luver
Lid-
Items
18 -
Registratiedatum
-
Laatst bezocht
luver's prestaties
-
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
OK JION - bedankt voor de info - ik hou deze informatie bij (ik ga niet meer prutsen...) en voor de laatste keer DANK! -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Hallo toch nog een vraagje: hoe kan ik controleren of er effectief een "Systeemherstelpunt" aangemaakt is ? (want bij een eerste poging om het virus te verwijderen door ICT- kenner vonden we dit niet direct terug..) -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Hallo momenteel geen problemen meer ! heb jij enige tip om de risico's te verminderen: zoals ik al vermeldde is het een EX-bedrijfslaptop maar ik heb wel de " Live Update Symantec" Antivirus software meegekregen, dus regelmatig wordt deze ge-update andere anti-virusprogramma's durf ik eigenlijk niet te installeren maar dat hoeft waarschijnlijk niet? PS: ik ga zeker een donatie doen, ik veronderstel dat de medewerkers daar toch ook van genieten? Alleszins - indien dit het einde is - een HARTELIJKE dank voor de hulp je laat me weten wanneer ik PROBLEEM OPGELOST mag klikken? Luver- alias Libo -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Hallo is dit dan het juiste.... stond helemaal onderaan de log Zoek.exe Version 4.0.0.4 Updated 27-September-2013 Tool run by LBORNAUW on zo 29/09/2013 at 18:26:26,26. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted] ==== FireFox Fix ====================== Deleted from D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js: user_pref("browser.startup.homepage", "Google"); user_pref("browser.search.defaulturl", "Google="); user_pref("browser.newtab.url", "Google"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "Google="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Added to D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js: user_pref("browser.startup.homepage", "Google"); user_pref("browser.search.defaulturl", "Google="); user_pref("browser.newtab.url", "Google"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "Google="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Deleting Files \ Folders ====================== "d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4 zffxtbr@VideoDownloadConverter_4z.com" not found "c:\program files\VideoDownloadConverter_4z" not found ==== Firefox Extensions ====================== ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default - Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== EOF on zo 29/09/2013 at 18:27:28,02 ====================== gisteren was het dit logje Tool run by LBORNAUW on za 28/09/2013 at 19:50:22,80. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted] ==== FireFox Fix ====================== Deleted from D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js: user_pref("browser.startup.homepage", "Google"); Added to D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js: user_pref("browser.startup.homepage", "Google"); user_pref("browser.search.defaulturl", "Google="); user_pref("browser.newtab.url", "Google"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "Google="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Deleting Files \ Folders ====================== "d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\ 4 zffxtbr@VideoDownloadConverter_4z.com" not found "c:\program files\VideoDownloadConverter_4z" not found ==== Firefox Extensions ====================== ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default - Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== EOF on za 28/09/2013 at 19:51:36,02 ====================== kan je hiermee verder? txs -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Hierbij het logje ZOEK.EXE Zoek.exe Version 4.0.0.2 Updated 08-March-2013 Tool run by LBORNAUW on ma 11/03/2013 at 20:06:31,13. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Safe Mode NETWORK Internet Access Detected ==== Deleting Files \ Folders ====================== "C:\ProgramData\ilbmxgyiivcwvsl" deleted "C:\Windows\ycdnsssf.exe" deleted "C:\Users\Public\Desktop\sample_20131103_1920.zip" deleted "C:\ProgramData\dpdvedqxegrxgjz\be-flag.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\be-image.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\btn-green.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\corners-btn.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\corners1.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\corners2.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\corners3.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\corners4.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\ie6-7.css" deleted "C:\ProgramData\dpdvedqxegrxgjz\jquery.main.js" deleted "C:\ProgramData\dpdvedqxegrxgjz\main.html" deleted "C:\ProgramData\dpdvedqxegrxgjz\McAfee.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\pays-be.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\steps-be.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\steps-en.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\steps-nl.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\style.css" deleted "C:\ProgramData\dpdvedqxegrxgjz\tabs.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\wait.html" deleted "C:\ProgramData\dpdvedqxegrxgjz" deleted Zoek.exe Version 4.0.0.4 Updated 19-September-2013 Tool run by LBORNAUW on ma 23/09/2013 at 18:00:30,40. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted] ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully HKEY_CLASSES_ROOT\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully HKEY_CLASSES_ROOT\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully HKEY_CLASSES_ROOT\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully HKEY_CLASSES_ROOT\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VideoDownloadConverter_4zService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VideoDownloadConverter_4zService deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Search Scope Monitor] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader] ==== Deleting Files \ Folders ====================== "D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Utilities" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Vocal Transformer" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Vocals" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\WebServer" deleted "C:\ProgramData\laserjet" deleted "C:\ProgramData\manual" deleted "C:\ProgramData\vhosts" deleted "C:\ProgramData\Widgets" deleted "C:\ProgramData\Woodwind" deleted "C:\ProgramData\Woodwinds" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\settings.ini" deleted "C:\Program Files\VideoDownloadConverter_4z" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com" deleted "C:\Program Files\Video Download Converter" deleted "C:\Windows\system32\appdata" deleted "C:\Program Files\VideoDownloadConverter_4z" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\Local\VideoDownloadConverter_4z" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\LocalLow\VideoDownloadConverter_4z" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\LocalLow\IncrediMail_MediaBar_Nederlands_2" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== D:\Profiles\LBORNA~1.I00\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2013-09-11 16:53:03 06EEAD5864F357ADC618F65A2F2C5156 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-09-11 16:53:03 00531B52C9468929F2C651B3BCADCBC9 690688 ----a-w- C:\Windows\System32\jscript.dll 2013-09-11 16:53:01 79DC575FE905D5DD5C5A4C5993A7C7F9 2876928 ----a-w- C:\Windows\System32\jscript9.dll 2013-09-11 16:52:58 7E540E07B97DCBCF8F76FA743B486BF2 61440 ----a-w- C:\Windows\System32\iesetup.dll 2013-09-11 16:52:58 7C63629508BB87227C3C861355A155B4 39424 ----a-w- C:\Windows\System32\jsproxy.dll 2013-09-11 16:52:56 BCA4913CDE903B4BDEEDAD1D6DBF5E2A 391168 ----a-w- C:\Windows\System32\ieui.dll 2013-09-11 16:52:52 2EC47CF6A36F6A83BB8B98C1425B4D41 493056 ----a-w- C:\Windows\System32\msfeeds.dll 2013-09-11 16:52:51 54C06D9684F3D0AD7E87502E57CC4655 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-09-11 16:52:51 000B55B43992179E69C2E83CCB8F1126 33280 ----a-w- C:\Windows\System32\iernonce.dll 2013-09-11 16:52:50 43852485D0B78C021A47E9548A4CFFE0 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-09-11 16:52:48 E5D91D6B81A293AB6854CAD112240A4B 1141248 ----a-w- C:\Windows\System32\urlmon.dll 2013-09-11 16:52:48 3B74EADF1B70251D3CDB87BC338DC34D 109056 ----a-w- C:\Windows\System32\iesysprep.dll 2013-09-11 16:52:47 281A720B0A984E325599EE1F0342E8FB 2048000 ----a-w- C:\Windows\System32\iertutil.dll 2013-09-11 16:52:43 535F6263035F2530A62D5D64EF6E73D3 1767936 ----a-w- C:\Windows\System32\wininet.dll 2013-09-11 16:52:41 4FCC53B82D91607FB9AE24E617108BB2 13761024 ----a-w- C:\Windows\System32\ieframe.dll 2013-09-11 16:52:37 5D2D7E7850CE963C2F401D4DEE7BB32A 14332928 ----a-w- C:\Windows\System32\mshtml.dll 2013-09-11 14:26:29 E02781D4871844DCD30DF1D69A650F78 12872704 ----a-w- C:\Windows\System32\shell32.dll 2013-09-11 14:26:28 2C4A87CA8C00E98EFDCFA2E8EC9A3503 180224 ----a-w- C:\Windows\System32\shdocvw.dll 2013-09-11 14:26:12 ED880065BBB2C5F57B74F30812A65F4F 2348544 ----a-w- C:\Windows\System32\win32k.sys 2013-09-11 14:26:10 6933E2AFF444A7A95D5C67E98449163E 868352 ----a-w- C:\Windows\System32\kernel32.dll 2013-09-11 14:26:09 51BB04243DF6196C06E125898127E397 169984 ----a-w- C:\Windows\System32\winsrv.dll 2013-09-11 14:26:09 1E65CF7B26D02750544EFDD73C8118FA 293376 ----a-w- C:\Windows\System32\KernelBase.dll 2013-09-11 14:26:08 2DE16A63F71D10B42ACE01E759078600 271360 ----a-w- C:\Windows\System32\conhost.exe ====== C:\Windows\system32\drivers ===== 2013-09-11 14:26:14 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-09-23 13:32:10 -------- d-----w- C:\Program Files\trend micro 2013-09-21 18:09:47 -------- d-----w- C:\Program Files\HitmanPro ======= D: ===== 2013-08-30 17:21:44 9AD14308E26FD2F9BDDB5325E3A860D6 27305 ----a-w- D:\5152.gif 2013-08-30 17:15:24 FCF5235D2B3D3C3D1D72EF57D09BAE29 5086 ----a-w- D:\sinterklaas25_small.jpg 2013-08-30 10:32:51 89165F49B50AA2871CD801EA4186BC0E 10428 ----a-w- D:\Spiderman.gif ====== D:\Profiles\LBORNAUW.I0081643\AppData\Roaming ====== 2013-09-22 13:55:59 B7B8E5BF252F2467F6862ABC5837D6D4 8388608 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-S-1-5-21-2387108698-3719649394-282492801-1002.dat 2013-09-21 18:49:14 D8FE52448777E7A8F1E6F9F09585F0A3 579456 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-System.dat 2013-09-09 13:08:50 -------- d-----w- D:\Profiles\LBORNAUW.I0081643\AppData\Locallow\Google 2013-09-04 14:19:21 -------- d-----w- D:\Profiles\LBORNAUW.I0081643\AppData\Local\IAC ====== D:\Profiles\LBORNAUW.I0081643 ====== 2013-09-21 18:09:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2013-09-21 18:09:02 -------- d-----w- C:\ProgramData\HitmanPro 2013-09-09 13:08:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2013-09-04 14:19:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter ====== C: exe-files == 2013-09-23 13:32:11 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\LBORNAUW.exe 2013-09-21 18:14:04 0B1CD71CE29E8123A664A5B40153D2FE 1915744 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.76\29.0.1547.76_29.0.1547.66_chrome_updater.exe 2013-09-21 18:09:49 F5BBA95472F18B6223AC2F3AED397223 106280 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe 2013-09-21 18:09:47 76ADBD909FA0898834BE3A8C0EA76609 9186416 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "iFolder"="C:\Program Files\iFolder3\iFolderApp.exe -checkautorun" "ZenNotifyIcon"="C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe" "NalView"="C:\Program Files\Novell\ZENworks\bin\nalview.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" "Nikon Message Center 2"="C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NWTRAY] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NWTRAY" "hkey"="HKLM" "command"="NWTRAY.EXE" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [20/09/2013 15:03] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [09/09/2011 17:51] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task] ==== Firefox Extensions ====================== ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default - Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== Profilepath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash 148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update 7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 F045DF7AF127DC4BCC53421850114E15 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa 0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery 91B78790F69C250BA05836D2806BF29D - C:\Program Files\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll - HP Virtual Room Client Launcher Plugin 6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director F98B0B2789436E072D7ED979C4E44D07 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 9D35E12B661581B83DD74EB910EA9E6D - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.240.7 4EBB5B4DCABEC18B29D01F9F607B0114 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java Platform SE 6 U24 7D28153B7D586330678AD522B71D89CB - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== ==== Chrome Fix ====================== D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_client.conduit-storage.com_0.localstorage-journal deleted successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal deleted successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Empty IE Cache ====================== D:\Profiles\kind\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully D:\Profiles\LBORNAUW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully D:\Profiles\LBORNAUW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully D:\Profiles\LBORNAUW\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8 will be deleted at reboot ==== Empty FireFox Cache ====================== D:\Profiles\LBORNAUW.I0081643\AppData\Local\Mozilla\Firefox\Profiles\cllykyzr.default\Cache emptied successfully ==== Empty Chrome Cache ====================== D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8" deleted ==== EOF on ma 23/09/2013 at 18:14:59,16 ====================== Zoek.exe Version 4.0.0.4 Updated 27-September-2013 Tool run by LBORNAUW on za 28/09/2013 at 19:50:22,80. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted] ==== FireFox Fix ====================== Deleted from D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js: user_pref("browser.startup.homepage", "Google"); Added to D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\prefs.js: user_pref("browser.startup.homepage", "Google"); user_pref("browser.search.defaulturl", "Google="); user_pref("browser.newtab.url", "Google"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "Google="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Deleting Files \ Folders ====================== "d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4 zffxtbr@VideoDownloadConverter_4z.com" not found "c:\program files\VideoDownloadConverter_4z" not found ==== Firefox Extensions ====================== ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default - Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== EOF on za 28/09/2013 at 19:51:36,02 ====================== nogmaals bedankt voor het geduld.... -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
