ComboFix 14-07-08.04 - di 10-07-2014  12:52:46.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.31.1043.18.3070.1443 [GMT 2:00]
Gestart vanuit: c:\users\di\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\users\di\AppData\Roaming\.#
c:\users\di\AppData\Roaming\.#\MBX@1514@16F2708.###
c:\users\di\AppData\Roaming\.#\MBX@1514@16F2738.###
c:\users\di\AppData\Roaming\.#\MBX@17B4@1D32708.###
c:\users\di\AppData\Roaming\.#\MBX@17B4@1D32738.###
c:\users\di\AppData\Roaming\.#\MBX@E08@1762708.###
c:\users\di\AppData\Roaming\.#\MBX@E08@1762738.###
c:\users\di\AppData\Roaming\Kaspersky_Key_Finder_(KKF
c:\users\di\AppData\Roaming\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder.exe_Url_cltq1sd1xstgcr2lp0ouiw4agrrvkfae\1.5.0.0\user.config
c:\users\di\AppData\Roaming\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_V1.5_Url_45kjbglvfyljk5l52plpr1hr1offohkz\1.5.0.0\user.config
c:\users\di\AppData\Roaming\system32
c:\users\di\AppData\Roaming\system32\sys.dat
c:\windows\system32\CddbCdda.dll
c:\windows\system32\KBL.LOG
c:\windows\system32\msvcrt3.dll
D:\resycled
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-06-10 to 2014-07-10  ))))))))))))))))))))))))))))))
.
.
2014-07-10 11:15 . 2014-07-10 11:15	--------	d-----w-	c:\users\TEMP\AppData\Local\temp
2014-07-08 14:35 . 2014-07-08 14:57	--------	d-----w-	C:\zoek_backup
2014-07-07 21:57 . 2014-07-07 21:58	--------	d-----w-	C:\rsit
2014-07-07 10:42 . 2014-07-07 10:42	--------	d-----w-	c:\program files\Speccy
2014-07-07 10:11 . 2014-07-07 10:11	388096	----a-r-	c:\users\di\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-07-07 09:41 . 2014-07-07 09:41	--------	d-----w-	c:\windows\ERUNT
2014-07-07 07:07 . 2010-08-30 06:34	536576	----a-w-	c:\windows\system32\sqlite3.dll
2014-07-06 22:17 . 2014-07-06 22:17	--------	d-----w-	c:\program files\Malwarebytes Anti-Malware
2014-07-06 00:59 . 2014-07-06 00:59	--------	d-----w-	c:\program files\ReviverSoft
2014-07-05 23:36 . 2014-07-05 23:36	--------	d-----w-	c:\programdata\RegistryReviver.exe
2014-07-05 23:35 . 2014-07-05 23:35	--------	d-----w-	c:\programdata\ReviverSoft
2014-07-03 18:33 . 2014-07-03 18:33	--------	d-----w-	c:\users\di\AppData\Local\ESET
2014-06-22 20:45 . 2014-06-22 20:46	--------	d-----w-	c:\users\di\AppData\Roaming\IObit
2014-06-21 22:16 . 2014-06-21 22:16	--------	d-----w-	C:\sh4ldr
2014-06-21 22:16 . 2014-06-21 22:16	--------	d-----w-	c:\program files\Enigma Software Group
2014-06-19 20:57 . 2014-06-19 20:57	71680	----a-w-	c:\windows\system32\drivers\nhcDriver.sys
2014-06-19 20:57 . 2014-06-19 20:57	--------	d-----w-	c:\users\di\AppData\Roaming\Notebook Hardware Control
2014-06-19 17:01 . 2012-06-05 07:37	256904	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2014-06-19 16:56 . 2014-06-19 16:56	--------	d-----w-	c:\users\di\AppData\Roaming\QuickScan
2014-06-18 22:52 . 2014-06-18 22:52	--------	d-----w-	c:\users\di\AppData\Roaming\Nuance
2014-06-18 22:37 . 2014-06-18 22:37	--------	d-----w-	c:\users\di\AppData\Roaming\FLEXnet
2014-06-18 22:32 . 2014-06-19 08:52	--------	d-----w-	c:\program files\Common Files\IVA
2014-06-18 22:32 . 2014-06-19 08:51	--------	d-----w-	c:\program files\Common Files\Nuance
2014-06-18 22:26 . 2014-06-18 22:26	--------	d-----w-	c:\programdata\FLEXnet
2014-06-18 22:26 . 2014-06-18 22:26	--------	d-----w-	c:\programdata\Nuance
2014-06-18 22:26 . 2014-06-18 22:26	--------	d-----w-	c:\program files\Nuance
2014-06-16 22:25 . 2014-06-16 22:26	--------	d--h--w-	c:\programdata\CanonIJMIG
2014-06-16 20:45 . 2014-06-16 20:45	--------	d-----w-	c:\users\di\AppData\Roaming\MiniGet
2014-06-16 20:45 . 2014-06-17 16:44	--------	d-----w-	c:\program files\MiniGet
2014-06-16 20:41 . 2014-06-17 16:48	--------	d-----w-	c:\users\di\AppData\Local\23513
