Politievirus - geen VEILIGE MODUS

[luver]

Hallo

voor derde keer Politievirus en reeds 2x goed geholpen door jullie medewerkers

(voorheen geregistreerd als "libo" maar ik kan met dit profiel GEEN nieuwe discussies meer openen)

Kunnen jullie helpen- ik schets het probleem:

WIN 7

bij opstart een geblokkeerd scherm met "Politiemelding"

geprobeerd in VEILIGE MODUS op te starten maar PC reboot steeds

gezocht in PC-Helpfrum naar mogelijke oplossingen: downloaden op USB-Stick van Hotmann Pro met Kickstart

PC zo opgestart (na wijzigen first Bootdevice) en dit lukte

Kickstart startte scanning en ik heb deze logfile kunnen bewaren op externe schijf

na opslaan vraag naar registratie-licentie kreeg ik geen mogelijkheid - misschien volgens de nota reeds Hitmann voorheen opgebruikt?

dus kan ik nu niet verder

Ik ben wel - indien nodig - bereid de Hitman-Software aan te kopen maar ik vraag toch graag eerst jullie hulp en raad

kunnen jullie dit eens bestuderen?

hierbij het logje van Hitman

file:///X:/HitmanPro_20130921_2018.log

HitmanPro 3.7.7.205
www.hitmanpro.com

  Computer name . . . . : I0081643
  Windows . . . . . . . : 6.1.1.7601.X86/2
  User name . . . . . . : NT AUTHORITY\SYSTEM
  UAC . . . . . . . . . : Disabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-09-21 20:09:50
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 6m 59s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 29
  Traces  . . . . . . . : 355

  Objects scanned . . . : 1.044.379
  Files scanned . . . . : 39.079
  Remnants scanned  . . : 190.544 files / 814.756 keys

Malware _____________________________________________________________________

  D:\Profiles\LBORNAUW.I0081643\AppData\Local\Temp\b34btbztdb0vavaw.exe
     Size . . . . . . . : 54.272 bytes
     Age  . . . . . . . : 1.2 days (2013-09-20 14:56:14)
     Entropy  . . . . . : 7.8
     SHA-256  . . . . . : 67E6D3EEFC04B26AFD07653141FB592648DD6D42A59309535A32B2AD8F95EBC6
   > G Data . . . . . . : Gen:Variant.Kazy.252311
   > Kaspersky  . . . . : Trojan-Ransom.Win32.Foreign.iajf
     Fuzzy  . . . . . . : 108.0

  D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\data.dat
     Size . . . . . . . : 54.272 bytes
     Age  . . . . . . . : 1.2 days (2013-09-20 14:56:20)
     Entropy  . . . . . : 7.8
     SHA-256  . . . . . : 67E6D3EEFC04B26AFD07653141FB592648DD6D42A59309535A32B2AD8F95EBC6
   > G Data . . . . . . : Gen:Variant.Kazy.252311
   > Kaspersky  . . . . : Trojan-Ransom.Win32.Foreign.iajf
     Fuzzy  . . . . . . : 154.0
        One or more antivirus vendors have indicated that the file is malicious.
        Substitutes Explorer.exe as the default shell. Malware tends to start this way.
        This file was most recently added as automatic startup.
        The file name extension of this program is not common.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program starts automatically without user intervention.
        Time indicates that the file appeared recently on this computer.
        The file appears to be part of an installation package or setup program. This is typical for most programs.
     Startup
        HKU\S-1-5-21-2387108698-3719649394-282492801-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

  D:\Profiles\LBORNAUW.I0081643\Documents\DXM_Runtime\DXM_Runtime.exe
     Size . . . . . . . : 111.104 bytes
     Age  . . . . . . . : 44.2 days (2013-08-08 15:17:39)
     Entropy  . . . . . : 6.6
     SHA-256  . . . . . : 66E5E287312DB9088D8BA52DBCEAC96ACABDFFA9701C3F87F53CF4FA8C500924
     Product  . . . . . : Pidgin Portable
     Publisher  . . . . : PortableApps.com
     Description  . . . : Pidgin Portable
     Version  . . . . . : 1.6.9.0
     Copyright  . . . . : John T. Haller
   > G Data . . . . . . : Gen:Variant.Graftor.107194
   > Ikarus . . . . . . : Trojan-Ransom.Win32.****oAsset!IK
   > Kaspersky  . . . . : Trojan-Ransom.Win32.Foreign.gitm
     Fuzzy  . . . . . . : 102.0
     Startup
        HKU\S-1-5-21-2387108698-3719649394-282492801-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run


