ComboFix 11-01-14.01 - Beheerder 15/01/2011 8:20.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.8187.6319 [GMT 1:00] Gestart vanuit: c:\users\Beheerder\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66} SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\prefs.js c:\program files (x86)\Dealio Toolbar c:\program files (x86)\Dealio Toolbar\IE\4.0.2\config.ini c:\program files (x86)\Dealio Toolbar\Res\amazon.gif c:\program files (x86)\Dealio Toolbar\Res\apple.gif c:\program files (x86)\Dealio Toolbar\Res\barnes.gif c:\program files (x86)\Dealio Toolbar\Res\bestbuy.gif c:\program files (x86)\Dealio Toolbar\Res\dealio_logo.gif c:\program files (x86)\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files (x86)\Dealio Toolbar\Res\ebay.gif c:\program files (x86)\Dealio Toolbar\Res\icon_settings.gif c:\program files (x86)\Dealio Toolbar\Res\macys.gif c:\program files (x86)\Dealio Toolbar\Res\newegg.gif c:\program files (x86)\Dealio Toolbar\Res\overstock.gif c:\program files (x86)\Dealio Toolbar\Res\search-button-hover.gif c:\program files (x86)\Dealio Toolbar\Res\search-button.gif c:\program files (x86)\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files (x86)\Dealio Toolbar\Res\search-chevron.gif c:\program files (x86)\Dealio Toolbar\Res\search_amazon.gif c:\program files (x86)\Dealio Toolbar\Res\search_dealio.gif c:\program files (x86)\Dealio Toolbar\Res\search_ebay.gif c:\program files (x86)\Dealio Toolbar\Res\search_yahoo.gif c:\program files (x86)\Dealio Toolbar\Res\target.gif c:\program files (x86)\Dealio Toolbar\Res\walmart.gif c:\program files (x86)\Dealio Toolbar\Res\widgets.xml c:\program files (x86)\Search Settings c:\program files (x86)\Search Settings\SearchSettings.dll c:\program files (x86)\Search Settings\SearchSettings.exe c:\program files (x86)\Search Settings\SearchSettingsRes409.dll c:\users\Beheerder\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp c:\users\Beheerder\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll c:\users\Beheerder\AppData\Roaming\Microsoft\Windows\Recent\eb.sys c:\users\Beheerder\AppData\Roaming\Microsoft\Windows\Recent\energy.drv c:\users\Beheerder\AppData\Roaming\Microsoft\Windows\Recent\exec.exe c:\users\Beheerder\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp c:\users\Beheerder\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe c:\users\Beheerder\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv c:\users\Beheerder\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll c:\users\Beheerder\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp c:\users\Public\invokesi.exe c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf . (((((((((((((((((((( Bestanden Gemaakt van 2010-12-15 to 2011-01-15 )))))))))))))))))))))))))))))) . 2011-01-15 07:28 . 2011-01-15 07:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-14 19:27 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7119A47F-B4EA-4D45-B468-ADB20D4DAA0D}\mpengine.dll 2011-01-12 19:31 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-01-12 19:31 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-01-12 19:31 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-01-12 19:31 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2011-01-12 19:31 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2011-01-12 19:31 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2011-01-12 19:31 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2011-01-11 18:08 . 2011-01-11 18:08 -------- d-----w- c:\program files (x86)\Hercules 2011-01-09 18:33 . 2010-01-26 11:33 690208 ----a-w- c:\windows\system32\drivers\RTL8192su.sys 2011-01-02 09:06 . 2011-01-02 09:06 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin 2010-12-24 11:32 . 2010-12-24 11:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2010-12-24 11:32 . 2010-12-24 11:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2010-12-24 11:32 . 2010-12-24 11:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2010-12-24 11:32 . 2010-12-24 11:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2010-12-24 11:32 . 2010-12-24 11:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2010-12-24 11:32 . 2010-12-24 11:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2010-12-24 11:32 . 2010-12-24 11:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2010-12-24 11:31 . 2010-12-24 11:32 -------- d-----w- c:\program files (x86)\QuickTime 2010-12-23 18:08 . 2010-12-28 19:08 -------- d-----w- c:\program files (x86)\Activision 2010-12-20 19:20 . 2010-12-20 19:20 -------- d-----w- c:\program files (x86)\Collage Maker 3.60 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-07 18:18 . 2010-08-08 16:21 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll 2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2010-11-10 05:35 . 2009-10-05 11:28 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2010-11-04 06:35 . 2010-12-15 17:43 1194496 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 06:31 . 2010-12-15 17:43 57856 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 05:52 . 2010-12-15 17:43 978944 ----a-w- c:\windows\SysWow64\wininet.dll 2010-11-04 05:48 . 