sasin

gedaan; log2 in bijlage. Moet ik nu niet eerst de geselecteerde problemen in het register van CCleaner herstellen? Dat staat nl. vol met HP files.... Zie een gedeelte van deze bestanden in de bijlage HPscan. combofixlog2.txt

HP is nu verdwenen uit Program Files......zou het wonder geschied zijn????? Kan ik nu de driver van de HP site installeren? Ik wacht even op een fiat van jullie.

gedaan....logje in bijlage. combofixlog.txt

C:\Program Files (x86)\HP\Common, Digital Imaging, HP Software Update, Temp, NCLogConfig.

Kan je stap voor stap aanduiden wat je bedoelt? Wat moet ik neerzetten in een berichtje? Moet ik naar de verkenner gaan of wat?

"De root is de exacte volgorde en benaming die leidt naar de map HP" - en waar moet ik dit dan intikken?

en wat moet ik dan nu doen? Snap je niet helemaal...:-(

En waar vind ik een "root"? ---------- Post toegevoegd om 09:19 ---------- Vorige post was om 09:15 ---------- Als ik in "zoeken" bovenstaande samenstelling intik, geeft hij de HP map in Program Files. Is dat wat je bedoelt?

Nee, helaas niet.

Laatste programma uitgevoerd: geen logfile, ook niet na ingegeven te hebben bij functie "zoeken". Bij Avenger file - open logfile: zie bijlage.

Als ik Killbox probeer te downloaden krijg ik: zie bijlage.

Nee hoor, daar zit niets in van HP; hoe kom je daar bij?

Now you've lost me... Bericht 44 is door mij beantwoord in bericht 46, waarin ik vraag of je dit bedoelt met locatie. Ik heb hier helaas nog geen antwoord over ontvangen....

Clarkie, wat bedoel je met "voer bericht 44 uit" ???

Bedoel je de locatie in Program Files? Zie bijlage.

Nogmaals geprobeerd de benodigde software te installeren via de HP site: na uitvoeren van het exe-bestandje gaat hij extraheren, voltooit dit ook, maar hierna gebeurt er niets meer. Er zou nu een (installatie) Wizard moeten komen..... Bij Alle Programma's - HP is nu het HP Solution Center weer verdwenen (nodig om te kunnen scannen).

Helaas lukt ook dit niet: aan het eind van het deïnstallatieprogramma houdt hij er mee op. Ik heb het 3x geprobeerd.....

eigenlijk weer dezelfde als toen ik 3 dagen geleden begon aan dit avontuur.... Zie bijlage.

Maar dan moet ik toch eerst de oude software verwijderen via configuratie - programma's en onderdelen? Dat werkt nog steeds niet.