Potential Unwanted Programs _________________________________________________

  HKLM\SOFTWARE\Babylon\ (Babylon)
  HKLM\SOFTWARE\BabylonToolbar\ (Babylon)
  HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL\ (Blabbers)
  HKLM\SOFTWARE\Classes\AppID\updatebho.DLL\ (Blabbers)
  HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL\ (Blabbers)
  HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}\ (Blabbers)
  HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
  HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}\ (Blabbers)
  HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
  HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}\ (Blabbers)
  HKLM\SOFTWARE\Classes\b\ (Babylon)
  HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon)
  HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon)
  HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon)
  HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon)
  HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
  HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
  HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods)
  HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods)
  HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon)
  HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}\ (Blabbers)
  HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}\ (Blabbers)
  HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon)
  HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
  HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1\ (Blabbers)
  HKLM\SOFTWARE\Classes\tdataprotocol.CTData\ (Blabbers)
  HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
  HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
  HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon)
  HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}\ (Blabbers)
  HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}\ (Blabbers)
  HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}\ (Blabbers)
  HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
  HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1\ (Blabbers)
  HKLM\SOFTWARE\Classes\updatebho.TimerBHO\ (Blabbers)
  HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2\ (Blabbers)
  HKLM\SOFTWARE\Classes\wit4ie.WitBHO\ (Blabbers)
  HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\ (Babylon)

[Jion]

Hoi luver,

Vreemd dat je met je oude profiel geen topics meer kan starten.

Meld dit anders eens bij forum feedback.

We zullen je probleem met een andere tool proberen aan te pakken:

1. Download de onderstaande ISO en bijbehorende utility.

• 
  
• Kaspersky Rescue Disk (ISO)
  
• rescue2usb.exe
  

2. Kaspersky Rescue USB stick maken

• 
  
• Dubbelklik op rescue2usb.exe, dit is een Winrar self-extracting archive.
  
• Klik op "Install" en de Kaspersky Rescue Disk maker zal gestart worden.
  
• Klik op "Browse" en selecteer de gedownloade Kaspersky Rescue Disk (ISO) en klik op "Openen"

• 
  
• Kies bij "USB Medium:" de gebruikte USB stick, als deze niet standaard is geselecteerd.
  
• Klik nu op "Start" en de benodigde bestanden vanuit de ISO zullen naar de USB stick worden gekopieerd.
  
• Als het kopiëren gereed is zal u de volgende melding krijgen; 'Kaspersky USB Rescue Disk has been succesfully created'.
  
• Klik in dit scherm op "OK" en sluit de Kaspersky Rescue Disk maker.
  
• Stop de Kaspersky Rescue USB, in de besmette PC.
  
• Start die PC opnieuw op.
  
• Druk op F11 en selecteer dan het USB station om het rescue systeem van Kaspersky te starten.

Bij “Press any key to enter the menu” druk je op gelijk welke toets om het menu van de Kaspersky Rescue CD te openen.

• 
  
• Kies in het volgende scherm de optie "Kaspersky Rescue Disk - Grafische modus" en druk op enter.
  
• Druk hierna op “1” om de licentie overeenkomst te accepteren.

Als de computer is opgestart van de Kaspersky Rescue CD klik dan op de start (KDE) knop in de taakbalk en klik op "Terminal"

• 
  
• Geef in de terminal het commando windowsunlocker op gevolgd door enter.
  
• Geef nu het cijfer 1 op (Unlock Windows) gevolgd door enter.

• 
  
• Via de terminal zullen nu de registerwaarden die door de ransomware infectie zijn aangemaakt hersteld worden.
  
• In het rode kader hieronder kunt u zien dat de registerwaarden zijn hersteld.

• 
  
• Herstart de computer.

[luver]

Hallo

alvast bedankt

MAAR.... het lukt niet helemaal

bij

• Geef in de terminal het commando windowsunlocker op gevolgd door enter.
  
• Geef nu het cijfer 1 op (Unlock Windows) gevolgd door enter.
  

sta ik geblokkeerd: ik krijg dos-boodschap:

en kavrescue-lijn blijft verschijnen

usr-sbin-chmod-cannot access - windowsunlocker - no such file or directory

(het betreft hier wel een "eertijdse bedrijfsnetwerkcomputer" die nu privé gebruikt wordt en geen verbindingen met dit netwerk heeft )

[Jion]

Aha een bedrijfscomputer... Dat zal de reden zijn waarom HitmanPro ook niet werkt.

