ComboFix 14-07-22.01 - klajoelja 23-07-2014 10:03:21.1.4 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3894.2870 [GMT 2:00] Gestart vanuit: c:\users\klajoelja\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\MPK c:\programdata\MPK\1\D0000 c:\programdata\MPK\1\I41766_4431987269 c:\programdata\MPK\1\I41766_4444118750 c:\programdata\MPK\1\I41766_4444252431 c:\programdata\MPK\1\I41766_4522797801 c:\programdata\MPK\1\I41766_4545157870 c:\programdata\MPK\1\I41766_4571950579 c:\programdata\MPK\1\I41766_4602511458 c:\programdata\MPK\1\I41766_4617771991 c:\programdata\MPK\1\I41766_4669752315 c:\programdata\MPK\1\I41766_4682806482 c:\programdata\MPK\1\I41766_4682913079 c:\programdata\MPK\1\I41766_4683014120 c:\programdata\MPK\1\I41772_8041230903 c:\programdata\MPK\1\I41772_8389048958 c:\programdata\MPK\1\I41774_0670402431 c:\programdata\MPK\1\I41776_5662820486 c:\programdata\MPK\1\I41777_4187667477 c:\programdata\MPK\1\I41777_5259846644 c:\programdata\MPK\1\I41777_5527244560 c:\programdata\MPK\1\I41777_5733607292 c:\programdata\MPK\1\I41777_5772339120 c:\programdata\MPK\1\I41777_5942492824 c:\programdata\MPK\1\I41777_6052434259 c:\programdata\MPK\1\I41777_6085685069 c:\programdata\MPK\1\I41777_6087191551 c:\programdata\MPK\1\I41777_6089122106 c:\programdata\MPK\1\I41779_7105910417 c:\programdata\MPK\1\I41779_7137399306 c:\programdata\MPK\1\I41779_7150755093 c:\programdata\MPK\1\I41779_7310168171 c:\programdata\MPK\1\I41790_9433114120 c:\programdata\MPK\1\I41790_9612017824 c:\programdata\MPK\1\I41791_4434214931 c:\programdata\MPK\1\I41792_9280167824 c:\programdata\MPK\1\I41793_0518043056 c:\programdata\MPK\1\I41794_2838699653 c:\programdata\MPK\1\I41794_2879428704 c:\programdata\MPK\1\I41804_6751809491 c:\programdata\MPK\1\I41805_5752227546 c:\programdata\MPK\1\I41806_2420502083 c:\programdata\MPK\1\I41815_3589165393 c:\programdata\MPK\1\I41818_5046589236 c:\programdata\MPK\1\I41819_4284146759 c:\programdata\MPK\1\I41819_4490362384 c:\programdata\MPK\1\I41819_5059557870 c:\programdata\MPK\1\I41820_0259074306 c:\programdata\MPK\1\I41820_1343645370 c:\programdata\MPK\1\I41820_8662750810 c:\programdata\MPK\1\I41826_6096866898 c:\programdata\MPK\1\I41834_9162969097 c:\programdata\MPK\1\I41834_9584161111 c:\programdata\MPK\1\I41834_9918670023 c:\programdata\MPK\1\I41834_9992778009 c:\programdata\MPK\1\I41835_0671479630 c:\programdata\MPK\1\I41836_0004599074 c:\programdata\MPK\1\I41836_0716621528 c:\programdata\MPK\1\I41836_0810293981 c:\programdata\MPK\1\I41837_3253740046 c:\programdata\MPK\1\I41837_3421375579 c:\programdata\MPK\1\I41838_0627374537 c:\programdata\MPK\1\I41840_1369232176 c:\programdata\MPK\1\I41840_1512973958 c:\programdata\MPK\1\I41840_5893316782 c:\programdata\MPK\1\I41840_6286862732 c:\programdata\MPK\1\I41840_7893626505 c:\programdata\MPK\1\I41840_8193159143 c:\programdata\MPK\1\I41841_3526546181 c:\programdata\MPK\1\I41842_0843936921 c:\programdata\MPK\1\I41842_4554300347 c:\programdata\MPK\1\I41842_4748971296 c:\programdata\MPK\1\I41842_5072158796 c:\programdata\MPK\1\I41842_5534469560 c:\programdata\MPK\1\I41842_7975808796 c:\programdata\MPK\1\I41842_8546764815 c:\programdata\MPK\1\I41842_8552538194 c:\programdata\MPK\1\I41842_8555590625 c:\programdata\MPK\1\I41842_8561494097 c:\programdata\MPK\1\I41842_8561734259 c:\programdata\MPK\1\I41842_8562382407 c:\programdata\MPK\1\I41842_8562461921 