Charlie Rochester

Ik heb een prachtig programma gevonden om mijn gpt partitie te herstellen, testdisk. Alle problemen zijn opgelost, Bedankt voor al u hulp, Charlie.

Ik heb net active @partition recovery gebruikt en ik herken mijn schijf en alle info is aanwezig met een quickscan, maar weeral door de gpt kan ik geen recovery uitvoeren anders was het al opgelost. Ik kan ook een raw disk image maken, maar dan heb ik een dim file en blijkbaar heb ik daar weer een andere sofware voor nodig. Ik zou moeten een software hebben die een gpt schijf kan herstellen. Ik denk dat dit wel moet mogelijk zijn in windows.

Ik heb het geprobeerd, maar er staat unsupported drive (all 3tb hdd's), gpt, dynamic and bad disks not supported. Kunnen er geen gegevens verloren gaan hiermee? Bestaat er nog een ander programma? Ik las ook over knoppix, maar omdat ik zeker geen gegevens wil kwijtraken vraag ik het toch maar. Ik probeerde ook partitionguru maar de schijf staat niet in de lijst.

Bedankt. Ik heb de schijven proberen opstarten in een andere behuizing die 4tb ondersteund, omdat ik nu geen desktop heb, maar het toont ook als een niet toegewezen schijf. Dit wil dan toch zeggen dat de partitie verloren is gegaan?

Ik had ook nog eens het volgende willen vragen ik gebruikte een raidsonic ib 120stu3 met een st3000dm001 en de behuizing chip zou moeten beschadigd zijn (dit is wat men vertelde) waardoor 2 van mijn schijven mogelijk hun partitie zijn verloren. Als ik ze opstart staan ze als niet toegewezen en niet geinitialiseerd. Is het best een partitie recovery tool te gebruiken en welke zou het best zijn, het is voor een 3 tb drive en dus een gpt drive. Free partition recovery tool. De schijf ondersteunde normaal max 2 tb, ik probeerde het al eens met een 3tb drive maar toen was hij slechts verdeeld in een 2 en 1 tb hdd, nu komt hij als niet toegewezen dus zal het wel kloppen dat het defect is, men zei wel dat er ondertussen firmare is gemaakt tot 4tb ondersteuning.

Het is om te voorkomen dat mijn hoofd window niet beschadigd raakt, zoals met de directx en met bittorent zodat ik deze software niet meer kan gebruiken en herinstallatie een heel werk wordt. zo kan ik ook dingen uittesten. Als dit met mijn virtuele os gebeurd is het makkelijker om het systeem te herinstalleren omdat er ook bijna geen software aanwezig is. De bedoeling van de virtuele os, is voor al het gevaarlijke (downloads,internet). Maar als ik het systeem met energiebeheer op een laag niveau zet moet dit wel meevallen denk ik? Ik ben ook vanplan dit op een afzonderlijke pc te doen om zeker te zijn dat mijn werk pc niet meer beschadigd raakt.

Ik ga alles herinstalleren het lijkt mij de korste weg. Ik heb nog één vraag om dit te kunnen vermijden in de toekomst. Is het nuttig om een virtuele windows of mac te installeren, wordt de hoofd windows hiermee niet beschadigd? Ik las dat met virussen dit heel goed meevalt en er dus bijna geen virussen het hoofdsysteem kunnen infecteren. Bedankt voor al u hulp.

Ik heb het programma "whochrashed" geinstalleerd en hieronder kwam hetvolgende. Crash Dump Analysis -------------------------------------------------------------------------------- Crash dump directory: C:\Windows\Minidump Crash dumps are enabled on your computer. On Fri 18/01/2013 19:53:13 GMT your computer crashed crash dump file: C:\Windows\Minidump\012113-28641-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40) Bugcheck code: 0xC5 (0x6E5F, 0x2, 0x0, 0xFFFFF800033BDDD3) Error: DRIVER_CORRUPTED_EXPOOL file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that the system attempted to access invalid memory at a process IRQL that was too high. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time. -------------------------------------------------------------------------------- Conclusion -------------------------------------------------------------------------------- One crash dump has been found and analyzed. No offending third party drivers have been found. Consider configuring your system to produce a full memory dump for better analysis.

