Ga naar inhoud

Directx error


Charlie Rochester

Aanbevolen berichten

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

  • Reacties 57
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Nu kan ik enkel nog werken in veilige modus. Het wordt blijkbaar erger telkens als dit voorkomt.

ComboFix 12-11-27.01 - Charlie 28/11/2012 6:40.1.8 - x64 NETWORK

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.16361.15062 [GMT 1:00]

Gestart vanuit: c:\users\Charlie\Desktop\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Vid-Saver

c:\program files (x86)\Vid-Saver\Vid-Saver.dll

c:\program files (x86)\Vid-Saver\Vid-Saver.exe

c:\program files (x86)\Vid-Saver\Vid-Saver.ico

c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe

c:\programdata\go_0molg.pad

c:\windows\SysWow64\spool\prtprocs\w32x86\ppbiPr.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-28 to 2012-11-28 ))))))))))))))))))))))))))))))

.

.

2012-11-28 05:48 . 2012-11-28 05:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-28 05:29 . 2012-11-28 05:29 -------- d-----w- c:\windows\system32\wbem\repository

2012-11-27 04:36 . 2012-11-28 05:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22816C84-B77E-491D-B066-FAE021052DE4}\offreg.dll

2012-11-25 06:40 . 2012-11-25 06:40 388096 ----a-r- c:\users\Charlie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-25 06:40 . 2012-11-25 06:40 -------- d-----w- c:\program files (x86)\Trend Micro

2012-11-20 04:59 . 2011-02-17 17:26 81920 ----a-w- c:\windows\eSellerateControl350.dll

2012-11-20 04:59 . 2011-02-17 17:26 356352 ----a-w- c:\windows\eSellerateEngine.dll

2012-11-20 04:59 . 2012-11-20 07:25 -------- d-----w- c:\program files (x86)\Trojan . Shutdown Removal Tool [1]

2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\programdata\Uniblue

2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\users\Charlie\AppData\Roaming\Uniblue

2012-11-15 23:37 . 2012-11-15 23:37 -------- d-----w- c:\program files\ESET

2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\programdata\ParetoLogic

2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\ParetoLogic

2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic

2012-11-12 20:26 . 2012-11-12 20:26 -------- d-----w- c:\programdata\Cached Installations

2012-11-09 07:00 . 2012-11-09 07:00 -------- d-----w- c:\users\Charlie\AppData\Local\ElevatedDiagnostics

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-13 00:43 . 2012-10-13 00:45 8192 ----a-w- c:\windows\SysWow64\srvany.exe

2012-10-09 01:33 . 2012-04-12 16:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 01:33 . 2012-01-24 19:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 01:33 . 2012-10-09 01:33 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-09-29 17:54 . 2012-07-07 09:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 15:25 . 2012-09-25 15:25 280 ----a-w- c:\windows\system32\Backup.reg

2012-09-25 15:07 . 2011-03-13 17:30 14848 ----a-w- c:\windows\system32\slwga.dll

2012-09-25 15:07 . 2011-03-13 17:29 419840 ----a-w- c:\windows\system32\systemcpl.dll

2012-09-25 15:07 . 2011-03-13 17:28 13824 ----a-w- c:\windows\SysWow64\slwga.dll

2012-09-24 23:46 . 2012-09-24 23:46 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll

2012-09-24 23:46 . 2012-09-24 23:46 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll

2012-09-24 13:32 . 2012-09-17 18:13 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-24 13:32 . 2011-12-28 20:13 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-20 12:45 . 2012-09-20 12:45 47168 ----a-w- c:\windows\system32\drivers\SaiU0CCB.sys

2012-09-20 12:45 . 2012-09-20 12:45 180544 ----a-w- c:\windows\system32\drivers\SaiK0CCB.sys

2012-09-13 05:14 . 2012-10-01 04:26 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-09-13 05:13 . 2012-09-13 05:13 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-09-13 05:13 . 2012-10-01 04:26 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-09-13 05:13 . 2012-09-13 05:13 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2012-09-13 05:13 . 2012-09-13 05:13 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-2-16 3077120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"UpdReg"=c:\windows\UpdReg.EXE

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 139704]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-13 237400]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-10 2326920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]

R2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768]

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-24 163888]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-03-24 810120]

R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-03-24 50600]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]

R2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048]

R2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-28 2656280]

R2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]

R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-10 250400]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-06 174168]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-03-13 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-03-13 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-03-13 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-03-13 117248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-10-20 1307648]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2012-01-10 1455648]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2012-09-20 180544]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2012-09-20 47168]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-13 146264]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:33]

.