ComboFix 12-02-03.02 - Ginkel 05-02-2012 9:18.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.2736 [GMT 1:00] Gestart vanuit: c:\users\Ginkel\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Ginkel\Desktop\CFScript.txt AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Ginkel\AppData\Roaming\HpUpdate c:\users\Ginkel\AppData\Roaming\HpUpdate\HpUpdate.Cache c:\users\Ginkel\AppData\Roaming\HpUpdate\HpUpdate.hidden c:\users\Ginkel\AppData\Roaming\HpUpdate\HpUpdate.log c:\users\Ginkel\AppData\Roaming\HpUpdate\HpUpdate.session c:\users\Ginkel\AppData\Roaming\HpUpdate\rpspackages.cache c:\windows\Hewlett-Packard c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{83B34002-FCA8-4E3A-94E9-48B0A0D9C418}\HP Update.msi . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))) . . 2012-02-05 08:24 . 2012-02-05 08:24 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2012-02-05 08:24 . 2012-02-05 08:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-03 15:05 . 2012-02-03 15:05 -------- d-----w- c:\users\Ginkel\AppData\Roaming\Malwarebytes 2012-02-03 15:05 . 2012-02-03 15:05 -------- d-----w- c:\programdata\Malwarebytes 2012-02-03 15:05 . 2012-02-03 15:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-03 15:05 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-03 13:40 . 2012-02-03 13:40 -------- d-----w- c:\program files (x86)\FLAC 2012-02-03 12:13 . 2012-02-03 12:13 388096 ----a-r- c:\users\Ginkel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-03 12:13 . 2012-02-03 12:13 -------- d-----w- c:\program files (x86)\Trend Micro 2012-02-03 11:09 . 2012-02-03 11:09 -------- d-----w- c:\users\Ginkel\AppData\Roaming\GlarySoft 2012-02-03 11:07 . 2012-02-03 11:30 -------- d-----w- c:\program files (x86)\Glary Utilities 2012-02-03 10:11 . 2012-02-03 10:11 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-02-02 13:17 . 2012-02-02 13:17 -------- d-----w- c:\users\Ginkel\AppData\Roaming\DriverCure 2012-02-02 13:17 . 2012-02-02 13:17 -------- d-----w- c:\users\Ginkel\AppData\Roaming\SpeedyPC Software 2012-02-02 13:17 . 2012-02-02 13:17 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software 2012-02-02 13:17 . 2012-02-02 13:17 -------- d-----w- c:\programdata\SpeedyPC Software 2012-01-31 09:25 . 2012-01-31 09:25 -------- d-----w- c:\windows\system32\drivers\NAVx64\1207000.00D 2012-01-22 15:29 . 2012-01-22 15:29 -------- d-----w- c:\program files (x86)\Fast Monster ltd 2012-01-13 15:31 . 2012-01-13 15:31 -------- d-----w- c:\users\Ginkel\AppData\Roaming\OpenCandy 2012-01-12 09:10 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-12 09:10 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-12 09:10 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-12 09:10 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-12 09:10 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-12 09:10 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-12 09:10 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-12 09:10 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-09 10:49 . 2012-01-09 10:49 -------- d-----w- c:\program files\Symantec . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-24 04:52 . 2011-12-15 08:00 3145216 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-02-03_16.08.22 ))))))))))))))))))))))))))))))))))))))))) . + 2011-03-12 14:23 . 2012-02-05 08:03 45594 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-02-05 08:03 31664 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-03-12 14:15 . 2012-02-05 08:03 16828 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-870794175-1453927313-3024851775-1000_UserData.bin - 2011-03-15 14:01 . 2012-02-03 16:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-03-15 14:01 . 2012-02-05 08:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-03-15 14:01 . 2012-02-05 08:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-03-15 14:01 . 2012-02-03 16:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-03-15 14:01 . 2012-02-05 08:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-03-15 14:01 . 2012-02-03 16:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-03-12 15:10 . 2012-02-03 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-03-12 15:10 . 2012-02-05 08:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-03-12 15:10 . 2012-02-05 08:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-03-12 15:10 . 2012-02-03 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-02-03 16:07 . 2012-02-03 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-02-05 08:26 . 2012-02-05 08:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-02-03 16:07 . 2012-02-03 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-02-05 08:26 . 2012-02-05 08:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-02-03 16:06 320908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-02-05 08:25 320908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IE New Window Maximizer"="c:\program files (x86)\IE New Window Maximizer\iemaximizer.exe" [2005-02-08 356352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] . c:\users\Ginkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Ginkel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120203.002\IDSvia64.sys [2012-02-02 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-20 03:17 302592 ----a-w- c:\windows\System32\cmd.exe . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html TCP: DhcpNameServer = 212.115.192.100 62.238.255.69 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe . ************************************************************************** . Voltooingstijd: 2012-02-05 09:30:26 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-05 08:30 ComboFix2.txt 2012-02-04 10:33 ComboFix3.txt 2012-02-03 16:11 . Pre-Run: 427.652.739.072 bytes beschikbaar Post-Run: 427.210.948.608 bytes beschikbaar . - - End Of File - - 4610134C2DC6F2BF97CDE043C81E1A47 ---------- Post toegevoegd om 09:40 ---------- Vorige post was om 09:32 ---------- Het CCleaner programma is beëindigd en de fouten zijn verwijderd. Wat nu?

Ok dat wil ik dan wel proberen (onder jouw leiding). In de bijlage het Combifixlogjel combifixlog.txt

Nee, daar is mijn vraag om begonnen: via de normale weg (dus configuratie-programma's en onderdelen) kan het niet verwijderd worden. (zie mijn eerdere mails). Eigenlijk zijn we dus weer bij af?

Nee, dat inslepen in de snelkoppeling lukt niet. Combofix start dan gewoon: hoe weet ik/kan ik zien of hij rekening houdt met de opdracht in het txt-bestandje? Een andere vraag: hoe ver zit ik nog verwijderd van een evt. oplossing voor het printer-probleem? M.a.w. hoeveel dingen moeten er nog nagekeken worden voordat de evt. fout is ontdekt en hersteld? Voor de zekerheid meld ik nog eenmaal de foutmelding: "parsing error in file C:\ProgramFiules(x86)\HP\DigitalImaging\bin\hpqscloc\1033.xml".

Nee, helaas lukt dat laatste niet: ik krijg het bestandje niet in Combofix gesleept. Hij doet dit gewoon niet. Blijft op het bureaublad en Combofix gaat weer scannen. Ik denk dat ik moet opgeven. Dit allemaal omdat mijn printer het niet doet....! Nu was de internetverbinding ook weg - wellicht wordt het nu van kwaad tot erger.

