ComboFix 14-10-21.01 - Donckers 23-10-2014  14:11:06.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.31.1043.18.3326.1961 [GMT 2:00]
Gestart vanuit: c:\users\Donckers\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-09-23 to 2014-10-23  ))))))))))))))))))))))))))))))
.
.
2014-10-23 12:16 . 2014-10-23 12:16	--------	d-----w-	c:\users\Donckers\AppData\Local\temp
2014-10-23 12:16 . 2014-10-23 12:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-23 10:51 . 2014-10-14 20:13	8901368	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE22F8CB-68BA-4FA7-990A-AD939AD442A0}\mpengine.dll
2014-10-23 10:51 . 2014-10-14 20:13	8901368	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-23 10:43 . 2014-10-23 10:29	24064	----a-w-	c:\windows\zoek-delete.exe
2014-10-23 10:28 . 2014-10-23 10:40	--------	d-----w-	C:\zoek_backup
2014-10-22 19:35 . 2014-10-22 19:49	--------	d-----w-	c:\program files\trend micro
2014-10-22 19:35 . 2014-10-22 19:36	--------	d-----w-	C:\rsit
2014-10-22 16:40 . 2014-10-22 16:40	--------	d-----w-	c:\program files\HD Tune
2014-10-22 14:38 . 2014-10-22 14:39	--------	d-----w-	C:\AdwCleaner
2014-10-22 14:05 . 2014-10-22 14:05	--------	d-----w-	c:\program files\WhoCrashed
2014-10-18 15:08 . 2014-10-18 15:08	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-10-18 15:08 . 2014-10-18 15:08	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-18 13:32 . 2014-10-18 13:32	--------	d-----w-	c:\program files\Battle.net
2014-10-15 08:09 . 2014-06-15 22:18	1131664	----a-w-	c:\windows\system32\dfshim.dll
2014-10-15 08:09 . 2014-06-13 18:22	81560	----a-w-	c:\windows\system32\mscories.dll
2014-10-15 08:09 . 2014-06-13 18:22	156824	----a-w-	c:\windows\system32\mscorier.dll
2014-10-15 08:07 . 2014-09-27 23:29	2054656	----a-w-	c:\windows\system32\win32k.sys
2014-10-15 08:00 . 2014-09-04 23:27	143360	----a-w-	c:\windows\system32\drivers\fastfat.sys
2014-10-15 07:58 . 2014-09-16 16:56	66560	----a-w-	c:\windows\system32\packager.dll
2014-10-02 09:43 . 2014-09-17 08:17	908840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7D50FC1-6F92-4E31-8DF5-807A52BD2C4D}\gapaengine.dll
2014-09-24 09:04 . 2014-09-09 06:24	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-23 10:28 . 2014-06-17 17:41	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-22 06:41 . 2014-05-10 07:39	231568	------w-	c:\windows\system32\MpSigStub.exe
2014-09-17 08:17 . 2014-05-23 06:47	908840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-23 01:03 . 2014-08-28 10:21	297984	----a-w-	c:\windows\system32\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-10-11 6692632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2013-11-26 85600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-04-17 748256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-08-23 142648]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2014-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-18 15:08]
.
.
------- Bijkomende Scan -------
.
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.192.1
FF - ProfilePath - c:\users\Donckers\AppData\Roaming\Mozilla\Firefox\Profiles\fbg7q48v.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-23 14:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2014-10-23  14:18:01
ComboFix-quarantined-files.txt  2014-10-23 12:17
.
Pre-Run: 339.621.879.808 bytes beschikbaar
Post-Run: 339.548.012.544 bytes beschikbaar
.
- - End Of File - - AEDD6462B9D910864CD98241F38EA2D3
5C616939100B85E558DA92B899A0FC36