2012-11-13 c:\windows\Tasks\ParetoLogic Registration.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2012-11-13 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]

"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-06 84744]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1931024]

"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-20 8151040]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2839840]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.be/

mLocal Page = c:\windows\SYSTEM32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Opslaan als... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - ExtSQL: 2012-10-23 04:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: 2012-11-14 05:46; 50a324dda9d09@50a324dda9d42.com; c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\extensions\50a324dda9d09@50a324dda9d42.com.xpi

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)

ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)

ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)

ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]

@Denied: (2) (LocalSystem)

@SACL=

"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"

"DataDir"="ESET\\ESET Smart Security\\"

"EditionName"="BUSINESS EDITION"

"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"

"LanguageId"=dword:00000409

"PackageTag"=dword:6090e758

"ProductBase"=dword:00000001

"ProductCode"="{6D939834-A2F5-4EB3-AB04-5F9693942CE0}"

"ProductName"="ESET Smart Security"

"ProductType"="essbe"

"ProductVersion"="4.2.40.0"

"UniqueId"="000311AC4ECEB855"

"ScannerBuild"=dword:000030d1

"ScannerVersionId"=dword:00001e09

"ScannerVersion"="Locked/open ESET for status."

"ei2"=hex(B):de,df,c6,3c,e3,a2,d5,3c

"ei1"=hex(B):00,90,f5,bf,21,0e,00,00

"ei3"=hex(B):40,7a,a5,50,00,00,00,00

"ei4"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-11-28 06:50:42

ComboFix-quarantined-files.txt 2012-11-28 05:50

.

Pre-Run: 10.127.708.160 bytes beschikbaar

Post-Run: 10.586.882.048 bytes beschikbaar

.

- - End Of File - - A1FA5637436097E5F60E6EE3E9DC6C13

Link naar reactie
Delen op andere sites

Er was even hoop als ik mijn pc heropstarte, hij herstarte niet, er waren enkel flikkerende beelden met kleuren

en zwarte schermen, zoals het normaal begon als hij herstarte. Ik heb nogmaals combofix gedaan in

normale modus, zie log onderaan. Na het opstarten, drukte ik op prullenmand, hij herstarte wel niet, maar

het beeld verdween. Weer veilige modus herstart, de hele pc sloot gewoon volledig af, geen herstarting, en na

het opstarten kreeg ik geen bios meer, even paniek, ik wist niet dat veilige modus kon worden aangetast.

Wat er wel gebeurde, was één biep geluid.

Weer hestart en dan kwam er wel veilige modus, weer één biep. Wat een vervelende virus.

Ik zou wel eens zeer grondig mijn d schijf willen kunnen scannen om zeker te zijn dat dit toch geen problemen

meer veroorzaakt, maar eset en malwarebytes vinden niets, maar kunnen sommige bestanden blijkbaar ook niet

openen, wat doe ik daar dan mee. Ik download regelmatig zaken waarvan ik moeilijk kan weten of er een virus inzit, hoe kan ik voorkomen dat mijn computer nog zo geinfecteerd wordt. Ik heb nu al 2 virusscanners, maar dit is blijkbaar niet genoeg.

ComboFix 12-11-27.01 - Charlie 28/11/2012 7:27.2.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.16361.14181 [GMT 1:00]

Gestart vanuit: c:\users\Charlie\Desktop\ComboFix.exe

AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\box.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-28 to 2012-11-28 ))))))))))))))))))))))))))))))

.

.

2012-11-28 06:38 . 2012-11-28 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-28 06:21 . 2012-11-28 06:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22816C84-B77E-491D-B066-FAE021052DE4}\offreg.dll

2012-11-28 05:29 . 2012-11-28 06:20 -------- d-----w- c:\windows\system32\wbem\repository

2012-11-25 06:40 . 2012-11-25 06:40 388096 ----a-r- c:\users\Charlie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-25 06:40 . 2012-11-25 06:40 -------- d-----w- c:\program files (x86)\Trend Micro

2012-11-20 04:59 . 2011-02-17 17:26 81920 ----a-w- c:\windows\eSellerateControl350.dll

2012-11-20 04:59 . 2011-02-17 17:26 356352 ----a-w- c:\windows\eSellerateEngine.dll