hierbij het laatst-aangemaakte logje van Combofix ComboFix 13-09-26.03 - LBORNAUW 28/09/2013 13:11:33.3.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.2000.918 [GMT 2:00] Gestart vanuit: d:\profiles\LBORNAUW.I0081643\Desktop\ComboFix.exe gebruikte Opdracht switches :: d:\profiles\LBORNAUW.I0081643\Desktop\CFScript.txt AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2013-08-28 to 2013-09-28 )))))))))))))))))))))))))))))) . . 2013-09-28 11:26 . 2013-09-28 11:26 -------- d-----w- d:\profiles\LBORNAUW\AppData\Local\temp 2013-09-28 11:26 . 2013-09-28 11:26 -------- d-----w- d:\profiles\kind\AppData\Local\temp 2013-09-28 11:26 . 2013-09-28 11:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-09-28 11:26 . 2013-09-28 11:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-09-25 15:20 . 2013-09-25 15:21 -------- d-----w- C:\EEK 2013-09-24 16:32 . 2013-09-24 16:32 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Programs 2013-09-24 12:51 . 2013-09-24 12:51 -------- d-----w- c:\programdata\Oracle 2013-09-24 12:45 . 2013-09-24 12:45 -------- d-----w- c:\program files\Common Files\Java 2013-09-24 12:45 . 2013-09-24 12:44 868264 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-09-24 12:45 . 2013-09-24 12:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-09-23 16:11 . 2013-09-23 16:00 24064 ----a-w- c:\windows\zoek-delete.exe 2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- c:\program files\trend micro 2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- C:\rsit 2013-09-22 11:33 . 2013-09-22 15:51 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-09-21 18:09 . 2013-09-21 18:09 -------- d-----w- c:\program files\HitmanPro 2013-09-21 18:09 . 2013-09-22 14:00 -------- d-----w- c:\programdata\HitmanPro 2013-09-11 16:53 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-11 16:53 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\system32\jscript9.dll 2013-09-11 16:53 . 2013-08-10 03:58 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2013-09-04 14:19 . 2013-09-04 14:19 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\IAC . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-24 12:44 . 2011-04-27 09:30 790440 ----a-w- c:\windows\system32\deployJava1.dll 2013-09-20 13:03 . 2012-04-02 15:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-20 13:03 . 2011-08-24 11:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-25 08:57 . 2013-08-15 08:40 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-19 01:41 . 2013-08-15 08:40 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-09 05:03 . 2013-08-15 08:41 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-09 05:03 . 2013-08-15 08:40 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-09 04:53 . 2013-08-15 08:40 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-07-09 04:52 . 2013-08-15 08:41 175104 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 04:50 . 2013-08-15 08:41 652800 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 04:46 . 2013-08-15 08:41 1166848 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 04:46 . 2013-08-15 08:41 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 04:46 . 2013-08-15 08:41 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-06 05:05 . 2013-08-15 08:40 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-03-11 18:16 . 2013-03-12 18:49 1263226 ----a-w- c:\program files\zoek.exe 2013-03-11 17:29 . 2013-03-11 17:29 388608 ----a-w- c:\program files\HijackThis.exe 2010-10-11 00:29 . 2010-10-11 00:29 114688 ----a-w- c:\program files\ad_ff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder0] @="{AA81D830-3B41-497c-B508-E9D02F8DF421}" [HKEY_CLASSES_ROOT\CLSID\{AA81D830-3B41-497c-B508-E9D02F8DF421}] 2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder1] @="{AA81D831-3B41-497c-B508-E9D02F8DF421}" [HKEY_CLASSES_ROOT\CLSID\{AA81D831-3B41-497c-B508-E9D02F8DF421}] 2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-08 115560] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "iFolder"="c:\program files\iFolder3\iFolderApp.exe" [2010-11-01 1521152] "ZenNotifyIcon"="c:\program files\Novell\Zenworks\bin\ZenNotifyIcon.exe" [2011-02-23 147456] "NalView"="c:\program files\Novell\ZENworks\bin\nalview.exe" [2011-02-24 54784] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 175640] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 169496] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\bin\NalShell.dll" [2011-02-24 933888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LCredMgr] 2010-10-11 00:29 61440 ----a-w- c:\program files\Novell\CASA\bin\lcredmgr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 ZenV1_0 ncv1_0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY] 2011-04-01 18:35 35928 ----a-w- c:\windows\System32\nwtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 Novell ZENworks Image-Safe Data Service;Novell ZENworks ISD Service;c:\program files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [2011-02-23 90112] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2012-04-30 37632] R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-09-24 50200] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 e1kexpress;Stuurprogramma K voor Intel® PRO/1000 PCI Express-netwerkverbinding;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864] R3 hugoio;hugoio;c:\windows\system32\drivers\hugoio.sys [2012-04-30 9760] R3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1343400] R3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2011-04-27 196608] S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2011-04-01 91224] S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2011-04-01 110680] S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2011-04-01 22616] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-09-21 106280] S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-04-01 88664] S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-04-01 59992] S2 Novell Identity Store;Novell Identity Store;c:\program files\Novell\CASA\bin\micasad.exe [2010-10-11 245760] S2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\Novell\ZENworks\bin\ZenworksWindowsService.exe [2011-02-23 28672] S2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\Novell\ZENworks\bin\nzrWinVNC.exe [2011-02-24 1839104] S2 WNTHW;WNTHW;c:\windows\system32\DRIVERS\WNTHW.SYS [2011-02-14 9176] S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2011-04-01 16984] S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2011-02-14 34128] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-09-22 221912] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-26 108120] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - nciom *Deregistered* - ncp *Deregistered* - ncpl *Deregistered* - ndm *Deregistered* - ndmndap *Deregistered* - ndslpp *Deregistered* - niam *Deregistered* - nipctl *Deregistered* - nscm *Deregistered* - nsns *Deregistered* - nsvccost *Deregistered* - xtxplat . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-21 18:14 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:03] . 2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51] . 2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.be/ IE: &Verzenden naar OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html Trusted Zone: dexia.be Trusted Zone: dexia.be\directnet Trusted Zone: vdab.be\cmgmtprd Trusted Zone: vdab.be\crm Trusted Zone: vdab.be\intranet Trusted Zone: vdab.be\iprint7 Trusted Zone: vdab.be\mijnpersoneelsdossier Trusted Zone: vdab.be\sieb8acc01 TCP: DhcpNameServer = 195.130.130.2 195.130.131.2 DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab FF - ProfilePath - d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com FF - ExtSQL: !HIDDEN! 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(808) c:\program files\Novell\ZENworks\bin\nzrSwitcher.dll . - - - - - - - > 'lsass.exe'(600) c:\windows\system32\ZenV1_0.DLL c:\windows\system32\ncv1_0.DLL . - - - - - - - > 'Explorer.exe'(4076) c:\program files\iFolder3\iFolderShell.dll c:\program files\Novell\ZENworks\bin\NLS\English\NalUIRes.dll . Voltooingstijd: 2013-09-28 13:31:39 ComboFix-quarantined-files.txt 2013-09-28 11:31 ComboFix2.txt 2013-09-27 13:28 ComboFix3.txt 2013-09-26 17:44 . Pre-Run: 34.401.239.040 bytes beschikbaar Post-Run: 34.336.153.600 bytes beschikbaar . - - End Of File - - DD2E13FBE016EF98C82CCF23E7D3302E A36C5E4F47E84449FF07ED3517B43A31 -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Hierbij nogmaals het Combofix-logje MAAR: ik heb wel de SYMANTEC- antivirus afgezet maar ONMIDDELLIJK TERUG GEACTIVEERD want ik kreeg terug melding dat er een file "blocked" is (uit vrees dat er terug zo'n virus aan het aanvallen is ) ... speelt dat een rol bij de scanning? ComboFix 13-09-26.03 - LBORNAUW 27/09/2013 15:02:40.2.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.2000.881 [GMT 2:00] Gestart vanuit: d:\profiles\LBORNAUW.I0081643\Desktop\ComboFix.exe gebruikte Opdracht switches :: d:\profiles\LBORNAUW.I0081643\Desktop\CFScript.txt AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2013-08-27 to 2013-09-27 )))))))))))))))))))))))))))))) . . 2013-09-27 13:23 . 2013-09-27 13:23 -------- d-----w- d:\profiles\LBORNAUW\AppData\Local\temp 2013-09-27 13:23 . 2013-09-27 13:23 -------- d-----w- d:\profiles\kind\AppData\Local\temp 2013-09-27 13:23 . 2013-09-27 13:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-09-27 13:23 . 2013-09-27 13:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-09-25 15:20 . 2013-09-25 15:21 -------- d-----w- C:\EEK 2013-09-24 16:32 . 2013-09-24 16:32 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Programs 2013-09-24 12:51 . 2013-09-24 12:51 -------- d-----w- c:\programdata\Oracle 2013-09-24 12:45 . 2013-09-24 12:45 -------- d-----w- c:\program files\Common Files\Java 2013-09-24 12:45 . 2013-09-24 12:44 868264 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-09-24 12:45 . 2013-09-24 12:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-09-23 16:11 . 2013-09-23 16:00 24064 ----a-w- c:\windows\zoek-delete.exe 2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- c:\program files\trend micro 2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- C:\rsit 2013-09-22 11:33 . 2013-09-22 15:51 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-09-21 18:09 . 2013-09-21 18:09 -------- d-----w- c:\program files\HitmanPro 2013-09-21 18:09 . 2013-09-22 14:00 -------- d-----w- c:\programdata\HitmanPro 2013-09-11 16:53 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-11 16:53 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\system32\jscript9.dll 2013-09-11 16:53 . 2013-08-10 03:58 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2013-09-04 14:19 . 2013-09-04 14:19 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\IAC . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-24 12:44 . 2011-04-27 09:30 790440 ----a-w- c:\windows\system32\deployJava1.dll 2013-09-20 13:03 . 2012-04-02 15:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-20 13:03 . 2011-08-24 11:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-25 08:57 . 2013-08-15 08:40 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-19 01:41 . 2013-08-15 08:40 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-09 05:03 . 2013-08-15 08:41 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-09 05:03 . 2013-08-15 08:40 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-09 04:53 . 2013-08-15 08:40 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-07-09 04:52 . 2013-08-15 08:41 175104 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 04:50 . 2013-08-15 08:41 652800 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 04:46 . 2013-08-15 08:41 1166848 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 04:46 . 2013-08-15 08:41 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 04:46 . 2013-08-15 08:41 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-06 05:05 . 2013-08-15 08:40 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-03-11 18:16 . 2013-03-12 18:49 1263226 ----a-w- c:\program files\zoek.exe 2013-03-11 17:29 . 2013-03-11 17:29 388608 ----a-w- c:\program files\HijackThis.exe 2010-10-11 00:29 . 2010-10-11 00:29 114688 ----a-w- c:\program files\ad_ff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder0] @="{AA81D830-3B41-497c-B508-E9D02F8DF421}" [HKEY_CLASSES_ROOT\CLSID\{AA81D830-3B41-497c-B508-E9D02F8DF421}] 2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder1] @="{AA81D831-3B41-497c-B508-E9D02F8DF421}" [HKEY_CLASSES_ROOT\CLSID\{AA81D831-3B41-497c-B508-E9D02F8DF421}] 2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-08 115560] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "iFolder"="c:\program files\iFolder3\iFolderApp.exe" [2010-11-01 1521152] "ZenNotifyIcon"="c:\program files\Novell\Zenworks\bin\ZenNotifyIcon.exe" [2011-02-23 147456] "NalView"="c:\program files\Novell\ZENworks\bin\nalview.exe" [2011-02-24 54784] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 175640] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 169496] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\bin\NalShell.dll" [2011-02-24 933888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LCredMgr] 2010-10-11 00:29 61440 ----a-w- c:\program files\Novell\CASA\bin\lcredmgr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 ZenV1_0 ncv1_0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY] 2011-04-01 18:35 35928 ----a-w- c:\windows\System32\nwtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 Novell ZENworks Image-Safe Data Service;Novell ZENworks ISD Service;c:\program files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [2011-02-23 90112] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2012-04-30 37632] R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-09-24 50200] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 e1kexpress;Stuurprogramma K voor Intel® PRO/1000 PCI Express-netwerkverbinding;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864] R3 hugoio;hugoio;c:\windows\system32\drivers\hugoio.sys [2012-04-30 9760] R3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1343400] R3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2011-04-27 196608] S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2011-04-01 91224] S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2011-04-01 110680] S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2011-04-01 22616] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-09-21 106280] S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-04-01 88664] S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-04-01 59992] S2 Novell Identity Store;Novell Identity Store;c:\program files\Novell\CASA\bin\micasad.exe [2010-10-11 245760] S2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\Novell\ZENworks\bin\ZenworksWindowsService.exe [2011-02-23 28672] S2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\Novell\ZENworks\bin\nzrWinVNC.exe [2011-02-24 1839104] S2 WNTHW;WNTHW;c:\windows\system32\DRIVERS\WNTHW.SYS [2011-02-14 9176] S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2011-04-01 16984] S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2011-02-14 34128] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-09-22 221912] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-26 108120] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - nciom *Deregistered* - ncp *Deregistered* - ncpl *Deregistered* - ndm *Deregistered* - ndmndap *Deregistered* - ndslpp *Deregistered* - niam *Deregistered* - nipctl *Deregistered* - nscm *Deregistered* - nsns *Deregistered* - nsvccost *Deregistered* - xtxplat . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-21 18:14 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:03] . 2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51] . 2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.be/ IE: &Verzenden naar OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html Trusted Zone: dexia.be Trusted Zone: dexia.be\directnet Trusted Zone: vdab.be\cmgmtprd Trusted Zone: vdab.be\crm Trusted Zone: vdab.be\intranet Trusted Zone: vdab.be\iprint7 Trusted Zone: vdab.be\mijnpersoneelsdossier Trusted Zone: vdab.be\sieb8acc01 TCP: DhcpNameServer = 195.130.130.2 195.130.131.2 DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab FF - ProfilePath - d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com FF - ExtSQL: !HIDDEN! 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(680) c:\program files\Novell\ZENworks\bin\nzrSwitcher.dll . - - - - - - - > 'lsass.exe'(596) c:\windows\system32\ZenV1_0.DLL c:\windows\system32\ncv1_0.DLL . - - - - - - - > 'Explorer.exe'(3576) c:\program files\iFolder3\iFolderShell.dll c:\program files\Novell\ZENworks\bin\NLS\English\NalUIRes.dll . Voltooingstijd: 2013-09-27 15:28:17 ComboFix-quarantined-files.txt 2013-09-27 13:28 ComboFix2.txt 2013-09-26 17:44 . Pre-Run: 34.045.857.792 bytes beschikbaar Post-Run: 34.379.804.672 bytes beschikbaar . - - End Of File - - C5F000B4763266B15ED5F47D39FD6A77 A36C5E4F47E84449FF07ED3517B43A31 -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Hierbij het logje van Combofix.... ComboFix 13-09-26.03 - LBORNAUW 26/09/2013 19:26:05.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.2000.985 [GMT 2:00] Gestart vanuit: d:\profiles\LBORNAUW.I0081643\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\x86 c:\windows\system32\x86\dfmirage.dll c:\windows\system32\x86\dfmirage.sys d:\profiles\LBORNAUW.I0081643\AppData\Local\assembly\tmp d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Microsoft\Windows\Recent\arch.arch.be.url d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Microsoft\Windows\Recent\WO I Opleidingskampen.url . . (((((((((((((((((((( Bestanden Gemaakt van 2013-08-26 to 2013-09-26 )))))))))))))))))))))))))))))) . . 