ComboFix 15-06-09.01 - Eigenaar 13/06/2015   9:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1043.18.2047.583 [GMT 2:00]
Gestart vanuit: c:\users\Eigenaar\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2015-05-13 to 2015-06-13  ))))))))))))))))))))))))))))))
.
.
2015-06-13 07:25 . 2015-06-13 07:27	--------	d-----w-	c:\users\Eigenaar\AppData\Local\temp
2015-06-13 07:25 . 2015-06-13 07:25	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-06-13 07:25 . 2015-06-13 07:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-06-12 13:22 . 2015-05-03 03:42	9265072	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{012B4D87-893C-4913-876C-0669CAC126B2}\mpengine.dll
2015-06-12 12:39 . 2015-04-24 15:54	532480	----a-w-	c:\windows\system32\comctl32.dll
2015-06-12 12:27 . 2015-05-21 14:22	2066432	----a-w-	c:\windows\system32\win32k.sys
2015-06-12 11:29 . 2015-05-04 22:50	7680	----a-w-	c:\windows\system32\spwmp.dll
2015-06-12 11:29 . 2015-05-04 22:50	4096	----a-w-	c:\windows\system32\msdxm.ocx
2015-06-12 11:29 . 2015-05-04 22:50	4096	----a-w-	c:\windows\system32\dxmasf.dll
2015-06-12 11:29 . 2015-05-04 21:21	107520	----a-w-	c:\program files\Windows Media Player\wmpconfig.exe
2015-06-12 11:29 . 2015-05-04 21:21	168960	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2015-06-12 11:29 . 2015-05-04 21:21	107520	----a-w-	c:\program files\Windows Media Player\wmpshare.exe
2015-06-12 11:29 . 2015-05-04 21:21	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2015-06-11 10:42 . 2015-06-11 10:45	--------	d-----w-	C:\804c682abe21f5c18f
2015-06-09 12:41 . 2015-06-09 12:41	--------	d-----w-	c:\windows\Migration
2015-06-09 12:22 . 2015-06-09 11:33	24064	----a-w-	c:\windows\zoek-delete.exe
2015-06-09 11:33 . 2015-06-09 12:07	--------	d-----w-	C:\zoek_backup
2015-06-09 10:55 . 2015-06-12 13:10	--------	d-----w-	c:\users\Eigenaar\AppData\Local\CrashDumps
2015-06-08 13:07 . 2015-06-08 13:07	35064	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2015-06-08 13:07 . 2015-06-08 14:07	--------	d-----w-	c:\programdata\RogueKiller
2015-06-08 13:06 . 2015-06-08 13:06	--------	d-----w-	c:\windows\system32\Adobe
2015-06-08 13:04 . 2015-06-08 13:04	--------	d-----w-	c:\program files\Common Files\Java
2015-06-08 13:03 . 2015-06-08 13:02	96352	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-06-08 12:59 . 2015-06-08 12:59	--------	d-----w-	c:\programdata\Oracle
2015-06-08 12:58 . 2015-06-08 12:58	--------	d-----w-	c:\program files\Java
2015-06-08 12:31 . 2015-06-10 12:34	--------	d-----w-	C:\AdwCleaner
2015-06-08 12:30 . 2015-06-08 12:30	--------	d-----w-	c:\programdata\SUPERSetup
2015-06-08 07:07 . 2015-06-08 07:47	--------	d-----w-	C:\rsit
2015-06-06 17:22 . 2008-04-13 08:20	655872	----a-w-	c:\program files\Windows Sidebar\msvcr90.dll
2015-06-06 17:22 . 2013-12-25 21:20	69632	----a-w-	c:\program files\Windows Sidebar\update.exe
2015-06-06 17:22 . 2013-12-05 13:16	10254336	----a-w-	c:\program files\Windows Sidebar\QtWebKit4.dll
2015-06-06 17:22 . 2013-11-10 21:56	2147328	----a-w-	c:\program files\Windows Sidebar\QtCore4.dll
2015-06-06 17:22 . 2010-06-02 08:59	232960	----a-w-	c:\program files\Windows Sidebar\phonon4.dll
2015-06-06 17:22 . 2010-06-02 08:57	2530816	----a-w-	c:\program files\Windows Sidebar\QtXmlPatterns4.dll
2015-06-06 17:22 . 2010-06-02 08:44	7982592	----a-w-	c:\program files\Windows Sidebar\QtGui4.dll
2015-06-06 17:22 . 2010-06-02 08:32	934912	----a-w-	c:\program files\Windows Sidebar\QtNetwork4.dll
2015-06-06 17:22 . 2010-06-02 08:30	335360	----a-w-	c:\program files\Windows Sidebar\QtXml4.dll
2015-06-06 17:22 . 2008-04-13 08:20	568832	----a-w-	c:\program files\Windows Sidebar\msvcp90.dll
2015-06-06 17:22 . 2008-04-13 08:20	224768	----a-w-	c:\program files\Windows Sidebar\msvcm90.dll
2015-05-29 14:58 . 2015-05-29 14:58	--------	d-----w-	c:\programdata\Raxco
2015-05-29 14:57 . 2015-05-29 14:57	--------	d-----w-	c:\program files\Common Files\Raxco
2015-05-29 14:55 . 2015-05-29 14:57	--------	d-----w-	c:\program files\Raxco
2015-05-28 11:15 . 2015-05-28 11:15	--------	d-----w-	c:\users\Eigenaar\AppData\Local\TomTom
2015-05-28 11:15 . 2015-05-28 11:15	--------	d-----w-	c:\program files\TomTom International B.V