2012-11-20 04:59 . 2012-11-20 07:25 -------- d-----w- c:\program files (x86)\Trojan . Shutdown Removal Tool [1]

2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\programdata\Uniblue

2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\users\Charlie\AppData\Roaming\Uniblue

2012-11-15 23:37 . 2012-11-15 23:37 -------- d-----w- c:\program files\ESET

2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\programdata\ParetoLogic

2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\ParetoLogic

2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic

2012-11-12 20:26 . 2012-11-12 20:26 -------- d-----w- c:\programdata\Cached Installations

2012-11-09 07:00 . 2012-11-09 07:00 -------- d-----w- c:\users\Charlie\AppData\Local\ElevatedDiagnostics

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-13 00:43 . 2012-10-13 00:45 8192 ----a-w- c:\windows\SysWow64\srvany.exe

2012-10-09 01:33 . 2012-04-12 16:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 01:33 . 2012-01-24 19:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 01:33 . 2012-10-09 01:33 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-09-29 17:54 . 2012-07-07 09:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 15:25 . 2012-09-25 15:25 280 ----a-w- c:\windows\system32\Backup.reg

2012-09-25 15:07 . 2011-03-13 17:30 14848 ----a-w- c:\windows\system32\slwga.dll

2012-09-25 15:07 . 2011-03-13 17:29 419840 ----a-w- c:\windows\system32\systemcpl.dll

2012-09-25 15:07 . 2011-03-13 17:28 13824 ----a-w- c:\windows\SysWow64\slwga.dll

2012-09-24 23:46 . 2012-09-24 23:46 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll

2012-09-24 23:46 . 2012-09-24 23:46 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll

2012-09-24 13:32 . 2012-09-17 18:13 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-24 13:32 . 2011-12-28 20:13 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-20 12:45 . 2012-09-20 12:45 47168 ----a-w- c:\windows\system32\drivers\SaiU0CCB.sys

2012-09-20 12:45 . 2012-09-20 12:45 180544 ----a-w- c:\windows\system32\drivers\SaiK0CCB.sys

2012-09-13 05:14 . 2012-10-01 04:26 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-09-13 05:13 . 2012-09-13 05:13 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-09-13 05:13 . 2012-10-01 04:26 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-09-13 05:13 . 2012-09-13 05:13 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2012-09-13 05:13 . 2012-09-13 05:13 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-2-16 3077120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"UpdReg"=c:\windows\UpdReg.EXE

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-03-13 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-03-13 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-03-13 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-03-13 117248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2012-01-10 1455648]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 139704]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-13 237400]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-10 2326920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]

S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-24 163888]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-03-24 810120]

S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-03-24 50600]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]

S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048]

S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-28 2656280]

S2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-10 250400]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-06 174168]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2012-09-20 180544]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2012-09-20 47168]

S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-10-20 1307648]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-13 146264]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:33]

.

2012-11-13 c:\windows\Tasks\ParetoLogic Registration.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2012-11-13 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]

"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-06 84744]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1931024]

"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-20 8151040]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2839840]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.be/

mLocal Page = c:\windows\SYSTEM32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Opslaan als... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - ExtSQL: 2012-10-23 04:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: 2012-11-14 05:46; 50a324dda9d09@50a324dda9d42.com; c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\extensions\50a324dda9d09@50a324dda9d42.com.xpi

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)

ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)

ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)

ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]

@Denied: (2) (LocalSystem)

@SACL=

"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"

"DataDir"="ESET\\ESET Smart Security\\"

"EditionName"="BUSINESS EDITION"

"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"

"LanguageId"=dword:00000409

"PackageTag"=dword:6090e758

"ProductBase"=dword:00000001

"ProductCode"="{6D939834-A2F5-4EB3-AB04-5F9693942CE0}"

"ProductName"="ESET Smart Security"

"ProductType"="essbe"

"ProductVersion"="4.2.40.0"

"UniqueId"="000311AC4ECEB855"

"ScannerBuild"=dword:000030d1

"ScannerVersionId"=dword:00001e09

"ScannerVersion"="Locked/open ESET for status."

"ei2"=hex(B):de,df,c6,3c,e3,a2,d5,3c

"ei1"=hex(B):00,90,f5,bf,21,0e,00,00

"ei3"=hex(B):40,7a,a5,50,00,00,00,00

"ei4"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-11-28 07:42:11

ComboFix-quarantined-files.txt 2012-11-28 06:42

ComboFix2.txt 2012-11-28 05:50

.