Ik heb ontdekt dat het niet aan mijn lan driver ligt. Dit is hoe ik het begrijp. Het zou moeten een stukje zijn dat bittorent wil lezen op het geheugen of in register, maar zou door een eerdere crash verdwenen zijn en telkens als het dat wil raadplegen crasht bittorent en dus ook de pc. Zoals ik het begrijp zou dit één van de belangrijkste redenen zijn waardoor pc's crashen. Met ccleaner heb ik al de register gekuist en ook met ander software maar zonder succes. Mijn laatste optie, om de torrent te verwijderen die hiervoor verantwoordelijk zou zijn, is niet mogelijk omdat ik bittorent reeds heb proberen te herinstalleren en te laten draaien zonder aanwezige torrents. Dit gebeurt niet als ik bittorent opstart zonder internet verbinding. Ik zou moeten het geheugen wissen van bittorent, als ik het zo mag begrijpen of voorkomen dat bittorent dit stukje kan/wil raadplegen.

Ik heb al eensspeccy gedaan helemaal in het begin. Driver is geinstaleerd en dan herinstalleerd om te zien of het daaraan lag, maar niets. hd6970. Maar ik heb waarschijnlijk het probleem met bittorent gevonden. Ik had het idee van de pc op te starten in veilige modus zonder netwerkmogelijkheden en het werkt perfect geen crash. Volgends mij is de netwerkdriver beschadigd, door het eerder crashen van de pc. Klinkt dit logisch? eens proberen te herinstalleren? Vanuit bittorent wordt er gezegd als de pc crasht door bittorent, updaten van lan driver.

Buiten bittorent zijn er nog 2. De originele "directx encountered an unrecoverable error", Bij het opstarten van cod4. En het 2de is dat tijdens het overplaatsen van bestanden, zowel via hubs als rechtsreeks op de pc, schakelt de externe hdd automatisch af en herstart. Ik heb reeds in windows de energie en apparaatbeheer instellingen veranderd, maar niets helpt. Het is het ergst als ik hem rechtstreeks in de usb 3.0 poort steek van de laptop. Dit zowel met 2.5 als 3.5 schijven.

De grafische kaart is vervangen. Is het mogelijk dat de grafische kaart is kapot gegaan door dit probleem met bittorent (crashen pc)? De pc crasht nog steeds bij het opstarten van bittorent.

seagate 3tb ST3000DM001 met data erop geeft de volgende problemen. Eerst niet herkent, ook niet geinitialliseerd. Proberen te initialliseren, maar geeft de error "schijf tegen schrijven beveiligd". Offline brengen: schijf is onleebaar en beschadigd. ik heb nochthans een test met seatools gedaan en er waren geen problemen. Kan dit worden opgelost zonder datarecovery en mijn data te verliezen (geen backup). En anders wat is de beste freeware voor data recovery op een niet geinistialliseerde schijf?

Ik ben tot de ontdekking gekomen dat het een hardware probleem is. Nu was het beeld in veilige modus vol strepen met kleuren en was het met de nieuw geinstalleerde windows ook dit probleem. Dus bewijs genoeg dat het een hardware probleem is. Ik kom later terug om de directx op te lossen. Alvast bedankt voor alle hulp tot nu.

Nu gebeurde het weer gewoon door op het internet explorer venster te drukken. Ik heb nu sterke twijfels dat het toch moet aan de hardware liggen, specifiek aan de grafische kaart, maar vooraleer ik dit zou terugsturen, had ik het graag zeker geweten. Hoe kan ik mijn grafische kaart testen op fouten? Ik heb de pc wel getest met een clean install maar dit gaf geen problemen. Wat nu wel gebeurt is dat ik voor de eerste maal mijn afzonderlijk scherm kan gebruiken in veilige modus, dit heb ik nog nooit kunnen gebruiken en zeer opvallend is dat nu zelf in veillige modus zowel mijn laptop scherm als mij afzonderlijk scherm groen strepen vertoont in het beeld, dit kan dan toch niet anders dan aan de hardware liggen? Wat denkt u?

Na het verwijderen van bittorent was er geen probleem, als ik geen programma's opendoe is er geen probleem. Ik Heb gisteren bij het opstarten van mijn pc een volledige scan gedaan met malwarebytes en het resultaat was 0. Ik opende per ongeluk skype en hij deed het hier ook weer, nu grijs scherm. Dus het ligt niet specifiek aan bittorent. Bij bittorent waren er bij de nieuwe installatie geen torrents aanwezig of actief. Het begint altijd met groene kleur vlekken en dan valt het beeld weg en na een tijd herstart de hele computer. Wat kan er nog gedaan worden met dit probleem?

