ComboFix 11-10-15.04 - Marc 15/10/2011 22:47:16.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.1978.1030 [GMT 2:00] Gestart vanuit: c:\users\Marc\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\eb.exe c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\energy.drv c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\energy.sys c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\exec.dll c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\fix.dll c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\FW.drv c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\grid.dll c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\PE.dll c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\PE.drv c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\PE.sys c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\sld.drv c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\SM.exe c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\SM.sys c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\std.dll c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\std.drv c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv c:\users\Marc\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))) . . 2011-10-15 20:54 . 2011-10-15 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-15 20:36 . 2011-10-15 20:36 -------- d-----w- c:\users\Marc\AppData\Roaming\Yahoo! 2011-10-15 18:43 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-10-15 18:43 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-10-15 18:43 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-10-15 18:43 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-10-15 18:43 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe 2011-10-15 18:43 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-10-15 18:43 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-10-15 18:43 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr 2011-10-15 18:43 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-10-15 18:43 . 2011-10-15 18:43 -------- d-----w- c:\programdata\AVAST Software 2011-10-15 18:43 . 2011-10-15 18:43 -------- d-----w- c:\program files\AVAST Software 2011-10-15 15:00 . 2011-10-15 15:00 -------- d-----w- c:\program files\CCleaner 2011-10-15 14:12 . 2011-10-15 14:12 -------- d-----w- c:\users\Marc\AppData\Roaming\Malwarebytes 2011-10-15 14:12 . 2011-10-15 14:12 -------- d-----w- c:\programdata\Malwarebytes 2011-10-15 14:12 . 2011-10-15 14:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-10-15 14:12 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-11 20:22 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-11 20:22 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-11 20:22 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-11 20:22 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-11 20:22 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-11 20:22 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-11 20:22 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-11 20:22 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-11 20:22 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-10 20:47 . 2011-10-10 20:47 -------- d-----w- c:\users\Marc\AppData\Local\Babylon 2011-10-10 20:47 . 2011-10-10 20:47 -------- d-----w- c:\users\Marc\AppData\Roaming\Babylon 2011-10-10 20:47 . 2011-10-10 20:47 -------- d-----w- c:\programdata\Babylon 2011-10-10 01:43 . 2011-10-10 01:43 -------- d-----w- c:\users\Marc\AppData\Local\Yahoo! 2011-10-10 01:43 . 2011-10-10 01:43 -------- d-----w- c:\programdata\Yahoo! 2011-10-10 01:40 . 2011-10-15 20:20 -------- d-----w- c:\program files (x86)\Yahoo! 2011-09-18 09:33 . 2011-10-10 01:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-21 15:22 . 2011-08-21 15:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-08-21 15:22 . 2011-08-21 15:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-08-21 15:22 . 2011-08-21 15:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-08-21 15:22 . 2011-08-21 15:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-08-21 15:22 . 2011-08-21 15:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-08-21 15:22 . 2011-08-21 15:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-08-21 15:22 . 2011-08-21 15:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-08-21 15:22 . 2011-08-21 15:22 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-08-21 15:22 . 2011-08-21 15:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-08-21 15:22 . 2011-08-21 15:22 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-08-21 15:22 . 2011-08-21 15:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-08-21 15:22 . 2011-08-21 15:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-08-21 15:22 . 2011-08-21 15:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-08-21 15:22 . 2011-08-21 15:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-08-21 15:22 . 2011-08-21 15:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-08-21 15:22 . 2011-08-21 15:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-08-21 15:22 . 2011-08-21 15:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-08-21 15:22 . 2011-08-21 15:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-08-21 15:22 . 2011-08-21 15:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-08-21 15:22 . 2011-08-21 15:22 222208 ----a-w- c:\windows\system32\msls31.dll 2011-08-21 15:22 . 2011-08-21 15:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-08-21 15:22 . 2011-08-21 15:22 12288 ----a-w- c:\windows\system32\mshta.exe 2011-08-21 15:22 . 2011-08-21 15:22 114176 ----a-w- c:\windows\system32\admparse.dll 2011-08-21 15:22 . 2011-08-21 15:22 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-08-21 15:22 . 2011-08-21 15:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-08-21 15:22 . 2011-08-21 15:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-08-21 15:22 . 2011-08-21 15:22 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-08-21 15:22 . 2011-08-21 15:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-08-21 15:22 . 2011-08-21 15:22 448512 ----a-w- c:\windows\system32\html.iec 2011-08-21 15:22 . 2011-08-21 15:22 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-08-21 15:22 . 2011-08-21 15:22 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-08-21 15:22 . 2011-08-21 15:22 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-21 15:22 . 2011-08-21 15:22 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-21 15:22 . 2011-08-21 15:22 160256 ----a-w- c:\windows\system32\wextract.exe 2011-08-21 15:22 . 2011-08-21 15:22 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-08-21 15:22 . 2011-08-21 15:22 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-08-21 15:13 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-08-21 15:13 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-21 6276408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-03-08 258560] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-04-14 600688] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 2 (0x2) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-20 135664] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336] R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-20 135664] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-03-17 866336] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-03-08 250368] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-10-15 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-14 19:29] . 2011-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-20 10:40] . 2011-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-20 10:40] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-15 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-15 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-15 365592] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-02-26 206208] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-03-17 860704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/intl/nl mStart Page = hxxp://www.yahoo.com/?ilc=8 mLocal Page = c:\windows\SysWOW64\blank.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 195.130.130.4 195.130.131.4 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-YInstHelper - c:\windows\system32\regsvr32 . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe . ************************************************************************** . Voltooingstijd: 2011-10-15 23:08:28 - machine werd herstart ComboFix-quarantined-files.txt 2011-10-15 21:08 . Pre-Run: 104.688.926.720 bytes beschikbaar Post-Run: 103.988.797.440 bytes beschikbaar . - - End Of File - - 8B2835DFFC1C2FE046BE4EBE2EC0B211