ComboFix 12-12-28.01 - Brian 28-12-2012 12:13:53.14.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2636 [GMT 1:00] Gestart vanuit: c:\users\Brian\Desktop\ComboFix.exe AV: McAfee Antivirus en antispyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Antivirus en antispyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))) . . 2012-12-28 11:18 . 2012-12-28 11:18 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-12-28 11:18 . 2012-12-28 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-21 00:27 . 2012-12-21 00:29 -------- d-----r- c:\users\Brian\SkyDrive 2012-12-21 00:27 . 2012-12-21 00:27 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive 2012-12-21 00:27 . 2012-12-21 00:27 -------- d-----w- c:\programdata\Microsoft SkyDrive 2012-12-20 19:17 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-20 19:17 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-20 19:17 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-20 19:17 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 23:07 . 2012-12-19 23:10 -------- d-----w- c:\program files\Recuva 2012-12-18 18:29 . 2012-12-18 18:30 -------- d-----w- c:\users\Brian\AppData\Roaming\BitComet 2012-12-18 18:25 . 2012-12-18 18:25 -------- d-----w- C:\Downloads 2012-12-17 18:00 . 2012-12-17 18:00 388096 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-17 18:00 . 2012-12-17 18:00 -------- d-----w- c:\program files (x86)\Trend Micro 2012-12-15 01:37 . 2012-12-15 01:37 -------- d-----w- c:\program files (x86)\Auslogics 2012-12-13 02:54 . 2012-12-13 02:54 -------- d-----w- c:\program files (x86)\ESET 2012-12-13 02:18 . 2012-12-13 02:18 -------- d-----w- c:\program files\Macrium 2012-12-13 02:16 . 2012-12-13 02:16 308200 ----a-w- c:\windows\system32\javaws.exe 2012-12-13 02:16 . 2012-12-13 02:16 188392 ----a-w- c:\windows\system32\javaw.exe 2012-12-13 02:16 . 2012-12-13 02:16 188392 ----a-w- c:\windows\system32\java.exe 2012-12-13 02:16 . 2012-12-13 02:16 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-12-13 02:16 . 2012-12-13 02:16 -------- d-----w- c:\program files\Java 2012-12-12 19:59 . 2012-12-12 19:59 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft 2012-12-12 19:59 . 2012-12-12 19:59 -------- d-----w- c:\program files (x86)\DVDVideoSoft 2012-12-12 00:58 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-12 00:58 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-12-12 00:58 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-12-12 00:56 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 00:56 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 00:56 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-10 18:12 . 2012-12-10 18:12 13504 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys 2012-12-10 18:11 . 2012-12-10 18:11 57024 ----a-w- c:\windows\system32\drivers\psmounterex.sys 2012-12-08 01:10 . 2012-12-08 01:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-05 21:36 . 2012-12-05 21:36 -------- d-----w- c:\programdata\{26D901A1-2540-4430-81DC-0317F01BD7BE} 2012-12-05 21:35 . 2012-12-05 21:36 -------- d-----w- c:\programdata\{B7FA0661-862B-4AE4-A12A-F08D226ED546} 2012-12-05 18:15 . 2012-12-05 18:16 -------- d-----w- c:\users\Brian\AppData\Roaming\Creative 2012-12-05 18:07 . 2012-12-05 18:07 -------- d-----w- c:\programdata\Creative 2012-12-05 18:07 . 2012-12-05 21:36 -------- d-----w- c:\program files (x86)\Creative 2012-11-29 01:11 . 2012-11-29 01:11 -------- d-----w- c:\program files\Soluto 2012-11-28 22:45 . 2012-11-28 22:45 -------- d-----w- C:\McAfee . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 15:49 . 2012-11-04 19:01 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 02:16 . 2012-09-14 16:51 959976 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-13 02:16 . 2012-09-14 16:51 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-13 02:13 . 2012-09-14 16:50 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-13 02:13 . 2012-09-14 16:50 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 00:59 . 2012-09-14 15:19 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-27 16:46 . 2012-11-26 20:34 82816 ----a-w- c:\users\Brian\AppData\Roaming\pcouffin.sys 2012-11-21 11:42 . 2012-09-20 22:47 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys 2012-11-10 23:57 . 2012-11-10 23:57 25216 ----a-w- c:\windows\system32\drivers\droidcam.sys 2012-11-09 05:40 . 2012-09-14 22:26 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 05:37 . 2012-06-22 05:38 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 05:37 . 2012-09-14 15:48 177680 ----a-w- c:\windows\system32\mfevtps.exe 2012-11-09 05:36 . 2012-09-14 22:26 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-11-09 05:36 . 2012-09-14 22:26 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-11-09 05:35 . 2012-06-22 05:36 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 05:34 . 2012-09-14 22:26 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 05:34 . 2012-09-14 22:26 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 05:33 . 2012-06-22 05:34 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-10-17 20:35 . 2012-10-17 20:35 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-17 20:35 . 2012-09-14 16:53 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-17 20:35 . 2012-09-14 16:53 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-16 08:38 . 2012-11-28 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-13 19:19 . 2012-10-13 19:19 574 ----a-w- C:\cleanup.bat 2012-10-09 18:17 . 2012-11-17 01:27 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-17 01:27 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-17 01:27 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-17 01:27 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 22:33 . 2012-10-04 22:33 53248 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-10-04 16:40 . 2012-12-12 00:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-17 01:27 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-17 01:27 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-17 01:27 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-17 01:27 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-17 01:27 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-17 01:27 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-17 01:27 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-17 01:27 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-17 01:27 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-17 01:27 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-17 01:27 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488] WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) "UacDisableNotify"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 ctredr15.sys;ctredr15.sys;c:\windows\system32\drivers\ctredr15.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-23 203264] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\test programma's\BitComet\tools\BitCometService.exe [2010-12-28 1296728] R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000] R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2012-11-10 25216] R3 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-14 1255736] R4 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528] R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-09-22 56016] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776] S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-11-21 54728] S2 MBAMScheduler;MBAMScheduler;c:\test programma's\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\test programma's\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680] S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2012-12-10 301760] S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [2012-11-21 182840] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-11-21 644152] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048] S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672] S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 02:13] . 2012-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4085980671-1877415730-1580475011-1000Core.job - c:\users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-21 22:24] . 2012-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4085980671-1877415730-1580475011-1000UA.job - c:\users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-21 22:24] . 2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-14 16:29] . 2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-14 16:29] . 2012-12-26 c:\windows\Tasks\HPCeeScheduleForBRIAN-PC$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-12-20 c:\windows\Tasks\HPCeeScheduleForBrian.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096] "Soluto"="c:\program files\soluto\soluto.exe" [2012-11-21 1278008] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Free YouTube Download - c:\users\Brian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-RunOnce-Z1 - c:\users\Brian\Desktop\mbar\mbar.exe Wow6432Node-HKLM-RunOnce-1 - c:\users\Brian\Desktop\mbam-chameleon.exe AddRemove-Fences - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe AddRemove-{D40EB009-0499-459c-A8AF-C9C110766215} - c:\program files (x86)\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-4085980671-1877415730-1580475011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-4085980671-1877415730-1580475011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*] "v5Licence0"="15-BDQC-7UK5-EXJX-PX69-4H1M-NKYDU2H" "Activated"="N" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-12-28 12:20:36 ComboFix-quarantined-files.txt 2012-12-28 11:20 . Pre-Run: 1.438.312.701.952 bytes beschikbaar Post-Run: 1.438.017.990.656 bytes beschikbaar . - - End Of File - - 040FC1CEAB796AF98D9944A1CAB90744