ComboFix 12-02-03.02 - Ginkel 03-02-2012 16:56:54.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3893.2580 [GMT 1:00] Gestart vanuit: c:\users\Ginkel\Desktop\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\prefs.js c:\users\Ginkel\AppData\Roaming\dvdae c:\users\Ginkel\AppData\Roaming\dvdae\dvdae.config c:\users\Ginkel\AppData\Roaming\dvdae\dvdae.lic c:\windows\pkunzip.pif c:\windows\pkzip.pif . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))) . . 2012-02-03 16:05 . 2012-02-03 16:05 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2012-02-03 16:05 . 2012-02-03 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-03 15:05 . 2012-02-03 15:05 -------- d-----w- c:\users\Ginkel\AppData\Roaming\Malwarebytes 2012-02-03 15:05 . 2012-02-03 15:05 -------- d-----w- c:\programdata\Malwarebytes 2012-02-03 15:05 . 2012-02-03 15:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-03 15:05 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-03 13:40 . 2012-02-03 13:40 -------- d-----w- c:\program files (x86)\FLAC 2012-02-03 12:13 . 2012-02-03 12:13 388096 ----a-r- c:\users\Ginkel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-03 12:13 . 2012-02-03 12:13 -------- d-----w- c:\program files (x86)\Trend Micro 2012-02-03 11:09 . 2012-02-03 11:09 -------- d-----w- c:\users\Ginkel\AppData\Roaming\GlarySoft 2012-02-03 11:07 . 2012-02-03 11:30 -------- d-----w- c:\program files (x86)\Glary Utilities 2012-02-03 10:11 . 2012-02-03 10:11 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-02-02 13:17 . 2012-02-02 13:17 -------- d-----w- c:\users\Ginkel\AppData\Roaming\DriverCure 2012-02-02 13:17 . 2012-02-02 13:17 -------- d-----w- c:\users\Ginkel\AppData\Roaming\SpeedyPC Software 2012-02-02 13:17 . 2012-02-02 13:17 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software 2012-02-02 13:17 . 2012-02-02 13:17 -------- d-----w- c:\programdata\SpeedyPC Software 2012-02-02 10:57 . 2012-02-02 11:22 -------- d-----w- c:\users\Ginkel\AppData\Roaming\HpUpdate 2012-02-02 10:57 . 2012-02-02 10:57 -------- d-----w- c:\windows\Hewlett-Packard 2012-01-31 09:25 . 2012-01-31 09:25 -------- d-----w- c:\windows\system32\drivers\NAVx64\1207000.00D 2012-01-22 15:29 . 2012-01-22 15:29 -------- d-----w- c:\programdata\Babylon 2012-01-22 15:29 . 2012-01-22 15:29 -------- d-----w- c:\program files (x86)\Fast Monster ltd 2012-01-13 15:31 . 2012-01-13 15:31 -------- d-----w- c:\users\Ginkel\AppData\Roaming\OpenCandy 2012-01-12 09:10 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-12 09:10 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-12 09:10 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-12 09:10 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-12 09:10 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-12 09:10 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-12 09:10 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-12 09:10 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-09 10:49 . 2012-01-09 10:49 -------- d-----w- c:\program files\Symantec 2012-01-04 16:45 . 2012-01-04 16:49 -------- d-----w- c:\users\Ginkel\AppData\Roaming\DVDVideoSoft 2012-01-04 16:45 . 2012-01-09 11:59 -------- d-----w- c:\program files (x86)\DVDVideoSoft 2012-01-04 16:45 . 2012-01-09 11:58 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-24 04:52 . 2011-12-15 08:00 3145216 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IE New Window Maximizer"="c:\program files (x86)\IE New Window Maximizer\iemaximizer.exe" [2005-02-08 356352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] . c:\users\Ginkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Ginkel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120202.002_7a7\IDSvia64.sys [2012-02-02 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-20 03:17 302592 ----a-w- c:\windows\System32\cmd.exe . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Ginkel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html TCP: DhcpNameServer = 212.115.192.100 62.238.255.69 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-ALLUpdate - c:\program files (x86)\OpenSubtitlesPlayer\ALLUpdate.exe Toolbar-Locked - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) AddRemove-FoxTab PDF Converter - c:\progra~2\FOXTAB~1\Uninstall\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe . ************************************************************************** . Voltooingstijd: 2012-02-03 17:11:34 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-03 16:11 . Pre-Run: 426.905.305.088 bytes beschikbaar Post-Run: 426.895.527.936 bytes beschikbaar . - - End Of File - - BE65E52864592311493F731FB6943C30