ComboFix 14-05-07.03 - Notesworld 09/05/2014  17:10:44.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.32.1043.18.7860.5769 [GMT 2:00]
Gestart vanuit: c:\users\Notesworld\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\11B
c:\programdata\11B\{78384D30-59E1-43F8-9134-628E57972C9F}.swf
c:\programdata\868
c:\programdata\868\{FF18A68A-337A-4EA3-ACFF-EE683B4904CD}.swf
c:\programdata\SPL1006.tmp
c:\programdata\SPL12A6.tmp
c:\programdata\SPL1708.tmp
c:\programdata\SPL1756.tmp
c:\programdata\SPL1860.tmp
c:\programdata\SPL1AEF.tmp
c:\programdata\SPL1DDC.tmp
c:\programdata\SPL1DDD.tmp
c:\programdata\SPL1EC6.tmp
c:\programdata\SPL1FEE.tmp
c:\programdata\SPL22BC.tmp
c:\programdata\SPL23D4.tmp
c:\programdata\SPL257A.tmp
c:\programdata\SPL277A.tmp
c:\programdata\SPL2C3D.tmp
c:\programdata\SPL2CD.tmp
c:\programdata\SPL2FD6.tmp
c:\programdata\SPL338F.tmp
c:\programdata\SPL471C.tmp
c:\programdata\SPL51E.tmp
c:\programdata\SPL6038.tmp
c:\programdata\SPL6108.tmp
c:\programdata\SPL664B.tmp
c:\programdata\SPL727.tmp
c:\programdata\SPL7D1F.tmp
c:\programdata\SPL8709.tmp
c:\programdata\SPL9294.tmp
c:\programdata\SPL9B48.tmp
c:\programdata\SPLA65C.tmp
c:\programdata\SPLAB9.tmp
c:\programdata\SPLAD2F.tmp
c:\programdata\SPLAD8.tmp
c:\programdata\SPLB219.tmp
c:\programdata\SPLBC2.tmp
c:\programdata\SPLC3F.tmp
c:\programdata\SPLC8CA.tmp
c:\programdata\SPLC928.tmp
c:\programdata\SPLCCC.tmp
c:\programdata\SPLF0D3.tmp
D:\install.exe
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-04-09 to 2014-05-09  ))))))))))))))))))))))))))))))
.
.
2014-05-09 15:23 . 2014-05-09 15:23	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-05-09 15:23 . 2014-05-09 15:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-08 16:48 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-05-08 16:48 . 2014-05-08 16:50	--------	dc----w-	C:\AdwCleaner
2014-05-07 16:04 . 2014-05-07 16:04	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-06 17:52 . 2014-05-08 15:08	--------	dc----w-	C:\zoek_backup
2014-05-06 15:14 . 2014-04-14 02:24	465408	----a-w-	c:\windows\system32\aepdu.dll
2014-05-06 15:14 . 2014-04-14 02:19	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-06 15:11 . 2014-05-06 15:11	--------	dc----w-	c:\program files\trend micro
2014-05-06 15:11 . 2014-05-06 15:11	--------	dc----w-	C:\rsit
2014-05-05 18:47 . 2014-04-29 14:01	23547904	----a-w-	c:\windows\system32\mshtml.dll
2014-05-05 18:47 . 2014-04-29 13:40	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-05 18:47 . 2014-04-29 12:34	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-04 18:27 . 2014-05-04 18:28	--------	dc----w-	c:\program files\Defraggler
2014-05-01 15:24 . 2014-05-01 15:24	--------	d-----w-	c:\users\Notesworld\AppData\Local\Samsung
2014-05-01 15:24 . 2014-05-01 15:24	--------	d-----w-	c:\users\Notesworld\AppData\Roaming\Samsung
2014-05-01 15:22 . 2014-04-11 08:39	206080	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2014-05-01 15:22 . 2014-04-11 08:39	110336	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2014-05-01 15:18 . 2014-05-01 15:18	--------	d-----w-	c:\program files (x86)\MyFree Codec
2014-05-01 15:17 . 2013-04-18 17:08	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2014-05-01 15:16 . 2013-04-18 17:06	821824	----a-w-	c:\windows\SysWow64\dgderapi.dll
2014-05-01 15:15 . 2014-05-01 15:20	--------	d-----w-	c:\program files (x86)\Samsung
2014-05-01 15:11 . 2014-05-01 15:11	--------	dc----w-	c:\program files\CCleaner
2014-05-01 14:51 . 2014-05-01 15:16	--------	d-----w-	c:\programdata\Samsung
2014-05-01 14:40 . 2014-05-07 16:06	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-01 14:40 . 2014-04-03 07:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-01 14:40 . 2014-04-03 07:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-01 14:40 . 2014-04-03 07:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-01 14:40 . 2014-05-01 14:40	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-29 07:29 . 2014-03-15 08:41	46704	----a-w-	c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-04-23 06:35 . 2014-04-23 06:35	--------	d-----w-	c:\users\dub_cm_auto
2014-04-17 15:48 . 2012-07-25 10:03	16896	----a-w-	c:\windows\system32\sasnative64.exe
2014-04-12 10:20 . 2014-04-12 10:20	--------	d-----w-	c:\users\Notesworld\AppData\Local\Macromedia
2014-04-10 06:09 . 2014-02-04 02:35	190912	----a-w-	c:\windows\system32\drivers\storport.sys
2014-04-10 06:09 . 2014-02-04 02:35	274880	----a-w-	c:\windows\system32\drivers\msiscsi.sys
2014-04-10 06:09 . 2014-02-04 02:35	27584	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2014-04-10 06:09 . 2014-02-04 02:28	2048	----a-w-	c:\windows\system32\iologmsg.dll
2014-04-10 06:09 . 2014-02-04 02:00	2048	----a-w-	c:\windows\SysWow64\iologmsg.dll
2014-04-10 06:08 . 2014-03-04 09:44	243712	----a-w-	c:\windows\system32\wow64.dll
