13.0148 2584 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:07:13.0195 2584 MSiSCSI - ok
11:07:13.0210 2584 msiserver - ok
11:07:13.0226 2584 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:07:13.0273 2584 MSKSSRV - ok
11:07:13.0304 2584 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:07:13.0351 2584 MSPCLOCK - ok
11:07:13.0366 2584 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:07:13.0429 2584 MSPQM - ok
11:07:13.0460 2584 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:07:13.0476 2584 MsRPC - ok
11:07:13.0491 2584 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:07:13.0507 2584 mssmbios - ok
11:07:13.0538 2584 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:07:13.0569 2584 MSTEE - ok
11:07:13.0585 2584 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:07:13.0632 2584 MTConfig - ok
11:07:13.0647 2584 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
11:07:13.0663 2584 Mup - ok
11:07:13.0710 2584 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
11:07:13.0756 2584 napagent - ok
11:07:13.0803 2584 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:07:13.0834 2584 NativeWifiP - ok
11:07:13.0975 2584 [ 81E928EE3751FAF725C87CC17726C05D ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130923.022\NAVENG.SYS
11:07:13.0990 2584 NAVENG - ok
11:07:14.0053 2584 [ E0C39FA6C76AE8ED53ABF043F35ECDFF ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130923.022\NAVEX15.SYS
11:07:14.0131 2584 NAVEX15 - ok
11:07:14.0162 2584 [ 48C06CA01A7AF9BCA527EEB69D210C6E ] NCFilter C:\Windows\system32\DRIVERS\NCFilter.sys
11:07:14.0162 2584 NCFilter - ok
11:07:14.0224 2584 [ D2C2DD0A5DA6B9BD3A59072CC5DCA543 ] NCFSD C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys
11:07:14.0256 2584 NCFSD - ok
11:07:14.0287 2584 [ 0E99565F4D1007559927A38E12378D06 ] NCIOCTL C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys
11:07:14.0302 2584 NCIOCTL - ok
11:07:14.0334 2584 [ 26C78F5F31DA4671C5914E2DA04FFB51 ] NCRecognizer C:\Windows\system32\DRIVERS\NCRecognizer.sys
11:07:14.0365 2584 NCRecognizer - ok
11:07:14.0380 2584 [ E311AEBE962F4E2C6AD5234491CB40B8 ] NCUncFilter C:\Windows\system32\DRIVERS\NCUncFilter.sys
11:07:14.0396 2584 NCUncFilter - ok
11:07:14.0443 2584 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:07:14.0521 2584 NDIS - ok
11:07:14.0599 2584 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:07:14.0646 2584 NdisCap - ok
11:07:14.0677 2584 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:07:14.0708 2584 NdisTapi - ok
11:07:14.0739 2584 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:07:14.0755 2584 Ndisuio - ok
11:07:14.0770 2584 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:07:14.0817 2584 NdisWan - ok
11:07:14.0848 2584 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:07:14.0895 2584 NDProxy - ok
11:07:14.0911 2584 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:07:14.0958 2584 NetBIOS - ok
11:07:14.0989 2584 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:07:15.0004 2584 NetBT - ok
11:07:15.0020 2584 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
11:07:15.0036 2584 Netlogon - ok
11:07:15.0082 2584 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
11:07:15.0114 2584 Netman - ok
11:07:15.0145 2584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:07:15.0192 2584 NetMsmqActivator - ok
11:07:15.0207 2584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:07:15.0223 2584 NetPipeActivator - ok
11:07:15.0254 2584 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
11:07:15.0301 2584 netprofm - ok
11:07:15.0316 2584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:07:15.0316 2584 NetTcpActivator - ok
11:07:15.0332 2584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:07:15.0332 2584 NetTcpPortSharing - ok
11:07:15.0379 2584 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:07:15.0410 2584 nfrd960 - ok
11:07:15.0441 2584 [ 6822566B28BE75B2A76446A57064369F ] NICM C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys
11:07:15.0441 2584 NICM - ok
11:07:15.0488 2584 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
11:07:15.0519 2584 NlaSvc - ok
11:07:15.0566 2584 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
11:07:15.0644 2584 nmwcd - ok
11:07:15.0660 2584 [ 025C54F9F8C8BC1894EA38529C742C54 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
11:07:15.0691 2584 nmwcdc - ok
11:07:15.0722 2584 [ 0FBAACFA6FC27A100D56C22AA655EDF7 ] Novell Identity Store C:\Program Files\Novell\CASA\bin\micasad.exe
11:07:15.0738 2584 Novell Identity Store ( UnsignedFile.Multi.Generic ) - warning
11:07:15.0738 2584 Novell Identity Store - detected UnsignedFile.Multi.Generic (1)
11:07:15.0784 2584 [ AFF04B863161A705A7EF9EA49C354ED8 ] Novell ZENworks Agent Service C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe
11:07:15.0800 2584 Novell ZENworks Agent Service ( UnsignedFile.Multi.Generic ) - warning
11:07:15.0800 2584 Novell ZENworks Agent Service - detected UnsignedFile.Multi.Generic (1)
11:07:15.0831 2584 [ CD68B67C8211065C7A56C8A5B4CF01F5 ] Novell ZENworks Image-Safe Data Service C:\Program Files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe
11:07:15.0847 2584 Novell ZENworks Image-Safe Data Service ( UnsignedFile.Multi.Generic ) - warning
11:07:15.0847 2584 Novell ZENworks Image-Safe Data Service - detected UnsignedFile.Multi.Generic (1)
11:07:15.0878 2584 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:07:15.0925 2584 Npfs - ok
11:07:15.0956 2584 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
11:07:16.0034 2584 nsi - ok
11:07:16.0050 2584 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:07:16.0081 2584 nsiproxy - ok
11:07:16.0143 2584 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:07:16.0206 2584 Ntfs - ok
11:07:16.0252 2584 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
11:07:16.0299 2584 Null - ok
11:07:16.0330 2584 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:07:16.0362 2584 nvraid - ok
11:07:16.0455 2584 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:07:16.0564 2584 nvstor - ok
11:07:16.0596 2584 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:07:16.0627 2584 nv_agp - ok
11:07:16.0705 2584 [ EE15C84A89FD28A27F056E4BBCA9DB7B ] nzwinvnc C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe
11:07:16.0830 2584 nzwinvnc ( UnsignedFile.Multi.Generic ) - warning
11:07:16.0830 2584 nzwinvnc - detected UnsignedFile.Multi.Generic (1)
11:07:16.0892 2584 [ D955D5DE998DB2476BF0892BE3A96C26 ] O2Flash C:\Windows\system32\o2flash.exe
11:07:16.0908 2584 O2Flash ( UnsignedFile.Multi.Generic ) - warning
11:07:16.0908 2584 O2Flash - detected UnsignedFile.Multi.Generic (1)
11:07:16.0923 2584 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:07:16.0986 2584 ohci1394 - ok
11:07:17.0032 2584 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:07:17.0095 2584 ose - ok
11:07:17.0266 2584 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:07:17.0610 2584 osppsvc - ok
11:07:17.0937 2584 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:07:18.0031 2584 p2pimsvc - ok
11:07:18.0078 2584 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
11:07:18.0140 2584 p2psvc - ok
11:07:18.0171 2584 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
11:07:18.0218 2584 Parport - ok
11:07:18.0249 2584 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:07:18.0265 2584 partmgr - ok
11:07:18.0296 2584 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
11:07:18.0343 2584 Parvdm - ok
11:07:18.0358 2584 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:07:18.0405 2584 PcaSvc - ok
11:07:18.0436 2584 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
11:07:18.0452 2584 pci - ok
11:07:18.0483 2584 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
11:07:18.0514 2584 pciide - ok
11:07:18.0546 2584 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:07:18.0577 2584 pcmcia - ok
11:07:18.0592 2584 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
11:07:18.0608 2584 pcw - ok
11:07:18.0639 2584 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:07:18.0702 2584 PEAUTH - ok
11:07:18.0748 2584 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:07:18.0826 2584 PeerDistSvc - ok
11:07:18.0889 2584 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
11:07:18.0998 2584 pla - ok
11:07:19.0029 2584 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:07:19.0076 2584 PlugPlay - ok