2014-06-16 18:55 . 2014-06-16 18:55	--------	d-----w-	c:\users\di\AppData\Local\MaxiGet Download Manager
2014-06-11 19:35 . 2014-03-10 01:22	1401344	----a-w-	c:\windows\system32\msxml6.dll
2014-06-11 19:35 . 2014-03-10 01:22	1248768	----a-w-	c:\windows\system32\msxml3.dll
2014-06-11 19:35 . 2014-04-26 16:01	502784	----a-w-	c:\windows\system32\usp10.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 10:26 . 2012-08-05 10:28	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-14 10:26 . 2012-08-05 10:28	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-07 13:02 . 2014-05-30 10:39	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2011-10-21 21:31 . 2011-10-21 21:31	2578312	----a-w-	c:\program files\ccsetup311_slim.exe
2007-03-12 16:59 . 2007-03-12 16:59	299008	----a-w-	c:\program files\navigram_register.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\di\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\di\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\di\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\di\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-06 1322832]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496]
"GoogleChromeAutoLaunch_E072BF84D99C5EFBCC9C20BDE1D1646F"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2013-02-19 453736]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-02 1282120]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496]
.
c:\users\di\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\di\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^di^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^budgetbuddy.lnk]
backup=c:\windows\pss\budgetbuddy.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^di^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 20:29	1091912	----a-w-	c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 10:26]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.bg/
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{15ABF9FA-C7A4-49EA-B158-F1662B096632}: NameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
WebBrowser-{E76157AA-E216-4F83-8C32-3059FF364464} - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
SafeBoot-30753092.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-10 13:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3015403928-906410995-3568150009-1000_Classes\CLSID\{488bfe07-18ab-4cb3-bee1-64af9037348b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e6
"Therad"=dword:00000019
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
"SpecVersion"=dword:00000142
.
[HKEY_USERS\S-1-5-21-3015403928-906410995-3568150009-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):f5,7a,13,85,8b,96,01,24,d5,e5,12,94,b7,11,fc,5e,06,8a,b6,d4,9b,
   00,0c,38,c7,5c,a5,ab,2f,1a,81,10,9c,89,80,6a,cd,24,8e,13,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3015403928-906410995-3568150009-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):0f,de,06,d7,5b,9b,1e,5e,49,64,01,19,16,ba,fe,97,2e,40,ac,9b,55,
   eb,0d,0d,67,43,7e,67,63,32,db,e2,c9,cb,3a,8c,93,3a,4d,c3,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3015403928-906410995-3568150009-1000_Classes\CLSID\{d5293300-0cd8-4417-b027-d352873a7cdd}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000074
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,54,52,77,f6,32,01,f0,84,58,35,21,8e,0a,50,ea,d7,5e,4e,b2,52,3a,df,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2014-07-10  13:19:15
ComboFix-quarantined-files.txt  2014-07-10 11:19
.
Pre-Run: 35.589.373.952 bytes beschikbaar
Post-Run: 35.538.612.224 bytes beschikbaar
.
- - End Of File - - E7E5953B77FED4FE7DCF69615B892C61
1A1A06F62E891045814007163C1C76C3