ComboFix 14-04-20.01 - elkedevreese 26/04/2014 9:11.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.7789.6257 [GMT 2:00] Gestart vanuit: c:\users\elkedevreese\Downloads\ComboFix.exe AV: Norton AntiVirus *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\Temp . . (((((((((((((((((((( Bestanden Gemaakt van 2014-03-26 to 2014-04-26 )))))))))))))))))))))))))))))) . . 2014-04-26 07:24 . 2014-04-26 07:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-25 18:27 . 2014-04-25 18:27 -------- d-----w- C:\rsit 2014-04-23 14:29 . 2014-04-23 14:29 -------- d-----w- c:\program files (x86)\GV_Cleaner 2014-04-23 07:54 . 2014-04-23 07:54 -------- d-----w- c:\users\dub_cm_auto 2014-04-14 15:17 . 2014-04-26 06:56 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-14 15:14 . 2014-04-14 15:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-04-14 15:14 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-04-14 15:14 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-09 06:42 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll 2014-04-09 06:42 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-04-09 06:42 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-04-07 13:55 . 2014-04-07 13:55 -------- d-----w- c:\users\elkedevreese\AppData\Local\Emerald Editor Community 2014-04-07 13:55 . 2014-04-07 13:55 -------- d-----w- c:\program files (x86)\Emerald Editor Community . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-13 11:45 . 2014-02-01 13:00 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-04-13 11:45 . 2014-02-01 13:00 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-04-10 18:09 . 2013-12-16 20:30 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-04-03 07:50 . 2014-02-05 13:40 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-04 09:17 . 2014-04-09 06:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2014-03-04 04:18 . 2014-03-25 16:14 1148120 ----a-w- c:\windows\system32\drivers\NAVx64\1502000.026\symefa64.sys 2014-03-03 18:44 . 2014-03-03 18:46 10752 ----a-w- c:\windows\system32\E_GCINST.DLL 2014-03-03 18:44 . 2014-03-03 18:46 83968 ----a-w- c:\windows\system32\E_ID4BHLE.DLL 2014-03-01 05:16 . 2014-03-12 18:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-03-01 04:58 . 2014-03-12 18:10 2765824 ----a-w- c:\windows\system32\iertutil.dll 2014-03-01 04:52 . 2014-03-12 18:10 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-03-01 04:51 . 2014-03-12 18:10 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-03-01 04:42 . 2014-03-12 18:10 53760 ----a-w- c:\windows\system32\jsproxy.dll 2014-03-01 04:40 . 2014-03-12 18:10 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-03-01 04:37 . 2014-03-12 18:10 574976 ----a-w- c:\windows\system32\ieui.dll 2014-03-01 04:33 . 2014-03-12 18:10 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2014-03-01 04:33 . 2014-03-12 18:10 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-03-01 04:32 . 2014-03-12 18:10 708608 ----a-w- c:\windows\system32\jscript9diag.dll 2014-03-01 04:23 . 2014-03-12 18:10 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-03-01 04:17 . 2014-03-12 18:10 218624 ----a-w- c:\windows\system32\ie4uinit.exe 2014-03-01 04:02 . 2014-03-12 18:10 195584 ----a-w- c:\windows\system32\msrating.dll 2014-03-01 03:54 . 2014-03-12 18:10 5768704 ----a-w- c:\windows\system32\jscript9.dll 2014-03-01 03:52 . 2014-03-12 18:10 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-03-01 03:51 . 2014-03-12 18:10 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-03-01 03:42 . 2014-03-12 18:10 627200 ----a-w- c:\windows\system32\msfeeds.dll 2014-03-01 03:38 . 2014-03-12 18:10 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-03-01 03:37 . 2014-03-12 18:10 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-03-01 03:35 . 2014-03-12 18:10 2041856 ----a-w- c:\windows\system32\inetcpl.cpl 2014-03-01 03:18 . 2014-03-12 18:10 13051904 ----a-w- c:\windows\system32\ieframe.dll 2014-03-01 03:14 . 2014-03-12 18:10 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-03-01 03:10 . 2014-03-12 18:10 2334208 ----a-w- c:\windows\system32\wininet.dll 2014-03-01 03:00 . 2014-03-12 18:10 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-03-01 02:38 . 2014-03-12 18:10 1393664 ----a-w- c:\windows\system32\urlmon.dll 2014-03-01 02:32 . 2014-03-12 18:10 1820160 ----a-w- c:\windows\SysWow64\wininet.dll 2014-03-01 02:25 . 