11:07:19.0092 2584 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:07:19.0154 2584 PNRPAutoReg - ok
11:07:19.0185 2584 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:07:19.0201 2584 PNRPsvc - ok
11:07:19.0232 2584 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
11:07:19.0263 2584 Point32 - ok
11:07:19.0294 2584 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:07:19.0326 2584 PolicyAgent - ok
11:07:19.0357 2584 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
11:07:19.0404 2584 Power - ok
11:07:19.0435 2584 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:07:19.0497 2584 PptpMiniport - ok
11:07:19.0513 2584 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
11:07:19.0560 2584 Processor - ok
11:07:19.0606 2584 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
11:07:19.0684 2584 ProfSvc - ok
11:07:19.0716 2584 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:07:19.0747 2584 ProtectedStorage - ok
11:07:19.0825 2584 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:07:19.0887 2584 Psched - ok
11:07:19.0950 2584 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:07:20.0059 2584 ql2300 - ok
11:07:20.0090 2584 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:07:20.0277 2584 ql40xx - ok
11:07:20.0308 2584 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
11:07:20.0355 2584 QWAVE - ok
11:07:20.0371 2584 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:07:20.0402 2584 QWAVEdrv - ok
11:07:20.0433 2584 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:07:20.0464 2584 RasAcd - ok
11:07:20.0496 2584 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:07:20.0527 2584 RasAgileVpn - ok
11:07:20.0542 2584 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
11:07:20.0605 2584 RasAuto - ok
11:07:20.0636 2584 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:07:20.0714 2584 Rasl2tp - ok
11:07:20.0745 2584 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
11:07:20.0808 2584 RasMan - ok
11:07:20.0823 2584 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:07:20.0854 2584 RasPppoe - ok
11:07:20.0886 2584 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:07:20.0917 2584 RasSstp - ok
11:07:20.0964 2584 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:07:20.0995 2584 rdbss - ok
11:07:20.0995 2584 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:07:21.0010 2584 rdpbus - ok
11:07:21.0042 2584 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:07:21.0073 2584 RDPCDD - ok
11:07:21.0104 2584 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:07:21.0151 2584 RDPDR - ok
11:07:21.0182 2584 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:07:21.0229 2584 RDPENCDD - ok
11:07:21.0244 2584 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:07:21.0291 2584 RDPREFMP - ok
11:07:21.0322 2584 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:07:21.0369 2584 RDPWD - ok
11:07:21.0400 2584 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:07:21.0416 2584 rdyboost - ok
11:07:21.0463 2584 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
11:07:21.0525 2584 RemoteAccess - ok
11:07:21.0556 2584 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:07:21.0603 2584 RemoteRegistry - ok
11:07:21.0634 2584 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
11:07:21.0697 2584 rimmptsk - ok
11:07:21.0712 2584 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:07:21.0822 2584 RpcEptMapper - ok
11:07:21.0853 2584 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
11:07:21.0900 2584 RpcLocator - ok
11:07:21.0931 2584 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
11:07:21.0962 2584 RpcSs - ok
11:07:21.0993 2584 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:07:22.0040 2584 rspndr - ok
11:07:22.0071 2584 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:07:22.0102 2584 s3cap - ok
11:07:22.0118 2584 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
11:07:22.0134 2584 SamSs - ok
11:07:22.0165 2584 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:07:22.0180 2584 sbp2port - ok
11:07:22.0212 2584 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:07:22.0274 2584 SCardSvr - ok
11:07:22.0290 2584 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:07:22.0336 2584 scfilter - ok
11:07:22.0368 2584 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
11:07:22.0446 2584 Schedule - ok
11:07:22.0477 2584 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:07:22.0508 2584 SCPolicySvc - ok
11:07:22.0539 2584 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
11:07:22.0555 2584 sdbus - ok
11:07:22.0570 2584 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:07:22.0680 2584 SDRSVC - ok
11:07:22.0695 2584 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:07:22.0758 2584 secdrv - ok
11:07:22.0773 2584 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
11:07:22.0820 2584 seclogon - ok
11:07:22.0851 2584 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
11:07:22.0898 2584 SENS - ok
11:07:22.0914 2584 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:07:23.0007 2584 SensrSvc - ok
11:07:23.0038 2584 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:07:23.0085 2584 Serenum - ok
11:07:23.0101 2584 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:07:23.0148 2584 Serial - ok
11:07:23.0163 2584 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:07:23.0179 2584 sermouse - ok
11:07:23.0226 2584 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
11:07:23.0288 2584 SessionEnv - ok
11:07:23.0319 2584 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
11:07:23.0350 2584 sffdisk - ok
11:07:23.0366 2584 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:07:23.0413 2584 sffp_mmc - ok
11:07:23.0444 2584 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
11:07:23.0475 2584 sffp_sd - ok
11:07:23.0491 2584 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:07:23.0522 2584 sfloppy - ok
11:07:23.0569 2584 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:07:23.0631 2584 SharedAccess - ok
11:07:23.0678 2584 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:07:23.0709 2584 ShellHWDetection - ok
11:07:23.0740 2584 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:07:23.0787 2584 sisagp - ok
11:07:23.0803 2584 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:07:23.0850 2584 SiSRaid2 - ok
11:07:23.0865 2584 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:07:23.0974 2584 SiSRaid4 - ok
11:07:24.0006 2584 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:07:24.0146 2584 Smb - ok
11:07:24.0177 2584 Smcinst - ok
11:07:24.0255 2584 [ 8317AD0C7E640411C746D5664EB7957A ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
11:07:24.0411 2584 SmcService - ok
11:07:24.0458 2584 [ 95293A76341B1DB125EE125474657728 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
11:07:24.0489 2584 SNAC - ok
11:07:24.0520 2584 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:07:24.0536 2584 SNMPTRAP - ok
11:07:24.0630 2584 [ E87CF104F12C92401C4D33C50A3D5DC8 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
11:07:24.0661 2584 SPBBCDrv - ok
11:07:24.0708 2584 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\Windows\system32\speedfan.sys
11:07:24.0739 2584 speedfan - ok
11:07:24.0754 2584 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
11:07:24.0770 2584 spldr - ok
11:07:24.0817 2584 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
11:07:25.0020 2584 Spooler - ok
11:07:25.0129 2584 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
11:07:25.0269 2584 sppsvc - ok
11:07:25.0300 2584 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:07:25.0347 2584 sppuinotify - ok
11:07:25.0378 2584 [ B36F8D6A02FF2B3A53E250A629782F29 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS
11:07:25.0410 2584 SRTSP - ok
11:07:25.0456 2584 [ E99BD98AC171A29FC1BA9376BE87AE73 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS
11:07:25.0488 2584 SRTSPL - ok
11:07:25.0503 2584 [ 1AF34729898063E9B7DF8D149D767E07 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS
11:07:25.0519 2584 SRTSPX - ok
11:07:25.0550 2584 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:07:25.0628 2584 srv - ok
11:07:25.0659 2584 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:07:25.0706 2584 srv2 - ok
11:07:25.0722 2584 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:07:25.0737 2584 srvnet - ok
11:07:25.0768 2584 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:07:25.0800 2584 SSDPSRV - ok
