ComboFix 08-12-30.02 - Everaerts Johan 2008-12-31 9:28:50.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.510.196 [GMT 1:00] Running from: c:\documents and settings\Everaerts Johan\Bureaublad\ComboFix.exe Command switches used :: c:\documents and settings\Everaerts Johan\Bureaublad\ComboFix.exe AV: AVG 7.5.552 *On-access scanning disabled* (Outdated) * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\imgdoc2.dll c:\windows\Downloaded Program Files\setup.inf c:\windows\system32\open.ico D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FREEZESCREENSAVER -------\Service_FreezeScreenSaver ((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 ))))))))))))))))))))))))))))))) . 2008-12-30 15:33 . 2008-12-30 15:33 d-------- c:\documents and settings\Everaerts Johan\Bluetooth Software 2008-12-30 15:29 . 2007-11-30 07:25 81,200 -ra------ c:\windows\system32\drivers\btwavdt.sys 2008-12-30 15:29 . 2007-11-30 07:27 16,432 -ra------ c:\windows\system32\drivers\btwrchid.sys 2008-12-30 15:23 . 2008-12-30 15:23 d-------- c:\program files\WIDCOMM 2008-12-30 15:21 . 2008-04-14 19:03 153,088 --a------ c:\windows\system32\irftp.exe 2008-12-30 15:21 . 2008-04-14 19:03 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe 2008-12-30 15:21 . 2008-04-14 19:02 29,184 --a------ c:\windows\system32\irmon.dll 2008-12-30 15:21 . 2008-04-14 19:02 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll 2008-12-30 15:21 . 2008-04-14 19:02 8,192 --a------ c:\windows\system32\wshirda.dll 2008-12-30 15:21 . 2008-04-14 19:02 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll 2008-12-17 22:13 . 2008-12-17 22:13 2,688 --a------ c:\windows\system32\settings.aaw 2008-12-17 22:13 . 2008-12-17 22:13 1,008 --a------ c:\windows\system32\history.aaw 2008-12-17 20:00 . 2008-12-23 11:10 d-------- c:\program files\LimeWire 2008-12-17 17:36 . 2008-12-30 21:39 dr-h----- c:\documents and settings\Everaerts Johan\Onlangs geopend 2008-12-06 20:30 . 2008-12-06 20:30 d-------- c:\documents and settings\All Users\Application Data\Playrix Entertainment 2008-12-05 23:54 . 2008-12-05 23:54 d-------- c:\program files\Enigma Software Group 2008-12-04 18:15 . 2008-12-04 18:15 d-------- c:\program files\Imikimi 2008-11-29 09:14 . 2008-11-29 09:14 d-------- c:\documents and settings\All Users\Application Data\2A278 2008-11-29 09:05 . 2008-09-25 14:20 483,328 --a------ c:\windows\system32\actskn45.ocx 2008-11-12 12:58 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 12:58 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-11 13:11 . 2008-11-11 13:11 d-------- c:\documents and settings\Everaerts Johan\Application Data\RealArcade 2008-11-10 22:20 . 2008-11-10 22:20 d-------- c:\program files\CodeStuff 2008-11-10 14:53 . 2008-11-10 20:44 d-------- c:\program files\Panda Security 2008-11-08 13:46 . 2008-12-05 12:06 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-08 13:46 . 2008-11-08 13:46 d-------- c:\documents and settings\Everaerts Johan\Application Data\Malwarebytes 2008-11-08 13:46 . 2008-11-08 13:46 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-08 13:46 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-08 13:46 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-08 13:43 . 2008-11-08 13:45 d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-08 13:18 . 2008-11-08 13:48 d-------- c:\program files\SpywareBlaster . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-31 08:37 --------- d-----w c:\program files\SpywareGuard 2008-12-31 08:18 --------- d-----w c:\documents and settings\Everaerts Johan\Application Data\AVG7 2008-12-30 14:50 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-23 10:28 --------- d-----w c:\documents and settings\Everaerts Johan\Application Data\LimeWire 2008-12-18 20:22 --------- d-----w c:\program files\Google 2008-12-06 19:30 --------- d-----w c:\documents and settings\Everaerts Johan\Application Data\Zylom 2008-12-06 19:28 --------- d-----w c:\program files\Zylom Games 2008-11-09 17:39 --------- d-----w c:\program files\PC Tune-Up 2008-11-08 16:39 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-08 16:36 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-08 12:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-08 12:43 --------- d-----w c:\program files\Lavasoft 2008-11-08 12:43 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-08 11:53 --------- d-----w c:\documents and settings\Everaerts Johan\Application Data\Lavasoft 2007-12-07 15:30 66,880 ----a-w c:\documents and settings\Everaerts Johan\Application Data\GDIPFONTCACHEV1.DAT 2007-06-26 17:13 47,360 ----a-w c:\documents and settings\Everaerts Johan\Application Data\pcouffin.sys 2006-03-07 16:17 1,236,202 ----a-w c:\program files\Uninst.isu 2007-01-28 19:15 88 --sh--r c:\windows\system32\DACD435770.sys 2008-01-31 09:31 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-07-22 03:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008072220080723\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 590848] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-11 219136] c:\documents and settings\Everaerts Johan\Menu Start\Programma's\Opstarten\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-06-07 553021] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.mxmc"= MimicICM.DLL "MSACM.CEGSM"= mobilev.acm HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys [] S3 iAimFP8;iAimFP8;c:\windows\system32\DRIVERS\wADV11nt.sys [2005-11-20 11935] S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\DRIVERS\LNE100V5.sys [2008-03-02 36224] . Contents of the 'Scheduled Tasks' folder 2008-12-30 c:\windows\Tasks\AE0F1A95918C8B59.job - c:\docume~1\everae~1\applic~1\bookwa~1\Two Hide Bold.exe [] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-CTFMON - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hln.be/ mWindow Title = Microsoft Internet Explorer uInternet Settings,ProxyOverride = localhost IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm c:\windows\Downloaded Program Files\tra2_4_0.rc - c:\windows\Downloaded Program Files\PIXACODnDUpload.ocx O16 -: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} hxxp://www.pixaco.be/static/download/pixacodndupload.cab c:\windows\Downloaded Program Files\PIXACODnDUpload.inf c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.extrafilm.be/ImageUploader5.cab c:\windows\Downloaded Program Files\ImageUploader5.inf O16 -: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab c:\windows\Downloaded Program Files\imikimi_cab.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-31 09:37:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*] @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 "*"=dword:00000004 [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*] @Security="Inherited" "*"=dword:00000004 [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\.Default\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Ding.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\AppGPFault\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\CCSelect\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\Close\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Accu bijna leeg.