Doe eens een gewone virusscan met Kaspersky en herstart daarna je computer.

[luver]

Hallo

so far so good.... de PC is weer OK waarbij zeker mijn dank!!

de scan lukte en ik diende dus meerdere lijnen te deleten en na herstart OK

maar waarschijnlijk zijn er toch nog verdere controles nodig om zeker te zijn dat het virus volledig verwijderd werd?

en ik las ook (ergens op het forum?) dat deze virus mogelijks voorkomt bij JAVA-software die niet meer up-to-date- is : kan ik daar ook iets voor doen om dat te herstellen?

[Jion]

Ja dat klopt inderdaad. Dit was slechts een eerste stap.

In de loop van de volgende logs, zullen we zeker je Java eens controleren.

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• 
  
• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• 
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

[luver]

Hierbij het logje van RSIT ter controle

Logfile of random's system information tool 1.09 (written by random/random)

Run by LBORNAUW at 2013-09-23 15:32:09

Microsoft Windows 7 Professional Service Pack 1

System drive C: has 34 GB (55%) free of 61 GB

Total RAM: 2000 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:33:03, on 23/09/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16686)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Novell\CASA\bin\micasad.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\HitmanPro\hmpsched.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe

C:\Windows\system32\o2flash.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Novell\ZENworks\bin\nzrWinVNCApp.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\iFolder3\iFolderApp.exe

C:\Program Files\Novell\ZENworks\bin\ZenNotifyIcon.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\IncrediMail\Bin\IncMail.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\IncrediMail\Bin\ImApp.exe

C:\Program Files\iFolder3\lib\simias\web\bin\Simias.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8\RSIT.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\trend micro\LBORNAUW.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = intranet.vdab.be

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [iFolder] "C:\Program Files\iFolder3\iFolderApp.exe" -checkautorun

O4 - HKLM\..\Run: [ZenNotifyIcon] C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe

O4 - HKLM\..\Run: [NalView] C:\Program Files\Novell\ZENworks\bin\nalview.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\RunOnce: [uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'Default user')

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.dexia.be

O15 - Trusted Zone: PC Helpforum - Gratis hulp bij computer problemen

O15 - Trusted Zone: PC Helpforum - Gratis hulp bij computer problemen

O15 - Trusted Zone: VDAB Login

O15 - Trusted Zone: PC Helpforum - Gratis hulp bij computer problemen

O15 - Trusted Zone: http://mijnpersoneelsdossier.vdab.be

O15 - Trusted Zone: PC Helpforum - Gratis hulp bij computer problemen

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab

O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://labs.usa.hp.com/vdesk/terminal/f5tunsrv.cab#version=7000,2012,1019,1308

O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://labs.usa.hp.com/vdesk/terminal/InstallerControl.cab

O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

O16 - DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://labs.usa.hp.com/vdesk/terminal/urxhost.cab#version=7000,2012,1019,1321

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: LCredMgr - C:\Program Files\Novell\CASA\bin\lcredmgr.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Novell Identity Store - Novell, Inc - C:\Program Files\Novell\CASA\bin\micasad.exe

O23 - Service: Novell ZENworks Agent Service - Novell, Inc. - C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe

O23 - Service: Novell ZENworks ISD Service (Novell ZENworks Image-Safe Data Service) - Unknown owner - C:\Program Files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe

O23 - Service: Novell ZENworks Remote Management powered by VNC (nzwinvnc) - Novell, Inc. - C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe

O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe (file missing)

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: VideoDownloadConverterService (VideoDownloadConverter_4zService) - COMPANYVERS_NAME - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe

O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe

O23 - Service: Novell ZENworks Pre Agent (ZENPreAgent) - Unknown owner - C:\Windows\novell\zenworks\bin\ZENPreAgent.exe

--

End of file - 16611 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default

prefs.js - "browser.startup.homepage" - "Google"

"belgiumeid@eid.belgium.be"=C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

"4zffxtbr@VideoDownloadConverter_4z.com"=C:\Program Files\VideoDownloadConverter_4z\bar\1.bin

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.8.800.168 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]

"Description"=Picasa3 plugin

"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@rooms.hp.com]

"Description"=HP Virtual Room Client Laucher Plugin

"Path"=C:\Program Files\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin]

"Description"=VideoDownloadConverter Plugin

"Path"=C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

belgiumeid@eid.belgium.be

D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\

4zffxtbr@VideoDownloadConverter_4z.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]