11:07:25.0815 2584 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:07:25.0878 2584 SstpSvc - ok
11:07:25.0909 2584 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:07:25.0940 2584 stexstor - ok
11:07:25.0987 2584 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
11:07:26.0034 2584 StiSvc - ok
11:07:26.0049 2584 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:07:26.0065 2584 storflt - ok
11:07:26.0080 2584 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
11:07:26.0127 2584 StorSvc - ok
11:07:26.0143 2584 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:07:26.0174 2584 storvsc - ok
11:07:26.0190 2584 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:07:26.0205 2584 swenum - ok
11:07:26.0221 2584 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
11:07:26.0299 2584 swprv - ok
11:07:26.0377 2584 [ 4402CF4959A30CB6A008099ABA8F22A9 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
11:07:26.0408 2584 Symantec AntiVirus - ok
11:07:26.0455 2584 [ E42A34E6F5CA71A84D4C2DE620AAD13D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
11:07:26.0470 2584 SymEvent - ok
11:07:26.0502 2584 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
11:07:26.0502 2584 SYMREDRV - ok
11:07:26.0517 2584 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
11:07:26.0533 2584 SYMTDI - ok
11:07:26.0580 2584 [ 215A45246C6E2D0A9C263CE1786C8D8A ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:07:26.0595 2584 SynTP - ok
11:07:26.0642 2584 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
11:07:26.0689 2584 SysMain - ok
11:07:26.0720 2584 [ 666992D996C524812E713EFFD836D043 ] SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys
11:07:26.0736 2584 SysPlant - ok
11:07:26.0767 2584 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:07:26.0860 2584 TabletInputService - ok
11:07:26.0892 2584 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
11:07:26.0970 2584 TapiSrv - ok
11:07:26.0985 2584 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
11:07:27.0016 2584 TBS - ok
11:07:27.0094 2584 [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:07:27.0172 2584 Tcpip - ok
11:07:27.0219 2584 [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:07:27.0250 2584 TCPIP6 - ok
11:07:27.0297 2584 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:07:27.0328 2584 tcpipreg - ok
11:07:27.0360 2584 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:07:27.0438 2584 TDPIPE - ok
11:07:27.0469 2584 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:07:27.0484 2584 TDTCP - ok
11:07:27.0516 2584 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:07:27.0562 2584 tdx - ok
11:07:27.0594 2584 [ F63439AC8FA992BFA0C757EB644A1A0C ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
11:07:27.0594 2584 Teefer2 - ok
11:07:27.0625 2584 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:07:27.0640 2584 TermDD - ok
11:07:27.0672 2584 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
11:07:27.0734 2584 TermService - ok
11:07:27.0750 2584 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
11:07:27.0781 2584 Themes - ok
11:07:27.0812 2584 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
11:07:27.0828 2584 THREADORDER - ok
11:07:27.0843 2584 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
11:07:27.0890 2584 TPM - ok
11:07:27.0906 2584 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
11:07:27.0937 2584 TrkWks - ok
11:07:27.0984 2584 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:07:28.0062 2584 TrustedInstaller - ok
11:07:28.0093 2584 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:07:28.0155 2584 tssecsrv - ok
11:07:28.0171 2584 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:07:28.0202 2584 TsUsbFlt - ok
11:07:28.0249 2584 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:07:28.0280 2584 TsUsbGD - ok
11:07:28.0311 2584 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:07:28.0342 2584 tunnel - ok
11:07:28.0374 2584 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:07:28.0389 2584 uagp35 - ok
11:07:28.0420 2584 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:07:28.0483 2584 udfs - ok
11:07:28.0514 2584 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:07:28.0561 2584 UI0Detect - ok
11:07:28.0576 2584 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:07:28.0608 2584 uliagpkx - ok
11:07:28.0623 2584 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:07:28.0639 2584 umbus - ok
11:07:28.0670 2584 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:07:28.0701 2584 UmPass - ok
11:07:28.0732 2584 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
11:07:28.0795 2584 UmRdpService - ok
11:07:28.0826 2584 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
11:07:28.0888 2584 upnphost - ok
11:07:28.0935 2584 [ 78B74AF8727A28C128E164E9B53A5413 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
11:07:28.0966 2584 upperdev - ok
11:07:28.0998 2584 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:07:29.0076 2584 usbccgp - ok
11:07:29.0122 2584 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:07:29.0154 2584 usbcir - ok
11:07:29.0185 2584 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:07:29.0200 2584 usbehci - ok
11:07:29.0216 2584 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:07:29.0247 2584 usbhub - ok
11:07:29.0263 2584 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:07:29.0294 2584 usbohci - ok
11:07:29.0310 2584 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
11:07:29.0341 2584 usbprint - ok
11:07:29.0372 2584 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys
11:07:29.0403 2584 usbser - ok
11:07:29.0419 2584 [ 4F8FBC51A1C0A17310846B417A447F91 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
11:07:29.0590 2584 UsbserFilt - ok
11:07:29.0637 2584 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:07:29.0668 2584 USBSTOR - ok
11:07:29.0684 2584 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:07:29.0731 2584 usbuhci - ok
11:07:29.0778 2584 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:07:29.0840 2584 usbvideo - ok
11:07:29.0949 2584 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
11:07:30.0058 2584 UxSms - ok
11:07:30.0090 2584 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
11:07:30.0090 2584 VaultSvc - ok
11:07:30.0168 2584 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:07:30.0183 2584 vdrvroot - ok
11:07:30.0230 2584 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
11:07:30.0339 2584 vds - ok
11:07:30.0355 2584 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:07:30.0370 2584 vga - ok
11:07:30.0386 2584 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:07:30.0417 2584 VgaSave - ok
11:07:30.0433 2584 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:07:30.0464 2584 vhdmp - ok
11:07:30.0480 2584 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:07:30.0495 2584 viaagp - ok
11:07:30.0495 2584 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
11:07:30.0542 2584 ViaC7 - ok
11:07:30.0573 2584 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
11:07:30.0589 2584 viaide - ok
11:07:30.0620 2584 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:07:30.0714 2584 vmbus - ok
11:07:30.0745 2584 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:07:30.0776 2584 VMBusHID - ok
11:07:30.0792 2584 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:07:30.0807 2584 volmgr - ok
11:07:30.0823 2584 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:07:30.0854 2584 volmgrx - ok
11:07:30.0870 2584 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:07:30.0885 2584 volsnap - ok
11:07:30.0901 2584 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:07:30.0916 2584 vsmraid - ok
11:07:30.0979 2584 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
11:07:31.0088 2584 VSS - ok
11:07:31.0104 2584 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:07:31.0135 2584 vwifibus - ok
11:07:31.0166 2584 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:07:31.0182 2584 vwififlt - ok
11:07:31.0197 2584 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
11:07:31.0244 2584 W32Time - ok
11:07:31.0275 2584 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:07:31.0322 2584 WacomPen - ok
11:07:31.0338 2584 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:07:31.0384 2584 WANARP - ok
11:07:31.0384 2584 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:07:31.0400 2584 Wanarpv6 - ok