2010-12-15 17:43 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2010-11-04 05:16 . 2010-12-15 17:43 482816 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:41 . 2010-12-15 17:43 386048 ----a-w- c:\windows\SysWow64\html.iec 2010-11-04 04:35 . 2010-12-15 17:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-04 04:08 . 2010-12-15 17:43 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2010-11-02 05:18 . 2010-12-15 17:44 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-02 05:17 . 2010-12-15 17:44 473600 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-02 05:17 . 2010-12-15 17:44 1169408 ----a-w- c:\windows\system32\taskschd.dll 2010-11-02 05:16 . 2010-12-15 17:44 1114624 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-02 05:10 . 2010-12-15 17:44 464384 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 05:10 . 2010-12-15 17:44 285696 ----a-w- c:\windows\system32\schtasks.exe 2010-11-02 04:40 . 2010-12-15 17:44 496128 ----a-w- c:\windows\SysWow64\taskschd.dll 2010-11-02 04:40 . 2010-12-15 17:44 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll 2010-11-02 04:34 . 2010-12-15 17:44 192000 ----a-w- c:\windows\SysWow64\taskeng.exe 2010-11-02 04:34 . 2010-12-15 17:44 179712 ----a-w- c:\windows\SysWow64\schtasks.exe 2010-10-27 05:06 . 2010-12-15 17:44 2048 ----a-w- c:\windows\system32\tzres.dll 2010-10-27 04:32 . 2010-12-15 17:44 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2010-10-20 05:20 . 2010-12-15 17:44 46080 ----a-w- c:\windows\system32\atmlib.dll 2010-10-20 04:54 . 2010-12-15 17:44 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2010-10-20 03:09 . 2010-12-15 17:44 3124224 ----a-w- c:\windows\system32\win32k.sys 2010-10-20 03:05 . 2010-12-15 17:44 367104 ----a-w- c:\windows\system32\atmfd.dll 2010-10-20 02:58 . 2010-12-15 17:44 294400 ----a-w- c:\windows\SysWow64\atmfd.dll 2010-10-19 20:51 . 2009-10-03 14:26 270720 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] "AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2008-12-13 98304] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-11-04 597792] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160] c:\users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Warner Bros.lnk - c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2010-7-2 142336] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WiFi Station N.lnk - c:\program files (x86)\Hercules\WiFiStationN\WiFiN.exe [2011-1-11 128296] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 135664] R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 40832] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-26 690208] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-31 1255736] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2009-12-16 375296] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-06-22 212232] S2 HerculesWiFi;HerculesWiFi;c:\program files (x86)\Hercules\WiFiStationN\HerculesWiFiService.exe [2010-03-05 53544] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] . Inhoud van de 'Gedeelde Taken' map 2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 18:36] 2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 18:36] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-25 7883296] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-25 1833504] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.facebook.com/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Beheerder\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Beheerder\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . - - - - ORPHANS VERWIJDERD - - - - Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe Wow6432Node-HKLM-Run-NPSStartup - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Age of Empires II Trial - c:\program files (x86)\Microsoft Games\Age of Empires II Trial\UNINSTAL.EXE AddRemove-Age of Empires II: The Conquerors Expansion Trial - c:\program files (x86)\Microsoft Games\Age of Empires II The Conquerors Expansion Trial\UNINSTALL.EXE AddRemove-HarryPotter7Screensaver - c:\windows\system32\HarryPotter7Screensaver.scr AddRemove-Ynor9's Control Room CSO Setup_is1 - c:\program files (x86)\Atari\RollerCoaster Tycoon 3\Style\Themed\RollerCoaster Tycoon 3\unins000.exe AddRemove-GeoGebra WebStart - c:\windows\system32\javaws.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-3081240711-3288630662-548437771-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:27,7e,67,2f,b8,0c,50,72,5d,0f,a8,3b,4e,8d,05,02,c9,86,d7,e6,d8,c1,f7, 8c,28,f3,97,e9,58,5a,ab,46,d1,21,eb,86,79,36,70,cf,f2,23,ff,b3,dc,3f,a2,da,\ "??"=hex:4e,4a,7c,e9,45,39,75,e6,d1,4a,68,e1,ab,9f,f8,bc [HKEY_USERS\S-1-5-21-3081240711-3288630662-548437771-1000\Software\SecuROM\License information*] "datasecu"=hex:7d,2e,b4,a2,34,6f,d5,33,d4,b9,13,85,32,c6,7f,a8,37,39,8f,42,44, e2,14,55,9f,dd,79,dc,23,b2,fb,a1,20,78,70,21,a6,32,5b,df,17,25,29,98,05,bf,\ "rkeysecu"=hex:83,bf,f9,b1,c4,87,3c,53,d9,99,51,6f,b7,a5,7d,40 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-01-15 08:32:32 ComboFix-quarantined-files.txt 2011-01-15 07:32 Pre-Run: 632.247.619.584 bytes beschikbaar Post-Run: 634.975.227.904 bytes beschikbaar - - End Of File - - 63A00D36964B486162243F121386D7CF