c:\programdata\MPK\1\I41842_8562487153 c:\programdata\MPK\1\I41842_8562514236 c:\programdata\MPK\1\I41842_8571390509 c:\programdata\MPK\1\I41842_8919025000 c:\programdata\MPK\1\S0000 c:\programdata\MPK\M0000 c:\programdata\MPK\S0000 c:\users\klajoelja\AppData\Roaming\ldr.mcb c:\users\klajoelja\Documents\~WRL0003.tmp c:\users\klajoelja\Documents\~WRL0608.tmp c:\users\klajoelja\Documents\~WRL0626.tmp c:\users\klajoelja\Documents\~WRL3723.tmp c:\windows\SysWow64\MPK c:\windows\SysWow64\MPK\cinfo.bin c:\windows\SysWow64\MPK\Help\English\alarms.htm c:\windows\SysWow64\MPK\Help\English\clipboard.htm c:\windows\SysWow64\MPK\Help\English\computer.htm c:\windows\SysWow64\MPK\Help\English\delivery.htm c:\windows\SysWow64\MPK\Help\English\file.htm c:\windows\SysWow64\MPK\Help\English\filters.htm c:\windows\SysWow64\MPK\Help\English\imhelp.htm c:\windows\SysWow64\MPK\Help\English\internet.htm c:\windows\SysWow64\MPK\Help\English\invisible.htm c:\windows\SysWow64\MPK\Help\English\keyboard.htm c:\windows\SysWow64\MPK\Help\English\log_size.htm c:\windows\SysWow64\MPK\Help\English\logging.htm c:\windows\SysWow64\MPK\Help\English\need_update_net.htm c:\windows\SysWow64\MPK\Help\English\password.htm c:\windows\SysWow64\MPK\Help\English\programs.htm c:\windows\SysWow64\MPK\Help\English\screenshot.htm c:\windows\SysWow64\MPK\Help\English\settings_node.htm c:\windows\SysWow64\MPK\Help\English\update.htm c:\windows\SysWow64\MPK\Help\English\users_node.htm c:\windows\SysWow64\MPK\Help\German\alarms.htm c:\windows\SysWow64\MPK\Help\German\clipboard.htm c:\windows\SysWow64\MPK\Help\German\computer.htm c:\windows\SysWow64\MPK\Help\German\delivery.htm c:\windows\SysWow64\MPK\Help\German\file.htm c:\windows\SysWow64\MPK\Help\German\filters.htm c:\windows\SysWow64\MPK\Help\German\imhelp.htm c:\windows\SysWow64\MPK\Help\German\internet.htm c:\windows\SysWow64\MPK\Help\German\invisible.htm c:\windows\SysWow64\MPK\Help\German\keyboard.htm c:\windows\SysWow64\MPK\Help\German\log_size.htm c:\windows\SysWow64\MPK\Help\German\logging.htm c:\windows\SysWow64\MPK\Help\German\need_update_net.htm c:\windows\SysWow64\MPK\Help\German\password.htm c:\windows\SysWow64\MPK\Help\German\programs.htm c:\windows\SysWow64\MPK\Help\German\screenshot.htm c:\windows\SysWow64\MPK\Help\German\settings_node.htm c:\windows\SysWow64\MPK\Help\German\users_node.htm c:\windows\SysWow64\MPK\Help\Spanish\alarms.htm c:\windows\SysWow64\MPK\Help\Spanish\clipboard.htm c:\windows\SysWow64\MPK\Help\Spanish\computer.htm c:\windows\SysWow64\MPK\Help\Spanish\delivery.htm c:\windows\SysWow64\MPK\Help\Spanish\filters.htm c:\windows\SysWow64\MPK\Help\Spanish\internet.htm c:\windows\SysWow64\MPK\Help\Spanish\invisible.htm c:\windows\SysWow64\MPK\Help\Spanish\keyboard.htm c:\windows\SysWow64\MPK\Help\Spanish\log_size.htm c:\windows\SysWow64\MPK\Help\Spanish\logging.htm c:\windows\SysWow64\MPK\Help\Spanish\password.htm c:\windows\SysWow64\MPK\Help\Spanish\programs.htm c:\windows\SysWow64\MPK\Help\Spanish\screenshot.htm c:\windows\SysWow64\MPK\Help\Spanish\settings_node.htm c:\windows\SysWow64\MPK\Help\Spanish\users_node.htm c:\windows\SysWow64\MPK\icon_1.ico c:\windows\SysWow64\MPK\Images\banner_em_english.gif c:\windows\SysWow64\MPK\Images\banner_em_english.swf c:\windows\SysWow64\MPK\Images\banner_em_german.gif c:\windows\SysWow64\MPK\Images\banner_em_german.swf c:\windows\SysWow64\MPK\Images\banner_em_spanish.gif