11:07:31.0494 2584 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:07:31.0712 2584 WatAdminSvc - ok
11:07:31.0774 2584 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
11:07:31.0915 2584 wbengine - ok
11:07:31.0930 2584 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:07:31.0993 2584 WbioSrvc - ok
11:07:32.0024 2584 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:07:32.0055 2584 wcncsvc - ok
11:07:32.0071 2584 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:07:32.0196 2584 WcsPlugInService - ok
11:07:32.0242 2584 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
11:07:32.0289 2584 Wd - ok
11:07:32.0336 2584 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:07:32.0383 2584 Wdf01000 - ok
11:07:32.0414 2584 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:07:32.0523 2584 WdiServiceHost - ok
11:07:32.0523 2584 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:07:32.0554 2584 WdiSystemHost - ok
11:07:32.0570 2584 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
11:07:32.0617 2584 WebClient - ok
11:07:32.0632 2584 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:07:32.0679 2584 Wecsvc - ok
11:07:32.0695 2584 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:07:32.0726 2584 wercplsupport - ok
11:07:32.0742 2584 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
11:07:32.0773 2584 WerSvc - ok
11:07:32.0804 2584 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:07:32.0820 2584 WfpLwf - ok
11:07:32.0851 2584 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:07:32.0866 2584 WIMMount - ok
11:07:32.0960 2584 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:07:33.0100 2584 WinDefend - ok
11:07:33.0116 2584 WinHttpAutoProxySvc - ok
11:07:33.0210 2584 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:07:33.0257 2584 Winmgmt - ok
11:07:33.0319 2584 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
11:07:33.0397 2584 WinRM - ok
11:07:33.0444 2584 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
11:07:33.0506 2584 WinUsb - ok
11:07:33.0584 2584 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:07:33.0647 2584 Wlansvc - ok
11:07:33.0740 2584 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:07:33.0849 2584 wlidsvc - ok
11:07:33.0881 2584 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:07:33.0896 2584 WmiAcpi - ok
11:07:33.0943 2584 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:07:34.0005 2584 wmiApSrv - ok
11:07:34.0083 2584 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:07:34.0208 2584 WMPNetworkSvc - ok
11:07:34.0239 2584 [ C214DD6D6905F01FE3E0A2C334E2244E ] WNTHW C:\Windows\system32\DRIVERS\WNTHW.SYS
11:07:34.0271 2584 WNTHW ( UnsignedFile.Multi.Generic ) - warning
11:07:34.0271 2584 WNTHW - detected UnsignedFile.Multi.Generic (1)
11:07:34.0317 2584 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:07:34.0395 2584 WPCSvc - ok
11:07:34.0411 2584 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:07:34.0442 2584 WPDBusEnum - ok
11:07:34.0489 2584 [ 9748E527F0D71BC86A1FE45F294E368B ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys
11:07:34.0520 2584 WPS - ok
11:07:34.0551 2584 [ C306D2037EC147C7C663994F12B87F1E ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys
11:07:34.0583 2584 WpsHelper - ok
11:07:34.0614 2584 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:07:34.0661 2584 ws2ifsl - ok
11:07:34.0676 2584 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
11:07:34.0707 2584 wscsvc - ok
11:07:34.0707 2584 WSearch - ok
11:07:34.0801 2584 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
11:07:34.0910 2584 wuauserv - ok
11:07:34.0941 2584 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:07:34.0957 2584 WudfPf - ok
11:07:34.0973 2584 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:07:35.0066 2584 WUDFRd - ok
11:07:35.0175 2584 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:07:35.0222 2584 wudfsvc - ok
11:07:35.0269 2584 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:07:35.0363 2584 WwanSvc - ok
11:07:35.0394 2584 [ 81D2B88D01065B0A69CADC3128B5314E ] XTSvcMgr C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
11:07:35.0409 2584 XTSvcMgr - ok
11:07:35.0472 2584 [ AEF78B24DF292B4DFC2AE0BEAF9C2EA3 ] ZENPreAgent C:\Windows\novell\zenworks\bin\ZENPreAgent.exe
11:07:35.0581 2584 ZENPreAgent ( UnsignedFile.Multi.Generic ) - warning
11:07:35.0581 2584 ZENPreAgent - detected UnsignedFile.Multi.Generic (1)
11:07:35.0581 2584 ================ Scan global ===============================
11:07:35.0690 2584 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
11:07:35.0753 2584 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
11:07:35.0768 2584 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
11:07:35.0784 2584 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:07:35.0815 2584 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:07:35.0831 2584 [Global] - ok
11:07:35.0831 2584 ================ Scan MBR ==================================
11:07:35.0831 2584 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:07:36.0548 2584 \Device\Harddisk0\DR0 - ok
11:07:36.0548 2584 ================ Scan VBR ==================================
11:07:36.0579 2584 [ CEFB23D29502F8CC53A089FB5164F2BD ] \Device\Harddisk0\DR0\Partition1
11:07:36.0595 2584 \Device\Harddisk0\DR0\Partition1 - ok
11:07:36.0642 2584 [ 3F10C18D314E0F6CC57F1E28586BD95F ] \Device\Harddisk0\DR0\Partition2
11:07:36.0642 2584 \Device\Harddisk0\DR0\Partition2 - ok
11:07:36.0642 2584 [ 802592141F8B538C45441948AD3C35BF ] \Device\Harddisk0\DR0\Partition3
11:07:36.0657 2584 \Device\Harddisk0\DR0\Partition3 - ok
11:07:36.0657 2584 ============================================================
11:07:36.0657 2584 Scan finished
11:07:36.0657 2584 ============================================================
11:07:36.0673 5288 Detected object count: 9
11:07:36.0673 5288 Actual detected object count: 9
11:10:37.0493 5288 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:37.0493 5288 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:10:37.0493 5288 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:37.0493 5288 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:10:37.0493 5288 Novell Identity Store ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:37.0493 5288 Novell Identity Store ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:10:37.0493 5288 Novell ZENworks Agent Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:37.0493 5288 Novell ZENworks Agent Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:10:37.0493 5288 Novell ZENworks Image-Safe Data Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:37.0508 5288 Novell ZENworks Image-Safe Data Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:10:37.0508 5288 nzwinvnc ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:37.0508 5288 nzwinvnc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:10:37.0508 5288 O2Flash ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:37.0508 5288 O2Flash ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:10:37.0508 5288 WNTHW ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:37.0508 5288 WNTHW ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:10:37.0508 5288 ZENPreAgent ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:37.0508 5288 ZENPreAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:11:27.0585 3060 Deinitialize success
-
Hallo
scan is voltooid
hierbij het logje:
Malwarebytes Anti-Malware 1.75.0.1300
Databaseversie: v2013.09.24.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
LBORNAUW :: I0081643 [administrator]
24/09/2013 18:35:06
mbam-log-2013-09-24 (18-35-06).txt
Scan type: Volledige scan (C:\|D:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 439925
Verstreken tijd: 1 uur/uren, 53 minuut/minuten, 8 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
nog eens controleren?
opmerkingske: bij een reboot van PC moet ik nu op F12 drukken opdat deze zou verder opstarten ... anders blijft het staan op flikker-cursor op blanco scherm ...laat ons hopen dat dit geen te grote prolemen geeft?
alvast dank
-
Hallo
Deze versie van JAVA gedownload en controle uitgevoerd en ik kreeg OK
ook ADW cleaner laten lopen en hierbij het bestandje
ondertussen reeds 6 verwittigingen van Symantec van attacks gekregen... ;-(
bij opstart start HTMAN PRO ook steeds op met snelle scanning : ik veronderstel dat dit geen kwaad kan?