Pre-Run: 10.926.440.448 bytes beschikbaar

Post-Run: 10.908.811.264 bytes beschikbaar

.

- - End Of File - - 27FB05461EA7DF8AB9F7B4E6F2074D76

Link naar reactie
Delen op andere sites

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\SysWow64\srvany.exe

Firefox::

FF - prefs.js: browser.search.selectedEngine -

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites

Tijdens deze actie heeft combofix een update gedaan, ik veronderstel dat dit de actie niet heeft beinvloed.

Ik probeer deze maal mijn pc niet uit in gewone modus omdat ik het gevoel heb dat het steeds

slechter gaat als deze virus in actie komt. U mag mij anders zeggen of dit toch geen kwaad kan of wanneer ik

het wel mag uitproberen.

ComboFix 12-11-28.02 - Charlie 29/11/2012 7:30.3.8 - x64 NETWORK

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.16361.15018 [GMT 1:00]

Gestart vanuit: c:\users\Charlie\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Charlie\Desktop\CFScript.txt

AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

FILE ::

"c:\windows\SysWow64\srvany.exe"

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-28 to 2012-11-29 ))))))))))))))))))))))))))))))

.

.

2012-11-29 06:38 . 2012-11-29 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-29 05:45 . 2012-11-29 05:45 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22816C84-B77E-491D-B066-FAE021052DE4}\offreg.dll

2012-11-28 05:29 . 2012-11-29 05:45 -------- d-----w- c:\windows\system32\wbem\repository

2012-11-25 06:40 . 2012-11-25 06:40 388096 ----a-r- c:\users\Charlie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-25 06:40 . 2012-11-25 06:40 -------- d-----w- c:\program files (x86)\Trend Micro

2012-11-20 04:59 . 2011-02-17 17:26 81920 ----a-w- c:\windows\eSellerateControl350.dll

2012-11-20 04:59 . 2011-02-17 17:26 356352 ----a-w- c:\windows\eSellerateEngine.dll

2012-11-20 04:59 . 2012-11-20 07:25 -------- d-----w- c:\program files (x86)\Trojan . Shutdown Removal Tool [1]

2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\programdata\Uniblue

2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\users\Charlie\AppData\Roaming\Uniblue

2012-11-15 23:37 . 2012-11-15 23:37 -------- d-----w- c:\program files\ESET

2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\programdata\ParetoLogic

2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\ParetoLogic

2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic

2012-11-12 20:26 . 2012-11-12 20:26 -------- d-----w- c:\programdata\Cached Installations

2012-11-09 07:00 . 2012-11-09 07:00 -------- d-----w- c:\users\Charlie\AppData\Local\ElevatedDiagnostics

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-13 00:43 . 2012-10-13 00:45 8192 ----a-w- c:\windows\SysWow64\srvany.exe

2012-10-09 01:33 . 2012-04-12 16:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 01:33 . 2012-01-24 19:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 01:33 . 2012-10-09 01:33 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-09-29 17:54 . 2012-07-07 09:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 15:25 . 2012-09-25 15:25 280 ----a-w- c:\windows\system32\Backup.reg

2012-09-25 15:07 . 2011-03-13 17:30 14848 ----a-w- c:\windows\system32\slwga.dll

2012-09-25 15:07 . 2011-03-13 17:29 419840 ----a-w- c:\windows\system32\systemcpl.dll

2012-09-25 15:07 . 2011-03-13 17:28 13824 ----a-w- c:\windows\SysWow64\slwga.dll

2012-09-24 23:46 . 2012-09-24 23:46 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll

2012-09-24 23:46 . 2012-09-24 23:46 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll

2012-09-24 13:32 . 2012-09-17 18:13 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-24 13:32 . 2011-12-28 20:13 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-20 12:45 . 2012-09-20 12:45 47168 ----a-w- c:\windows\system32\drivers\SaiU0CCB.sys

2012-09-20 12:45 . 2012-09-20 12:45 180544 ----a-w- c:\windows\system32\drivers\SaiK0CCB.sys

2012-09-13 05:14 . 2012-10-01 04:26 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-09-13 05:13 . 2012-09-13 05:13 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-09-13 05:13 . 2012-10-01 04:26 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-09-13 05:13 . 2012-09-13 05:13 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2012-09-13 05:13 . 2012-09-13 05:13 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-2-16 3077120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"UpdReg"=c:\windows\UpdReg.EXE

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 139704]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-13 237400]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-10 2326920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]

R2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768]

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-24 163888]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-03-24 810120]

R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-03-24 50600]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]

R2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048]

R2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-28 2656280]

R2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]

R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-10 250400]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-06 174168]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-03-13 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-03-13 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-03-13 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-03-13 117248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-10-20 1307648]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2012-01-10 1455648]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2012-09-20 180544]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2012-09-20 47168]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-13 146264]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:33]

.