c:\windows\SysWow64\MPK\Images\banner_em_spanish.swf c:\windows\SysWow64\MPK\Images\banner_english.gif c:\windows\SysWow64\MPK\Images\banner_english.swf c:\windows\SysWow64\MPK\Images\banner_german.gif c:\windows\SysWow64\MPK\Images\banner_german.swf c:\windows\SysWow64\MPK\Images\banner_pm_english.gif c:\windows\SysWow64\MPK\Images\banner_pm_english.swf c:\windows\SysWow64\MPK\Images\banner_pm_german.gif c:\windows\SysWow64\MPK\Images\banner_pm_german.swf c:\windows\SysWow64\MPK\Images\banner_pm_spanish.gif c:\windows\SysWow64\MPK\Images\banner_pm_spanish.swf c:\windows\SysWow64\MPK\Images\banner_russian.gif c:\windows\SysWow64\MPK\Images\banner_spanish.gif c:\windows\SysWow64\MPK\Images\banner_spanish.swf c:\windows\SysWow64\MPK\Images\english.gif c:\windows\SysWow64\MPK\Images\german.gif c:\windows\SysWow64\MPK\Images\upgrade_middle.png c:\windows\SysWow64\MPK\Images\upgrade_middle_russian.png c:\windows\SysWow64\MPK\Images\upgrade_top.png c:\windows\SysWow64\MPK\Images\upgrade_top_russian.png c:\windows\SysWow64\MPK\Images\vista_hide.bmp c:\windows\SysWow64\MPK\Images\xp_hide.bmp c:\windows\SysWow64\MPK\key.bin c:\windows\SysWow64\MPK\Lang\Brazilian.frc c:\windows\SysWow64\MPK\Lang\Brazilian.lng c:\windows\SysWow64\MPK\Lang\English.frc c:\windows\SysWow64\MPK\Lang\French.frc c:\windows\SysWow64\MPK\Lang\French.lng c:\windows\SysWow64\MPK\Lang\German.frc c:\windows\SysWow64\MPK\Lang\German.lng c:\windows\SysWow64\MPK\Lang\Italian.frc c:\windows\SysWow64\MPK\Lang\Italian.lng c:\windows\SysWow64\MPK\Lang\Japanese.frc c:\windows\SysWow64\MPK\Lang\Japanese.lng c:\windows\SysWow64\MPK\Lang\Polish.frc c:\windows\SysWow64\MPK\Lang\Polish.lng c:\windows\SysWow64\MPK\Lang\Portuguese.frc c:\windows\SysWow64\MPK\Lang\Portuguese.lng c:\windows\SysWow64\MPK\Lang\Romanian.frc c:\windows\SysWow64\MPK\Lang\Romanian.lng c:\windows\SysWow64\MPK\Lang\Russian.frc c:\windows\SysWow64\MPK\Lang\Spanish.frc c:\windows\SysWow64\MPK\Lang\Spanish.lng c:\windows\SysWow64\MPK\Lang\Turkish.frc c:\windows\SysWow64\MPK\Lang\Turkish.lng c:\windows\SysWow64\MPK\Lang\Ukrainian.frc c:\windows\SysWow64\MPK\Lang\Ukrainian.lng c:\windows\SysWow64\MPK\libeay32.dll c:\windows\SysWow64\MPK\lnkmst.exe c:\windows\SysWow64\MPK\lsynchost.exe c:\windows\SysWow64\MPK\MPK.exe c:\windows\SysWow64\MPK\Mpk64.dll c:\windows\SysWow64\MPK\MPK64.exe c:\windows\SysWow64\MPK\MpkHCQ12.dll c:\windows\SysWow64\MPK\MPKInst.exe c:\windows\SysWow64\MPK\MPKView.exe c:\windows\SysWow64\MPK\sqlite3.dll c:\windows\SysWow64\MPK\ssleay32.dll c:\windows\SysWow64\MPK\trial_pro.ini c:\windows\SysWow64\MPK\unins000.dat c:\windows\SysWow64\MPK\unins000.exe c:\windows\SysWow64\MPK\unins000.msg c:\windows\SysWow64\MPK\zlib1.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2014-06-23 to 2014-07-23 )))))))))))))))))))))))))))))) . . 2014-07-23 08:12 . 2014-07-23 08:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-07-22 16:51 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-07-22 16:50 . 2014-07-22 16:53 -------- d-----w- C:\AdwCleaner 2014-07-22 10:59 . 2014-07-23 08:12 -------- d-----w- c:\users\klajoelja\AppData\Local\Temp 2014-07-22 10:59 . 2014-07-22 10:46 24064 ----a-w- c:\windows\zoek-delete.exe 2014-07-22 08:48 . 2014-07-22 10:58 -------- d-----w- C:\zoek_backup 2014-07-21 18:54 . 2014-07-21 18:54 -------- d-----w- c:\program files\trend micro 2014-07-21 18:54 . 