Dit heb ik verwijderd. Ik heb mijn pc nogmaals uitgeprobeerd en tijdens het gewoon gebruik is alles normaal. Bij het opstarten van bittorent sluit alles nog steeds volledig af zonder waarschuwing. Ik heb bittorent verwijderd heropgestart en het herinstalleert, maar dit blijft. Wat kan daaraan gedaan worden? Kan achterhaalt worden waar de oorsprong ligt van het probleem zodat ik dit ook kan verwijderen van mijn pc (normaal, D/downloads). Als dit dus geen virus (shutdownvirus) is wat zou het dan wel kunnen zijn?

Trojan.Shutdown Removal - Remove Trojan.Shutdown Easily!

Dit heb ik als laatste geprobeerd om het probleem zelf op te lossen. Maar het probleem begon al voor het installeren van deze software. Ik zal het allesinds verwijderen. Geeft dit problemen?

Het bestand, srvany.exe, heb ik kunnen verwijderen. Het vorige bestand was verdwenen na het gebruiken ervan dus heb ik een nieuw gemaakt. ComboFix 12-11-29.02 - Charlie 30/11/2012 6:16.4.8 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.16361.15028 [GMT 1:00] Gestart vanuit: c:\users\Charlie\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Charlie\Desktop\CFScript.txt AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE} SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\windows\SysWow64\srvany.exe" . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))) . . 2012-11-30 05:24 . 2012-11-30 05:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-30 04:54 . 2012-11-30 04:54 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22816C84-B77E-491D-B066-FAE021052DE4}\offreg.dll 2012-11-28 05:29 . 2012-11-30 04:54 -------- d-----w- c:\windows\system32\wbem\repository 2012-11-25 06:40 . 2012-11-25 06:40 388096 ----a-r- c:\users\Charlie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-25 06:40 . 2012-11-25 06:40 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-20 04:59 . 2011-02-17 17:26 81920 ----a-w- c:\windows\eSellerateControl350.dll 2012-11-20 04:59 . 2011-02-17 17:26 356352 ----a-w- c:\windows\eSellerateEngine.dll 2012-11-20 04:59 . 2012-11-20 07:25 -------- d-----w- c:\program files (x86)\Trojan . Shutdown Removal Tool [1] 2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\programdata\Uniblue 2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\users\Charlie\AppData\Roaming\Uniblue 2012-11-15 23:37 . 2012-11-15 23:37 -------- d-----w- c:\program files\ESET 2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\programdata\ParetoLogic 2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\ParetoLogic 2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic 2012-11-12 20:26 . 2012-11-12 20:26 -------- d-----w- c:\programdata\Cached Installations 2012-11-09 07:00 . 2012-11-09 07:00 -------- d-----w- c:\users\Charlie\AppData\Local\ElevatedDiagnostics . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 01:33 . 2012-04-12 16:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 01:33 . 2012-01-24 19:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 01:33 . 2012-10-09 01:33 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-09-29 17:54 . 2012-07-07 09:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 15:25 . 2012-09-25 15:25 280 ----a-w- c:\windows\system32\Backup.reg 2012-09-25 15:07 . 2011-03-13 17:30 14848 ----a-w- c:\windows\system32\slwga.dll 2012-09-25 15:07 . 2011-03-13 17:29 419840 ----a-w- c:\windows\system32\systemcpl.dll 2012-09-25 15:07 . 2011-03-13 17:28 13824 ----a-w- c:\windows\SysWow64\slwga.dll 2012-09-24 23:46 . 2012-09-24 23:46 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll 2012-09-24 23:46 . 2012-09-24 23:46 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll 2012-09-24 13:32 . 2012-09-17 18:13 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-24 13:32 . 2011-12-28 20:13 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-20 12:45 . 2012-09-20 12:45 47168 ----a-w- c:\windows\system32\drivers\SaiU0CCB.sys 2012-09-20 12:45 . 2012-09-20 12:45 180544 ----a-w- c:\windows\system32\drivers\SaiK0CCB.sys 2012-09-13 05:14 . 2012-10-01 04:26 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-09-13 05:13 . 2012-09-13 05:13 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-09-13 05:13 . 2012-10-01 04:26 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-09-13 05:13 . 2012-09-13 05:13 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-09-13 05:13 . 2012-09-13 05:13 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-2-16 3077120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "UpdReg"=c:\windows\UpdReg.EXE "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 139704] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-13 237400] R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-10 2326920] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120] R2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768] R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-24 163888] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-03-24 810120] R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-03-24 50600] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592] R2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048] R2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-28 2656280] R2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768] R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-10 250400] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-06 174168] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-03-13 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-03-13 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-03-13 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-03-13 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-10-20 1307648] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2012-01-10 1455648] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248] S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2012-09-20 180544] S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2012-09-20 47168] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-13 146264] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:33] . 2012-11-13 c:\windows\Tasks\ParetoLogic Registration.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-11-13 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-06 84744] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1931024] "Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-20 8151040] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2839840] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.be/ mLocal Page = c:\windows\SYSTEM32\blank.htm uInternet Settings,ProxyOverride = *.local IE: Opslaan als... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2012-10-23 04:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-14 05:46; 50a324dda9d09@50a324dda9d42.com; c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\extensions\50a324dda9d09@50a324dda9d42.com.xpi . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file) WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file) WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file) ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file) ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file) ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) @SACL= "AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\" "DataDir"="ESET\\ESET Smart Security\\" "EditionName"="BUSINESS EDITION" "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\" "LanguageId"=dword:00000409 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000001 "ProductCode"="{6D939834-A2F5-4EB3-AB04-5F9693942CE0}" "ProductName"="ESET Smart Security" "ProductType"="essbe" "ProductVersion"="4.2.40.0" "UniqueId"="000311AC4ECEB855" "ScannerBuild"=dword:000030d1 "ScannerVersionId"=dword:00001e09 "ScannerVersion"="Locked/open ESET for status." "ei2"=hex(:de,df,c6,3c,e3,a2,d5,3c "ei1"=hex(:00,90,f5,bf,21,0e,00,00 "ei3"=hex(:40,7a,a5,50,00,00,00,00 "ei4"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-30 06:26:40 ComboFix-quarantined-files.txt 2012-11-30 05:26 ComboFix2.txt 2012-11-28 05:50 . Pre-Run: 11.001.360.384 bytes beschikbaar Post-Run: 10.953.502.720 bytes beschikbaar . - - End Of File - - C655296E14F69BFB3159CD8D7AEC7A02

