ComboFix 13-10-09.01 - Feyenoord 10-10-2013 17:02:02.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3325.1122 [GMT 2:00] Gestart vanuit: c:\users\Feyenoord\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\eCover c:\program files\eCover\Changelog.txt c:\program files\eCover\Click.wav c:\program files\eCover\eCover.exe c:\program files\eCover\eCover.url c:\program files\eCover\en\eCover.resources.dll c:\program files\eCover\it\eCover.resources.dll c:\program files\eCover\unins000.dat c:\program files\eCover\unins000.exe c:\program files\TelevisionFanaticEI . . (((((((((((((((((((( Bestanden Gemaakt van 2013-09-10 to 2013-10-10 )))))))))))))))))))))))))))))) . . 2013-10-10 15:18 . 2013-10-10 15:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-10-10 15:18 . 2013-10-10 15:18 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-10-10 15:18 . 2013-10-10 15:18 -------- d-----w- c:\users\Manolo\AppData\Local\temp 2013-10-10 15:18 . 2013-10-10 15:18 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2013-10-10 15:18 . 2013-10-10 15:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-07 07:22 . 2013-10-07 06:48 24064 ----a-w- c:\windows\zoek-delete.exe 2013-10-07 07:22 . 2013-10-10 15:19 -------- d-----w- c:\users\Feyenoord\AppData\Local\Temp 2013-10-06 18:48 . 2013-10-06 18:48 -------- d-----w- c:\program files\Trusteer 2013-09-11 17:51 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll 2013-09-11 17:51 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys 2013-09-10 21:18 . 2013-09-10 21:18 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-10 07:38 . 2012-03-30 07:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-10 07:38 . 2011-06-26 10:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-07 07:28 . 2009-02-05 19:18 0 --sh--w- c:\windows\S20B5AF93.tmp 2013-08-12 08:08 . 2013-08-12 08:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-08-12 08:08 . 2012-07-12 11:13 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-08-12 08:08 . 2011-06-19 21:49 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-08-02 04:09 . 2013-08-28 08:11 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-17 19:41 . 2013-08-14 17:04 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-13 09:46 . 2012-08-13 09:46 473600 ----a-w- c:\program files\setup.exe 2012-08-13 09:46 . 2012-08-13 09:46 3162112 ----a-w- c:\program files\openofficeorg341.msi . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-05-08 18680424] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2013-03-22 248208] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-22 92704] "RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-22 13589024] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "FG_Monitor"="c:\program files\Folder Guard\FGKey.exe" [2009-01-30 132424] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux8"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Service Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino] 2006-06-27 18:54 49152 ----a-w- c:\windows\Domino.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323VMSnap] 2006-09-19 06:26 212992 ----a-w- c:\windows\VMSnap23.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] 2007-01-26 14:58 65536 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update] 2011-12-21 15:26 229376 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FG_Monitor] 2009-01-30 23:00 132424 ----a-w- c:\program files\Folder Guard\FGKey.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-10-08 23:19 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2007-01-29 20:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 03:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2013-04-04 12:50 887432 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2013-04-04 12:50 887432 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx] 2011-03-26 17:49 1900864 ----a-w- c:\program files\My Lockbox\mylbx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2007-01-29 20:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Device Listener] 2010-05-28 11:54 375296 ----a-w- c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder] 2007-02-01 12:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-02-24 09:57 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2013-03-22 04:07 248208 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService] 2008-10-14 01:52 180224 ----a-w- c:\program files\HomeCinema\TV Enhance\TVEService.