2014-07-22 11:03 -------- d-----w- C:\rsit 2014-07-20 16:55 . 2014-07-20 16:55 -------- d--h--w- c:\programdata\Common Files 2014-07-20 16:55 . 2014-07-20 16:55 -------- d-----w- c:\programdata\AVG 2014-07-16 22:13 . 2014-07-16 22:13 -------- d-----w- c:\users\klajoelja\AppData\Local\Windows Live 2014-07-10 23:14 . 2014-07-17 08:31 -------- d-s---w- c:\windows\system32\CompatTel 2014-07-06 12:44 . 2014-07-06 12:44 -------- d-----w- c:\program files (x86)\Common Files\COMODO 2014-07-06 12:25 . 2014-07-06 12:25 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2014-07-06 12:25 . 2014-07-06 12:25 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2014-07-01 16:09 . 2014-07-01 16:10 -------- d-----w- c:\program files\COMODO 2014-07-01 16:09 . 2014-07-06 12:25 57096 ----a-w- c:\windows\system32\certsentry.dll 2014-07-01 16:09 . 2014-07-06 12:25 48392 ----a-w- c:\windows\SysWow64\certsentry.dll 2014-07-01 16:09 . 2014-07-17 08:31 -------- d-----w- c:\program files (x86)\Comodo 2014-07-01 16:08 . 2014-07-01 16:08 -------- d-----w- c:\programdata\Comodo Downloader 2014-07-01 16:08 . 2014-07-06 12:18 -------- d-----w- c:\programdata\Comodo 2014-07-01 16:01 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53CA4319-A995-4492-8B3F-A380AAAFD013}\mpengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-22 19:08 . 2012-08-24 11:35 96441528 ----a-w- c:\windows\system32\MRT.exe 2014-07-20 16:12 . 2013-03-19 00:12 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-07-20 16:12 . 2012-03-24 19:37 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-06-20 05:47 . 2013-10-09 02:24 588496 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2014-05-16 19:55 . 2012-08-18 08:41 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2014-05-16 19:55 . 2012-08-18 08:24 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2014-05-16 19:50 . 2012-08-18 08:24 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2014-05-16 19:50 . 2012-08-18 08:24 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2010-03-28 19:22 . 2010-03-28 19:22 651264 ----a-w- c:\program files\rucon.exe 1999-04-06 06:04 . 1999-04-06 06:04 57344 ----a-w- c:\program files\spline32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-10-09 02:33 222712 ----a-w- c:\users\klajoelja\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-10-09 02:33 222712 ----a-w- c:\users\klajoelja\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-10-09 02:33 222712 ----a-w- c:\users\klajoelja\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-09 1712184] "AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576] "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192] "OfficeSyncProcess"="c:\program files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe" [2013-07-23 3207912] "Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-04-11 55360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408] "KPN Assistent"="c:\program files (x86)\KPN\KPN Assistent\KPN_Assistent.exe" [2011-08-18 33560288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2014-06-27 2327248] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2014-6-27 48848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110430.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110430.001\BHDrvx64.sys [x] R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x] R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x] R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110504.