ComboFix 13-01-11.01 - FLORENT 11/01/2013 12:40:18.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.2815.1651 [GMT 1:00] Gestart vanuit: c:\users\FLORENT\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\FLORENT\AppData\Roaming\IlChoHPFkfgejVO.txt c:\users\FLORENT\AppData\Roaming\mQfMSltjPKLJOyr.txt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-11 to 2013-01-11 )))))))))))))))))))))))))))))) . . 2013-01-11 12:18 . 2013-01-11 12:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-11 11:30 . 2013-01-11 11:30 -------- d-----w- C:\Downloads 2013-01-11 11:30 . 2013-01-11 11:30 -------- d-----w- c:\users\FLORENT\AppData\Roaming\ProgSense 2013-01-11 11:30 . 2013-01-11 11:30 -------- d-----w- c:\program files (x86)\Orbitdownloader 2013-01-11 11:29 . 2013-01-11 11:32 -------- d-----w- c:\users\FLORENT\AppData\Roaming\Orbit 2013-01-11 11:22 . 2013-01-11 11:21 959976 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-11 11:22 . 2013-01-11 11:21 308200 ----a-w- c:\windows\system32\javaws.exe 2013-01-11 11:22 . 2013-01-11 11:21 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-11 11:21 . 2013-01-11 11:21 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-01-11 11:21 . 2013-01-11 11:21 188392 ----a-w- c:\windows\system32\javaw.exe 2013-01-11 11:21 . 2013-01-11 11:21 188392 ----a-w- c:\windows\system32\java.exe 2013-01-11 11:21 . 2013-01-11 11:21 -------- d-----w- c:\program files\Java 2013-01-11 11:16 . 2013-01-11 11:16 -------- d-----w- c:\windows\system32\SPReview 2013-01-09 19:01 . 2011-11-20 14:19 -------- d-----w- c:\users\FLORENT\AppData\Roaming\64 2013-01-09 18:59 . 2013-01-09 18:59 -------- d-----w- c:\program files\WinRAR 2013-01-09 18:44 . 2013-01-09 18:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-09 18:43 . 2013-01-09 18:43 -------- d-----w- c:\users\FLORENT\AppData\Local\Programs 2013-01-09 14:17 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 14:17 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-07 14:58 . 2013-01-07 14:58 -------- d-----w- c:\programdata\Spatial View 2013-01-07 14:58 . 2013-01-07 14:58 -------- d-----w- c:\program files (x86)\Spatial View 2012-12-21 15:49 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 15:49 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 15:49 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 15:49 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 22:08 . 2012-12-19 22:08 -------- d-----w- c:\users\FLORENT\AppData\Roaming\NVIDIA 2012-12-19 22:07 . 2012-12-19 22:07 -------- d-----w- c:\users\FLORENT\AppData\Local\Facebook 2012-12-12 17:44 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 17:44 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 17:42 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 17:42 . 2012-11-02 04:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-12 17:42 . 2012-09-06 17:38 295792 ----a-w- c:\windows\system32\drivers\volsnap.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 17:16 . 2010-07-04 07:34 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 19:10 . 2012-08-24 14:08 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 19:10 . 2011-07-18 12:17 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 15:49 . 2010-10-07 16:40 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:56 . 2013-01-09 14:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-08 17:11 . 2012-11-08 17:12 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-10-16 21:20 . 2012-11-28 13:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 21:20 . 2012-11-28 13:21 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 20:34 . 2012-11-28 13:21 559104 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-15 39408] "Facebook Update"="c:\users\FLORENT\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-19 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736] R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] R3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [x] R3 fsbl;F-Secure BlackLight Engine Driver;c:\program files (x86)\Telenet Security Pack\Anti-Virus\fsbldrv.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-25 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184] S3 csr_a2dp;Bluetooth AV-profiel;c:\windows\system32\drivers\bthav.sys [2009-12-21 78848] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Inhoud van de 'Gedeelde Taken' map . 2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 19:10] . 2013-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4245980706-884225907-2758223734-1000Core.job - c:\users\FLORENT\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-19 22:07] . 2013-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4245980706-884225907-2758223734-1000UA.job - c:\users\FLORENT\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-19 22:07] . 2013-01-11 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-06-25 20:22] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 21:36] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 21:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0813&m=imedia_s1300&r=173606104106pe4g5x1i5y45912574 mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0813&m=imedia_s1300&r=173606104106pe4g5x1i5y45912574 mLocal Page = c:\windows\SYSTEM32\blank.htm uInternet Settings,ProxyOverride = IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 195.130.130.132 195.130.131.132 FF - ProfilePath - c:\users\FLORENT\AppData\Roaming\Mozilla\Firefox\Profiles\g8zmwalp.default\ FF - prefs.js: network.proxy.type - 1 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Easy Driver Pro - c:\program files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe Wow6432Node-HKCU-Run-Easy Speed PC - c:\program files (x86)\Probit Software\Easy Speed PC\ESPCLauncher.exe Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe Toolbar-Locked - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-4245980706-884225907-2758223734-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-4245980706-884225907-2758223734-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-4245980706-884225907-2758223734-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-4245980706-884225907-2758223734-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-01-11 13:23:34 ComboFix-quarantined-files.txt 2013-01-11 12:23 . Pre-Run: 247.253.127.168 bytes beschikbaar Post-Run: 246.947.352.576 bytes beschikbaar . - - End Of File - - 1A187534BA29449929A2602C59DA8E2A