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" "ehTray.exe"=c:\windows\ehome\ehTray.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x] R4 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-18 814344] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:38] . 2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 22:30] . 2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 22:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{51A33A03-DC72-49B6-AD87-E36794BCE57B}: NameServer = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\Feyenoord\AppData\Roaming\Mozilla\Firefox\Profiles\r7o7q07p.default\ FF - ExtSQL: !HIDDEN! 2009-06-26 16:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-10-10 17:19 Windows 6.0.6002 Service Pack 2 NTFS . detected NTDLL code modification: ZwClose . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-391695699-2751641936-1081476981-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24759709-3F5A-41F1-7561-BAE8E9E1B719}*] "bbbbondobklkppifegmkcoblonndbogmmlfp"=hex:61,62,67,6b,62,65,70,65,6a,69,69,6a, 6f,68,69,65,64,6e,70,6d,6c,61,65,64,62,6f,66,63,63,65,6b,6c,62,61,00,67 "abbbondobklkppifeglkdoggdjobfjbcoo"=hex:65,62,62,62,70,61,64,64,64,6d,63,6f, 62,67,6f,70,63,6f,63,68,6a,65,6f,6a,6c,63,6f,61,70,61,6a,6c,6e,65,6e,67,64,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) "AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\" "DataDir"="ESET\\ESET Smart Security\\" "EditionName"=" " "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\" "LanguageId"=dword:00000413 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000001 "ProductCode"="{AEDE69FF-2EFF-4EE8-9D6D-1A51F67A1563}" "ProductName"="ESET Smart Security" "ProductType"="ess" "ProductVersion"="4.0.474.0" "UniqueId"="000451794B7E5FCE" "ScannerBuild"=dword:000018d5 "ScannerVersionId"=dword:00001293 "ScannerVersion"="Open window for status." "FixId"=dword:00000009 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="40F648E2632B86F60D77C89E1B69465EAFAFCE5B67280D1FC981D8A9F25DACB70700E2F7E0DCE5A8139478C32D4528395C2DA868557DA2C4A67F336D57BAA293F6DE96F37F1D45523CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452A2D97226D213B555FE102628A46AED1D7A0502F1FDCDB719531A6C92DFC4CA7CB12DCAE11F33616FAD581B0386238D9A247A59AAF4F82BDE199277C006EFD9DBA665DFC94C6D124304F814231E1F3A7A1259C993EC6D5E9406B2272032BCE99116B9884268F976773BE7555C967FAAB107FBE70BE9432BCA875904BC61D6146CB22D5B25863A0BB8F0EA27F33C7B5E68A98D4EE39023B0C66A37179532FEB86F1696743F61A390E5A61E572401DB157C04101A67AD4F4F03645470A068087A50BA9F7351D43F8B14C1F1B69BFA01537C8558ED4E2F1A2FAB8B08A144EDDBC07904C8FC91E0A942098B2A987AE5DAE32FFE8EED48A769B824DB01425D4CF5368A3463B6272C1542C032DCD6581D71530B27AEC4F74F3A1B00B3C16DBAB5674B55F3964EAFFE475CEB45F8CDBF24DE723D1A0BA0F5801B498AD79FBFA17BD3B1DF50DCF1BCC597A3ECBB3BDDACA0CFD628D3C832CBB92F77BF6F44DDC9977361653906565312F46FDBEEB8EA13DA09D8DCB8DE2EF91EAE215205AC6D5FA51316D40334326C98E0DD031C59DE5743DE96268D1A51F1746304A709AB1982E4924DCFE5DDC175B1EE4D6363D726D5E9BC70817E1DD51BA72D22584FE6904638E5CBADFECE454EDAC9E2AF4C46315A06208C1C985B8050C600C1320D580534A91597774E25FECCB42E87503F06F427701B535DCD9D94E184626DB7DE4D2D47643E7CED39D3383904EDE5DF88CF69F227D5F1DC7681DB913970721DC4E6C4EE381009820621BAD133ECEE2E5BAF8B68CC0859E7CB77A5175D58E3CC221C8A1019CF115A622857464D2756BF4C855D24A602407DEB44C29C11DE18E4BC37BF839FD42B525FD861BC03271549D404E0B99EA41D53D97F08C19759A735C2D32C14858A33786FF2314EAB0FE63A52B3202EC2E7AFD07B98D09AD634F24440E51A812CF3488D6D90A1073D154BAE0671287B4653F7141C4D78AB5B6E994CAB32588197A24C0A941B92E75781867C17E9890F7C883A6CE834E272D21C04B95B523ABA70C1689804D0E6E7393121A90CA458CCE137815FF535745C0FE2DAAD0A349449800B859542C488EDC69668725377AD0912A61AA3B78E974D89800D7F569943BDB94FD41537DE60578B366AC6BF8DA60E50B194A7094FB99CDB424DB64619A51CAEF2C8DD2E5860F5B22AFC4984E7611B02C4C60C2ADCCB93C48A10133F1B1CDB186F18E9D840F98D0E1FB7D13CD90661B16449" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(972) c:\windows\System32\guard32.dll . - - - - - - - > 'lsass.exe'(856) c:\windows\System32\guard32.dll . Voltooingstijd: 2013-10-10 17:24:00 ComboFix-quarantined-files.txt 2013-10-10 15:23 . Pre-Run: 275.711.664.128 bytes beschikbaar Post-Run: 275.958.259.712 bytes beschikbaar . - - End Of File - - CEFB7B832B66C0E3E2BFC761CEEB9541 5C616939100B85E558DA92B899A0FC36