2012-11-13 c:\windows\Tasks\ParetoLogic Registration.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2012-11-13 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]

"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-06 84744]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1931024]

"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-20 8151040]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2839840]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.be/

mLocal Page = c:\windows\SYSTEM32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Opslaan als... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - ExtSQL: 2012-10-23 04:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: 2012-11-14 05:46; 50a324dda9d09@50a324dda9d42.com; c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\extensions\50a324dda9d09@50a324dda9d42.com.xpi

.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)

ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)

ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)

ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]

@Denied: (2) (LocalSystem)

@SACL=

"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"

"DataDir"="ESET\\ESET Smart Security\\"

"EditionName"="BUSINESS EDITION"

"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"

"LanguageId"=dword:00000409

"PackageTag"=dword:6090e758

"ProductBase"=dword:00000001

"ProductCode"="{6D939834-A2F5-4EB3-AB04-5F9693942CE0}"

"ProductName"="ESET Smart Security"

"ProductType"="essbe"

"ProductVersion"="4.2.40.0"

"UniqueId"="000311AC4ECEB855"

"ScannerBuild"=dword:000030d1

"ScannerVersionId"=dword:00001e09

"ScannerVersion"="Locked/open ESET for status."

"ei2"=hex(B):de,df,c6,3c,e3,a2,d5,3c

"ei1"=hex(B):00,90,f5,bf,21,0e,00,00

"ei3"=hex(B):40,7a,a5,50,00,00,00,00

"ei4"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-11-29 07:40:46

ComboFix-quarantined-files.txt 2012-11-29 06:40

ComboFix2.txt 2012-11-28 05:50

.

Pre-Run: 10.989.416.448 bytes beschikbaar

Post-Run: 10.956.201.984 bytes beschikbaar

.

- - End Of File - - C802CCFDBF1597AED550CFF613667C30

Link naar reactie
Delen op andere sites

Probeer eens of je dit vetgedrukt bestand kan verwijderen: c:\windows\SysWow64\srvany.exe

Er was een foutje geslopen in het scriptje :sad

Open het scriptbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\SysWow64\srvany.exe

Firefox::

FF - ProfilePath - c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\

FF - prefs.js: browser.search.selectedEngine -

Sla de wijzigingen op en sluit bestand.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites

Het bestand, srvany.exe, heb ik kunnen verwijderen. Het vorige bestand was verdwenen na

het gebruiken ervan dus heb ik een nieuw gemaakt.

ComboFix 12-11-29.02 - Charlie 30/11/2012 6:16.4.8 - x64 NETWORK

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.16361.15028 [GMT 1:00]

Gestart vanuit: c:\users\Charlie\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Charlie\Desktop\CFScript.txt

AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

FILE ::

"c:\windows\SysWow64\srvany.exe"

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-28 to 2012-11-30 ))))))))))))))))))))))))))))))

.

.

2012-11-30 05:24 . 2012-11-30 05:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-30 04:54 . 2012-11-30 04:54 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22816C84-B77E-491D-B066-FAE021052DE4}\offreg.dll

2012-11-28 05:29 . 2012-11-30 04:54 -------- d-----w- c:\windows\system32\wbem\repository

2012-11-25 06:40 . 2012-11-25 06:40 388096 ----a-r- c:\users\Charlie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-25 06:40 . 2012-11-25 06:40 -------- d-----w- c:\program files (x86)\Trend Micro

2012-11-20 04:59 . 2011-02-17 17:26 81920 ----a-w- c:\windows\eSellerateControl350.dll

2012-11-20 04:59 . 2011-02-17 17:26 356352 ----a-w- c:\windows\eSellerateEngine.dll

2012-11-20 04:59 . 2012-11-20 07:25 -------- d-----w- c:\program files (x86)\Trojan . Shutdown Removal Tool [1]

2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\programdata\Uniblue

2012-11-16 05:17 . 2012-11-16 05:17 -------- d-----w- c:\users\Charlie\AppData\Roaming\Uniblue