# AdwCleaner v3.005 - Report created 24/09/2013 at 15:09:33
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : LBORNAUW - I0081643
# Running from : D:\Profiles\LBORNAUW.I0081643\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
File Deleted : D:\END
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2727678
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_infrarecorder_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_infrarecorder_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A54DAB37-E900-4E7A-9E32-7B5372016CE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A54DAB37-E900-4E7A-9E32-7B5372016CE5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A54DAB37-E900-4E7A-9E32-7B5372016CE5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E22FAD16-456D-4E98-BE7E-EA499CD1BEA7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB508994-510F-4898-AC17-DFCC64D32581}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{95324E44-4B0A-47A9-8F77-9C6415E51C29}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{95324E44-4B0A-47A9-8F77-9C6415E51C29}]
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_Nederlands_2
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\IncrediMail_MediaBar_Nederlands_2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v23.0.1 (nl)
-\\ Google Chrome v29.0.1547.76
*************************
AdwCleaner[R0].txt - [12806 octets] - [24/09/2013 14:56:57]
AdwCleaner[s0].txt - [13052 octets] - [24/09/2013 15:09:33]
########## EOF - D:\AdwCleaner\AdwCleaner[s0].txt - [13113 octets] ##########
-
Hallo
alles gevolgd ( ik verwijderde JAVA TM Update)
tot : Dubbelklik vervolgens op jre-7-windows-x64 / x86 op je Bureaublad om de nieuwste versie van Java te installeren.
maar op welk bestandje die ik in de uitgepakte versie te klikken om JAVA te installeren?
bin
lib
release..
nogmaals dank voor het geduld
-
Hallo
hierbij het logje ZOEK.EXE
Zoek.exe Version 4.0.0.2 Updated 08-March-2013
Tool run by LBORNAUW on ma 11/03/2013 at 20:06:31,13.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Safe Mode NETWORK Internet Access Detected
==== Deleting Files \ Folders ======================
"C:\ProgramData\ilbmxgyiivcwvsl" deleted
"C:\Windows\ycdnsssf.exe" deleted
"C:\Users\Public\Desktop\sample_20131103_1920.zip" deleted
"C:\ProgramData\dpdvedqxegrxgjz\be-flag.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\be-image.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\btn-green.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\corners-btn.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\corners1.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\corners2.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\corners3.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\corners4.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\ie6-7.css" deleted
"C:\ProgramData\dpdvedqxegrxgjz\jquery.main.js" deleted
"C:\ProgramData\dpdvedqxegrxgjz\main.html" deleted
"C:\ProgramData\dpdvedqxegrxgjz\McAfee.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\pays-be.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\steps-be.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\steps-en.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\steps-nl.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\style.css" deleted
"C:\ProgramData\dpdvedqxegrxgjz\tabs.png" deleted
"C:\ProgramData\dpdvedqxegrxgjz\wait.html" deleted
"C:\ProgramData\dpdvedqxegrxgjz" deleted
Zoek.exe Version 4.0.0.4 Updated 19-September-2013
Tool run by LBORNAUW on ma 23/09/2013 at 18:00:30,40.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted]
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully
HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VideoDownloadConverter_4zService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VideoDownloadConverter_4zService deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Search Scope Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader]
==== Deleting Files \ Folders ======================
"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Utilities" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Vocal Transformer" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Vocals" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\WebServer" deleted
"C:\ProgramData\laserjet" deleted
"C:\ProgramData\manual" deleted
"C:\ProgramData\vhosts" deleted
"C:\ProgramData\Widgets" deleted
"C:\ProgramData\Woodwind" deleted
"C:\ProgramData\Woodwinds" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\settings.ini" deleted
"C:\Program Files\VideoDownloadConverter_4z" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com" deleted
"C:\Program Files\Video Download Converter" deleted
"C:\Windows\system32\appdata" deleted
"C:\Program Files\VideoDownloadConverter_4z" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\Local\VideoDownloadConverter_4z" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\LocalLow\VideoDownloadConverter_4z" deleted
"D:\Profiles\LBORNAUW.I0081643\AppData\LocalLow\IncrediMail_MediaBar_Nederlands_2" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== D:\Profiles\LBORNA~1.I00\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2013-09-11 16:53:03 06EEAD5864F357ADC618F65A2F2C5156 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-11 16:53:03 00531B52C9468929F2C651B3BCADCBC9 690688 ----a-w- C:\Windows\System32\jscript.dll
2013-09-11 16:53:01 79DC575FE905D5DD5C5A4C5993A7C7F9 2876928 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-11 16:52:58 7E540E07B97DCBCF8F76FA743B486BF2 61440 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-11 16:52:58 7C63629508BB87227C3C861355A155B4 39424 ----a-w- C:\Windows\System32\jsproxy.dll
2013-09-11 16:52:56 BCA4913CDE903B4BDEEDAD1D6DBF5E2A 391168 ----a-w- C:\Windows\System32\ieui.dll
2013-09-11 16:52:52 2EC47CF6A36F6A83BB8B98C1425B4D41 493056 ----a-w- C:\Windows\System32\msfeeds.dll
2013-09-11 16:52:51 54C06D9684F3D0AD7E87502E57CC4655 42496 ----a-w- C:\Windows\System32\ie4uinit.exe
2013-09-11 16:52:51 000B55B43992179E69C2E83CCB8F1126 33280 ----a-w- C:\Windows\System32\iernonce.dll
2013-09-11 16:52:50 43852485D0B78C021A47E9548A4CFFE0 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-11 16:52:48 E5D91D6B81A293AB6854CAD112240A4B 1141248 ----a-w- C:\Windows\System32\urlmon.dll
2013-09-11 16:52:48 3B74EADF1B70251D3CDB87BC338DC34D 109056 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-11 16:52:47 281A720B0A984E325599EE1F0342E8FB 2048000 ----a-w- C:\Windows\System32\iertutil.dll
2013-09-11 16:52:43 535F6263035F2530A62D5D64EF6E73D3 1767936 ----a-w- C:\Windows\System32\wininet.dll
2013-09-11 16:52:41 4FCC53B82D91607FB9AE24E617108BB2 13761024 ----a-w- C:\Windows\System32\ieframe.dll
2013-09-11 16:52:37 5D2D7E7850CE963C2F401D4DEE7BB32A 14332928 ----a-w- C:\Windows\System32\mshtml.dll
2013-09-11 14:26:29 E02781D4871844DCD30DF1D69A650F78 12872704 ----a-w- C:\Windows\System32\shell32.dll
2013-09-11 14:26:28 2C4A87CA8C00E98EFDCFA2E8EC9A3503 180224 ----a-w- C:\Windows\System32\shdocvw.dll
2013-09-11 14:26:12 ED880065BBB2C5F57B74F30812A65F4F 2348544 ----a-w- C:\Windows\System32\win32k.sys
2013-09-11 14:26:10 6933E2AFF444A7A95D5C67E98449163E 868352 ----a-w- C:\Windows\System32\kernel32.dll
2013-09-11 14:26:09 51BB04243DF6196C06E125898127E397 169984 ----a-w- C:\Windows\System32\winsrv.dll
2013-09-11 14:26:09 1E65CF7B26D02750544EFDD73C8118FA 293376 ----a-w- C:\Windows\System32\KernelBase.dll
2013-09-11 14:26:08 2DE16A63F71D10B42ACE01E759078600 271360 ----a-w- C:\Windows\System32\conhost.exe
====== C:\Windows\system32\drivers =====
2013-09-11 14:26:14 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-09-23 13:32:10 -------- d-----w- C:\Program Files\trend micro
2013-09-21 18:09:47 -------- d-----w- C:\Program Files\HitmanPro
======= D: =====
2013-08-30 17:21:44 9AD14308E26FD2F9BDDB5325E3A860D6 27305 ----a-w- D:\5152.gif
2013-08-30 17:15:24 FCF5235D2B3D3C3D1D72EF57D09BAE29 5086 ----a-w- D:\sinterklaas25_small.jpg
2013-08-30 10:32:51 89165F49B50AA2871CD801EA4186BC0E 10428 ----a-w- D:\Spiderman.gif
====== D:\Profiles\LBORNAUW.I0081643\AppData\Roaming ======
2013-09-22 13:55:59 B7B8E5BF252F2467F6862ABC5837D6D4 8388608 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-S-1-5-21-2387108698-3719649394-282492801-1002.dat
2013-09-21 18:49:14 D8FE52448777E7A8F1E6F9F09585F0A3 579456 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-System.dat
2013-09-09 13:08:50 -------- d-----w- D:\Profiles\LBORNAUW.I0081643\AppData\Locallow\Google
2013-09-04 14:19:21 -------- d-----w- D:\Profiles\LBORNAUW.I0081643\AppData\Local\IAC
====== D:\Profiles\LBORNAUW.I0081643 ======
2013-09-21 18:09:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2013-09-21 18:09:02 -------- d-----w- C:\ProgramData\HitmanPro
2013-09-09 13:08:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2013-09-04 14:19:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter
====== C: exe-files ==
2013-09-23 13:32:11 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\LBORNAUW.exe
2013-09-21 18:14:04 0B1CD71CE29E8123A664A5B40153D2FE 1915744 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.76\29.0.1547.76_29.0.1547.66_chrome_updater.exe