Tijdens deze actie heeft combofix een update gedaan, ik veronderstel dat dit de actie niet heeft beinvloed. Ik probeer deze maal mijn pc niet uit in gewone modus omdat ik het gevoel heb dat het steeds slechter gaat als deze virus in actie komt. U mag mij anders zeggen of dit toch geen kwaad kan of wanneer ik het wel mag uitproberen. ComboFix 12-11-28.02 - Charlie 29/11/2012 7:30.3.8 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.16361.15018 [GMT 1:00] Gestart vanuit: c:\users\Charlie\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Charlie\Desktop\CFScript.txt AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE} SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\windows\SysWow64\srvany.exe" . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))) . . 2012-11-29 06:38 . 2012-11-29 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-29 05:45 . 2012-11-29 05:45 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22816C84-B77E-491D-B066-FAE021052DE4}\offreg.dll 2012-11-28 05:29 . 2012-11-29 05:45 -------- d-----w- c:\windows\system32\wbem\repository 2012-11-25 06:40 . 2012-11-25 06:40 388096 ----a-r- c:\users\Charlie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-25 06:40 . 2012-11-25 06:40 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-20 04:59 . 2011-02-17 17:26 81920 ----a-w- c:\windows\eSellerateControl350.dll 2012-11-20 04:59 . 2011-02-17 17:26 356352 ----a-w- c:\windows\eSellerateEngine.dll 2012-11-20 04:59 . 2012-11-20 07:25 -------- d-----w- c:\program files (x86)\Trojan . Shutdown Removal Tool [1] 2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\programdata\Uniblue 2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\users\Charlie\AppData\Roaming\Uniblue 2012-11-15 23:37 . 2012-11-15 23:37 -------- d-----w- c:\program files\ESET 2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\programdata\ParetoLogic 2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\ParetoLogic 2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic 2012-11-12 20:26 . 2012-11-12 20:26 -------- d-----w- c:\programdata\Cached Installations 2012-11-09 07:00 . 2012-11-09 07:00 -------- d-----w- c:\users\Charlie\AppData\Local\ElevatedDiagnostics . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-13 00:43 . 2012-10-13 00:45 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2012-10-09 01:33 . 2012-04-12 16:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 01:33 . 2012-01-24 19:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 01:33 . 2012-10-09 01:33 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-09-29 17:54 . 2012-07-07 09:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 15:25 . 2012-09-25 15:25 280 ----a-w- c:\windows\system32\Backup.reg 2012-09-25 15:07 . 2011-03-13 17:30 14848 ----a-w- c:\windows\system32\slwga.dll 2012-09-25 15:07 . 2011-03-13 17:29 419840 ----a-w- c:\windows\system32\systemcpl.dll 2012-09-25 15:07 . 2011-03-13 17:28 13824 ----a-w- c:\windows\SysWow64\slwga.dll 2012-09-24 23:46 . 2012-09-24 23:46 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll 2012-09-24 23:46 . 2012-09-24 23:46 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll 2012-09-24 13:32 . 2012-09-17 18:13 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-24 13:32 . 2011-12-28 20:13 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-20 12:45 . 2012-09-20 12:45 47168 ----a-w- c:\windows\system32\drivers\SaiU0CCB.sys 2012-09-20 12:45 . 2012-09-20 12:45 180544 ----a-w- c:\windows\system32\drivers\SaiK0CCB.sys 2012-09-13 05:14 . 2012-10-01 04:26 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-09-13 05:13 . 2012-09-13 05:13 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-09-13 05:13 . 2012-10-01 04:26 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-09-13 05:13 . 2012-09-13 05:13 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-09-13 05:13 . 2012-09-13 05:13 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-2-16 3077120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "UpdReg"=c:\windows\UpdReg.EXE "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 139704] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-13 237400] R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-10 2326920] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120] R2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768] R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-24 163888] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-03-24 810120] R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-03-24 50600] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592] R2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048] R2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-28 2656280] R2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768] R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-10 250400] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-06 174168] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-03-13 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-03-13 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-03-13 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-03-13 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-10-20 1307648] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2012-01-10 1455648] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248] S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2012-09-20 180544] S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2012-09-20 47168] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-13 146264] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:33] . 2012-11-13 c:\windows\Tasks\ParetoLogic Registration.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-11-13 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-06 84744] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1931024] "Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-20 8151040] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2839840] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.be/ mLocal Page = c:\windows\SYSTEM32\blank.htm uInternet Settings,ProxyOverride = *.local IE: Opslaan als... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2012-10-23 04:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-14 05:46; 50a324dda9d09@50a324dda9d42.com; c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\extensions\50a324dda9d09@50a324dda9d42.com.xpi . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file) WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file) WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file) ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file) ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file) ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) @SACL= "AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\" "DataDir"="ESET\\ESET Smart Security\\" "EditionName"="BUSINESS EDITION" "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\" "LanguageId"=dword:00000409 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000001 "ProductCode"="{6D939834-A2F5-4EB3-AB04-5F9693942CE0}" "ProductName"="ESET Smart Security" "ProductType"="essbe" "ProductVersion"="4.2.40.0" "UniqueId"="000311AC4ECEB855" "ScannerBuild"=dword:000030d1 "ScannerVersionId"=dword:00001e09 "ScannerVersion"="Locked/open ESET for status." "ei2"=hex(:de,df,c6,3c,e3,a2,d5,3c "ei1"=hex(:00,90,f5,bf,21,0e,00,00 "ei3"=hex(:40,7a,a5,50,00,00,00,00 "ei4"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-29 07:40:46 ComboFix-quarantined-files.txt 2012-11-29 06:40 ComboFix2.txt 2012-11-28 05:50 . Pre-Run: 10.989.416.448 bytes beschikbaar Post-Run: 10.956.201.984 bytes beschikbaar . - - End Of File - - C802CCFDBF1597AED550CFF613667C30