2012-11-15 23:37 . 2012-11-15 23:37 -------- d-----w- c:\program files\ESET

2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\programdata\ParetoLogic

2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\ParetoLogic

2012-11-12 20:27 . 2012-11-12 20:27 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic

2012-11-12 20:26 . 2012-11-12 20:26 -------- d-----w- c:\programdata\Cached Installations

2012-11-09 07:00 . 2012-11-09 07:00 -------- d-----w- c:\users\Charlie\AppData\Local\ElevatedDiagnostics

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 01:33 . 2012-04-12 16:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 01:33 . 2012-01-24 19:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 01:33 . 2012-10-09 01:33 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-09-29 17:54 . 2012-07-07 09:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 15:25 . 2012-09-25 15:25 280 ----a-w- c:\windows\system32\Backup.reg

2012-09-25 15:07 . 2011-03-13 17:30 14848 ----a-w- c:\windows\system32\slwga.dll

2012-09-25 15:07 . 2011-03-13 17:29 419840 ----a-w- c:\windows\system32\systemcpl.dll

2012-09-25 15:07 . 2011-03-13 17:28 13824 ----a-w- c:\windows\SysWow64\slwga.dll

2012-09-24 23:46 . 2012-09-24 23:46 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll

2012-09-24 23:46 . 2012-09-24 23:46 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll

2012-09-24 13:32 . 2012-09-17 18:13 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-24 13:32 . 2011-12-28 20:13 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-20 12:45 . 2012-09-20 12:45 47168 ----a-w- c:\windows\system32\drivers\SaiU0CCB.sys

2012-09-20 12:45 . 2012-09-20 12:45 180544 ----a-w- c:\windows\system32\drivers\SaiK0CCB.sys

2012-09-13 05:14 . 2012-10-01 04:26 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-09-13 05:13 . 2012-09-13 05:13 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-09-13 05:13 . 2012-10-01 04:26 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-09-13 05:13 . 2012-09-13 05:13 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2012-09-13 05:13 . 2012-09-13 05:13 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-2-16 3077120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"UpdReg"=c:\windows\UpdReg.EXE

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 139704]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-13 237400]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-10 2326920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]

R2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768]

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-24 163888]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-03-24 810120]

R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-03-24 50600]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]

R2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048]

R2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-28 2656280]

R2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]

R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-10 250400]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-06 174168]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-03-13 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-03-13 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-03-13 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-03-13 117248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-10-20 1307648]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2012-01-10 1455648]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2012-09-20 180544]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2012-09-20 47168]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-13 146264]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:33]

.

2012-11-13 c:\windows\Tasks\ParetoLogic Registration.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2012-11-13 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2010-04-06 23:44 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]

"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-06 84744]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1931024]

"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-20 8151040]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2839840]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.be/

mLocal Page = c:\windows\SYSTEM32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Opslaan als... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - ExtSQL: 2012-10-23 04:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: 2012-11-14 05:46; 50a324dda9d09@50a324dda9d42.com; c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\p897q12k.default\extensions\50a324dda9d09@50a324dda9d42.com.xpi

.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)

ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)

ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)

ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]

@Denied: (2) (LocalSystem)

@SACL=

"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"

"DataDir"="ESET\\ESET Smart Security\\"

"EditionName"="BUSINESS EDITION"

"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"

"LanguageId"=dword:00000409

"PackageTag"=dword:6090e758

"ProductBase"=dword:00000001

"ProductCode"="{6D939834-A2F5-4EB3-AB04-5F9693942CE0}"

"ProductName"="ESET Smart Security"

"ProductType"="essbe"

"ProductVersion"="4.2.40.0"

"UniqueId"="000311AC4ECEB855"

"ScannerBuild"=dword:000030d1

"ScannerVersionId"=dword:00001e09

"ScannerVersion"="Locked/open ESET for status."

"ei2"=hex(B):de,df,c6,3c,e3,a2,d5,3c

"ei1"=hex(B):00,90,f5,bf,21,0e,00,00

"ei3"=hex(B):40,7a,a5,50,00,00,00,00

"ei4"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-11-30 06:26:40

ComboFix-quarantined-files.txt 2012-11-30 05:26

ComboFix2.txt 2012-11-28 05:50

.

Pre-Run: 11.001.360.384 bytes beschikbaar

Post-Run: 10.953.502.720 bytes beschikbaar

.

- - End Of File - - C655296E14F69BFB3159CD8D7AEC7A02

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.