Toolbar BHO - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbar.dll [2013-09-04 712264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-20 192592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]

Search Assistant BHO - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll [2013-09-04 62864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-20 192592]

{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - VideoDownloadConverter - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll [2013-09-04 712264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2011-03-08 115560]

"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

"iFolder"=C:\Program Files\iFolder3\iFolderApp.exe [2010-11-01 1521152]

"ZenNotifyIcon"=C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe [2011-02-23 147456]

"NalView"=C:\Program Files\Novell\ZENworks\bin\nalview.exe [2011-02-24 54784]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2010-10-12 304568]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-10-09 1578280]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-04-06 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-04-06 175640]

"Persistence"=C:\Windows\system32\igfxpers.exe [2010-04-06 169496]

"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 1821576]

"Nikon Message Center 2"=C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [2010-05-25 619008]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2012-08-18 366576]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-09-09 39408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"=C:\Windows\system32\cmd.exe [2010-11-20 302592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]

C:\Windows\system32\NWTRAY.EXE [2011-04-01 35928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Search Scope Monitor]

C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe [2013-09-04 44784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader]

C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe [2013-09-04 30096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2010-03-31 227328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LCredMgr]

C:\Program Files\Novell\CASA\bin\lcredmgr.dll [2010-10-11 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

"{763370C4-268E-4308-A60C-D8DA0342BE32}"=C:\Program Files\Novell\ZENworks\bin\NalShell.dll [2011-02-24 933888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

ZenV1_0

ncv1_0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-09-23 15:32:10 ----D---- C:\Program Files\trend micro

2013-09-23 15:32:09 ----D---- C:\rsit

2013-09-22 13:33:34 ----AD---- C:\Kaspersky Rescue Disk 10.0

2013-09-21 20:09:47 ----D---- C:\Program Files\HitmanPro

2013-09-21 20:09:02 ----D---- C:\ProgramData\HitmanPro

2013-09-20 15:45:42 ----A---- C:\Windows\ntbtlog.txt

2013-09-20 14:57:20 ----A---- D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\settings.ini

2013-09-17 13:21:08 ----D---- C:\Program Files\Mozilla Firefox

2013-09-11 18:53:03 ----A---- C:\Windows\system32\jscript.dll

2013-09-11 18:53:01 ----A---- C:\Windows\system32\jscript9.dll

2013-09-11 18:52:58 ----A---- C:\Windows\system32\jsproxy.dll

2013-09-11 18:52:58 ----A---- C:\Windows\system32\iesetup.dll

2013-09-11 18:52:56 ----A---- C:\Windows\system32\ieui.dll

2013-09-11 18:52:52 ----A---- C:\Windows\system32\msfeeds.dll

2013-09-11 18:52:51 ----A---- C:\Windows\system32\iernonce.dll

2013-09-11 18:52:51 ----A---- C:\Windows\system32\ie4uinit.exe

2013-09-11 18:52:50 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe

2013-09-11 18:52:48 ----A---- C:\Windows\system32\urlmon.dll

2013-09-11 18:52:48 ----A---- C:\Windows\system32\iesysprep.dll

2013-09-11 18:52:47 ----A---- C:\Windows\system32\iertutil.dll

2013-09-11 18:52:43 ----A---- C:\Windows\system32\wininet.dll

2013-09-11 18:52:41 ----A---- C:\Windows\system32\ieframe.dll

2013-09-11 18:52:37 ----A---- C:\Windows\system32\mshtml.dll

2013-09-11 16:26:29 ----A---- C:\Windows\system32\shell32.dll

2013-09-11 16:26:28 ----A---- C:\Windows\system32\shdocvw.dll

2013-09-11 16:26:14 ----A---- C:\Windows\system32\drivers\ataport.sys

2013-09-11 16:26:12 ----A---- C:\Windows\system32\win32k.sys

2013-09-11 16:26:10 ----A---- C:\Windows\system32\kernel32.dll

2013-09-11 16:26:09 ----A---- C:\Windows\system32\winsrv.dll

2013-09-11 16:26:09 ----A---- C:\Windows\system32\KernelBase.dll

2013-09-11 16:26:08 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-11 16:26:08 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-11 16:26:08 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-11 16:26:08 ----A---- C:\Windows\system32\conhost.exe

2013-09-11 16:26:07 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-11 16:26:07 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-11 16:26:07 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-11 16:26:07 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-11 16:26:05 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-11 16:26:05 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-11 16:26:05 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-11 16:26:04 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-04 16:19:09 ----D---- C:\Program Files\Video Download Converter