Er was even hoop als ik mijn pc heropstarte, hij herstarte niet, er waren enkel flikkerende beelden met kleuren en zwarte schermen, zoals het normaal begon als hij herstarte. Ik heb nogmaals combofix gedaan in normale modus, zie log onderaan. Na het opstarten, drukte ik op prullenmand, hij herstarte wel niet, maar het beeld verdween. Weer veilige modus herstart, de hele pc sloot gewoon volledig af, geen herstarting, en na het opstarten kreeg ik geen bios meer, even paniek, ik wist niet dat veilige modus kon worden aangetast. Wat er wel gebeurde, was één biep geluid. Weer hestart en dan kwam er wel veilige modus, weer één biep. Wat een vervelende virus. Ik zou wel eens zeer grondig mijn d schijf willen kunnen scannen om zeker te zijn dat dit toch geen problemen meer veroorzaakt, maar eset en malwarebytes vinden niets, maar kunnen sommige bestanden blijkbaar ook niet openen, wat doe ik daar dan mee. Ik download regelmatig zaken waarvan ik moeilijk kan weten of er een virus inzit, hoe kan ik voorkomen dat mijn computer nog zo geinfecteerd wordt. Ik heb nu al 2 virusscanners, maar dit is blijkbaar niet genoeg. ComboFix 12-11-27.01 - Charlie 28/11/2012 7:27.2.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.16361.14181 [GMT 1:00] Gestart vanuit: c:\users\Charlie\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE} SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\box.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))) . . 2012-11-28 06:38 . 2012-11-28 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-28 06:21 . 2012-11-28 06:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22816C84-B77E-491D-B066-FAE021052DE4}\offreg.dll 2012-11-28 05:29 . 2012-11-28 06:20 -------- d-----w- c:\windows\system32\wbem\repository 2012-11-25 06:40 . 2012-11-25 06:40 388096 ----a-r- c:\users\Charlie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-25 06:40 . 2012-11-25 06:40 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-20 04:59 . 2011-02-17 17:26 81920 ----a-w- c:\windows\eSellerateControl350.dll 2012-11-20 04:59 . 2011-02-17 17:26 356352 ----a-w- c:\windows\eSellerateEngine.dll 2012-11-20 04:59 . 2012-11-20 07:25 -------- d-----w- c:\program files (x86)\Trojan . Shutdown Removal Tool [1] 2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\programdata\Uniblue 2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\users\Charlie\AppData\Roaming\Uniblue 2012-11-15 23:37 . 2012-11-15 23:37 -------- d-----w- c:\program files\ESET 2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\programdata\ParetoLogic 2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\ParetoLogic 2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic 2012-11-12 20:26 . 2012-11-12 20:26 -------- d-----w- c:\programdata\Cached Installations 2012-11-09 07:00 . 2012-11-09 07:00 -------- d-----w- c:\users\Charlie\AppData\Local\ElevatedDiagnostics . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-13 00:43 . 2012-10-13 00:45 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2012-10-09 01:33 . 2012-04-12 16:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 01:33 . 2012-01-24 19:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 01:33 . 2012-10-09 01:33 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-09-29 17:54 . 2012-07-07 09:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 15:25 . 2012-09-25 15:25 280 ----a-w- c:\windows\system32\Backup.reg 2012-09-25 15:07 . 2011-03-13 17:30 14848 ----a-w- c:\windows\system32\slwga.dll 2012-09-25 15:07 . 2011-03-13 17:29 419840 ----a-w- c:\windows\system32\systemcpl.dll 2012-09-25 15:07 . 2011-03-13 17:28 13824 ----a-w- c:\windows\SysWow64\slwga.dll 2012-09-24 23:46 . 2012-09-24 23:46 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll 2012-09-24 23:46 . 2012-09-24 23:46 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll 2012-09-24 13:32 . 2012-09-17 18:13 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-24 13:32 . 2011-12-28 20:13 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-20 12:45 . 2012-09-20 12:45 47168 ----a-w- c:\windows\system32\drivers\SaiU0CCB.sys 2012-09-20 12:45 . 