2013-09-21 18:09:49 F5BBA95472F18B6223AC2F3AED397223 106280 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe
2013-09-21 18:09:47 76ADBD909FA0898834BE3A8C0EA76609 9186416 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"iFolder"="C:\Program Files\iFolder3\iFolderApp.exe -checkautorun"
"ZenNotifyIcon"="C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe"
"NalView"="C:\Program Files\Novell\ZENworks\bin\nalview.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Nikon Message Center 2"="C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NWTRAY]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NWTRAY"
"hkey"="HKLM"
"command"="NWTRAY.EXE"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [20/09/2013 15:03]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [09/09/2011 17:51]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]
==== Firefox Extensions ======================
ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default
- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
AppDir: C:\Program Files\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
==== Firefox Plugins ======================
Profilepath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
F045DF7AF127DC4BCC53421850114E15 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
91B78790F69C250BA05836D2806BF29D - C:\Program Files\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll - HP Virtual Room Client Launcher Plugin
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
F98B0B2789436E072D7ED979C4E44D07 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
9D35E12B661581B83DD74EB910EA9E6D - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.240.7
4EBB5B4DCABEC18B29D01F9F607B0114 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java Platform SE 6 U24
7D28153B7D586330678AD522B71D89CB - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
==== Chrome Fix ======================
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_client.conduit-storage.com_0.localstorage-journal deleted successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal deleted successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
==== Empty IE Cache ======================
D:\Profiles\kind\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Profiles\LBORNAUW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Profiles\LBORNAUW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
D:\Profiles\LBORNAUW\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8 will be deleted at reboot
==== Empty FireFox Cache ======================
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Mozilla\Firefox\Profiles\cllykyzr.default\Cache emptied successfully
==== Empty Chrome Cache ======================
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8" deleted
==== EOF on ma 23/09/2013 at 18:14:59,16 ======================
-
Hierbij het logje van RSIT ter controle
Logfile of random's system information tool 1.09 (written by random/random)
Run by LBORNAUW at 2013-09-23 15:32:09
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 34 GB (55%) free of 61 GB
Total RAM: 2000 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:33:03, on 23/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Novell\CASA\bin\micasad.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Novell\ZENworks\bin\nzrWinVNCApp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iFolder3\iFolderApp.exe
C:\Program Files\Novell\ZENworks\bin\ZenNotifyIcon.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\iFolder3\lib\simias\web\bin\Simias.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\LBORNAUW.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = intranet.vdab.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [iFolder] "C:\Program Files\iFolder3\iFolderApp.exe" -checkautorun
O4 - HKLM\..\Run: [ZenNotifyIcon] C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe
O4 - HKLM\..\Run: [NalView] C:\Program Files\Novell\ZENworks\bin\nalview.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'Default user')
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dexia.be
O15 - Trusted Zone: PC Helpforum - Gratis hulp bij computer problemen
O15 - Trusted Zone: PC Helpforum - Gratis hulp bij computer problemen
O15 - Trusted Zone: VDAB Login
O15 - Trusted Zone: PC Helpforum - Gratis hulp bij computer problemen
O15 - Trusted Zone: http://mijnpersoneelsdossier.vdab.be
O15 - Trusted Zone: PC Helpforum - Gratis hulp bij computer problemen
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://labs.usa.hp.com/vdesk/terminal/f5tunsrv.cab#version=7000,2012,1019,1308
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://labs.usa.hp.com/vdesk/terminal/InstallerControl.cab
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
O16 - DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://labs.usa.hp.com/vdesk/terminal/urxhost.cab#version=7000,2012,1019,1321
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: LCredMgr - C:\Program Files\Novell\CASA\bin\lcredmgr.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Novell Identity Store - Novell, Inc - C:\Program Files\Novell\CASA\bin\micasad.exe
O23 - Service: Novell ZENworks Agent Service - Novell, Inc. - C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe
O23 - Service: Novell ZENworks ISD Service (Novell ZENworks Image-Safe Data Service) - Unknown owner - C:\Program Files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe
O23 - Service: Novell ZENworks Remote Management powered by VNC (nzwinvnc) - Novell, Inc. - C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: VideoDownloadConverterService (VideoDownloadConverter_4zService) - COMPANYVERS_NAME - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
O23 - Service: Novell ZENworks Pre Agent (ZENPreAgent) - Unknown owner - C:\Windows\novell\zenworks\bin\ZENPreAgent.exe
--
End of file - 16611 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default
prefs.js - "browser.startup.homepage" - "Google"
"belgiumeid@eid.belgium.be"=C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
"4zffxtbr@VideoDownloadConverter_4z.com"=C:\Program Files\VideoDownloadConverter_4z\bar\1.bin
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@rooms.hp.com]
"Description"=HP Virtual Room Client Laucher Plugin
"Path"=C:\Program Files\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin]
"Description"=VideoDownloadConverter Plugin
"Path"=C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\
4zffxtbr@VideoDownloadConverter_4z.com
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]
Toolbar BHO - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbar.dll [2013-09-04 712264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-20 192592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]
Search Assistant BHO - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll [2013-09-04 62864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-27 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-20 192592]
{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - VideoDownloadConverter - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll [2013-09-04 712264]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2011-03-08 115560]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"iFolder"=C:\Program Files\iFolder3\iFolderApp.exe [2010-11-01 1521152]
"ZenNotifyIcon"=C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe [2011-02-23 147456]
"NalView"=C:\Program Files\Novell\ZENworks\bin\nalview.exe [2011-02-24 54784]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2010-10-12 304568]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-10-09 1578280]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-04-06 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-04-06 175640]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-04-06 169496]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 1821576]
"Nikon Message Center 2"=C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [2010-05-25 619008]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2012-08-18 366576]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-09-09 39408]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"=C:\Windows\system32\cmd.exe [2010-11-20 302592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
C:\Windows\system32\NWTRAY.EXE [2011-04-01 35928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Search Scope Monitor]
C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe [2013-09-04 44784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader]
C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe [2013-09-04 30096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-03-31 227328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LCredMgr]
C:\Program Files\Novell\CASA\bin\lcredmgr.dll [2010-10-11 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"=C:\Program Files\Novell\ZENworks\bin\NalShell.dll [2011-02-24 933888]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
ZenV1_0
ncv1_0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-09-23 15:32:10 ----D---- C:\Program Files\trend micro
2013-09-23 15:32:09 ----D---- C:\rsit
2013-09-22 13:33:34 ----AD---- C:\Kaspersky Rescue Disk 10.0
2013-09-21 20:09:47 ----D---- C:\Program Files\HitmanPro
2013-09-21 20:09:02 ----D---- C:\ProgramData\HitmanPro