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110504.001\IDSvia64.sys [x] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x] R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x] R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x] R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] R2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x] R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x] R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x] R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x] R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x] R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-05-19 08:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-06-12 23:22 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2014-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 16:12] . 2014-07-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3527801987-756735660-2910266346-1000Core.job - c:\users\klajoelja\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-11 22:40] . 2014-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3527801987-756735660-2910266346-1000UA.job - c:\users\klajoelja\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-11 22:40] . 2014-06-26 c:\windows\Tasks\HPCeeScheduleForKLAJOELJA-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53] . 2014-07-06 c:\windows\Tasks\HPCeeScheduleForklajoelja.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-10-09 02:33 261624 ----a-w- c:\users\klajoelja\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-10-09 02:33 261624 ----a-w- c:\users\klajoelja\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-10-09 02:33 261624 ----a-w- c:\users\klajoelja\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-06-20 05:49 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-06-20 05:49 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-06-20 05:49 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-06-24 21720] . ------- Bijkomende Scan ------- . uStart Page = https://www.google.nl/?gfe_rd=cr&ei=S0K5U8zDBMHl-ga15IGIBg&gws_rd=ssl uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\klajoelja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 Trusted Zone: kropman.nl TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\klajoelja\AppData\Roaming\Mozilla\Firefox\Profiles\mypniawh.default\ FF - ExtSQL: 2014-07-01 18:10; PrivDog@AdTrustMedia.com; c:\users\klajoelja\AppData\Roaming\Mozilla\Firefox\Profiles\mypniawh.default\extensions\PrivDog@AdTrustMedia.com.xpi . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) Wow6432Node-HKCU-Run-limewire plus+ - c:\program files (x86)\Limewire Plus+\limewire.exe Wow6432Node-HKLM-Run-NPSStartup - (no file) Toolbar-10 - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-PrivDog - c:\program files (x86)\AdTrustMedia\PrivDog\UninstallTrustedAds.exe AddRemove-SopCast - c:\program files (x86)\SopCast\uninst.exe AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe AddRemove-337Games - c:\users\klajoelja\AppData\Roaming\337Games\uninstall.exe AddRemove-FoxTab PDF Creator - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2014-07-23 10:15:36 ComboFix-quarantined-files.txt 2014-07-23 08:15 . Pre-Run: 330.403.770.368 bytes beschikbaar Post-Run: 330.176.778.240 bytes beschikbaar . - - End Of File - - 7B2F8F35E4BA1A83A00F96C2A4E4D4EA