2012-09-20 12:45 180544 ----a-w- c:\windows\system32\drivers\SaiK0CCB.sys 2012-09-13 05:14 . 2012-10-01 04:26 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-09-13 05:13 . 2012-09-13 05:13 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-09-13 05:13 . 2012-10-01 04:26 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-09-13 05:13 . 2012-09-13 05:13 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-09-13 05:13 . 2012-09-13 05:13 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-2-16 3077120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "UpdReg"=c:\windows\UpdReg.EXE "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-03-13 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-03-13 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-03-13 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-03-13 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2012-01-10 1455648] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 139704] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-13 237400] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-10 2326920] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616] S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120] S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-24 163888] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-03-24 810120] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-03-24 50600] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592] S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048] S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-28 2656280] S2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-10 250400] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-06 174168] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248] S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2012-09-20 180544] S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2012-09-20 47168] S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-10-20 1307648] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-13 146264] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:33] . 2012-11-13 c:\windows\Tasks\ParetoLogic Registration.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-11-13 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-06 84744] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1931024] "Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-20 8151040] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2839840] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.be/ mLocal Page = c:\windows\SYSTEM32\blank.htm uInternet Settings,ProxyOverride = *.local IE: Opslaan als... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2012-10-23 04:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-14 05:46; 50a324dda9d09@50a324dda9d42.com; c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\extensions\50a324dda9d09@50a324dda9d42.com.xpi . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file) WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file) ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file) ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file) ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) @SACL= "AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\" "DataDir"="ESET\\ESET Smart Security\\" "EditionName"="BUSINESS EDITION" "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\" "LanguageId"=dword:00000409 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000001 "ProductCode"="{6D939834-A2F5-4EB3-AB04-5F9693942CE0}" "ProductName"="ESET Smart Security" "ProductType"="essbe" "ProductVersion"="4.2.40.0" "UniqueId"="000311AC4ECEB855" "ScannerBuild"=dword:000030d1 "ScannerVersionId"=dword:00001e09 "ScannerVersion"="Locked/open ESET for status." "ei2"=hex(:de,df,c6,3c,e3,a2,d5,3c "ei1"=hex(:00,90,f5,bf,21,0e,00,00 "ei3"=hex(:40,7a,a5,50,00,00,00,00 "ei4"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-28 07:42:11 ComboFix-quarantined-files.txt 2012-11-28 06:42 ComboFix2.txt 2012-11-28 05:50 . Pre-Run: 10.926.440.448 bytes beschikbaar Post-Run: 10.908.811.264 bytes beschikbaar . - - End Of File - - 27FB05461EA7DF8AB9F7B4E6F2074D76