2014-04-10 06:08 . 2014-03-04 09:44	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-04-10 06:08 . 2014-03-04 09:44	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-04-10 06:08 . 2014-03-04 09:44	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-04-10 06:08 . 2014-03-04 09:44	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-04-10 06:08 . 2014-03-04 09:17	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-04-10 06:08 . 2014-03-04 09:16	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-04-10 06:08 . 2014-03-04 09:16	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-04-10 06:08 . 2014-03-04 08:09	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-04-10 06:08 . 2014-03-04 08:09	2048	----a-w-	c:\windows\SysWow64\user.exe
2014-04-10 06:08 . 2014-01-24 02:37	1684928	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-05 16:15 . 2011-05-24 19:37	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2014-05-04 19:36 . 2011-05-13 07:42	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-05-04 19:36 . 2011-05-13 07:42	704136	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-04-30 14:07 . 2012-09-11 05:37	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-30 14:07 . 2012-09-11 05:37	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-10 06:11 . 2010-10-29 09:37	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-03-21 17:10 . 2014-03-21 17:10	177752	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-03-04 09:17 . 2014-04-10 06:08	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 04:18 . 2014-03-21 17:16	1148120	----a-w-	c:\windows\system32\drivers\N360x64\1502000.026\symefa64.sys
2014-02-18 01:32 . 2014-03-21 17:16	593112	----a-w-	c:\windows\system32\drivers\N360x64\1502000.026\symnets.sys
2014-02-13 01:59 . 2014-03-21 17:16	875736	----a-w-	c:\windows\system32\drivers\N360x64\1502000.026\srtsp64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\dleaserv.exe [x]
R2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys;c:\windows\SYSNATIVE\Drivers\S6000KNT.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1502000.026\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1502000.026\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140508.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140508.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1502000.026\SYMNETS.SYS [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe;c:\windows\SYSNATIVE\dleacoms.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.2.0.38\N360.exe;c:\program files (x86)\Norton 360\Engine\21.2.0.38\N360.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-28 21:00	1078088	----a-w-	c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 14:07]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-06 09:00]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-06 09:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.be/
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 195.130.130.141 195.130.131.141
TCP: Interfaces\{3ADEF727-48BA-4DBF-A487-8FC06C05F3FC}: DhcpNameServer = 195.130.130.5 195.130.131.5
FF - ProfilePath - c:\users\Notesworld\AppData\Roaming\Mozilla\Firefox\Profiles\ifr941s0.default\
FF - ExtSQL: !HIDDEN! 2013-09-01 09:46; 57ffxtbr@MarineAquarium3Free_57.com; c:\program files (x86)\MarineAquarium3Free_57\bar\1.bin
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BearShare - c:\program files (x86)\BearShare Applications\BearShare\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.2.0.38\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.2.0.38\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.2.0.38;c:\program files (x86)\Norton 360\Engine64\21.2.0.38"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}"=hex:51,66,7a,6c,4c,1d,38,12,99,4c,c5,
   c6,8a,44,0d,07,f6,df,a9,7b,0a,d1,41,18
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=hex:51,66,7a,6c,4c,1d,38,12,50,d3,52,
   34,79,b3,8e,01,c8,54,6e,db,8d,6e,1b,8c
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
   9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{09B71986-2AC5-482D-B6CB-42EA34F4F85B}"=hex:51,66,7a,6c,4c,1d,38,12,e8,1a,a4,
   0d,f7,64,43,0d,c9,dd,01,aa,31,aa,bc,4f
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{201F27D4-3704-41D6-89C1-AA35E39143ED}"=hex:51,66,7a,6c,4c,1d,38,12,ba,24,0c,
   24,36,79,b8,04,f6,d7,e9,75,e6,cf,07,f9
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
   2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}"=hex:51,66,7a,6c,4c,1d,38,12,97,28,21,
   70,14,91,51,0c,cf,cc,2e,6f,c0,b8,06,8a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
   93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
"{B0DE3308-5D5A-470D-81B9-634FC078393B}"=hex:51,66,7a,6c,4c,1d,38,12,66,30,cd,
   b4,68,13,63,02,fe,af,20,0f,c5,26,7d,2f
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d2,3b,a9,3d,d5,0f,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2014-05-09  17:30:04
ComboFix-quarantined-files.txt  2014-05-09 15:30
.
Pre-Run: 7.488.765.952 bytes beschikbaar
Post-Run: 7.132.459.008 bytes beschikbaar
.
- - End Of File - - FE700B6BBC1D4C4E2A309D7A356FF78E
A36C5E4F47E84449FF07ED3517B43A31