ComboFix 14-01-04.03 - pieter en anja 04-01-2014  14:05:49.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.31.1043.18.3325.1872 [GMT 1:00]
Gestart vanuit: c:\users\pieter en anja\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\users\pieter en anja\Desktop\CFScript-1txt.txt - Snelkoppeling.lnk
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-12-04 to 2014-01-04  ))))))))))))))))))))))))))))))
.
.
2014-01-04 13:17 . 2014-01-04 13:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-04 08:09 . 2014-01-04 08:09	40392	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B76AB889-2C4A-4B51-9D6A-3B91338E8DD3}\MpKsl751b66ab.sys	ERROR(0x00000005)
2014-01-03 13:18 . 2013-12-04 02:57	7760024	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B76AB889-2C4A-4B51-9D6A-3B91338E8DD3}\mpengine.dll	ERROR(0x00000005)
2014-01-03 13:16 . 2013-12-04 02:57	7760024	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll	ERROR(0x00000005)
2014-01-02 17:38 . 2014-01-04 08:15	--------	d-----w-	c:\program files\Microsoft Silverlight
2014-01-02 17:26 . 2014-01-02 17:26	--------	d-----w-	c:\windows\system32\wbem\MOF\good
2014-01-02 17:26 . 2014-01-02 17:26	--------	d-----w-	c:\windows\system32\wbem\MOF\bad
2013-12-17 20:43 . 2013-12-17 20:43	--------	d-----w-	C:\_OTL
2013-12-16 18:32 . 2013-12-16 18:32	--------	d-----w-	C:\zoek
2013-12-13 17:23 . 2013-11-14 23:18	757488	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2013-12-13 17:23 . 2013-11-14 22:50	1806848	----a-w-	c:\windows\system32\jscript9.dll
2013-12-13 17:23 . 2013-11-14 22:44	678912	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2013-12-13 17:23 . 2013-11-14 22:43	387584	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2013-12-13 17:23 . 2013-11-14 22:43	104448	----a-w-	c:\program files\Internet Explorer\jsdebuggeride.dll
2013-12-13 17:23 . 2013-11-14 22:42	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2013-12-13 06:04 . 2013-10-30 00:35	2050560	----a-w-	c:\windows\system32\win32k.sys
2013-12-13 06:04 . 2013-10-30 02:12	335360	----a-w-	c:\windows\system32\SysFxUI.dll
2013-12-13 06:04 . 2013-10-30 01:43	130048	----a-w-	c:\windows\system32\drivers\drmk.sys
2013-12-13 06:04 . 2013-10-30 00:43	167936	----a-w-	c:\windows\system32\drivers\portcls.sys
2013-12-13 06:04 . 2013-10-22 07:19	158208	----a-w-	c:\windows\system32\imagehlp.dll
2013-12-13 06:04 . 2013-10-11 02:08	131072	----a-w-	c:\windows\system32\wshom.ocx
2013-12-13 06:04 . 2013-10-11 02:08	36864	----a-w-	c:\windows\system32\wshcon.dll
2013-12-13 06:04 . 2013-10-11 02:08	172032	----a-w-	c:\windows\system32\scrrun.dll
2013-12-13 06:04 . 2013-10-11 00:35	135168	----a-w-	c:\windows\system32\cscript.exe
2013-12-13 06:04 . 2013-10-11 00:35	155648	----a-w-	c:\windows\system32\wscript.exe
2013-12-08 14:35 . 2013-12-08 15:30	--------	d-----w-	c:\program files\trend micro
2013-12-08 14:35 . 2013-12-08 14:35	--------	d-----w-	C:\rsit
2013-12-07 09:54 . 2013-12-07 09:54	--------	d-----w-	c:\users\pieter en anja\AppData\Roaming\eCyber
2013-12-07 09:53 . 2014-01-04 13:08	--------	d-----w-	c:\program files\iSafe
2013-12-07 09:53 . 2014-01-04 08:11	--------	d-----w-	c:\users\pieter en anja\AppData\Roaming\iSafe
2013-12-06 06:23 . 2013-10-17 10:14	719224	------w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15DD0BEA-18D5-4437-A1FF-BF62A3C358F6}\gapaengine.dll	ERROR(0x00000005)
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 18:12 . 2012-04-14 07:41	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-12-11 18:12 . 2011-05-15 07:17	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-10-02 16:08	230048	------w-	c:\windows\system32\MpSigStub.exe
2013-11-09 08:44 . 2013-11-09 08:44	62576	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{57C029CF-4007-4154-AA50-1D1F0FEFBD21}\offreg.dll	ERROR(0x00000005)
2013-10-30 02:13 . 2008-01-21 02:23	1304064	----a-w-	c:\windows\system32\WMALFXGFXDSP.dll
2013-10-21 05:02 . 2013-10-21 05:02	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-10-17 10:14 . 2013-11-23 09:34	719224	------w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll	ERROR(0x00000005)
2013-10-14 06:39 . 2013-11-08 05:55	7796464	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{57C029CF-4007-4154-AA50-1D1F0FEFBD21}\mpengine.dll	ERROR(0x00000005)
2013-10-14 06:39 . 2008-11-26 13:47	7796464	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll	ERROR(0x00000005)
2013-10-11 02:08 . 2013-11-13 06:00	444928	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-13 06:00	596480	----a-w-	c:\windows\system32\FWPUCLNT.DLL
2010-07-08 14:22 . 2013-09-30 20:08	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Spotify Web Helper"="c:\users\pieter en anja\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-23 1168896]
"FLV Player"="c:\users\pieter en anja\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe" [2012-10-26 202752]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]
"Spotify"="c:\users\pieter en anja\AppData\Roaming\Spotify\spotify.exe" [2013-12-23 5951488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-08 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-10-14 20480]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"KPN Assistent"="c:\program files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe" [2013-06-12 38142582]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn" [X]
"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2009-8-22 44176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 0114881387384327mcinstcleanup;McAfee Application Installer Cleanup (0114881387384327);c:\windows\TEMP\0114881387384327mcinst.exe [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MPKSL751B66AB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 06:09	1210320	----a-w-	c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 18:12]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 12:42]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 12:42]
.
2012-08-05 c:\windows\Tasks\User_Feed_Synchronization-{6CC2ED6B-1AD9-4076-AE4B-5C2927BC4B55}.job
- c:\windows\system32\msfeedssync.exe [2013-08-28 16:41]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
mStart Page = about:blank
mDefault_Page_URL = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\pieter en anja\AppData\Roaming\Mozilla\Firefox\Profiles\iy4wii2d.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - 
FF - ExtSQL: !HIDDEN! 2009-09-02 22:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=78aa10880000000000000024211f2c6c&q=
FF - user.js: extensions.BabylonToolbar.id - 78aa10880000000000000024211f2c6c
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15998
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.24.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.24.6
FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.24.612:14
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - nl
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=125056&tsp=5041
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar.newTab - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-04 14:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2014-01-04  14:20:15
ComboFix-quarantined-files.txt  2014-01-04 13:20
ComboFix2.txt  2014-01-04 10:32
ComboFix3.txt  2014-01-04 09:23
ComboFix4.txt  2014-01-03 12:58
.
Pre-Run: 537.542.713.344 bytes beschikbaar
Post-Run: 537.516.478.464 bytes beschikbaar
.
- - End Of File - - B0B7CFD0102D0D2CEE1C170D780464A9
5C616939100B85E558DA92B899A0FC36