2013-09-26 17:39 . 2013-09-26 17:39 -------- d-----w- d:\profiles\LBORNAUW\AppData\Local\temp 2013-09-26 17:39 . 2013-09-26 17:39 -------- d-----w- d:\profiles\kind\AppData\Local\temp 2013-09-26 17:39 . 2013-09-26 17:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-09-26 17:39 . 2013-09-26 17:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-09-25 15:20 . 2013-09-25 15:21 -------- d-----w- C:\EEK 2013-09-24 16:32 . 2013-09-24 16:32 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Programs 2013-09-24 12:51 . 2013-09-24 12:51 -------- d-----w- c:\programdata\Oracle 2013-09-24 12:45 . 2013-09-24 12:45 -------- d-----w- c:\program files\Common Files\Java 2013-09-24 12:45 . 2013-09-24 12:44 868264 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-09-24 12:45 . 2013-09-24 12:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-09-23 16:11 . 2013-09-23 16:00 24064 ----a-w- c:\windows\zoek-delete.exe 2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- c:\program files\trend micro 2013-09-23 13:32 . 2013-09-23 13:33 -------- d-----w- C:\rsit 2013-09-22 11:33 . 2013-09-22 15:51 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-09-21 18:09 . 2013-09-21 18:09 -------- d-----w- c:\program files\HitmanPro 2013-09-21 18:09 . 2013-09-22 14:00 -------- d-----w- c:\programdata\HitmanPro 2013-09-11 16:53 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-11 16:53 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\system32\jscript9.dll 2013-09-11 16:53 . 2013-08-10 03:58 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2013-09-04 14:19 . 2013-09-04 14:19 -------- d-----w- d:\profiles\LBORNAUW.I0081643\AppData\Local\IAC . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-24 12:44 . 2011-04-27 09:30 790440 ----a-w- c:\windows\system32\deployJava1.dll 2013-09-20 13:03 . 2012-04-02 15:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-20 13:03 . 2011-08-24 11:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-25 08:57 . 2013-08-15 08:40 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-19 01:41 . 2013-08-15 08:40 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-09 05:03 . 2013-08-15 08:41 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-09 05:03 . 2013-08-15 08:40 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-09 04:53 . 2013-08-15 08:40 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-07-09 04:52 . 2013-08-15 08:41 175104 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 04:50 . 2013-08-15 08:41 652800 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 04:46 . 2013-08-15 08:41 1166848 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 04:46 . 2013-08-15 08:41 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 04:46 . 2013-08-15 08:41 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-06 05:05 . 2013-08-15 08:40 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-03-11 18:16 . 2013-03-12 18:49 1263226 ----a-w- c:\program files\zoek.exe 2013-03-11 17:29 . 2013-03-11 17:29 388608 ----a-w- c:\program files\HijackThis.exe 2010-10-11 00:29 . 2010-10-11 00:29 114688 ----a-w- c:\program files\ad_ff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-03-19 19:59 222808 ----a-w- d:\profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder0] @="{AA81D830-3B41-497c-B508-E9D02F8DF421}" [HKEY_CLASSES_ROOT\CLSID\{AA81D830-3B41-497c-B508-E9D02F8DF421}] 2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder1] @="{AA81D831-3B41-497c-B508-E9D02F8DF421}" [HKEY_CLASSES_ROOT\CLSID\{AA81D831-3B41-497c-B508-E9D02F8DF421}] 2010-11-01 14:22 94720 ----a-w- c:\program files\iFolder3\iFolderShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-08 115560] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "iFolder"="c:\program files\iFolder3\iFolderApp.exe" [2010-11-01 1521152] "ZenNotifyIcon"="c:\program files\Novell\Zenworks\bin\ZenNotifyIcon.exe" [2011-02-23 147456] "NalView"="c:\program files\Novell\ZENworks\bin\nalview.exe" [2011-02-24 54784] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 175640] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 169496] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-18 366576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\bin\NalShell.dll" [2011-02-24 933888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LCredMgr] 2010-10-11 00:29 61440 ----a-w- c:\program files\Novell\CASA\bin\lcredmgr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 ZenV1_0 ncv1_0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY] 2011-04-01 18:35 35928 ----a-w- c:\windows\System32\nwtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 Novell ZENworks Image-Safe Data Service;Novell ZENworks ISD Service;c:\program files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [2011-02-23 90112] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2012-04-30 37632] R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-09-24 50200] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 e1kexpress;Stuurprogramma K voor Intel® PRO/1000 PCI Express-netwerkverbinding;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864] R3 hugoio;hugoio;c:\windows\system32\drivers\hugoio.sys [2012-04-30 9760] R3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1343400] R3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2011-04-27 196608] S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2011-04-01 91224] S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2011-04-01 110680] S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2011-04-01 22616] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-09-21 106280] S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-04-01 88664] S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-04-01 59992] S2 Novell Identity Store;Novell Identity Store;c:\program files\Novell\CASA\bin\micasad.exe [2010-10-11 245760] S2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\Novell\ZENworks\bin\ZenworksWindowsService.exe [2011-02-23 28672] S2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\Novell\ZENworks\bin\nzrWinVNC.exe [2011-02-24 1839104] S2 WNTHW;WNTHW;c:\windows\system32\DRIVERS\WNTHW.SYS [2011-02-14 9176] S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2011-04-01 16984] S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2011-02-14 34128] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-09-22 221912] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-26 108120] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - nciom *Deregistered* - ncp *Deregistered* - ncpl *Deregistered* - ndm *Deregistered* - ndmndap *Deregistered* - ndslpp *Deregistered* - niam *Deregistered* - nipctl *Deregistered* - nscm *Deregistered* - nsns *Deregistered* - nsvccost *Deregistered* - xtxplat . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-21 18:14 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:03] . 2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51] . 2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 15:51] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.be/ IE: &Verzenden naar OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html Trusted Zone: dexia.be Trusted Zone: dexia.be\directnet Trusted Zone: vdab.be\cmgmtprd Trusted Zone: vdab.be\crm Trusted Zone: vdab.be\intranet Trusted Zone: vdab.be\iprint7 Trusted Zone: vdab.be\mijnpersoneelsdossier Trusted Zone: vdab.be\sieb8acc01 TCP: DhcpNameServer = 195.130.130.2 195.130.131.2 DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab FF - ProfilePath - d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; d:\profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com FF - ExtSQL: !HIDDEN! 2013-09-04 16:18; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) SafeBoot-CleanHlp SafeBoot-CleanHlp.sys SafeBoot-Symantec Antvirus AddRemove-PRO-GEN 3.0 X_PG30_is1 - x:\pg30\unins000.exe AddRemove-VDC_is1 - c:\program files\Video Download Converter\unins000.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(664) c:\program files\Novell\ZENworks\bin\nzrSwitcher.dll . - - - - - - - > 'lsass.exe'(600) c:\windows\system32\ZenV1_0.DLL c:\windows\system32\ncv1_0.DLL . Voltooingstijd: 2013-09-26 19:44:34 ComboFix-quarantined-files.txt 2013-09-26 17:44 . Pre-Run: 34.768.211.968 bytes beschikbaar Post-Run: 34.655.121.408 bytes beschikbaar . - - End Of File - - 9C9A1C9473F523B7E4887AE9D1782653 A36C5E4F47E84449FF07ED3517B43A31 -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Hallo na scan hierbij het rapport: Emsisoft Emergency Kit - Versie 4.0 Laatste Update: 25/09/2013 17:24:46 Gebruikersaccount: I0081643\LBORNAUW Scaninstellingen: Scanmodus: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Detecteer PUPs: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 25/09/2013 17:26:19 D:\$RECYCLE.BIN\S-1-5-21-2387108698-3719649394-282492801-1002\$RAPTCWN.zip -> zoek.exe Ontdekt: Trojan.Generic.9589320 ( D:\$RECYCLE.BIN\S-1-5-21-2387108698-3719649394-282492801-1002\$RAPTCWN.zip -> zoek.com Ontdekt: Trojan.Generic.9589320 ( D:\$RECYCLE.BIN\S-1-5-21-2387108698-3719649394-282492801-1002\$RAPTCWN.zip -> zoek.scr Ontdekt: Trojan.Generic.9589320 ( D:\$RECYCLE.BIN\S-1-5-21-2387108698-3719649394-282492801-1002\$RDL8IJC.exe Ontdekt: Trojan.Generic.9589320 ( D:\$RECYCLE.BIN\S-1-5-21-2387108698-3719649394-282492801-1002\$RKZWMBS.scr Ontdekt: Trojan.Generic.9589320 ( D:\$RECYCLE.BIN\S-1-5-21-2387108698-3719649394-282492801-1002\$RXU5Y2N.com Ontdekt: Trojan.Generic.9589320 ( Gescand: 497581 Gevonden: 6 Scan geëindigd: 25/09/2013 18:47:00 Scantijd: 1:20:41 In quarantaine geplaatst 0 -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Ziehier het TDSS killer - rapportje 11:05:54.0134 1312 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 11:05:55.0522 1312 ============================================================ 11:05:55.0522 1312 Current date / time: 2013/09/25 11:05:55.0522 11:05:55.0522 1312 SystemInfo: 11:05:55.0522 1312 11:05:55.0522 1312 OS Version: 6.1.7601 ServicePack: 1.0 11:05:55.0522 1312 Product type: Workstation 11:05:55.0522 1312 ComputerName: I0081643 11:05:55.0522 1312 UserName: LBORNAUW 11:05:55.0522 1312 Windows directory: C:\Windows 11:05:55.0522 1312 System windows directory: C:\Windows 11:05:55.0522 1312 Processor architecture: Intel x86 11:05:55.0522 1312 Number of processors: 2 11:05:55.0522 1312 Page size: 0x1000 11:05:55.0522 1312 Boot type: Normal boot 11:05:55.0522 1312 ============================================================ 11:05:57.0426 1312 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 11:05:57.0426 1312 ============================================================ 11:05:57.0426 1312 \Device\Harddisk0\DR0: 11:05:57.0426 1312 MBR partitions: 11:05:57.0426 1312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7800000 11:05:57.0426 1312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7800800, BlocksNum 0x66F8000 11:05:57.0426 1312 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xDEF8800, BlocksNum 0x96000 11:05:57.0426 1312 ============================================================ 11:05:57.0488 1312 C: <-> \Device\Harddisk0\DR0\Partition1 11:05:57.0566 1312 D: <-> \Device\Harddisk0\DR0\Partition2 11:05:57.0691 1312 ============================================================ 11:05:57.0691 1312 Initialize success 11:05:57.0691 1312 ============================================================ 11:06:54.0085 2584 ============================================================ 11:06:54.0085 2584 Scan started 11:06:54.0085 2584 Mode: Manual; SigCheck; TDLFS; 11:06:54.0085 2584 ============================================================ 11:06:54.0912 2584 ================ Scan system memory ======================== 11:06:54.0912 2584 System memory - ok 11:06:54.0912 2584 ================ Scan services ============================= 11:06:55.0161 2584 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 11:06:55.0333 2584 1394ohci - ok 11:06:55.0364 2584 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 11:06:55.0380 2584 ACPI - ok 11:06:55.0411 2584 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 11:06:55.0458 2584 AcpiPmi - ok 11:06:55.0473 2584 [ 5F92E1E98EC2F4E6FE13D19AA3E24AD7 ] ACSSCR C:\Windows\system32\DRIVERS\a38usb.sys 11:06:55.0598 2584 ACSSCR - ok 11:06:55.0692 2584 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 11:06:55.0707 2584 AdobeARMservice - ok 11:06:55.0770 2584 [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 11:06:55.0801 2584 AdobeFlashPlayerUpdateSvc - ok 11:06:55.0832 2584 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 11:06:55.0910 2584 adp94xx - ok 11:06:55.0972 2584 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys 11:06:56.0191 2584 adpahci - ok 11:06:56.0269 2584 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 11:06:56.0347 2584 adpu320 - ok 11:06:56.0394 2584 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 11:06:56.0503 2584 AeLookupSvc - ok 11:06:56.0550 2584 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 11:06:56.0596 2584 AFD - ok 11:06:56.0628 2584 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 11:06:56.0659 2584 agp440 - ok 11:06:56.0674 2584 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 11:06:56.0737 2584 aic78xx - ok 11:06:56.0768 2584 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 11:06:56.0862 2584 ALG - ok 11:06:56.0893 2584 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 11:06:56.0955 2584 aliide - ok 11:06:56.0986 2584 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 11:06:57.0064 2584 amdagp - ok 11:06:57.0080 2584 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 11:06:57.0127 2584 amdide - ok 11:06:57.0142 2584 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 11:06:57.0189 2584 AmdK8 - ok 11:06:57.0205 2584 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 11:06:57.0267 2584 AmdPPM - ok 11:06:57.0298 2584 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 11:06:57.0330 2584 amdsata - ok 11:06:57.0361 2584 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 11:06:57.0392 2584 amdsbs - ok 11:06:57.0408 2584 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 11:06:57.0423 2584 amdxata - ok 11:06:57.0423 2584 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 11:06:57.0470 2584 AppID - ok 11:06:57.0501 2584 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 11:06:57.0579 2584 AppIDSvc - ok 11:06:57.0626 2584 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll 11:06:57.0704 2584 Appinfo - ok 11:06:57.0720 2584 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 11:06:57.0829 2584 AppMgmt - ok 11:06:57.0860 2584 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys 11:06:57.0938 2584 arc - ok 11:06:57.0985 2584 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys 11:06:58.0156 2584 arcsas - ok 11:06:58.0328 2584 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 11:06:58.0375 2584 aspnet_state - ok 11:06:58.0406 2584 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 11:06:58.0453 2584 AsyncMac - ok 11:06:58.0500 2584 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 11:06:58.0531 2584 atapi - ok 11:06:58.0578 2584 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 11:06:58.0702 2584 AudioEndpointBuilder - ok 11:06:58.0702 2584 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 11:06:58.0734 2584 Audiosrv - ok 11:06:58.0765 2584 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 11:06:58.0843 2584 AxInstSV - ok 11:06:58.0890 2584 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys 11:06:58.0952 2584 b06bdrv - ok 11:06:58.0999 2584 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 11:06:59.0061 2584 b57nd60x - ok 11:06:59.0124 2584 [ EB7C2DADF52F50F69F198C14C3556DC1 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys 11:06:59.0217 2584 BCM43XX - ok 11:06:59.0280 2584 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 11:06:59.0404 2584 BDESVC - ok 11:06:59.0436 2584 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 11:06:59.0482 2584 Beep - ok 11:06:59.0514 2584 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 11:06:59.0638 2584 BFE - ok 11:06:59.0685 2584 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 11:06:59.0763 2584 BITS - ok 11:06:59.0810 2584 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 11:06:59.0857 2584 blbdrive - ok 11:06:59.0888 2584 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 11:06:59.0904 2584 bowser - ok 11:06:59.0919 2584 