2013-09-04 16:18:34 ----D---- C:\Program Files\VideoDownloadConverter_4z

======List of files/folders modified in the last 1 month======

2013-09-23 15:32:17 ----D---- C:\Windows\Prefetch

2013-09-23 15:32:10 ----RD---- C:\Program Files

2013-09-23 15:25:08 ----D---- C:\Windows\Temp

2013-09-23 15:16:49 ----D---- C:\Windows\system32\config

2013-09-22 16:00:03 ----D---- C:\Windows\system32\drivers

2013-09-22 15:56:41 ----D---- C:\ProgramData\iFolder

2013-09-21 20:09:02 ----HD---- C:\ProgramData

2013-09-21 15:55:29 ----SHD---- C:\System Volume Information

2013-09-21 15:44:33 ----HD---- C:\Windows\system32\GroupPolicy

2013-09-20 18:10:07 ----D---- C:\Windows\system32\LogFiles

2013-09-20 15:45:42 ----D---- C:\Windows

2013-09-20 15:03:35 ----D---- C:\Windows\System32

2013-09-20 15:03:17 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2013-09-19 10:14:59 ----D---- C:\Program Files\Mozilla Maintenance Service

2013-09-15 16:22:03 ----SHD---- C:\Windows\Installer

2013-09-12 12:56:25 ----D---- C:\Windows\rescache

2013-09-12 10:13:28 ----D---- C:\Windows\Microsoft.NET

2013-09-12 10:12:21 ----RSD---- C:\Windows\assembly

2013-09-12 09:51:07 ----D---- C:\Windows\winsxs

2013-09-12 09:47:45 ----D---- C:\Program Files\Internet Explorer

2013-09-12 09:47:38 ----D---- C:\Windows\system32\nl-NL

2013-09-12 09:47:30 ----D---- C:\Windows\system32\DriverStore

2013-09-11 19:03:47 ----D---- C:\ProgramData\Microsoft Help

2013-09-11 18:53:26 ----D---- C:\Windows\system32\catroot2

2013-09-11 18:53:23 ----D---- C:\Windows\system32\catroot

2013-09-11 18:49:38 ----D---- C:\Windows\system32\MRT

2013-09-11 18:47:08 ----A---- C:\Windows\system32\MRT.exe

2013-09-09 15:06:31 ----D---- C:\Program Files\Google

2013-08-29 19:51:35 ----D---- D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\simias

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-06-08 435736]

R0 NCFilter;Novell UNC Filter - Filter; C:\Windows\system32\DRIVERS\NCFilter.sys [2011-04-01 91224]

R0 NCRecognizer;Novell UNC Filter - Recognizer; C:\Windows\system32\DRIVERS\NCRecognizer.sys [2011-04-01 110680]

R0 NCUncFilter;Novell UNC Filter - UNC Filter; C:\Windows\system32\DRIVERS\NCUncFilter.sys [2011-04-01 22616]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]

R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]

R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2013-08-26 376920]

R1 NICM;Novell XTCOM Driver; \??\C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [2011-04-01 27224]

R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2011-03-08 421424]

R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2011-03-08 284720]

R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2011-03-08 43696]

R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2011-03-08 188080]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]

R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2013-02-05 49664]

R2 NCFSD;Novell Client File System Redirector; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-04-01 88664]

R2 NCIOCTL;Novell Xplat IoCtl Driver; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-04-01 59992]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]

R3 BCM43XX;Stuurpgramma voor Broadcom 802.11 netwerkadapter; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-14 1131008]

R3 dfmirage;dfmirage; C:\Windows\system32\DRIVERS\dfmirage.sys [2011-02-14 34128]

R3 e1yexpress;Intel® Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y6232.sys [2009-09-23 221912]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-26 108120]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-04-01 8744448]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976]

R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130923.003\NAVENG.SYS [2013-08-28 93272]

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130923.003\NAVEX15.SYS [2013-08-28 1612376]

R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2011-08-01 40936]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 84992]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2012-11-16 125488]

R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2011-03-08 26416]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-10-09 229424]

R3 Teefer2;Teefer2 Miniport; C:\Windows\system32\DRIVERS\teefer2.sys [2011-03-08 67472]

R3 WinUsb;WinUsb-stuurprogramma; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 35968]

S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]

S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2012-04-30 37632]

S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]

S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 16384]

S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 10752]

S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]