2014-03-12 18:10 817664 ----a-w- c:\windows\system32\ieapfltr.dll 2014-02-28 14:50 . 2014-02-28 14:52 120320 ----a-w- c:\windows\system32\E_ILMHLE.DLL 2014-02-18 01:32 . 2014-03-25 16:14 593112 ----a-w- c:\windows\system32\drivers\NAVx64\1502000.026\symnets.sys 2014-02-14 06:57 . 2014-02-14 08:40 24064 ----a-w- c:\windows\zoek-delete.exe 2014-02-13 01:59 . 2014-03-25 16:14 875736 ----a-w- c:\windows\system32\drivers\NAVx64\1502000.026\srtsp64.sys 2014-02-08 12:43 . 2014-02-08 12:43 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2014-02-07 21:59 . 2014-02-07 21:59 51496 ----a-w- c:\windows\system32\drivers\stflt.sys 2014-02-07 01:23 . 2014-03-12 17:40 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-02-04 02:32 . 2014-03-12 17:40 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-02-04 02:32 . 2014-03-12 17:40 624128 ----a-w- c:\windows\system32\qedit.dll 2014-02-04 02:04 . 2014-03-12 17:40 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-02-04 02:04 . 2014-03-12 17:40 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-01-29 02:32 . 2014-03-12 17:43 484864 ----a-w- c:\windows\system32\wer.dll 2014-01-29 02:06 . 2014-03-12 17:43 381440 ----a-w- c:\windows\SysWow64\wer.dll 2014-01-28 02:32 . 2014-03-12 17:43 228864 ----a-w- c:\windows\system32\wwansvc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE" [2014-03-03 283232] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-17 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1502000.026\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1502000.026\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1502000.026\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1502000.026\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\BASHDefs\20140409.001\BHDrvx64.sys;c:\program files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [x] S1 ccSet_NAV;NAV Settings Manager;c:\windows\system32\drivers\NAVx64\1502000.026\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1502000.026\ccSetx64.sys [x] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE07000.02B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE07000.02B\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\IPSDefs\20140424.001\IDSvia64.sys;c:\program files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\IPSDefs\20140424.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1502000.026\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1502000.026\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1502000.026\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1502000.026\SYMNETS.SYS [x] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 BootRacerServ;BootRacerServ;c:\program files (x86)\BootRacer\BootRacerServ.exe;c:\program files (x86)\BootRacer\BootRacerServ.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\21.2.0.38\NAV.exe;c:\program files (x86)\Norton AntiVirus\Engine\21.2.0.38\NAV.exe [x] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - MBAMWEBACCESSCONTROL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-10 18:01 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2014-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-01 11:45] . 2014-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-17 09:17] . 2014-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-17 09:17] . . --------- X64 Entries ----------- . . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.fr mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Toevoegen aan TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 TCP: DhcpNameServer = 195.130.131.5 195.130.130.133 FF - ProfilePath - c:\users\elkedevreese\AppData\Roaming\Mozilla\Firefox\Profiles\0xy6pavw.default\ . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\21.2.0.38\NAV.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\21.2.0.38\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.0.43\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\NAVx64\1502000.026\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton AntiVirus\Engine\21.2.0.38;c:\program files (x86)\Norton AntiVirus\Engine64\21.2.0.38" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2014-04-26 09:32:30 ComboFix-quarantined-files.txt 2014-04-26 07:32 . Pre-Run: 73.724.239.872 bytes beschikbaar Post-Run: 73.051.246.592 bytes beschikbaar . - - End Of File - - E901BE408D84E8CD04FE7F71FF876477 A36C5E4F47E84449FF07ED3517B43A31