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 11:06:59.0982 2584 BrFiltLo - ok 11:06:59.0997 2584 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 11:07:00.0044 2584 BrFiltUp - ok 11:07:00.0075 2584 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 11:07:00.0169 2584 Browser - ok 11:07:00.0200 2584 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 11:07:00.0278 2584 Brserid - ok 11:07:00.0294 2584 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 11:07:00.0325 2584 BrSerWdm - ok 11:07:00.0340 2584 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 11:07:00.0387 2584 BrUsbMdm - ok 11:07:00.0403 2584 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 11:07:00.0450 2584 BrUsbSer - ok 11:07:00.0481 2584 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 11:07:00.0512 2584 BTHMODEM - ok 11:07:00.0559 2584 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 11:07:00.0606 2584 bthserv - ok 11:07:00.0652 2584 [ F3E5C6CEEC35C3F65221100B00AFB5F9 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 11:07:00.0684 2584 ccEvtMgr - ok 11:07:00.0699 2584 [ F3E5C6CEEC35C3F65221100B00AFB5F9 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 11:07:00.0715 2584 ccSetMgr - ok 11:07:00.0730 2584 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 11:07:00.0777 2584 cdfs - ok 11:07:00.0808 2584 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 11:07:00.0855 2584 cdrom - ok 11:07:00.0886 2584 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 11:07:00.0933 2584 CertPropSvc - ok 11:07:00.0964 2584 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys 11:07:01.0011 2584 circlass - ok 11:07:01.0027 2584 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 11:07:01.0042 2584 CLFS - ok 11:07:01.0105 2584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:07:01.0167 2584 clr_optimization_v2.0.50727_32 - ok 11:07:01.0198 2584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:07:01.0276 2584 clr_optimization_v4.0.30319_32 - ok 11:07:01.0308 2584 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 11:07:01.0339 2584 CmBatt - ok 11:07:01.0386 2584 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 11:07:01.0448 2584 cmdide - ok 11:07:01.0479 2584 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 11:07:01.0526 2584 CNG - ok 11:07:01.0542 2584 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 11:07:01.0557 2584 Compbatt - ok 11:07:01.0573 2584 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 11:07:01.0620 2584 CompositeBus - ok 11:07:01.0635 2584 COMSysApp - ok 11:07:01.0666 2584 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 11:07:01.0682 2584 crcdisk - ok 11:07:01.0744 2584 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll 11:07:01.0776 2584 CryptSvc - ok 11:07:01.0807 2584 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys 11:07:01.0854 2584 CSC - ok 11:07:01.0900 2584 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll 11:07:01.0947 2584 CscService - ok 11:07:01.0978 2584 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys 11:07:01.0994 2584 ctxusbm - ok 11:07:02.0025 2584 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 11:07:02.0072 2584 DcomLaunch - ok 11:07:02.0119 2584 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 11:07:02.0197 2584 defragsvc - ok 11:07:02.0244 2584 [ 699EF0FD9AE72B7F5AD756E382C73E0E ] dfmirage C:\Windows\system32\DRIVERS\dfmirage.sys 11:07:02.0244 2584 dfmirage - ok 11:07:02.0290 2584 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 11:07:02.0353 2584 DfsC - ok 11:07:02.0384 2584 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 11:07:02.0446 2584 Dhcp - ok 11:07:02.0462 2584 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 11:07:02.0509 2584 discache - ok 11:07:02.0524 2584 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys 11:07:02.0540 2584 Disk - ok 11:07:02.0556 2584 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 11:07:02.0634 2584 dmvsc - ok 11:07:02.0665 2584 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 11:07:02.0758 2584 Dnscache - ok 11:07:02.0790 2584 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 11:07:02.0852 2584 dot3svc - ok 11:07:02.0883 2584 [ B5E479EB83707DD698F66953E922042C ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys 11:07:02.0930 2584 dot4 - ok 11:07:02.0946 2584 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 11:07:02.0992 2584 Dot4Print - ok 11:07:03.0024 2584 [ 9F7DE667C505CE6500BECDD8E11644D7 ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys 11:07:03.0070 2584 Dot4Scan - ok 11:07:03.0086 2584 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 11:07:03.0117 2584 dot4usb - ok 11:07:03.0148 2584 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 11:07:03.0195 2584 DPS - ok 11:07:03.0211 2584 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 11:07:03.0258 2584 drmkaud - ok 11:07:03.0304 2584 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 11:07:03.0382 2584 DXGKrnl - ok 11:07:03.0398 2584 [ 3EA531906572FFD549B72A10F828E58C ] e1kexpress C:\Windows\system32\DRIVERS\e1k6032.sys 11:07:03.0445 2584 e1kexpress - ok 11:07:03.0476 2584 [ 44A91D98D6719B49BCD649A863225B5C ] e1yexpress C:\Windows\system32\DRIVERS\e1y6232.sys 11:07:03.0507 2584 e1yexpress - ok 11:07:03.0538 2584 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 11:07:03.0570 2584 EapHost - ok 11:07:03.0694 2584 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys 11:07:03.0975 2584 ebdrv - ok 11:07:04.0022 2584 [ E1E3804F7C59EA3E14637C2A763F65E2 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 11:07:04.0084 2584 eeCtrl - ok 11:07:04.0131 2584 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 11:07:04.0194 2584 EFS - ok 11:07:04.0272 2584 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 11:07:04.0443 2584 ehRecvr - ok 11:07:04.0474 2584 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 11:07:04.0537 2584 ehSched - ok 11:07:04.0584 2584 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys 11:07:04.0630 2584 elxstor - ok 11:07:04.0662 2584 [ 6D84DFC3B5C5052881BF50470D0C03D1 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 11:07:04.0677 2584 EraserUtilRebootDrv - ok 11:07:04.0693 2584 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 11:07:04.0740 2584 ErrDev - ok 11:07:04.0771 2584 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 11:07:04.0818 2584 EventSystem - ok 11:07:04.0833 2584 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 11:07:04.0880 2584 exfat - ok 11:07:04.0911 2584 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 11:07:04.0942 2584 fastfat - ok 11:07:04.0974 2584 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 11:07:05.0052 2584 Fax - ok 11:07:05.0083 2584 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys 11:07:05.0114 2584 fdc - ok 11:07:05.0145 2584 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 11:07:05.0223 2584 fdPHost - ok 11:07:05.0239 2584 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 11:07:05.0270 2584 FDResPub - ok 11:07:05.0286 2584 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 11:07:05.0301 2584 FileInfo - ok 11:07:05.0301 2584 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 11:07:05.0364 2584 Filetrace - ok 11:07:05.0364 2584 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 11:07:05.0426 2584 flpydisk - ok 11:07:05.0442 2584 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 11:07:05.0473 2584 FltMgr - ok 11:07:05.0520 2584 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll 11:07:05.0676 2584 FontCache - ok 11:07:05.0754 2584 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 11:07:05.0785 2584 FontCache3.0.0.0 - ok 11:07:05.0800 2584 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 11:07:05.0832 2584 FsDepends - ok 11:07:05.0894 2584 [ 2B3BF55BA74EB8118F67AB2B450B8EA9 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 11:07:05.0910 2584 fssfltr - ok 11:07:06.0034 2584 [ B6AB40819ECEC4BA07266EC0EBBC85A7 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe 11:07:06.0112 2584 fsssvc - ok 11:07:06.0159 2584 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 11:07:06.0175 2584 Fs_Rec - ok 11:07:06.0222 2584 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 11:07:06.0237 2584 fvevol - ok 11:07:06.0268 2584 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 11:07:06.0315 2584 gagp30kx - ok 11:07:06.0346 2584 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys 11:07:06.0378 2584 giveio ( UnsignedFile.Multi.Generic ) - warning 11:07:06.0378 2584 giveio - detected UnsignedFile.Multi.Generic (1) 11:07:06.0424 2584 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 11:07:06.0471 2584 gpsvc - ok 11:07:06.0565 2584 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 11:07:06.0580 2584 gupdate - ok 11:07:06.0580 2584 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 11:07:06.0596 2584 gupdatem - ok 11:07:06.0643 2584 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 11:07:06.0658 2584 gusvc - ok 11:07:06.0674 2584 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 11:07:06.0721 2584 hcw85cir - ok 11:07:06.0752 2584 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 11:07:06.0799 2584 HdAudAddService - ok 11:07:06.0830 2584 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 11:07:06.0877 2584 HDAudBus - ok 11:07:06.0892 2584 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 11:07:06.0939 2584 HidBatt - ok 11:07:06.0955 2584 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys 11:07:07.0002 2584 HidBth - ok 11:07:07.0017 2584 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys 11:07:07.0064 2584 HidIr - ok 11:07:07.0095 2584 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 11:07:07.0142 2584 hidserv - ok 11:07:07.0158 2584 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 11:07:07.0189 2584 HidUsb - ok 11:07:07.0236 2584 [ F5BBA95472F18B6223AC2F3AED397223 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe 11:07:07.0251 2584 HitmanProScheduler - ok 11:07:07.0282 2584 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 11:07:07.0376 2584 hkmsvc - ok 11:07:07.0392 2584 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 11:07:07.0454 2584 HomeGroupListener - ok 11:07:07.0485 2584 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 11:07:07.0532 2584 HomeGroupProvider - ok 11:07:07.0548 2584 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 11:07:07.0641 2584 HpSAMD - ok 11:07:07.0688 2584 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 11:07:07.0719 2584 HTTP - ok 11:07:07.0750 2584 [ 7DECCB2612255F4B538976AD25DA0D29 ] hugoio C:\Windows\system32\drivers\hugoio.sys 11:07:07.0766 2584 hugoio - ok 11:07:07.0782 2584 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 11:07:07.0797 2584 hwpolicy - ok 11:07:07.0828 2584 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 11:07:07.0860 2584 i8042prt - ok 11:07:07.0906 2584 [ D80AA0907748D7CC8EFAB3773F32629B ] iaStor C:\Windows\system32\drivers\iaStor.sys 11:07:07.0922 2584 iaStor - ok 11:07:07.0969 2584 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 11:07:08.0062 2584 iaStorV - ok 11:07:08.0125 2584 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 11:07:08.0172 2584 IDriverT ( UnsignedFile.Multi.Generic ) - warning 11:07:08.0172 2584 IDriverT - detected UnsignedFile.Multi.Generic (1) 11:07:08.0234 2584 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 11:07:08.0406 2584 idsvc - ok 11:07:08.0640 2584 [ 0DAB2D553BE272359BCCE55C3449937E ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 11:07:08.0936 2584 igfx - ok 11:07:08.0998 2584 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys 11:07:09.0045 2584 iirsp - ok 11:07:09.0076 2584 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 11:07:09.0139 2584 IKEEXT - ok 11:07:09.0186 2584 [ 5CF0990FC1F6676F7B00366AB224DA92 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys 11:07:09.0217 2584 IntcHdmiAddService - ok 11:07:09.0248 2584 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 11:07:09.0295 2584 intelide - ok 11:07:09.0326 2584 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 11:07:09.0342 2584 intelppm - ok 11:07:09.0373 2584 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 11:07:09.0607 2584 IPBusEnum - ok 11:07:09.0654 2584 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:07:09.0700 2584 IpFilterDriver - ok 11:07:09.0747 2584 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 11:07:09.0794 2584 iphlpsvc - ok 11:07:09.0825 2584 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 11:07:09.0841 2584 IPMIDRV - ok 11:07:09.0872 2584 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 11:07:09.0919 2584 IPNAT - ok 11:07:09.0934 2584 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 11:07:09.0981 2584 IRENUM - ok 11:07:09.0997 2584 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 11:07:10.0012 2584 isapnp - ok 11:07:10.0044 2584 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 11:07:10.0090 2584 iScsiPrt - ok 11:07:10.0122 2584 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 11:07:10.0122 2584 kbdclass - ok 11:07:10.0153 2584 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 11:07:10.0200 2584 kbdhid - ok 11:07:10.0215 2584 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 11:07:10.0231 2584 KeyIso - ok 11:07:10.0278 2584 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 11:07:10.0293 2584 KSecDD - ok 11:07:10.0309 2584 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 11:07:10.0324 2584 KSecPkg - ok 11:07:10.0371 2584 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 11:07:10.0418 2584 KtmRm - ok 11:07:10.0465 2584 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 11:07:10.0496 2584 LanmanServer - ok 11:07:10.0543 2584 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 11:07:10.0590 2584 LanmanWorkstation - ok 11:07:10.0730 2584 [ F3FE36DDE7F59B7D4F9581C920670198 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 11:07:10.0855 2584 LiveUpdate - ok 11:07:10.0886 2584 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 11:07:10.0933 2584 lltdio - ok 11:07:10.0964 2584 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 11:07:11.0026 2584 lltdsvc - ok 11:07:11.0042 2584 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 11:07:11.0089 2584 lmhosts - ok 11:07:11.0120 2584 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 11:07:11.0198 2584 LSI_FC - ok 11:07:11.0214 2584 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 11:07:11.0354 2584 LSI_SAS - ok 11:07:11.0385 2584 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 11:07:11.0401 2584 LSI_SAS2 - ok 11:07:11.0416 2584 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 11:07:11.0448 2584 LSI_SCSI - ok 11:07:11.0463 2584 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 11:07:11.0510 2584 luafv - ok 11:07:11.0557 2584 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 11:07:11.0588 2584 Mcx2Svc - ok 11:07:11.0604 2584 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys 11:07:11.0635 2584 megasas - ok 11:07:11.0650 2584 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 11:07:11.0806 2584 MegaSR - ok 11:07:11.0853 2584 Microsoft SharePoint Workspace Audit Service - ok 11:07:11.0884 2584 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 11:07:11.0931 2584 MMCSS - ok 11:07:11.0947 2584 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 11:07:11.0994 2584 Modem - ok 11:07:12.0009 2584 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 11:07:12.0040 2584 monitor - ok 11:07:12.0072 2584 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 11:07:12.0087 2584 mouclass - ok 11:07:12.0087 2584 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 11:07:12.0134 2584 mouhid - ok 11:07:12.0150 2584 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 11:07:12.0165 2584 mountmgr - ok 11:07:12.0228 2584 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 11:07:12.0243 2584 MozillaMaintenance - ok 11:07:12.0259 2584 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 11:07:12.0306 2584 mpio - ok 11:07:12.0321 2584 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 11:07:12.0368 2584 mpsdrv - ok 11:07:12.0415 2584 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 11:07:12.0462 2584 MpsSvc - ok 11:07:12.0508 2584 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 11:07:12.0540 2584 MRxDAV - ok 11:07:12.0571 2584 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 11:07:12.0602 2584 mrxsmb - ok 11:07:12.0618 2584 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:07:12.0649 2584 mrxsmb10 - ok 