S3 e1kexpress;Stuurprogramma K voor Intel® PRO/1000 PCI Express-netwerkverbinding; C:\Windows\system32\DRIVERS\e1k6032.sys [2009-07-14 164864]

S3 hugoio;hugoio; \??\C:\Windows\system32\drivers\hugoio.sys [2012-04-30 9760]

S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]

S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]

S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]

S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2011-03-08 320944]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]

S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]

S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]

S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]

S3 ViaC7;Stuurprogramma voor VIA C7-processor; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]

S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

S4 SysPlant;SysPlant for NT; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [2011-03-08 99696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2011-03-08 108392]

R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2011-03-08 108392]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2013-02-05 1512448]

R2 HitmanProScheduler;HitmanPro Scheduler; C:\Program Files\HitmanPro\hmpsched.exe [2013-09-21 106280]

R2 Novell Identity Store;Novell Identity Store; C:\Program Files\Novell\CASA\bin\micasad.exe [2010-10-11 245760]

R2 Novell ZENworks Agent Service;Novell ZENworks Agent Service; C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe [2011-02-23 28672]

R2 nzwinvnc;Novell ZENworks Remote Management powered by VNC; C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe [2011-02-24 1839104]

R2 O2Flash;O2Micro Flash Memory; C:\Windows\system32\o2flash.exe [2006-10-18 65536]

R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2011-03-08 1893728]

R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-03-08 1839776]

R2 VideoDownloadConverter_4zService;VideoDownloadConverterService; C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2013-09-04 42504]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 1713904]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-09 136176]

S2 Novell ZENworks Image-Safe Data Service;Novell ZENworks ISD Service; C:\Program Files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [2011-02-23 90112]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20 257416]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-09 136176]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-19 194032]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2011-01-19 3093944]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-17 117656]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 Smcinst;Symantec Auto-upgrade Agent; C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe []

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1343400]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2011-03-08 357744]

-----------------EOF-----------------

[Jion]

Download Zoek.zip naar het bureaublad.

• 
  
• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

{93a3111f-4f74-4ed8-895e-d9708497629e};c
C:\Program Files\VideoDownloadConverter_4z;fs
{312f84fb-8970-4fd3-bddb-7012eac4afc9};c
{c547c6c2-561b-4169-a2a5-20ba771ca93b};c
{48586425-6bb7-4f51-8dc6-38c88e3ebb58};c
VideoDownloadConverter_4zService;s
D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com;fs
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin];r
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Search Scope Monitor];r
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader];r
C:\Program Files\Video Download Converter;fs
autoclean;
startupall; 
filesrcm;

• 
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[luver]

Hallo

hierbij het logje ZOEK.EXE

Zoek.exe Version 4.0.0.2 Updated 08-March-2013

Tool run by LBORNAUW on ma 11/03/2013 at 20:06:31,13.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86

Running in: Safe Mode NETWORK Internet Access Detected

==== Deleting Files \ Folders ======================

"C:\ProgramData\ilbmxgyiivcwvsl" deleted

"C:\Windows\ycdnsssf.exe" deleted

"C:\Users\Public\Desktop\sample_20131103_1920.zip" deleted

"C:\ProgramData\dpdvedqxegrxgjz\be-flag.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\be-image.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\btn-green.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\corners-btn.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\corners1.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\corners2.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\corners3.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\corners4.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\ie6-7.css" deleted

"C:\ProgramData\dpdvedqxegrxgjz\jquery.main.js" deleted

"C:\ProgramData\dpdvedqxegrxgjz\main.html" deleted

"C:\ProgramData\dpdvedqxegrxgjz\McAfee.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\pays-be.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\steps-be.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\steps-en.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\steps-nl.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\style.css" deleted

"C:\ProgramData\dpdvedqxegrxgjz\tabs.png" deleted

"C:\ProgramData\dpdvedqxegrxgjz\wait.html" deleted

"C:\ProgramData\dpdvedqxegrxgjz" deleted

Zoek.exe Version 4.0.0.4 Updated 19-September-2013

Tool run by LBORNAUW on ma 23/09/2013 at 18:00:30,40.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted]

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully

HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VideoDownloadConverter_4zService deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VideoDownloadConverter_4zService deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Search Scope Monitor]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader]

==== Deleting Files \ Folders ======================

"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Utilities" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Vocal Transformer" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Vocals" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\WebServer" deleted

"C:\ProgramData\laserjet" deleted

"C:\ProgramData\manual" deleted

"C:\ProgramData\vhosts" deleted

"C:\ProgramData\Widgets" deleted

"C:\ProgramData\Woodwind" deleted

"C:\ProgramData\Woodwinds" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\settings.ini" deleted