Nu kan ik enkel nog werken in veilige modus. Het wordt blijkbaar erger telkens als dit voorkomt. ComboFix 12-11-27.01 - Charlie 28/11/2012 6:40.1.8 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.16361.15062 [GMT 1:00] Gestart vanuit: c:\users\Charlie\Desktop\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Vid-Saver c:\program files (x86)\Vid-Saver\Vid-Saver.dll c:\program files (x86)\Vid-Saver\Vid-Saver.exe c:\program files (x86)\Vid-Saver\Vid-Saver.ico c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe c:\programdata\go_0molg.pad c:\windows\SysWow64\spool\prtprocs\w32x86\ppbiPr.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))) . . 2012-11-28 05:48 . 2012-11-28 05:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-28 05:29 . 2012-11-28 05:29 -------- d-----w- c:\windows\system32\wbem\repository 2012-11-27 04:36 . 2012-11-28 05:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22816C84-B77E-491D-B066-FAE021052DE4}\offreg.dll 2012-11-25 06:40 . 2012-11-25 06:40 388096 ----a-r- c:\users\Charlie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-25 06:40 . 2012-11-25 06:40 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-20 04:59 . 2011-02-17 17:26 81920 ----a-w- c:\windows\eSellerateControl350.dll 2012-11-20 04:59 . 2011-02-17 17:26 356352 ----a-w- c:\windows\eSellerateEngine.dll 2012-11-20 04:59 . 2012-11-20 07:25 -------- d-----w- c:\program files (x86)\Trojan . Shutdown Removal Tool [1] 2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\programdata\Uniblue 2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\users\Charlie\AppData\Roaming\Uniblue 2012-11-15 23:37 . 2012-11-15 23:37 -------- d-----w- c:\program files\ESET 2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\programdata\ParetoLogic 2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\ParetoLogic 2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic 2012-11-12 20:26 . 2012-11-12 20:26 -------- d-----w- c:\programdata\Cached Installations 2012-11-09 07:00 . 2012-11-09 07:00 -------- d-----w- c:\users\Charlie\AppData\Local\ElevatedDiagnostics . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-13 00:43 . 2012-10-13 00:45 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2012-10-09 01:33 . 2012-04-12 16:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 01:33 . 2012-01-24 19:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 01:33 . 2012-10-09 01:33 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-09-29 17:54 . 2012-07-07 09:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 15:25 . 2012-09-25 15:25 280 ----a-w- c:\windows\system32\Backup.reg 2012-09-25 15:07 . 2011-03-13 17:30 14848 ----a-w- c:\windows\system32\slwga.dll 2012-09-25 15:07 . 2011-03-13 17:29 419840 ----a-w- c:\windows\system32\systemcpl.dll 2012-09-25 15:07 . 2011-03-13 17:28 13824 ----a-w- c:\windows\SysWow64\slwga.dll 2012-09-24 23:46 . 2012-09-24 23:46 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll 2012-09-24 23:46 . 2012-09-24 23:46 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll 2012-09-24 13:32 . 2012-09-17 18:13 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-24 13:32 . 2011-12-28 20:13 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-20 12:45 . 2012-09-20 12:45 47168 ----a-w- c:\windows\system32\drivers\SaiU0CCB.sys 2012-09-20 12:45 . 2012-09-20 12:45 180544 ----a-w- c:\windows\system32\drivers\SaiK0CCB.sys 2012-09-13 05:14 . 2012-10-01 04:26 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-09-13 05:13 . 2012-09-13 05:13 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-09-13 05:13 . 2012-10-01 04:26 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-09-13 05:13 . 2012-09-13 05:13 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-09-13 05:13 . 2012-09-13 05:13 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-2-16 3077120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "UpdReg"=c:\windows\UpdReg.EXE "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 139704] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-13 237400] R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-10 2326920] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120] R2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768] R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-24 163888] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-03-24 810120] R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-03-24 50600] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592] R2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048] R2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-28 2656280] R2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768] R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-10 250400] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-06 174168] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-03-13 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-03-13 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-03-13 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-03-13 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-10-20 1307648] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2012-01-10 1455648] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248] S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2012-09-20 180544] S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2012-09-20 47168] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-13 146264] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:33] . 2012-11-13 c:\windows\Tasks\ParetoLogic Registration.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-11-13 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-06 84744] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1931024] "Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-20 8151040] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2839840] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.be/ mLocal Page = c:\windows\SYSTEM32\blank.htm uInternet Settings,ProxyOverride = *.local IE: Opslaan als... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2012-10-23 04:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-14 05:46; 50a324dda9d09@50a324dda9d42.com; c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\extensions\50a324dda9d09@50a324dda9d42.com.xpi . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file) WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file) ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file) ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file) ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) @SACL= "AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\" "DataDir"="ESET\\ESET Smart Security\\" "EditionName"="BUSINESS EDITION" "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\" "LanguageId"=dword:00000409 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000001 "ProductCode"="{6D939834-A2F5-4EB3-AB04-5F9693942CE0}" "ProductName"="ESET Smart Security" "ProductType"="essbe" "ProductVersion"="4.2.40.0" "UniqueId"="000311AC4ECEB855" "ScannerBuild"=dword:000030d1 "ScannerVersionId"=dword:00001e09 "ScannerVersion"="Locked/open ESET for status." "ei2"=hex(:de,df,c6,3c,e3,a2,d5,3c "ei1"=hex(:00,90,f5,bf,21,0e,00,00 "ei3"=hex(:40,7a,a5,50,00,00,00,00 "ei4"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-28 06:50:42 ComboFix-quarantined-files.txt 2012-11-28 05:50 . Pre-Run: 10.127.708.160 bytes beschikbaar Post-Run: 10.586.882.048 bytes beschikbaar . - - End Of File - - A1FA5637436097E5F60E6EE3E9DC6C13