11:07:12.0680 2584 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:07:12.0696 2584 mrxsmb20 - ok 11:07:12.0727 2584 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 11:07:12.0742 2584 msahci - ok 11:07:12.0774 2584 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 11:07:12.0836 2584 msdsm - ok 11:07:12.0867 2584 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 11:07:12.0930 2584 MSDTC - ok 11:07:12.0961 2584 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 11:07:13.0008 2584 Msfs - ok 11:07:13.0023 2584 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 11:07:13.0070 2584 mshidkmdf - ok 11:07:13.0101 2584 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 11:07:13.0117 2584 msisadrv - ok 11:07:13.0148 2584 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 11:07:13.0195 2584 MSiSCSI - ok 11:07:13.0210 2584 msiserver - ok 11:07:13.0226 2584 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 11:07:13.0273 2584 MSKSSRV - ok 11:07:13.0304 2584 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 11:07:13.0351 2584 MSPCLOCK - ok 11:07:13.0366 2584 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 11:07:13.0429 2584 MSPQM - ok 11:07:13.0460 2584 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 11:07:13.0476 2584 MsRPC - ok 11:07:13.0491 2584 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 11:07:13.0507 2584 mssmbios - ok 11:07:13.0538 2584 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 11:07:13.0569 2584 MSTEE - ok 11:07:13.0585 2584 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 11:07:13.0632 2584 MTConfig - ok 11:07:13.0647 2584 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 11:07:13.0663 2584 Mup - ok 11:07:13.0710 2584 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 11:07:13.0756 2584 napagent - ok 11:07:13.0803 2584 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 11:07:13.0834 2584 NativeWifiP - ok 11:07:13.0975 2584 [ 81E928EE3751FAF725C87CC17726C05D ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130923.022\NAVENG.SYS 11:07:13.0990 2584 NAVENG - ok 11:07:14.0053 2584 [ E0C39FA6C76AE8ED53ABF043F35ECDFF ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130923.022\NAVEX15.SYS 11:07:14.0131 2584 NAVEX15 - ok 11:07:14.0162 2584 [ 48C06CA01A7AF9BCA527EEB69D210C6E ] NCFilter C:\Windows\system32\DRIVERS\NCFilter.sys 11:07:14.0162 2584 NCFilter - ok 11:07:14.0224 2584 [ D2C2DD0A5DA6B9BD3A59072CC5DCA543 ] NCFSD C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys 11:07:14.0256 2584 NCFSD - ok 11:07:14.0287 2584 [ 0E99565F4D1007559927A38E12378D06 ] NCIOCTL C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys 11:07:14.0302 2584 NCIOCTL - ok 11:07:14.0334 2584 [ 26C78F5F31DA4671C5914E2DA04FFB51 ] NCRecognizer C:\Windows\system32\DRIVERS\NCRecognizer.sys 11:07:14.0365 2584 NCRecognizer - ok 11:07:14.0380 2584 [ E311AEBE962F4E2C6AD5234491CB40B8 ] NCUncFilter C:\Windows\system32\DRIVERS\NCUncFilter.sys 11:07:14.0396 2584 NCUncFilter - ok 11:07:14.0443 2584 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 11:07:14.0521 2584 NDIS - ok 11:07:14.0599 2584 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 11:07:14.0646 2584 NdisCap - ok 11:07:14.0677 2584 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 11:07:14.0708 2584 NdisTapi - ok 11:07:14.0739 2584 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 11:07:14.0755 2584 Ndisuio - ok 11:07:14.0770 2584 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 11:07:14.0817 2584 NdisWan - ok 11:07:14.0848 2584 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 11:07:14.0895 2584 NDProxy - ok 11:07:14.0911 2584 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 11:07:14.0958 2584 NetBIOS - ok 11:07:14.0989 2584 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 11:07:15.0004 2584 NetBT - ok 11:07:15.0020 2584 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 11:07:15.0036 2584 Netlogon - ok 11:07:15.0082 2584 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 11:07:15.0114 2584 Netman - ok 11:07:15.0145 2584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 11:07:15.0192 2584 NetMsmqActivator - ok 11:07:15.0207 2584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 11:07:15.0223 2584 NetPipeActivator - ok 11:07:15.0254 2584 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 11:07:15.0301 2584 netprofm - ok 11:07:15.0316 2584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 11:07:15.0316 2584 NetTcpActivator - ok 11:07:15.0332 2584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 11:07:15.0332 2584 NetTcpPortSharing - ok 11:07:15.0379 2584 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 11:07:15.0410 2584 nfrd960 - ok 11:07:15.0441 2584 [ 6822566B28BE75B2A76446A57064369F ] NICM C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys 11:07:15.0441 2584 NICM - ok 11:07:15.0488 2584 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 11:07:15.0519 2584 NlaSvc - ok 11:07:15.0566 2584 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys 11:07:15.0644 2584 nmwcd - ok 11:07:15.0660 2584 [ 025C54F9F8C8BC1894EA38529C742C54 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys 11:07:15.0691 2584 nmwcdc - ok 11:07:15.0722 2584 [ 0FBAACFA6FC27A100D56C22AA655EDF7 ] Novell Identity Store C:\Program Files\Novell\CASA\bin\micasad.exe 11:07:15.0738 2584 Novell Identity Store ( UnsignedFile.Multi.Generic ) - warning 11:07:15.0738 2584 Novell Identity Store - detected UnsignedFile.Multi.Generic (1) 11:07:15.0784 2584 [ AFF04B863161A705A7EF9EA49C354ED8 ] Novell ZENworks Agent Service C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe 11:07:15.0800 2584 Novell ZENworks Agent Service ( UnsignedFile.Multi.Generic ) - warning 11:07:15.0800 2584 Novell ZENworks Agent Service - detected UnsignedFile.Multi.Generic (1) 11:07:15.0831 2584 [ CD68B67C8211065C7A56C8A5B4CF01F5 ] Novell ZENworks Image-Safe Data Service C:\Program Files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe 11:07:15.0847 2584 Novell ZENworks Image-Safe Data Service ( UnsignedFile.Multi.Generic ) - warning 11:07:15.0847 2584 Novell ZENworks Image-Safe Data Service - detected UnsignedFile.Multi.Generic (1) 11:07:15.0878 2584 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 11:07:15.0925 2584 Npfs - ok 11:07:15.0956 2584 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 11:07:16.0034 2584 nsi - ok 11:07:16.0050 2584 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 11:07:16.0081 2584 nsiproxy - ok 11:07:16.0143 2584 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 11:07:16.0206 2584 Ntfs - ok 11:07:16.0252 2584 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 11:07:16.0299 2584 Null - ok 11:07:16.0330 2584 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 11:07:16.0362 2584 nvraid - ok 11:07:16.0455 2584 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 11:07:16.0564 2584 nvstor - ok 11:07:16.0596 2584 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 11:07:16.0627 2584 nv_agp - ok 11:07:16.0705 2584 [ EE15C84A89FD28A27F056E4BBCA9DB7B ] nzwinvnc C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe 11:07:16.0830 2584 nzwinvnc ( UnsignedFile.Multi.Generic ) - warning 11:07:16.0830 2584 nzwinvnc - detected UnsignedFile.Multi.Generic (1) 11:07:16.0892 2584 [ D955D5DE998DB2476BF0892BE3A96C26 ] O2Flash C:\Windows\system32\o2flash.exe 11:07:16.0908 2584 O2Flash ( UnsignedFile.Multi.Generic ) - warning 11:07:16.0908 2584 O2Flash - detected UnsignedFile.Multi.Generic (1) 11:07:16.0923 2584 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 11:07:16.0986 2584 ohci1394 - ok 11:07:17.0032 2584 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:07:17.0095 2584 ose - ok 11:07:17.0266 2584 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 11:07:17.0610 2584 osppsvc - ok 11:07:17.0937 2584 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 11:07:18.0031 2584 p2pimsvc - ok 11:07:18.0078 2584 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 11:07:18.0140 2584 p2psvc - ok 11:07:18.0171 2584 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys 11:07:18.0218 2584 Parport - ok 11:07:18.0249 2584 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 11:07:18.0265 2584 partmgr - ok 11:07:18.0296 2584 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys 11:07:18.0343 2584 Parvdm - ok 11:07:18.0358 2584 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 11:07:18.0405 2584 PcaSvc - ok 11:07:18.0436 2584 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 11:07:18.0452 2584 pci - ok 11:07:18.0483 2584 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 11:07:18.0514 2584 pciide - ok 11:07:18.0546 2584 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 11:07:18.0577 2584 pcmcia - ok 11:07:18.0592 2584 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 11:07:18.0608 2584 pcw - ok 11:07:18.0639 2584 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 11:07:18.0702 2584 PEAUTH - ok 11:07:18.0748 2584 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 11:07:18.0826 2584 PeerDistSvc - ok 11:07:18.0889 2584 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 11:07:18.0998 2584 pla - ok 11:07:19.0029 2584 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 11:07:19.0076 2584 PlugPlay - ok 11:07:19.0092 2584 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 11:07:19.0154 2584 PNRPAutoReg - ok 11:07:19.0185 2584 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 11:07:19.0201 2584 PNRPsvc - ok 11:07:19.0232 2584 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\Windows\system32\DRIVERS\point32.sys 11:07:19.0263 2584 Point32 - ok 11:07:19.0294 2584 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 11:07:19.0326 2584 PolicyAgent - ok 11:07:19.0357 2584 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 11:07:19.0404 2584 Power - ok 11:07:19.0435 2584 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 11:07:19.0497 2584 PptpMiniport - ok 11:07:19.0513 2584 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys 11:07:19.0560 2584 Processor - ok 11:07:19.0606 2584 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 11:07:19.0684 2584 ProfSvc - ok 11:07:19.0716 2584 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 11:07:19.0747 2584 ProtectedStorage - ok 11:07:19.0825 2584 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 11:07:19.0887 2584 Psched - ok 11:07:19.0950 2584 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 11:07:20.0059 2584 ql2300 - ok 11:07:20.0090 2584 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 11:07:20.0277 2584 ql40xx - ok 11:07:20.0308 2584 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 11:07:20.0355 2584 QWAVE - ok 11:07:20.0371 2584 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 11:07:20.0402 2584 QWAVEdrv - ok 11:07:20.0433 2584 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 11:07:20.0464 2584 RasAcd - ok 11:07:20.0496 2584 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 11:07:20.0527 2584 RasAgileVpn - ok 11:07:20.0542 2584 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 11:07:20.0605 2584 RasAuto - ok 11:07:20.0636 2584 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 11:07:20.0714 2584 Rasl2tp - ok 11:07:20.0745 2584 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 11:07:20.0808 2584 RasMan - ok 11:07:20.0823 2584 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 11:07:20.0854 2584 RasPppoe - ok 11:07:20.0886 2584 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 11:07:20.0917 2584 RasSstp - ok 11:07:20.0964 2584 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 11:07:20.0995 2584 rdbss - ok 11:07:20.0995 2584 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 11:07:21.0010 2584 rdpbus - ok 11:07:21.0042 2584 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 11:07:21.0073 2584 RDPCDD - ok 11:07:21.0104 2584 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 11:07:21.0151 2584 RDPDR - ok 11:07:21.0182 2584 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 11:07:21.0229 2584 RDPENCDD - ok 11:07:21.0244 2584 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 11:07:21.0291 2584 RDPREFMP - ok 11:07:21.0322 2584 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 11:07:21.0369 2584 RDPWD - ok 11:07:21.0400 2584 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 11:07:21.0416 2584 rdyboost - ok 11:07:21.0463 2584 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 11:07:21.0525 2584 RemoteAccess - ok 11:07:21.0556 2584 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 11:07:21.0603 2584 RemoteRegistry - ok 11:07:21.0634 2584 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys 11:07:21.0697 2584 rimmptsk - ok 11:07:21.0712 2584 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 11:07:21.0822 2584 RpcEptMapper - ok 11:07:21.0853 2584 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 11:07:21.0900 2584 RpcLocator - ok 11:07:21.0931 2584 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 11:07:21.0962 2584 RpcSs - ok 11:07:21.0993 2584 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 11:07:22.0040 2584 rspndr - ok 11:07:22.0071 2584 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 11:07:22.0102 2584 s3cap - ok 11:07:22.0118 2584 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 11:07:22.0134 2584 SamSs - ok 11:07:22.0165 2584 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 11:07:22.0180 2584 sbp2port - ok 11:07:22.0212 2584 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 11:07:22.0274 2584 SCardSvr - ok 11:07:22.0290 2584 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 11:07:22.0336 2584 scfilter - ok 11:07:22.0368 2584 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 11:07:22.0446 2584 Schedule - ok 11:07:22.0477 2584 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 11:07:22.0508 2584 SCPolicySvc - ok 11:07:22.0539 2584 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 11:07:22.0555 2584 sdbus - ok 11:07:22.0570 2584 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 11:07:22.0680 2584 SDRSVC - ok 11:07:22.0695 2584 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 11:07:22.0758 2584 secdrv - ok 11:07:22.0773 2584 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 11:07:22.0820 2584 seclogon - ok 11:07:22.0851 2584 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 11:07:22.0898 2584 SENS - ok 11:07:22.0914 2584 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 11:07:23.0007 2584 SensrSvc - ok 11:07:23.0038 2584 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 11:07:23.0085 2584 Serenum - ok 11:07:23.0101 2584 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 11:07:23.0148 2584 Serial - ok 11:07:23.0163 2584 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys 11:07:23.0179 2584 sermouse - ok 11:07:23.0226 2584 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 11:07:23.0288 2584 SessionEnv - ok 11:07:23.0319 2584 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 11:07:23.0350 2584 sffdisk - ok 11:07:23.0366 2584 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 11:07:23.0413 2584 sffp_mmc - ok 11:07:23.0444 2584 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 11:07:23.0475 2584 sffp_sd - ok 11:07:23.0491 2584 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 11:07:23.0522 2584 sfloppy - ok 11:07:23.0569 2584 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 11:07:23.0631 2584 SharedAccess - ok 11:07:23.0678 2584 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 11:07:23.0709 2584 ShellHWDetection - ok 11:07:23.0740 2584 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 11:07:23.0787 2584 sisagp - ok 11:07:23.0803 2584 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 11:07:23.0850 2584 SiSRaid2 - ok 11:07:23.0865 2584 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 11:07:23.0974 2584 SiSRaid4 - ok 11:07:24.0006 2584 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 11:07:24.0146 2584 Smb - ok 11:07:24.0177 2584 Smcinst - ok 11:07:24.0255 2584 [ 8317AD0C7E640411C746D5664EB7957A ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe 11:07:24.0411 2584 SmcService - ok 11:07:24.0458 2584 [ 95293A76341B1DB125EE125474657728 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE 11:07:24.0489 2584 SNAC - ok 11:07:24.0520 2584 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 11:07:24.0536 2584 SNMPTRAP - ok 11:07:24.0630 2584 [ E87CF104F12C92401C4D33C50A3D5DC8 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 11:07:24.0661 2584 SPBBCDrv - ok 11:07:24.0708 2584 