"C:\Program Files\VideoDownloadConverter_4z" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com" deleted

"C:\Program Files\Video Download Converter" deleted

"C:\Windows\system32\appdata" deleted

"C:\Program Files\VideoDownloadConverter_4z" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\Local\VideoDownloadConverter_4z" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\LocalLow\VideoDownloadConverter_4z" deleted

"D:\Profiles\LBORNAUW.I0081643\AppData\LocalLow\IncrediMail_MediaBar_Nederlands_2" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== D:\Profiles\LBORNA~1.I00\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

2013-09-11 16:53:03 06EEAD5864F357ADC618F65A2F2C5156 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-09-11 16:53:03 00531B52C9468929F2C651B3BCADCBC9 690688 ----a-w- C:\Windows\System32\jscript.dll

2013-09-11 16:53:01 79DC575FE905D5DD5C5A4C5993A7C7F9 2876928 ----a-w- C:\Windows\System32\jscript9.dll

2013-09-11 16:52:58 7E540E07B97DCBCF8F76FA743B486BF2 61440 ----a-w- C:\Windows\System32\iesetup.dll

2013-09-11 16:52:58 7C63629508BB87227C3C861355A155B4 39424 ----a-w- C:\Windows\System32\jsproxy.dll

2013-09-11 16:52:56 BCA4913CDE903B4BDEEDAD1D6DBF5E2A 391168 ----a-w- C:\Windows\System32\ieui.dll

2013-09-11 16:52:52 2EC47CF6A36F6A83BB8B98C1425B4D41 493056 ----a-w- C:\Windows\System32\msfeeds.dll

2013-09-11 16:52:51 54C06D9684F3D0AD7E87502E57CC4655 42496 ----a-w- C:\Windows\System32\ie4uinit.exe

2013-09-11 16:52:51 000B55B43992179E69C2E83CCB8F1126 33280 ----a-w- C:\Windows\System32\iernonce.dll

2013-09-11 16:52:50 43852485D0B78C021A47E9548A4CFFE0 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-09-11 16:52:48 E5D91D6B81A293AB6854CAD112240A4B 1141248 ----a-w- C:\Windows\System32\urlmon.dll

2013-09-11 16:52:48 3B74EADF1B70251D3CDB87BC338DC34D 109056 ----a-w- C:\Windows\System32\iesysprep.dll

2013-09-11 16:52:47 281A720B0A984E325599EE1F0342E8FB 2048000 ----a-w- C:\Windows\System32\iertutil.dll

2013-09-11 16:52:43 535F6263035F2530A62D5D64EF6E73D3 1767936 ----a-w- C:\Windows\System32\wininet.dll

2013-09-11 16:52:41 4FCC53B82D91607FB9AE24E617108BB2 13761024 ----a-w- C:\Windows\System32\ieframe.dll

2013-09-11 16:52:37 5D2D7E7850CE963C2F401D4DEE7BB32A 14332928 ----a-w- C:\Windows\System32\mshtml.dll

2013-09-11 14:26:29 E02781D4871844DCD30DF1D69A650F78 12872704 ----a-w- C:\Windows\System32\shell32.dll

2013-09-11 14:26:28 2C4A87CA8C00E98EFDCFA2E8EC9A3503 180224 ----a-w- C:\Windows\System32\shdocvw.dll

2013-09-11 14:26:12 ED880065BBB2C5F57B74F30812A65F4F 2348544 ----a-w- C:\Windows\System32\win32k.sys

2013-09-11 14:26:10 6933E2AFF444A7A95D5C67E98449163E 868352 ----a-w- C:\Windows\System32\kernel32.dll

2013-09-11 14:26:09 51BB04243DF6196C06E125898127E397 169984 ----a-w- C:\Windows\System32\winsrv.dll

2013-09-11 14:26:09 1E65CF7B26D02750544EFDD73C8118FA 293376 ----a-w- C:\Windows\System32\KernelBase.dll

2013-09-11 14:26:08 2DE16A63F71D10B42ACE01E759078600 271360 ----a-w- C:\Windows\System32\conhost.exe

====== C:\Windows\system32\drivers =====

2013-09-11 14:26:14 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-09-23 13:32:10 -------- d-----w- C:\Program Files\trend micro