2015-05-28 11:14 . 2015-05-28 11:14	--------	d-----w-	c:\program files\MyDrive Connect
2015-05-22 17:16 . 2015-05-22 17:16	18652352	----a-w-	c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-13 07:07 . 2015-01-21 14:42	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-10 13:11 . 2014-10-01 15:59	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-06-10 13:11 . 2014-10-01 15:59	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-13 18:00 . 2015-05-13 18:00	241088	----a-w-	c:\windows\system32\PDBoot.exe
2015-04-30 16:03 . 2015-05-14 06:51	279040	----a-w-	c:\windows\system32\schannel.dll
2015-04-30 13:14 . 2015-05-14 06:45	102608	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-19 21:24 . 2015-05-14 06:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2015-04-19 21:24 . 2015-05-14 06:45	189952	----a-w-	c:\windows\system32\d3d10core.dll
2015-04-19 21:24 . 2015-05-14 06:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2015-04-19 21:24 . 2015-05-14 06:45	1029120	----a-w-	c:\windows\system32\d3d10.dll
2015-04-19 20:19 . 2015-05-14 06:45	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2015-04-19 20:18 . 2015-05-14 06:45	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2015-04-19 20:13 . 2015-05-14 06:45	682496	----a-w-	c:\windows\system32\d2d1.dll
2015-04-19 20:12 . 2015-05-14 06:45	1072640	----a-w-	c:\windows\system32\DWrite.dll
2015-04-19 20:12 . 2015-05-14 06:45	801792	----a-w-	c:\windows\system32\FntCache.dll
2015-04-14 07:37 . 2015-01-21 14:41	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-01-21 14:41	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2015-01-21 14:41	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-04-14 01:38 . 2015-04-14 01:38	1217192	----a-w-	c:\windows\system32\FM20.DLL
2015-04-14 00:35 . 2015-04-14 00:35	875720	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 00:35 . 2015-04-14 00:35	536776	----a-w-	c:\windows\system32\msvcp120_clr0400.dll
2015-04-10 23:22 . 2015-05-14 06:15	279552	----a-w-	c:\windows\system32\services.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-15 10:55	1605832	----a-w-	c:\users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-05-15 10:55	1605832	----a-w-	c:\users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-05-15 10:55	1605832	----a-w-	c:\users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-15 10:55	1605832	----a-w-	c:\users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-15 10:55	1605832	----a-w-	c:\users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-05-15 6714136]
"Spotify Web Helper"="c:\users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-11 1676344]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"uTorrent"="c:\users\Eigenaar\AppData\Roaming\uTorrent\uTorrent.exe" [2015-05-06 1694560]
"MyDriveConnect.exe"="c:\program files\MyDrive Connect\TomTom MyDrive Connect.exe" [2015-04-28 1905032]
"qwupdate"="c:\program files\Windows Sidebar\update.exe" [2013-12-25 69632]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-10 11:00	986440	----a-w-	c:\program files\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2015-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-01 13:11]
.
2015-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-26 12:29]
.
2015-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-26 12:29]
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Toevoegen aan Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 195.130.131.5 195.130.130.133
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\cxtrx0rh.default-1424613678677\
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\lib\Uninstall.exe
AddRemove-UVK - Ultra virus killer - c:\program files\UVK - Ultra Virus Killer\UVK_en.exe
AddRemove-Wondershare AllMyTube_is1 - c:\program files\Wondershare\AllMyTube\unins000.exe
AddRemove-{82A51915-32C3-4D86-8015-9C8D64EB5383}_is1 - c:\program files\Full Player\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-06-13 09:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2015-06-13  09:34:03
ComboFix-quarantined-files.txt  2015-06-13 07:33
.
Pre-Run: 80.222.375.936 bytes beschikbaar
Post-Run: 80.044.937.216 bytes beschikbaar
.
- - End Of File - - B4AB248A6B9CCFF420E8A79DCCDE0005
5C616939100B85E558DA92B899A0FC36