Dit heb ik gedaan. Het geeft een paar zaken verwijderd die al lang op mijn pc stonden en zeker geen kwaad kunnen, kan ik deze nog terugplaatsen zoals bij eset? Nadat mijn pc herstart was en net als ik de log wou plaatsen gebeurde het weer waardoor ik dus deze info kwijt ben en het probleem dus niet verholpen heeft. Wat ik wel nogmaals geprobeerd heb is op een nieuwe schijf een clean install gedaan om te zien of het geen hardware probleem is, na een half uur te hebben uitgeprobeerd denk ik wel dat het geen hardware probleem is. Wat ik wel lees is dat zo een schutdown virus geen echte virus zou zijn, misschien daarom dat de viruscanner het niet vind. Ik heb wel veel .rar files (d schijf) staan die eset in de scan niet kan openen en vandaar misschien ook dat het niet gevonden kan worden. Ik zal de d schijf verwijderen en nog een scan uitvoeren.

Dit had ik vergeten te melden, mijn temperaturen zijn opgelost, door in windows 7 bij energie de maximum verbruik van 100% naa 95% of nog lager te plaatsen en de pasta te vernieuwen. Nu zitten mijn temperaturen rond de 44 graden aan 7 watt. Er zijn geen virussen gedetecteerd. Onderaan het log van hijackthis. Deze shutdown virus (althans dat denk ik wat het is) begin nu wel echt vervelend te doen, normaal was het enkel als ik bittorent start maar nu sloot mijn ganse computer weer gewoon plots af (blokkeert eerst, dan zwart scherm en hij start zeer traag weer op), maar zonder bittorent te starten. Ik hoor dat dit om het even wanneer in werking kan treden. Het vertraagt mijn hele systeem blijkbaar ook. Ik heb al vier scans uitgevoerd maar niets gevonden met eset en malwarebytes anti malware. Misschien wel even melden dat ik een negeerlijst heb (2 mappen op de computer) waar enkel software op staat, maar zowel malwarbytes als eset verwijderen er zaken die ik niet wens verwijderd te hebben. Hopelijk kunt u mij helpen deze (shutdown virus) te verwijderen. Ik denk dat hij op schijf D staat. Het staat er vol met kleine files. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:34:09, on 26/11/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Hotkey\Hotkey.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\Hotkey.exe O8 - Extra context menu item: Opslaan als... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (HKCU) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe O23 - Service: devolo Network Service (DevoloNetworkService) - devolo AG - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Intel® Extreme Tuning Utility (XTUService) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -- End of file - 12024 bytes