ComboFix 14-10-15.01 - lucky 19/10/2014  21:17:53.1.2 - x86
Gestart vanuit: c:\users\lucky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MHWUW9K\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-09-19 to 2014-10-19  ))))))))))))))))))))))))))))))
.
.
2014-10-19 19:36 . 2014-10-19 19:36	--------	d-----w-	c:\users\lucky\AppData\Local\temp
2014-10-19 19:36 . 2014-10-19 19:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-18 18:54 . 2014-10-18 18:54	--------	d-----w-	C:\zoek_backup
2014-10-17 06:41 . 2014-09-09 01:24	8806800	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8117CE0-F8EB-447F-864D-874765DCF2EB}\mpengine.dll
2014-10-17 06:25 . 2014-06-15 22:18	1131664	----a-w-	c:\windows\system32\dfshim.dll
2014-10-17 06:25 . 2014-06-13 18:22	81560	----a-w-	c:\windows\system32\mscories.dll
2014-10-17 06:25 . 2014-06-13 18:22	156824	----a-w-	c:\windows\system32\mscorier.dll
2014-10-17 06:18 . 2014-09-27 23:29	2054656	----a-w-	c:\windows\system32\win32k.sys
2014-10-17 05:58 . 2014-09-04 23:27	143360	----a-w-	c:\windows\system32\drivers\fastfat.sys
2014-10-17 05:46 . 2014-09-16 16:56	66560	----a-w-	c:\windows\system32\packager.dll
2014-10-16 16:17 . 2014-10-16 16:29	--------	d-----w-	C:\rsit
2014-09-26 06:06 . 2014-09-09 06:24	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 10:31 . 2014-04-18 07:32	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-24 04:45 . 2013-01-06 15:09	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 04:45 . 2013-01-06 15:09	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-09-15 07:06 . 2011-10-22 17:47	231568	------w-	c:\windows\system32\MpSigStub.exe
2014-08-23 01:03 . 2014-08-29 06:25	297984	----a-w-	c:\windows\system32\gdi32.dll
2014-08-18 04:49 . 2010-06-24 09:33	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-16 09:38 . 2014-08-16 09:38	161792	----a-w-	c:\windows\system32\msls31.dll
2014-08-16 09:38 . 2014-08-16 09:38	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-08-16 09:38 . 2014-08-16 09:38	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-08-16 09:38 . 2014-08-16 09:38	86528	----a-w-	c:\windows\system32\iesysprep.dll
2014-08-16 09:38 . 2014-08-16 09:38	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-08-16 09:38 . 2014-08-16 09:38	63488	----a-w-	c:\windows\system32\tdc.ocx
2014-08-16 09:38 . 2014-08-16 09:38	367104	----a-w-	c:\windows\system32\html.iec
2014-08-16 09:38 . 2014-08-16 09:38	74752	----a-w-	c:\windows\system32\iesetup.dll
2014-08-16 09:38 . 2014-08-16 09:38	23552	----a-w-	c:\windows\system32\licmgr10.dll
2014-08-16 09:38 . 2014-08-16 09:38	152064	----a-w-	c:\windows\system32\wextract.exe
2014-08-16 09:38 . 2014-08-16 09:38	150528	----a-w-	c:\windows\system32\iexpress.exe
2014-08-16 09:38 . 2014-08-16 09:38	101888	----a-w-	c:\windows\system32\admparse.dll
2014-08-16 09:38 . 2014-08-16 09:38	35840	----a-w-	c:\windows\system32\imgutil.dll
2014-08-16 09:38 . 2014-08-16 09:38	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-08-16 09:33 . 2014-08-16 09:33	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2014-08-16 09:33 . 2014-08-16 09:33	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2014-08-16 09:33 . 2014-08-16 09:33	98816	----a-w-	c:\windows\system32\mfps.dll
2014-08-16 09:33 . 2014-08-16 09:33	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2014-08-16 09:33 . 2014-08-16 09:33	2873344	----a-w-	c:\windows\system32\mf.dll
2014-08-16 09:33 . 2014-08-16 09:33	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2014-08-16 09:33 . 2014-08-16 09:33	209920	----a-w-	c:\windows\system32\mfplat.dll
2014-08-16 09:33 . 2014-08-16 09:33	586240	----a-w-	c:\windows\system32\stobject.dll
2014-08-16 09:33 . 2014-08-16 09:33	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2014-08-16 09:33 . 2014-08-16 09:33	478720	----a-w-	c:\windows\system32\dxgi.dll
2014-08-16 09:33 . 2014-08-16 09:33	847360	----a-w-	c:\windows\system32\OpcServices.dll
2014-08-16 09:33 . 2014-08-16 09:33	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2014-08-16 09:33 . 2014-08-16 09:33	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2014-08-16 09:33 . 2014-08-16 09:33	258048	----a-w-	c:\windows\system32\winspool.drv
2014-08-16 09:33 . 2014-08-16 09:33	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2014-08-16 09:31 . 2014-08-16 09:31	4096	----a-w-	c:\windows\system32\drivers\nl-NL\dxgkrnl.sys.mui
2014-08-16 09:31 . 2014-08-16 09:31	519680	----a-w-	c:\windows\system32\d3d11.dll
2014-08-16 09:31 . 2014-08-16 09:31	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2014-08-16 09:31 . 2014-08-16 09:31	252928	----a-w-	c:\windows\system32\dxdiag.exe
2014-08-16 09:31 . 2014-08-16 09:31	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2014-08-16 09:31 . 2014-08-16 09:31	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2014-08-16 09:31 . 2014-08-16 09:31	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2014-08-16 09:31 . 2014-08-16 09:31	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-05-08 18680424]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-09-26 4811032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-16 13:39	1089352	----a-w-	c:\program files\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 04:45]
.
2014-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515218178-1156182028-4208866919-1000Core.job
- c:\users\lucky\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-30 09:19]
.
2014-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515218178-1156182028-4208866919-1000UA.job
- c:\users\lucky\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-30 09:19]
.
2014-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 10:11]
.
2014-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 10:11]
.
.
------- Bijkomende Scan -------
.
TCP: DhcpNameServer = 195.130.131.3 195.130.130.131
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-19 21:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Voltooingstijd: 2014-10-19  21:39:38
ComboFix-quarantined-files.txt  2014-10-19 19:39
.
Pre-Run: 35.968.286.720 bytes beschikbaar
Post-Run: 35.935.801.344 bytes beschikbaar
.
- - End Of File - - E48CD8B0DC51850D59FB41D1F6E89617
5C616939100B85E558DA92B899A0FC36