2013-09-20 15:45:42 ----A---- C:\Windows\ntbtlog.txt
2013-09-20 14:57:20 ----A---- D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\settings.ini
2013-09-17 13:21:08 ----D---- C:\Program Files\Mozilla Firefox
2013-09-11 18:53:03 ----A---- C:\Windows\system32\jscript.dll
2013-09-11 18:53:01 ----A---- C:\Windows\system32\jscript9.dll
2013-09-11 18:52:58 ----A---- C:\Windows\system32\jsproxy.dll
2013-09-11 18:52:58 ----A---- C:\Windows\system32\iesetup.dll
2013-09-11 18:52:56 ----A---- C:\Windows\system32\ieui.dll
2013-09-11 18:52:52 ----A---- C:\Windows\system32\msfeeds.dll
2013-09-11 18:52:51 ----A---- C:\Windows\system32\iernonce.dll
2013-09-11 18:52:51 ----A---- C:\Windows\system32\ie4uinit.exe
2013-09-11 18:52:50 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 18:52:48 ----A---- C:\Windows\system32\urlmon.dll
2013-09-11 18:52:48 ----A---- C:\Windows\system32\iesysprep.dll
2013-09-11 18:52:47 ----A---- C:\Windows\system32\iertutil.dll
2013-09-11 18:52:43 ----A---- C:\Windows\system32\wininet.dll
2013-09-11 18:52:41 ----A---- C:\Windows\system32\ieframe.dll
2013-09-11 18:52:37 ----A---- C:\Windows\system32\mshtml.dll
2013-09-11 16:26:29 ----A---- C:\Windows\system32\shell32.dll
2013-09-11 16:26:28 ----A---- C:\Windows\system32\shdocvw.dll
2013-09-11 16:26:14 ----A---- C:\Windows\system32\drivers\ataport.sys
2013-09-11 16:26:12 ----A---- C:\Windows\system32\win32k.sys
2013-09-11 16:26:10 ----A---- C:\Windows\system32\kernel32.dll
2013-09-11 16:26:09 ----A---- C:\Windows\system32\winsrv.dll
2013-09-11 16:26:09 ----A---- C:\Windows\system32\KernelBase.dll
2013-09-11 16:26:08 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 16:26:08 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 16:26:08 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 16:26:08 ----A---- C:\Windows\system32\conhost.exe
2013-09-11 16:26:07 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 16:26:07 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 16:26:07 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 16:26:07 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 16:26:05 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 16:26:05 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 16:26:05 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 16:26:04 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-04 16:19:09 ----D---- C:\Program Files\Video Download Converter
2013-09-04 16:18:34 ----D---- C:\Program Files\VideoDownloadConverter_4z
======List of files/folders modified in the last 1 month======
2013-09-23 15:32:17 ----D---- C:\Windows\Prefetch
2013-09-23 15:32:10 ----RD---- C:\Program Files
2013-09-23 15:25:08 ----D---- C:\Windows\Temp
2013-09-23 15:16:49 ----D---- C:\Windows\system32\config
2013-09-22 16:00:03 ----D---- C:\Windows\system32\drivers
2013-09-22 15:56:41 ----D---- C:\ProgramData\iFolder
2013-09-21 20:09:02 ----HD---- C:\ProgramData
2013-09-21 15:55:29 ----SHD---- C:\System Volume Information
2013-09-21 15:44:33 ----HD---- C:\Windows\system32\GroupPolicy
2013-09-20 18:10:07 ----D---- C:\Windows\system32\LogFiles
2013-09-20 15:45:42 ----D---- C:\Windows
2013-09-20 15:03:35 ----D---- C:\Windows\System32
2013-09-20 15:03:17 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-09-19 10:14:59 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-09-15 16:22:03 ----SHD---- C:\Windows\Installer
2013-09-12 12:56:25 ----D---- C:\Windows\rescache
2013-09-12 10:13:28 ----D---- C:\Windows\Microsoft.NET
2013-09-12 10:12:21 ----RSD---- C:\Windows\assembly
2013-09-12 09:51:07 ----D---- C:\Windows\winsxs
2013-09-12 09:47:45 ----D---- C:\Program Files\Internet Explorer
2013-09-12 09:47:38 ----D---- C:\Windows\system32\nl-NL
2013-09-12 09:47:30 ----D---- C:\Windows\system32\DriverStore
2013-09-11 19:03:47 ----D---- C:\ProgramData\Microsoft Help
2013-09-11 18:53:26 ----D---- C:\Windows\system32\catroot2
2013-09-11 18:53:23 ----D---- C:\Windows\system32\catroot
2013-09-11 18:49:38 ----D---- C:\Windows\system32\MRT
2013-09-11 18:47:08 ----A---- C:\Windows\system32\MRT.exe
2013-09-09 15:06:31 ----D---- C:\Program Files\Google
2013-08-29 19:51:35 ----D---- D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\simias
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-06-08 435736]
R0 NCFilter;Novell UNC Filter - Filter; C:\Windows\system32\DRIVERS\NCFilter.sys [2011-04-01 91224]
R0 NCRecognizer;Novell UNC Filter - Recognizer; C:\Windows\system32\DRIVERS\NCRecognizer.sys [2011-04-01 110680]
R0 NCUncFilter;Novell UNC Filter - UNC Filter; C:\Windows\system32\DRIVERS\NCUncFilter.sys [2011-04-01 22616]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2013-08-26 376920]
R1 NICM;Novell XTCOM Driver; \??\C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [2011-04-01 27224]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2011-03-08 421424]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2011-03-08 284720]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2011-03-08 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2011-03-08 188080]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2013-02-05 49664]
R2 NCFSD;Novell Client File System Redirector; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-04-01 88664]
R2 NCIOCTL;Novell Xplat IoCtl Driver; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-04-01 59992]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R3 BCM43XX;Stuurpgramma voor Broadcom 802.11 netwerkadapter; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-14 1131008]
R3 dfmirage;dfmirage; C:\Windows\system32\DRIVERS\dfmirage.sys [2011-02-14 34128]
R3 e1yexpress;Intel® Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y6232.sys [2009-09-23 221912]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-26 108120]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-04-01 8744448]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130923.003\NAVENG.SYS [2013-08-28 93272]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130923.003\NAVEX15.SYS [2013-08-28 1612376]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2011-08-01 40936]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 84992]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2012-11-16 125488]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2011-03-08 26416]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-10-09 229424]
R3 Teefer2;Teefer2 Miniport; C:\Windows\system32\DRIVERS\teefer2.sys [2011-03-08 67472]
R3 WinUsb;WinUsb-stuurprogramma; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 35968]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2012-04-30 37632]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 16384]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 10752]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 e1kexpress;Stuurprogramma K voor Intel® PRO/1000 PCI Express-netwerkverbinding; C:\Windows\system32\DRIVERS\e1k6032.sys [2009-07-14 164864]
S3 hugoio;hugoio; \??\C:\Windows\system32\drivers\hugoio.sys [2012-04-30 9760]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2011-03-08 320944]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;Stuurprogramma voor VIA C7-processor; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S4 SysPlant;SysPlant for NT; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [2011-03-08 99696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2011-03-08 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2011-03-08 108392]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2013-02-05 1512448]
R2 HitmanProScheduler;HitmanPro Scheduler; C:\Program Files\HitmanPro\hmpsched.exe [2013-09-21 106280]
R2 Novell Identity Store;Novell Identity Store; C:\Program Files\Novell\CASA\bin\micasad.exe [2010-10-11 245760]
R2 Novell ZENworks Agent Service;Novell ZENworks Agent Service; C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe [2011-02-23 28672]
R2 nzwinvnc;Novell ZENworks Remote Management powered by VNC; C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe [2011-02-24 1839104]
R2 O2Flash;O2Micro Flash Memory; C:\Windows\system32\o2flash.exe [2006-10-18 65536]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2011-03-08 1893728]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-03-08 1839776]
R2 VideoDownloadConverter_4zService;VideoDownloadConverterService; C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2013-09-04 42504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 1713904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-09 136176]
S2 Novell ZENworks Image-Safe Data Service;Novell ZENworks ISD Service; C:\Program Files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [2011-02-23 90112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-09 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-19 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2011-01-19 3093944]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-17 117656]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Smcinst;Symantec Auto-upgrade Agent; C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe []
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2011-03-08 357744]
-----------------EOF-----------------
-
Hallo
so far so good.... de PC is weer OK waarbij zeker mijn dank!!