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\DeviceConnect\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Hardware aangesloten.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Hardware verwijderd.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\DeviceFail\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Hardwarefout.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\InternetAlert\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Accu raakt leeg.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\MailBeep\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Waarschuwen.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\Maximize\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\MenuCommand\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\MenuPopup\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\Minimize\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\Open\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\PrintComplete\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\RestoreDown\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\RestoreUp\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\ShowBand\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\SystemAsterisk\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Fout.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\SystemExclamation\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Uitroep.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\SystemExit\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Afsluiten.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\SystemHand\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Kritieke stop.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\SystemNotification\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Ballon.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\SystemQuestion\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\SystemStart\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Opstarten.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\WindowsLogoff\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Afmelden.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\.Default\WindowsLogon\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Aanmelden.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\Conf\Gesprek ontvangen\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="RingIn.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\Conf\Persoon neemt deel\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="c:\\Program Files\\NetMeeting\\Blip.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\Conf\Persoon vertrekt\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="c:\\Program Files\\NetMeeting\\Blip.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\Conf\Verzoek tot deelname ontvangen\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="RingIn.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\Explorer\BlockedPopup\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="Windows XP Pop-up Blocked.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Recyclen.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\Explorer\Navigating\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @=expand:"%SystemRoot%\\media\\Windows XP Starten.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\Explorer\SecurityBand\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="Windows XP Information Bar.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="c:\\Program Files\\Messenger\\online.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="c:\\Program Files\\Messenger\\newalert.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="c:\\Program Files\\Messenger\\newemail.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="c:\\Program Files\\Messenger\\type.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\MSNMSGR\MSNMSGR_Buzz\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="c:\\Program Files\\MSN Messenger\\nudge.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\MSNMSGR\MSNMSGR_ContactOnline\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="c:\\Program Files\\MSN Messenger\\online.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\MSNMSGR\MSNMSGR_NewAlert\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="c:\\Program Files\\MSN Messenger\\newalert.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\MSNMSGR\MSNMSGR_NewMail\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="c:\\Program Files\\MSN Messenger\\newemail.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\MSNMSGR\MSNMSGR_NewMessage\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="c:\\Program Files\\MSN Messenger\\type.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\MSNMSGR\MSNMSGR_NewSMSMessage\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="c:\\Program Files\\MSN Messenger\\ring.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\MSNMSGR\MSNMSGR_PhoneRing\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="c:\\Program Files\\MSN Messenger\\phone.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Apps\MSNMSGR\MSNMSGR_VoiceIMFinished\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security="Inherited" @="c:\\Program Files\\MSN Messenger\\vimdone.wav" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\AppEvents\Schemes\Names\M*NULL*s*NULL*n*NULL*0*NULL*H] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) @="Msn" [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*] @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL) @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (LocalSystem) @Allowed: (Full) (Administrators) @Allowed: (Full) (Administrators) @Allowed: (Read) (S-1-5-12) @Allowed: (Read) (S-1-5-12) "*"=dword:00000004 [HKEY_USERS\S-1-5-21-2025429265-113007714-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*] @Security="Inherited" "*"=dword:00000004 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}] @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 @Denied: (A 2) (Everyone) @Denied: (A 2) (S-1-5-7) @Allowed: (Full) (S-1-5-21-2025429265-113007714-1957994488-1003) @="FlashProp Class" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*] @Owner=S-1-5-21-2025429265-113007714-1957994488-1003 "*"=dword:00000004 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*] @Security="Inherited" "*"=dword:00000004 . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\rundll32.exe c:\progra~1\Grisoft\AVG7\avgamsvr.exe c:\progra~1\Grisoft\AVG7\avgupsvc.exe c:\progra~1\Grisoft\AVG7\avgemc.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PSIService.exe c:\program files\SpywareGuard\sgbhp.exe . ************************************************************************** . Completion time: 2008-12-31 9:43:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-31 08:43:01 Pre-Run: 13.878.071.296 bytes beschikbaar Post-Run: 13,950,562,304 bytes beschikbaar 675 --- E O F --- 2008-12-19 11:31:53