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\Windows\system32\speedfan.sys 11:07:24.0739 2584 speedfan - ok 11:07:24.0754 2584 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 11:07:24.0770 2584 spldr - ok 11:07:24.0817 2584 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 11:07:25.0020 2584 Spooler - ok 11:07:25.0129 2584 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 11:07:25.0269 2584 sppsvc - ok 11:07:25.0300 2584 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 11:07:25.0347 2584 sppuinotify - ok 11:07:25.0378 2584 [ B36F8D6A02FF2B3A53E250A629782F29 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS 11:07:25.0410 2584 SRTSP - ok 11:07:25.0456 2584 [ E99BD98AC171A29FC1BA9376BE87AE73 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS 11:07:25.0488 2584 SRTSPL - ok 11:07:25.0503 2584 [ 1AF34729898063E9B7DF8D149D767E07 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS 11:07:25.0519 2584 SRTSPX - ok 11:07:25.0550 2584 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 11:07:25.0628 2584 srv - ok 11:07:25.0659 2584 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 11:07:25.0706 2584 srv2 - ok 11:07:25.0722 2584 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 11:07:25.0737 2584 srvnet - ok 11:07:25.0768 2584 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 11:07:25.0800 2584 SSDPSRV - ok 11:07:25.0815 2584 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 11:07:25.0878 2584 SstpSvc - ok 11:07:25.0909 2584 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys 11:07:25.0940 2584 stexstor - ok 11:07:25.0987 2584 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 11:07:26.0034 2584 StiSvc - ok 11:07:26.0049 2584 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 11:07:26.0065 2584 storflt - ok 11:07:26.0080 2584 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll 11:07:26.0127 2584 StorSvc - ok 11:07:26.0143 2584 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys 11:07:26.0174 2584 storvsc - ok 11:07:26.0190 2584 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 11:07:26.0205 2584 swenum - ok 11:07:26.0221 2584 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 11:07:26.0299 2584 swprv - ok 11:07:26.0377 2584 [ 4402CF4959A30CB6A008099ABA8F22A9 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe 11:07:26.0408 2584 Symantec AntiVirus - ok 11:07:26.0455 2584 [ E42A34E6F5CA71A84D4C2DE620AAD13D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS 11:07:26.0470 2584 SymEvent - ok 11:07:26.0502 2584 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS 11:07:26.0502 2584 SYMREDRV - ok 11:07:26.0517 2584 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS 11:07:26.0533 2584 SYMTDI - ok 11:07:26.0580 2584 [ 215A45246C6E2D0A9C263CE1786C8D8A ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 11:07:26.0595 2584 SynTP - ok 11:07:26.0642 2584 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 11:07:26.0689 2584 SysMain - ok 11:07:26.0720 2584 [ 666992D996C524812E713EFFD836D043 ] SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys 11:07:26.0736 2584 SysPlant - ok 11:07:26.0767 2584 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 11:07:26.0860 2584 TabletInputService - ok 11:07:26.0892 2584 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 11:07:26.0970 2584 TapiSrv - ok 11:07:26.0985 2584 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 11:07:27.0016 2584 TBS - ok 11:07:27.0094 2584 [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] Tcpip C:\Windows\system32\drivers\tcpip.sys 11:07:27.0172 2584 Tcpip - ok 11:07:27.0219 2584 [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 11:07:27.0250 2584 TCPIP6 - ok 11:07:27.0297 2584 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 11:07:27.0328 2584 tcpipreg - ok 11:07:27.0360 2584 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 11:07:27.0438 2584 TDPIPE - ok 11:07:27.0469 2584 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 11:07:27.0484 2584 TDTCP - ok 11:07:27.0516 2584 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 11:07:27.0562 2584 tdx - ok 11:07:27.0594 2584 [ F63439AC8FA992BFA0C757EB644A1A0C ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys 11:07:27.0594 2584 Teefer2 - ok 11:07:27.0625 2584 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 11:07:27.0640 2584 TermDD - ok 11:07:27.0672 2584 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 11:07:27.0734 2584 TermService - ok 11:07:27.0750 2584 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 11:07:27.0781 2584 Themes - ok 11:07:27.0812 2584 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 11:07:27.0828 2584 THREADORDER - ok 11:07:27.0843 2584 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys 11:07:27.0890 2584 TPM - ok 11:07:27.0906 2584 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 11:07:27.0937 2584 TrkWks - ok 11:07:27.0984 2584 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 11:07:28.0062 2584 TrustedInstaller - ok 11:07:28.0093 2584 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 11:07:28.0155 2584 tssecsrv - ok 11:07:28.0171 2584 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 11:07:28.0202 2584 TsUsbFlt - ok 11:07:28.0249 2584 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 11:07:28.0280 2584 TsUsbGD - ok 11:07:28.0311 2584 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 11:07:28.0342 2584 tunnel - ok 11:07:28.0374 2584 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys 11:07:28.0389 2584 uagp35 - ok 11:07:28.0420 2584 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 11:07:28.0483 2584 udfs - ok 11:07:28.0514 2584 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 11:07:28.0561 2584 UI0Detect - ok 11:07:28.0576 2584 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 11:07:28.0608 2584 uliagpkx - ok 11:07:28.0623 2584 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys 11:07:28.0639 2584 umbus - ok 11:07:28.0670 2584 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 11:07:28.0701 2584 UmPass - ok 11:07:28.0732 2584 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll 11:07:28.0795 2584 UmRdpService - ok 11:07:28.0826 2584 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 11:07:28.0888 2584 upnphost - ok 11:07:28.0935 2584 [ 78B74AF8727A28C128E164E9B53A5413 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 11:07:28.0966 2584 upperdev - ok 11:07:28.0998 2584 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 11:07:29.0076 2584 usbccgp - ok 11:07:29.0122 2584 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 11:07:29.0154 2584 usbcir - ok 11:07:29.0185 2584 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 11:07:29.0200 2584 usbehci - ok 11:07:29.0216 2584 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 11:07:29.0247 2584 usbhub - ok 11:07:29.0263 2584 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys 11:07:29.0294 2584 usbohci - ok 11:07:29.0310 2584 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys 11:07:29.0341 2584 usbprint - ok 11:07:29.0372 2584 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys 11:07:29.0403 2584 usbser - ok 11:07:29.0419 2584 [ 4F8FBC51A1C0A17310846B417A447F91 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 11:07:29.0590 2584 UsbserFilt - ok 11:07:29.0637 2584 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:07:29.0668 2584 USBSTOR - ok 11:07:29.0684 2584 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 11:07:29.0731 2584 usbuhci - ok 11:07:29.0778 2584 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 11:07:29.0840 2584 usbvideo - ok 11:07:29.0949 2584 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 11:07:30.0058 2584 UxSms - ok 11:07:30.0090 2584 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 11:07:30.0090 2584 VaultSvc - ok 11:07:30.0168 2584 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 11:07:30.0183 2584 vdrvroot - ok 11:07:30.0230 2584 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 11:07:30.0339 2584 vds - ok 11:07:30.0355 2584 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 11:07:30.0370 2584 vga - ok 11:07:30.0386 2584 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 11:07:30.0417 2584 VgaSave - ok 11:07:30.0433 2584 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 11:07:30.0464 2584 vhdmp - ok 11:07:30.0480 2584 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 11:07:30.0495 2584 viaagp - ok 11:07:30.0495 2584 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 11:07:30.0542 2584 ViaC7 - ok 11:07:30.0573 2584 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 11:07:30.0589 2584 viaide - ok 11:07:30.0620 2584 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys 11:07:30.0714 2584 vmbus - ok 11:07:30.0745 2584 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 11:07:30.0776 2584 VMBusHID - ok 11:07:30.0792 2584 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 11:07:30.0807 2584 volmgr - ok 11:07:30.0823 2584 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 11:07:30.0854 2584 volmgrx - ok 11:07:30.0870 2584 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 11:07:30.0885 2584 volsnap - ok 11:07:30.0901 2584 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 11:07:30.0916 2584 vsmraid - ok 11:07:30.0979 2584 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 11:07:31.0088 2584 VSS - ok 11:07:31.0104 2584 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 11:07:31.0135 2584 vwifibus - ok 11:07:31.0166 2584 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 11:07:31.0182 2584 vwififlt - ok 11:07:31.0197 2584 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 11:07:31.0244 2584 W32Time - ok 11:07:31.0275 2584 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 11:07:31.0322 2584 WacomPen - ok 11:07:31.0338 2584 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 11:07:31.0384 2584 WANARP - ok 11:07:31.0384 2584 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 11:07:31.0400 2584 Wanarpv6 - ok 11:07:31.0494 2584 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 11:07:31.0712 2584 WatAdminSvc - ok 11:07:31.0774 2584 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 11:07:31.0915 2584 wbengine - ok 11:07:31.0930 2584 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 11:07:31.0993 2584 WbioSrvc - ok 11:07:32.0024 2584 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 11:07:32.0055 2584 wcncsvc - ok 11:07:32.0071 2584 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 11:07:32.0196 2584 WcsPlugInService - ok 11:07:32.0242 2584 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys 11:07:32.0289 2584 Wd - ok 11:07:32.0336 2584 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 11:07:32.0383 2584 Wdf01000 - ok 11:07:32.0414 2584 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 11:07:32.0523 2584 WdiServiceHost - ok 11:07:32.0523 2584 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 11:07:32.0554 2584 WdiSystemHost - ok 11:07:32.0570 2584 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 11:07:32.0617 2584 WebClient - ok 11:07:32.0632 2584 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 11:07:32.0679 2584 Wecsvc - ok 11:07:32.0695 2584 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 11:07:32.0726 2584 wercplsupport - ok 11:07:32.0742 2584 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 11:07:32.0773 2584 WerSvc - ok 11:07:32.0804 2584 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 11:07:32.0820 2584 WfpLwf - ok 11:07:32.0851 2584 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 11:07:32.0866 2584 WIMMount - ok 11:07:32.0960 2584 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 11:07:33.0100 2584 WinDefend - ok 11:07:33.0116 2584 WinHttpAutoProxySvc - ok 11:07:33.0210 2584 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 11:07:33.0257 2584 Winmgmt - ok 11:07:33.0319 2584 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 11:07:33.0397 2584 WinRM - ok 11:07:33.0444 2584 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 11:07:33.0506 2584 WinUsb - ok 11:07:33.0584 2584 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 11:07:33.0647 2584 Wlansvc - ok 11:07:33.0740 2584 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 11:07:33.0849 2584 wlidsvc - ok 11:07:33.0881 2584 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 11:07:33.0896 2584 WmiAcpi - ok 11:07:33.0943 2584 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 11:07:34.0005 2584 wmiApSrv - ok 11:07:34.0083 2584 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 11:07:34.0208 2584 WMPNetworkSvc - ok 11:07:34.0239 2584 [ C214DD6D6905F01FE3E0A2C334E2244E ] WNTHW C:\Windows\system32\DRIVERS\WNTHW.SYS 11:07:34.0271 2584 WNTHW ( UnsignedFile.Multi.Generic ) - warning 11:07:34.0271 2584 WNTHW - detected UnsignedFile.Multi.Generic (1) 11:07:34.0317 2584 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 11:07:34.0395 2584 WPCSvc - ok 11:07:34.0411 2584 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 11:07:34.0442 2584 WPDBusEnum - ok 11:07:34.0489 2584 [ 9748E527F0D71BC86A1FE45F294E368B ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys 11:07:34.0520 2584 WPS - ok 11:07:34.0551 2584 [ C306D2037EC147C7C663994F12B87F1E ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys 11:07:34.0583 2584 WpsHelper - ok 11:07:34.0614 2584 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 11:07:34.0661 2584 ws2ifsl - ok 11:07:34.0676 2584 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 11:07:34.0707 2584 wscsvc - ok 11:07:34.0707 2584 WSearch - ok 11:07:34.0801 2584 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 11:07:34.0910 2584 wuauserv - ok 11:07:34.0941 2584 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 11:07:34.0957 2584 WudfPf - ok 11:07:34.0973 2584 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 11:07:35.0066 2584 WUDFRd - ok 11:07:35.0175 2584 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 11:07:35.0222 2584 wudfsvc - ok 11:07:35.0269 2584 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll 11:07:35.0363 2584 WwanSvc - ok 11:07:35.0394 2584 [ 81D2B88D01065B0A69CADC3128B5314E ] XTSvcMgr C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe 11:07:35.0409 2584 XTSvcMgr - ok 11:07:35.0472 2584 [ AEF78B24DF292B4DFC2AE0BEAF9C2EA3 ] ZENPreAgent C:\Windows\novell\zenworks\bin\ZENPreAgent.exe 11:07:35.0581 2584 ZENPreAgent ( UnsignedFile.Multi.Generic ) - warning 11:07:35.0581 2584 ZENPreAgent - detected UnsignedFile.Multi.Generic (1) 11:07:35.0581 2584 ================ Scan global =============================== 11:07:35.0690 2584 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 11:07:35.0753 2584 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll 11:07:35.0768 2584 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll 11:07:35.0784 2584 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 11:07:35.0815 2584 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 11:07:35.0831 2584 [Global] - ok 11:07:35.0831 2584 ================ Scan MBR ================================== 11:07:35.0831 2584 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 11:07:36.0548 2584 \Device\Harddisk0\DR0 - ok 11:07:36.0548 2584 ================ Scan VBR ================================== 11:07:36.0579 2584 [ CEFB23D29502F8CC53A089FB5164F2BD ] \Device\Harddisk0\DR0\Partition1 11:07:36.0595 2584 \Device\Harddisk0\DR0\Partition1 - ok 11:07:36.0642 2584 [ 3F10C18D314E0F6CC57F1E28586BD95F ] \Device\Harddisk0\DR0\Partition2 11:07:36.0642 2584 \Device\Harddisk0\DR0\Partition2 - ok 11:07:36.0642 2584 [ 802592141F8B538C45441948AD3C35BF ] \Device\Harddisk0\DR0\Partition3 11:07:36.0657 2584 \Device\Harddisk0\DR0\Partition3 - ok 11:07:36.0657 2584 ============================================================ 11:07:36.0657 2584 Scan finished 11:07:36.0657 2584 ============================================================ 11:07:36.0673 5288 Detected object count: 9 11:07:36.0673 5288 Actual detected object count: 9 11:10:37.0493 5288 giveio ( UnsignedFile.Multi.Generic ) - skipped by user 11:10:37.0493 5288 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:10:37.0493 5288 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 11:10:37.0493 5288 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:10:37.0493 5288 Novell Identity Store ( UnsignedFile.Multi.Generic ) - skipped by user 11:10:37.0493 5288 Novell Identity Store ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:10:37.0493 5288 Novell ZENworks Agent Service ( UnsignedFile.Multi.Generic ) - skipped by user 11:10:37.0493 5288 Novell ZENworks Agent Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:10:37.0493 5288 Novell ZENworks Image-Safe Data Service ( UnsignedFile.Multi.Generic ) - skipped by user 11:10:37.0508 5288 Novell ZENworks Image-Safe Data Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:10:37.0508 5288 nzwinvnc ( UnsignedFile.Multi.Generic ) - skipped by user 11:10:37.0508 5288 nzwinvnc ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:10:37.0508 5288 O2Flash ( UnsignedFile.Multi.Generic ) - skipped by user 11:10:37.0508 5288 O2Flash ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:10:37.0508 5288 WNTHW ( UnsignedFile.Multi.Generic ) - skipped by user 11:10:37.0508 5288 WNTHW ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:10:37.0508 5288 ZENPreAgent ( UnsignedFile.Multi.Generic ) - skipped by user 11:10:37.0508 5288 ZENPreAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:11:27.0585 3060 Deinitialize success -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Hallo scan is voltooid hierbij het logje: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.09.24.