2013-09-21 18:09:47 -------- d-----w- C:\Program Files\HitmanPro

======= D: =====

2013-08-30 17:21:44 9AD14308E26FD2F9BDDB5325E3A860D6 27305 ----a-w- D:\5152.gif

2013-08-30 17:15:24 FCF5235D2B3D3C3D1D72EF57D09BAE29 5086 ----a-w- D:\sinterklaas25_small.jpg

2013-08-30 10:32:51 89165F49B50AA2871CD801EA4186BC0E 10428 ----a-w- D:\Spiderman.gif

====== D:\Profiles\LBORNAUW.I0081643\AppData\Roaming ======

2013-09-22 13:55:59 B7B8E5BF252F2467F6862ABC5837D6D4 8388608 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-S-1-5-21-2387108698-3719649394-282492801-1002.dat

2013-09-21 18:49:14 D8FE52448777E7A8F1E6F9F09585F0A3 579456 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-System.dat

2013-09-09 13:08:50 -------- d-----w- D:\Profiles\LBORNAUW.I0081643\AppData\Locallow\Google

2013-09-04 14:19:21 -------- d-----w- D:\Profiles\LBORNAUW.I0081643\AppData\Local\IAC

====== D:\Profiles\LBORNAUW.I0081643 ======

2013-09-21 18:09:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2013-09-21 18:09:02 -------- d-----w- C:\ProgramData\HitmanPro

2013-09-09 13:08:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2013-09-04 14:19:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter

====== C: exe-files ==

2013-09-23 13:32:11 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\LBORNAUW.exe

2013-09-21 18:14:04 0B1CD71CE29E8123A664A5B40153D2FE 1915744 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.76\29.0.1547.76_29.0.1547.66_chrome_updater.exe

2013-09-21 18:09:49 F5BBA95472F18B6223AC2F3AED397223 106280 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe

2013-09-21 18:09:47 76ADBD909FA0898834BE3A8C0EA76609 9186416 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"iFolder"="C:\Program Files\iFolder3\iFolderApp.exe -checkautorun"

"ZenNotifyIcon"="C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe"

"NalView"="C:\Program Files\Novell\ZENworks\bin\nalview.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

"Nikon Message Center 2"="C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NWTRAY]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NWTRAY"

"hkey"="HKLM"

"command"="NWTRAY.EXE"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [20/09/2013 15:03]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [09/09/2011 17:51]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]

==== Firefox Extensions ======================

ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default

- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

AppDir: C:\Program Files\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

==== Firefox Plugins ======================

Profilepath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default

E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash

148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update

7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4

9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4

5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4

3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4

A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4

F045DF7AF127DC4BCC53421850114E15 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In

C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery

91B78790F69C250BA05836D2806BF29D - C:\Program Files\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll - HP Virtual Room Client Launcher Plugin

6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director

F98B0B2789436E072D7ED979C4E44D07 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

9D35E12B661581B83DD74EB910EA9E6D - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.240.7

4EBB5B4DCABEC18B29D01F9F607B0114 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java Platform SE 6 U24

7D28153B7D586330678AD522B71D89CB - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

==== Chrome Fix ======================

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_client.conduit-storage.com_0.localstorage-journal deleted successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal deleted successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Empty IE Cache ======================

D:\Profiles\kind\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

D:\Profiles\LBORNAUW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

D:\Profiles\LBORNAUW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

D:\Profiles\LBORNAUW\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8 will be deleted at reboot

==== Empty FireFox Cache ======================

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Mozilla\Firefox\Profiles\cllykyzr.default\Cache emptied successfully

==== Empty Chrome Cache ======================

D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8" deleted

==== EOF on ma 23/09/2013 at 18:14:59,16 ======================

[Jion]

1.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Ga naar Java SE 7 en download daar de juiste Java versie naar uw bureaublad, 32 of 64 bit. Voor 32 bit download je Windows x86, voor 64 bit download je Windows x64.

• 
  
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  
• Vink alles aan met Java Runtime Environment (JRE of J2SE of JAVA) in de naam.
  
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  
• Herhaal dit tot alle oudere versies verdwenen zijn.
  
• Na het verwijderen van alle oudere versies, herstart je pc.
  
• Dubbelklik vervolgens op jre-7-windows-x64 / x86 op je Bureaublad om de nieuwste versie van Java te installeren.
  

2.

Download AdwCleaner by Xplode naar je bureaublad.

• 
  
• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op Scan.
  
• Klik vervolgens op Clean als er items zijn gevonden.
  
• Klik bij Herstarten Noodzakelijk op OK
  

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[R1].txt.

Post aansluitend de inhoud van dit log in je volgende bericht.