de scan lukte en ik diende dus meerdere lijnen te deleten en na herstart OK
maar waarschijnlijk zijn er toch nog verdere controles nodig om zeker te zijn dat het virus volledig verwijderd werd?
en ik las ook (ergens op het forum?) dat deze virus mogelijks voorkomt bij JAVA-software die niet meer up-to-date- is : kan ik daar ook iets voor doen om dat te herstellen?
-
Hallo
alvast bedankt
MAAR.... het lukt niet helemaal
bij
- Geef in de terminal het commando windowsunlocker op gevolgd door enter.
- Geef nu het cijfer 1 op (Unlock Windows) gevolgd door enter.
sta ik geblokkeerd: ik krijg dos-boodschap:
en kavrescue-lijn blijft verschijnen
usr-sbin-chmod-cannot access - windowsunlocker - no such file or directory
(het betreft hier wel een "eertijdse bedrijfsnetwerkcomputer" die nu privé gebruikt wordt en geen verbindingen met dit netwerk heeft )
- Geef in de terminal het commando windowsunlocker op gevolgd door enter.
-
Hallo
voor derde keer Politievirus en reeds 2x goed geholpen door jullie medewerkers
(voorheen geregistreerd als "libo" maar ik kan met dit profiel GEEN nieuwe discussies meer openen)
Kunnen jullie helpen- ik schets het probleem:
WIN 7
bij opstart een geblokkeerd scherm met "Politiemelding"
geprobeerd in VEILIGE MODUS op te starten maar PC reboot steeds
gezocht in PC-Helpfrum naar mogelijke oplossingen: downloaden op USB-Stick van Hotmann Pro met Kickstart
PC zo opgestart (na wijzigen first Bootdevice) en dit lukte
Kickstart startte scanning en ik heb deze logfile kunnen bewaren op externe schijf
na opslaan vraag naar registratie-licentie kreeg ik geen mogelijkheid - misschien volgens de nota reeds Hitmann voorheen opgebruikt?
dus kan ik nu niet verder
Ik ben wel - indien nodig - bereid de Hitman-Software aan te kopen maar ik vraag toch graag eerst jullie hulp en raad
kunnen jullie dit eens bestuderen?
hierbij het logje van Hitman
file:///X:/HitmanPro_20130921_2018.log
HitmanPro 3.7.7.205 www.hitmanpro.com Computer name . . . . : I0081643 Windows . . . . . . . : 6.1.1.7601.X86/2 User name . . . . . . : NT AUTHORITY\SYSTEM UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2013-09-21 20:09:50 Scan mode . . . . . . : Normal Scan duration . . . . : 6m 59s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 29 Traces . . . . . . . : 355 Objects scanned . . . : 1.044.379 Files scanned . . . . : 39.079 Remnants scanned . . : 190.544 files / 814.756 keys Malware _____________________________________________________________________ D:\Profiles\LBORNAUW.I0081643\AppData\Local\Temp\b34btbztdb0vavaw.exe Size . . . . . . . : 54.272 bytes Age . . . . . . . : 1.2 days (2013-09-20 14:56:14) Entropy . . . . . : 7.8 SHA-256 . . . . . : 67E6D3EEFC04B26AFD07653141FB592648DD6D42A59309535A32B2AD8F95EBC6 > G Data . . . . . . : Gen:Variant.Kazy.252311 > Kaspersky . . . . : Trojan-Ransom.Win32.Foreign.iajf Fuzzy . . . . . . : 108.0 D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\data.dat Size . . . . . . . : 54.272 bytes Age . . . . . . . : 1.2 days (2013-09-20 14:56:20) Entropy . . . . . : 7.8 SHA-256 . . . . . : 67E6D3EEFC04B26AFD07653141FB592648DD6D42A59309535A32B2AD8F95EBC6 > G Data . . . . . . : Gen:Variant.Kazy.252311 > Kaspersky . . . . : Trojan-Ransom.Win32.Foreign.iajf Fuzzy . . . . . . : 154.0 One or more antivirus vendors have indicated that the file is malicious. Substitutes Explorer.exe as the default shell. Malware tends to start this way. This file was most recently added as automatic startup. The file name extension of this program is not common. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. Time indicates that the file appeared recently on this computer. The file appears to be part of an installation package or setup program. This is typical for most programs. Startup HKU\S-1-5-21-2387108698-3719649394-282492801-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell D:\Profiles\LBORNAUW.I0081643\Documents\DXM_Runtime\DXM_Runtime.exe Size . . . . . . . : 111.104 bytes Age . . . . . . . : 44.2 days (2013-08-08 15:17:39) Entropy . . . . . : 6.6 SHA-256 . . . . . : 66E5E287312DB9088D8BA52DBCEAC96ACABDFFA9701C3F87F53CF4FA8C500924 Product . . . . . : Pidgin Portable Publisher . . . . : PortableApps.com Description . . . : Pidgin Portable Version . . . . . : 1.6.9.0 Copyright . . . . : John T. Haller > G Data . . . . . . : Gen:Variant.Graftor.107194 > Ikarus . . . . . . : Trojan-Ransom.Win32.****oAsset!IK > Kaspersky . . . . : Trojan-Ransom.Win32.Foreign.gitm Fuzzy . . . . . . : 102.0 Startup HKU\S-1-5-21-2387108698-3719649394-282492801-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Babylon\ (Babylon) HKLM\SOFTWARE\BabylonToolbar\ (Babylon) HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL\ (Blabbers) HKLM\SOFTWARE\Classes\AppID\updatebho.DLL\ (Blabbers) HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL\ (Blabbers) HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}\ (Blabbers) HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}\ (Blabbers) HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}\ (Blabbers) HKLM\SOFTWARE\Classes\b\ (Babylon) HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon) HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon) HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon) HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon) HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon) HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods) HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods) HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon) HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}\ (Blabbers) HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}\ (Blabbers) HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon) HKLM\SOFTWARE\Classes\Prod.cap\ (Claro) HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1\ (Blabbers) HKLM\SOFTWARE\Classes\tdataprotocol.CTData\ (Blabbers) HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon) HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}\ (Blabbers) HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}\ (Blabbers) HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}\ (Blabbers) HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1\ (Blabbers) HKLM\SOFTWARE\Classes\updatebho.TimerBHO\ (Blabbers) HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2\ (Blabbers) HKLM\SOFTWARE\Classes\wit4ie.WitBHO\ (Blabbers) HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\ (Babylon)
) ... speelt dat een rol bij de scanning? 
Politievirus - geen VEILIGE MODUS
in Archief Bestrijding malware & virussen
Geplaatst:
OK JION - bedankt voor de info - ik hou deze informatie bij (ik ga niet meer prutsen...) en voor de laatste keer DANK!