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 LBORNAUW :: I0081643 [administrator] 24/09/2013 18:35:06 mbam-log-2013-09-24 (18-35-06).txt Scan type: Volledige scan (C:\|D:\|) Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 439925 Verstreken tijd: 1 uur/uren, 53 minuut/minuten, 8 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) nog eens controleren? opmerkingske: bij een reboot van PC moet ik nu op F12 drukken opdat deze zou verder opstarten ... anders blijft het staan op flikker-cursor op blanco scherm ...laat ons hopen dat dit geen te grote prolemen geeft? alvast dank -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Hallo Deze versie van JAVA gedownload en controle uitgevoerd en ik kreeg OK ook ADW cleaner laten lopen en hierbij het bestandje ondertussen reeds 6 verwittigingen van Symantec van attacks gekregen... ;-( bij opstart start HTMAN PRO ook steeds op met snelle scanning : ik veronderstel dat dit geen kwaad kan? # AdwCleaner v3.005 - Report created 24/09/2013 at 15:09:33 # Updated 22/09/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (32 bits) # Username : LBORNAUW - I0081643 # Running from : D:\Profiles\LBORNAUW.I0081643\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : D:\END ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1 Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2727678 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_infrarecorder_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_infrarecorder_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A54DAB37-E900-4E7A-9E32-7B5372016CE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A54DAB37-E900-4E7A-9E32-7B5372016CE5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A54DAB37-E900-4E7A-9E32-7B5372016CE5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E22FAD16-456D-4E98-BE7E-EA499CD1BEA7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB508994-510F-4898-AC17-DFCC64D32581} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{95324E44-4B0A-47A9-8F77-9C6415E51C29}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{95324E44-4B0A-47A9-8F77-9C6415E51C29}] Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Blabbers Key Deleted : HKCU\Software\BrowserCompanion Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_Nederlands_2 Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BabylonToolbar Key Deleted : HKLM\Software\BrowserCompanion Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\ImInstaller Key Deleted : HKLM\Software\IncrediMail_MediaBar_Nederlands_2 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v23.0.1 (nl) -\\ Google Chrome v29.0.1547.76 ************************* AdwCleaner[R0].txt - [12806 octets] - [24/09/2013 14:56:57] AdwCleaner[s0].txt - [13052 octets] - [24/09/2013 15:09:33] ########## EOF - D:\AdwCleaner\AdwCleaner[s0].txt - [13113 octets] ########## -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Hallo alles gevolgd ( ik verwijderde JAVA TM Update) tot : Dubbelklik vervolgens op jre-7-windows-x64 / x86 op je Bureaublad om de nieuwste versie van Java te installeren. maar op welk bestandje die ik in de uitgepakte versie te klikken om JAVA te installeren? bin lib release.. nogmaals dank voor het geduld -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Hallo hierbij het logje ZOEK.EXE Zoek.exe Version 4.0.0.2 Updated 08-March-2013 Tool run by LBORNAUW on ma 11/03/2013 at 20:06:31,13. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Safe Mode NETWORK Internet Access Detected ==== Deleting Files \ Folders ====================== "C:\ProgramData\ilbmxgyiivcwvsl" deleted "C:\Windows\ycdnsssf.exe" deleted "C:\Users\Public\Desktop\sample_20131103_1920.zip" deleted "C:\ProgramData\dpdvedqxegrxgjz\be-flag.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\be-image.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\btn-green.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\corners-btn.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\corners1.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\corners2.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\corners3.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\corners4.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\ie6-7.css" deleted "C:\ProgramData\dpdvedqxegrxgjz\jquery.main.js" deleted "C:\ProgramData\dpdvedqxegrxgjz\main.html" deleted "C:\ProgramData\dpdvedqxegrxgjz\McAfee.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\pays-be.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\steps-be.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\steps-en.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\steps-nl.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\style.css" deleted "C:\ProgramData\dpdvedqxegrxgjz\tabs.png" deleted "C:\ProgramData\dpdvedqxegrxgjz\wait.html" deleted "C:\ProgramData\dpdvedqxegrxgjz" deleted Zoek.exe Version 4.0.0.4 Updated 19-September-2013 Tool run by LBORNAUW on ma 23/09/2013 at 18:00:30,40. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: D:\Profiles\LBORNAUW.I0081643\Desktop\zoek.exe [script inserted] ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully HKEY_CLASSES_ROOT\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully HKEY_CLASSES_ROOT\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully HKEY_CLASSES_ROOT\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully HKEY_CLASSES_ROOT\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VideoDownloadConverter_4zService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VideoDownloadConverter_4zService deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Search Scope Monitor] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader] ==== Deleting Files \ Folders ====================== "D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Utilities" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Vocal Transformer" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Vocals" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\WebServer" deleted "C:\ProgramData\laserjet" deleted "C:\ProgramData\manual" deleted "C:\ProgramData\vhosts" deleted "C:\ProgramData\Widgets" deleted "C:\ProgramData\Woodwind" deleted "C:\ProgramData\Woodwinds" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\settings.ini" deleted "C:\Program Files\VideoDownloadConverter_4z" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com" deleted "C:\Program Files\Video Download Converter" deleted "C:\Windows\system32\appdata" deleted "C:\Program Files\VideoDownloadConverter_4z" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\Local\VideoDownloadConverter_4z" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\LocalLow\VideoDownloadConverter_4z" deleted "D:\Profiles\LBORNAUW.I0081643\AppData\LocalLow\IncrediMail_MediaBar_Nederlands_2" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== D:\Profiles\LBORNA~1.I00\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2013-09-11 16:53:03 06EEAD5864F357ADC618F65A2F2C5156 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-09-11 16:53:03 00531B52C9468929F2C651B3BCADCBC9 690688 ----a-w- C:\Windows\System32\jscript.dll 2013-09-11 16:53:01 79DC575FE905D5DD5C5A4C5993A7C7F9 2876928 ----a-w- C:\Windows\System32\jscript9.dll 2013-09-11 16:52:58 7E540E07B97DCBCF8F76FA743B486BF2 61440 ----a-w- C:\Windows\System32\iesetup.dll 2013-09-11 16:52:58 7C63629508BB87227C3C861355A155B4 39424 ----a-w- C:\Windows\System32\jsproxy.dll 2013-09-11 16:52:56 BCA4913CDE903B4BDEEDAD1D6DBF5E2A 391168 ----a-w- C:\Windows\System32\ieui.dll 2013-09-11 16:52:52 2EC47CF6A36F6A83BB8B98C1425B4D41 493056 ----a-w- C:\Windows\System32\msfeeds.dll 2013-09-11 16:52:51 54C06D9684F3D0AD7E87502E57CC4655 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-09-11 16:52:51 000B55B43992179E69C2E83CCB8F1126 33280 ----a-w- C:\Windows\System32\iernonce.dll 2013-09-11 16:52:50 43852485D0B78C021A47E9548A4CFFE0 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-09-11 16:52:48 E5D91D6B81A293AB6854CAD112240A4B 1141248 ----a-w- C:\Windows\System32\urlmon.dll 2013-09-11 16:52:48 3B74EADF1B70251D3CDB87BC338DC34D 109056 ----a-w- C:\Windows\System32\iesysprep.dll 2013-09-11 16:52:47 281A720B0A984E325599EE1F0342E8FB 2048000 ----a-w- C:\Windows\System32\iertutil.dll 2013-09-11 16:52:43 535F6263035F2530A62D5D64EF6E73D3 1767936 ----a-w- C:\Windows\System32\wininet.dll 2013-09-11 16:52:41 4FCC53B82D91607FB9AE24E617108BB2 13761024 ----a-w- C:\Windows\System32\ieframe.dll 2013-09-11 16:52:37 5D2D7E7850CE963C2F401D4DEE7BB32A 14332928 ----a-w- C:\Windows\System32\mshtml.dll 2013-09-11 14:26:29 E02781D4871844DCD30DF1D69A650F78 12872704 ----a-w- C:\Windows\System32\shell32.dll 2013-09-11 14:26:28 2C4A87CA8C00E98EFDCFA2E8EC9A3503 180224 ----a-w- C:\Windows\System32\shdocvw.dll 2013-09-11 14:26:12 ED880065BBB2C5F57B74F30812A65F4F 2348544 ----a-w- C:\Windows\System32\win32k.sys 2013-09-11 14:26:10 6933E2AFF444A7A95D5C67E98449163E 868352 ----a-w- C:\Windows\System32\kernel32.dll 2013-09-11 14:26:09 51BB04243DF6196C06E125898127E397 169984 ----a-w- C:\Windows\System32\winsrv.dll 2013-09-11 14:26:09 1E65CF7B26D02750544EFDD73C8118FA 293376 ----a-w- C:\Windows\System32\KernelBase.dll 2013-09-11 14:26:08 2DE16A63F71D10B42ACE01E759078600 271360 ----a-w- C:\Windows\System32\conhost.exe ====== C:\Windows\system32\drivers ===== 2013-09-11 14:26:14 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-09-23 13:32:10 -------- d-----w- C:\Program Files\trend micro 2013-09-21 18:09:47 -------- d-----w- C:\Program Files\HitmanPro ======= D: ===== 2013-08-30 17:21:44 9AD14308E26FD2F9BDDB5325E3A860D6 27305 ----a-w- D:\5152.gif 2013-08-30 17:15:24 FCF5235D2B3D3C3D1D72EF57D09BAE29 5086 ----a-w- D:\sinterklaas25_small.jpg 2013-08-30 10:32:51 89165F49B50AA2871CD801EA4186BC0E 10428 ----a-w- D:\Spiderman.gif ====== D:\Profiles\LBORNAUW.I0081643\AppData\Roaming ====== 2013-09-22 13:55:59 B7B8E5BF252F2467F6862ABC5837D6D4 8388608 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-S-1-5-21-2387108698-3719649394-282492801-1002.dat 2013-09-21 18:49:14 D8FE52448777E7A8F1E6F9F09585F0A3 579456 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-System.dat 2013-09-09 13:08:50 -------- d-----w- D:\Profiles\LBORNAUW.I0081643\AppData\Locallow\Google 2013-09-04 14:19:21 -------- d-----w- D:\Profiles\LBORNAUW.I0081643\AppData\Local\IAC ====== D:\Profiles\LBORNAUW.I0081643 ====== 2013-09-21 18:09:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2013-09-21 18:09:02 -------- d-----w- C:\ProgramData\HitmanPro 2013-09-09 13:08:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2013-09-04 14:19:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter ====== C: exe-files == 2013-09-23 13:32:11 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\LBORNAUW.exe 2013-09-21 18:14:04 0B1CD71CE29E8123A664A5B40153D2FE 1915744 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.76\29.0.1547.76_29.0.1547.66_chrome_updater.exe 2013-09-21 18:09:49 F5BBA95472F18B6223AC2F3AED397223 106280 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe 2013-09-21 18:09:47 76ADBD909FA0898834BE3A8C0EA76609 9186416 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-2387108698-3719649394-282492801-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "iFolder"="C:\Program Files\iFolder3\iFolderApp.exe -checkautorun" "ZenNotifyIcon"="C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe" "NalView"="C:\Program Files\Novell\ZENworks\bin\nalview.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" "Nikon Message Center 2"="C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NWTRAY] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NWTRAY" "hkey"="HKLM" "command"="NWTRAY.EXE" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [20/09/2013 15:03] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [09/09/2011 17:51] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task] ==== Firefox Extensions ====================== ProfilePath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default - Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== Profilepath: D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash 148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update 7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 F045DF7AF127DC4BCC53421850114E15 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa 0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery 91B78790F69C250BA05836D2806BF29D - C:\Program Files\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll - HP Virtual Room Client Launcher Plugin 6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director F98B0B2789436E072D7ED979C4E44D07 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 9D35E12B661581B83DD74EB910EA9E6D - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.240.7 4EBB5B4DCABEC18B29D01F9F607B0114 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java Platform SE 6 U24 7D28153B7D586330678AD522B71D89CB - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== ==== Chrome Fix ====================== D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_client.conduit-storage.com_0.localstorage-journal deleted successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal deleted successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Empty IE Cache ====================== D:\Profiles\kind\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully D:\Profiles\LBORNAUW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully D:\Profiles\LBORNAUW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully D:\Profiles\LBORNAUW\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8 will be deleted at reboot ==== Empty FireFox Cache ====================== D:\Profiles\LBORNAUW.I0081643\AppData\Local\Mozilla\Firefox\Profiles\cllykyzr.default\Cache emptied successfully ==== Empty Chrome Cache ====================== D:\Profiles\LBORNAUW.I0081643\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8" deleted ==== EOF on ma 23/09/2013 at 18:14:59,16 ====================== -
Politievirus - geen VEILIGE MODUS
luver reageerde op luver's topic in Archief Bestrijding malware & virussen
Hierbij het logje van RSIT ter controle Logfile of random's system information tool 1.09 (written by random/random) Run by LBORNAUW at 2013-09-23 15:32:09 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 34 GB (55%) free of 61 GB Total RAM: 2000 MB (40% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:33:03, on 23/09/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16686) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Program Files\Novell\CASA\bin\micasad.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\HitmanPro\hmpsched.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe C:\Windows\system32\o2flash.exe C:\Windows\system32\svchost.exe C:\Program Files\Novell\ZENworks\bin\nzrWinVNCApp.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iFolder3\iFolderApp.exe C:\Program Files\Novell\ZENworks\bin\ZenNotifyIcon.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\IncrediMail\Bin\IncMail.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\IncrediMail\Bin\ImApp.exe C:\Program Files\iFolder3\lib\simias\web\bin\Simias.exe C:\Windows\system32\conhost.exe C:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSN71N8\RSIT.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\LBORNAUW.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = intranet.vdab.be R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: (no name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll O1 - Hosts: ::1 localhost O2 - BHO: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [iFolder] "C:\Program Files\iFolder3\iFolderApp.exe" -checkautorun O4 - HKLM\..\Run: [ZenNotifyIcon] C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe O4 - HKLM\..\Run: [NalView] C:\Program Files\Novell\ZENworks\bin\nalview.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\RunOnce: [uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'Default user') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.dexia.be O15 - Trusted Zone: PC Helpforum - Gratis hulp bij computer problemen O15 - Trusted Zone: PC Helpforum - Gratis hulp bij computer problemen O15 - Trusted Zone: VDAB Login O15 - Trusted Zone: PC Helpforum - Gratis hulp bij computer problemen O15 - Trusted Zone: http://mijnpersoneelsdossier.vdab.be O15 - Trusted Zone: PC Helpforum - Gratis hulp bij computer problemen O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://labs.usa.hp.com/vdesk/terminal/f5tunsrv.cab#version=7000,2012,1019,1308 O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://labs.usa.hp.com/vdesk/terminal/InstallerControl.cab O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab O16 - DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://labs.usa.hp.com/vdesk/terminal/urxhost.cab#version=7000,2012,1019,1321 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: LCredMgr - C:\Program Files\Novell\CASA\bin\lcredmgr.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Novell Identity Store - Novell, Inc - C:\Program Files\Novell\CASA\bin\micasad.exe O23 - Service: Novell ZENworks Agent Service - Novell, Inc. - C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe O23 - Service: Novell ZENworks ISD Service (Novell ZENworks Image-Safe Data Service) - Unknown owner - C:\Program Files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe O23 - Service: Novell ZENworks Remote Management powered by VNC (nzwinvnc) - Novell, Inc. - C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe (file missing) O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: VideoDownloadConverterService (VideoDownloadConverter_4zService) - COMPANYVERS_NAME - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe O23 - Service: Novell ZENworks Pre Agent (ZENPreAgent) - Unknown owner - C:\Windows\novell\zenworks\bin\ZENPreAgent.exe -- End of file - 16611 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default prefs.js - "browser.startup.homepage" - "Google" "belgiumeid@eid.belgium.be"=C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be "4zffxtbr@VideoDownloadConverter_4z.com"=C:\Program Files\VideoDownloadConverter_4z\bar\1.bin [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.8.800.168 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] "Description"=Picasa3 plugin "Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@rooms.hp.com] "Description"=HP Virtual Room Client Laucher Plugin "Path"=C:\Program Files\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin] "Description"=VideoDownloadConverter Plugin "Path"=C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ belgiumeid@eid.belgium.be D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\Mozilla\Firefox\Profiles\cllykyzr.default\extensions\ 4zffxtbr@VideoDownloadConverter_4z.com ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}] Toolbar BHO - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbar.dll [2013-09-04 712264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-20 192592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}] Search Assistant BHO - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll [2013-09-04 62864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-27 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-20 192592] {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - VideoDownloadConverter - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll [2013-09-04 712264] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2011-03-08 115560] "BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520] "iFolder"=C:\Program Files\iFolder3\iFolderApp.exe [2010-11-01 1521152] "ZenNotifyIcon"=C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe [2011-02-23 147456] "NalView"=C:\Program Files\Novell\ZENworks\bin\nalview.exe [2011-02-24 54784] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064] "ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2010-10-12 304568] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-10-09 1578280] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-04-06 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-04-06 175640] "Persistence"=C:\Windows\system32\igfxpers.exe [2010-04-06 169496] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 1821576] "Nikon Message Center 2"=C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [2010-05-25 619008] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2012-08-18 366576] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-09-09 39408] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall D:\Profiles\LBORNAUW.I0081643\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"=C:\Windows\system32\cmd.exe [2010-11-20 302592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY] C:\Windows\system32\NWTRAY.EXE [2011-04-01 35928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Search Scope Monitor] C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe [2013-09-04 44784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe [2013-09-04 30096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-03-31 227328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LCredMgr] C:\Program Files\Novell\CASA\bin\lcredmgr.dll [2010-10-11 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424] "{763370C4-268E-4308-A60C-D8DA0342BE32}"=C:\Program Files\Novell\ZENworks\bin\NalShell.dll [2011-02-24 933888] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 ZenV1_0 ncv1_0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "MSVideo8"=VfWWDM32.dll "msacm.siren"=sirenacm.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-09-23 15:32:10 ----D---- C:\Program Files\trend micro 2013-09-23 15:32:09 ----D---- C:\rsit 2013-09-22 13:33:34 ----AD---- C:\Kaspersky Rescue Disk 10.0 2013-09-21 20:09:47 ----D---- C:\Program Files\HitmanPro 2013-09-21 20:09:02 ----D---- C:\ProgramData\HitmanPro 2013-09-20 15:45:42 ----A---- C:\Windows\ntbtlog.txt 2013-09-20 14:57:20 ----A---- D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\settings.ini 2013-09-17 13:21:08 ----D---- C:\Program Files\Mozilla Firefox 2013-09-11 18:53:03 ----A---- C:\Windows\system32\jscript.dll 2013-09-11 18:53:01 ----A---- C:\Windows\system32\jscript9.dll 2013-09-11 18:52:58 ----A---- C:\Windows\system32\jsproxy.dll 2013-09-11 18:52:58 ----A---- C:\Windows\system32\iesetup.dll 2013-09-11 18:52:56 ----A---- C:\Windows\system32\ieui.dll 2013-09-11 18:52:52 ----A---- C:\Windows\system32\msfeeds.dll 2013-09-11 18:52:51 ----A---- C:\Windows\system32\iernonce.dll 2013-09-11 18:52:51 ----A---- C:\Windows\system32\ie4uinit.exe 2013-09-11 18:52:50 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-11 18:52:48 ----A---- C:\Windows\system32\urlmon.dll 2013-09-11 18:52:48 ----A---- C:\Windows\system32\iesysprep.dll 2013-09-11 18:52:47 ----A---- C:\Windows\system32\iertutil.dll 2013-09-11 18:52:43 ----A---- C:\Windows\system32\wininet.dll 2013-09-11 18:52:41 ----A---- C:\Windows\system32\ieframe.dll 2013-09-11 18:52:37 ----A---- C:\Windows\system32\mshtml.dll 2013-09-11 16:26:29 ----A---- C:\Windows\system32\shell32.dll 2013-09-11 16:26:28 ----A---- C:\Windows\system32\shdocvw.dll 2013-09-11 16:26:14 ----A---- C:\Windows\system32\drivers\ataport.sys 2013-09-11 16:26:12 ----A---- C:\Windows\system32\win32k.sys 2013-09-11 16:26:10 ----A---- C:\Windows\system32\kernel32.dll 2013-09-11 16:26:09 ----A---- C:\Windows\system32\winsrv.dll 2013-09-11 16:26:09 ----A---- C:\Windows\system32\KernelBase.dll 2013-09-11 16:26:08 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 16:26:08 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 16:26:08 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-11 16:26:08 ----A---- C:\Windows\system32\conhost.exe 2013-09-11 16:26:07 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 16:26:07 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-11 16:26:07 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 16:26:07 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 16:26:06 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 16:26:05 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-11 16:26:05 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-11 16:26:05 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 16:26:04 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-04 16:19:09 ----D---- C:\Program Files\Video Download Converter 2013-09-04 16:18:34 ----D---- C:\Program Files\VideoDownloadConverter_4z ======List of files/folders modified in the last 1 month====== 2013-09-23 15:32:17 ----D---- C:\Windows\Prefetch 2013-09-23 15:32:10 ----RD---- C:\Program Files 2013-09-23 15:25:08 ----D---- C:\Windows\Temp 2013-09-23 15:16:49 ----D---- C:\Windows\system32\config 2013-09-22 16:00:03 ----D---- C:\Windows\system32\drivers 2013-09-22 15:56:41 ----D---- C:\ProgramData\iFolder 2013-09-21 20:09:02 ----HD---- C:\ProgramData 2013-09-21 15:55:29 ----SHD---- C:\System Volume Information 2013-09-21 15:44:33 ----HD---- C:\Windows\system32\GroupPolicy 2013-09-20 18:10:07 ----D---- C:\Windows\system32\LogFiles 2013-09-20 15:45:42 ----D---- C:\Windows 2013-09-20 15:03:35 ----D---- C:\Windows\System32 2013-09-20 15:03:17 ----A---- C:\Windows\system32\FlashPlayerApp.exe 2013-09-19 10:14:59 ----D---- C:\Program Files\Mozilla Maintenance Service 2013-09-15 16:22:03 ----SHD---- C:\Windows\Installer 2013-09-12 12:56:25 ----D---- C:\Windows\rescache 2013-09-12 10:13:28 ----D---- C:\Windows\Microsoft.NET 2013-09-12 10:12:21 ----RSD---- C:\Windows\assembly 2013-09-12 09:51:07 ----D---- C:\Windows\winsxs 2013-09-12 09:47:45 ----D---- C:\Program Files\Internet Explorer 2013-09-12 09:47:38 ----D---- C:\Windows\system32\nl-NL 2013-09-12 09:47:30 ----D---- C:\Windows\system32\DriverStore 2013-09-11 19:03:47 ----D---- C:\ProgramData\Microsoft Help 2013-09-11 18:53:26 ----D---- C:\Windows\system32\catroot2 2013-09-11 18:53:23 ----D---- C:\Windows\system32\catroot 2013-09-11 18:49:38 ----D---- C:\Windows\system32\MRT 2013-09-11 18:47:08 ----A---- C:\Windows\system32\MRT.exe 2013-09-09 15:06:31 ----D---- C:\Program Files\Google 2013-08-29 19:51:35 ----D---- D:\Profiles\LBORNAUW.I0081643\AppData\Roaming\simias ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-06-08 435736] R0 NCFilter;Novell UNC Filter - Filter; C:\Windows\system32\DRIVERS\NCFilter.sys [2011-04-01 91224] R0 NCRecognizer;Novell UNC Filter - Recognizer; C:\Windows\system32\DRIVERS\NCRecognizer.sys [2011-04-01 110680] R0 NCUncFilter;Novell UNC Filter - UNC Filter; C:\Windows\system32\DRIVERS\NCUncFilter.sys [2011-04-01 22616] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440] R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096] R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2013-08-26 376920] R1 NICM;Novell XTCOM Driver; \??\C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [2011-04-01 27224] R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2011-03-08 421424] R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2011-03-08 284720] R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2011-03-08 43696] R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2011-03-08 188080] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2013-02-05 49664] R2 NCFSD;Novell Client File System Redirector; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-04-01 88664] R2 NCIOCTL;Novell Xplat IoCtl Driver; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-04-01 59992] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R3 BCM43XX;Stuurpgramma voor Broadcom 802.11 netwerkadapter; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-14 1131008] R3 dfmirage;dfmirage; C:\Windows\system32\DRIVERS\dfmirage.sys [2011-02-14 34128] R3 e1yexpress;Intel® Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y6232.sys [2009-09-23 221912] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-26 108120] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-04-01 8744448] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976] R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130923.003\NAVENG.SYS [2013-08-28 93272] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130923.003\NAVEX15.SYS [2013-08-28 1612376] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2011-08-01 40936] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 84992] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2012-11-16 125488] R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2011-03-08 26416] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-10-09 229424] R3 Teefer2;Teefer2 Miniport; C:\Windows\system32\DRIVERS\teefer2.sys [2011-03-08 67472] R3 WinUsb;WinUsb-stuurprogramma; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 35968] S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704] S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2012-04-30 37632] S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888] S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464] S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 16384] S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 10752] S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864] S3 e1kexpress;Stuurprogramma K voor Intel® PRO/1000 PCI Express-netwerkverbinding; C:\Windows\system32\DRIVERS\e1k6032.sys [2009-07-14 164864] S3 hugoio;hugoio; \??\C:\Windows\system32\drivers\hugoio.sys [2012-04-30 9760] S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176] S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304] S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2011-03-08 320944] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032] S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720] S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192] S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328] S3 ViaC7;Stuurprogramma voor VIA C7-processor; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736] S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920] S4 SysPlant;SysPlant for NT; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [2011-03-08 99696] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2011-03-08 108392] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2011-03-08 108392] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2013-02-05 1512448] R2 HitmanProScheduler;HitmanPro Scheduler; C:\Program Files\HitmanPro\hmpsched.exe [2013-09-21 106280] R2 Novell Identity Store;Novell Identity Store; C:\Program Files\Novell\CASA\bin\micasad.exe [2010-10-11 245760] R2 Novell ZENworks Agent Service;Novell ZENworks Agent Service; C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe [2011-02-23 28672] R2 nzwinvnc;Novell ZENworks Remote Management powered by VNC; C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe [2011-02-24 1839104] R2 O2Flash;O2Micro Flash Memory; C:\Windows\system32\o2flash.exe [2006-10-18 65536] R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2011-03-08 1893728] R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-03-08 1839776] R2 VideoDownloadConverter_4zService;VideoDownloadConverterService; C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2013-09-04 42504] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 1713904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-09 136176] S2 Novell ZENworks Image-Safe Data Service;Novell ZENworks ISD Service; C:\Program Files\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [2011-02-23 90112] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20 257416] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-09 136176] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-19 194032] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2011-01-19 3093944] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-17 117656] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 Smcinst;Symantec Auto-upgrade Agent; C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1343400] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2011-03-08 357744] -----------------EOF-----------------
OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!