ComboFix 14-11-15.01 - Geo 15/11/2014  10:27:00.1.2 - x86
Microsoft Windows 8 Pro  6.2.9200.0.1252.31.1043.18.3037.1798 [GMT 1:00]
Gestart vanuit: c:\users\Geo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7IXQDCW\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\sqlite-3.7.2-sqlitejdbc.dll
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-10-15 to 2014-11-15  ))))))))))))))))))))))))))))))
.
.
2014-11-15 09:34 . 2014-11-15 09:34	--------	d-----w-	c:\users\shari\AppData\Local\temp
2014-11-15 09:34 . 2014-11-15 09:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-15 09:34 . 2014-11-15 09:34	--------	d-----w-	c:\users\ann\AppData\Local\temp
2014-11-14 17:31 . 2014-10-30 00:53	106432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-14 17:31 . 2014-10-30 00:53	713672	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-11-14 16:59 . 2014-09-10 14:30	908840	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{92AD63CF-7F29-4EF8-86C8-CA60AD45E2B8}\gapaengine.dll
2014-11-14 16:58 . 2014-10-14 12:13	8901368	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{856E5998-E77E-462C-8AB5-0A4247B1E222}\mpengine.dll
2014-11-14 16:57 . 2014-10-22 01:33	437424	----a-w-	c:\windows\system32\AutoUpdate.exe
2014-11-14 16:57 . 2014-10-22 01:33	409080	----a-w-	c:\windows\system32\NotificationUI.exe
2014-11-14 16:57 . 2014-10-22 01:08	568832	----a-w-	c:\windows\system32\WSShared.dll
2014-11-14 16:57 . 2014-10-22 01:08	124928	----a-w-	c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-14 16:57 . 2014-10-22 01:07	96768	----a-w-	c:\windows\system32\WinSetupUI.dll
2014-11-14 16:55 . 2014-08-21 23:56	1418752	----a-w-	c:\windows\system32\msxml3.dll
2014-11-13 12:29 . 2014-11-13 12:47	--------	d-----w-	C:\zoek_backup
2014-11-06 15:14 . 2014-11-06 15:14	--------	d-----w-	c:\program files\E Dev
2014-10-31 13:04 . 2014-11-14 17:24	--------	d-----w-	c:\program files\trend micro
2014-10-31 13:04 . 2014-10-31 13:05	--------	d-----w-	C:\rsit
2014-10-29 13:28 . 2014-11-15 09:19	--------	d-----w-	c:\windows\system32\AutoUpdateLicense
2014-10-29 13:04 . 2014-10-29 13:04	--------	d-----w-	c:\windows\AppReadiness
2014-10-23 16:26 . 2014-10-23 16:26	--------	d-----w-	c:\windows\ServiceProfiles\LocalService\winhttp
2014-10-23 14:36 . 2014-10-23 14:36	--------	d-----w-	c:\users\Geo\AppData\Roaming\QuickScan
2014-10-23 14:33 . 2014-11-14 17:24	--------	d-----w-	c:\program files\Microsoft Silverlight
2014-10-23 14:31 . 2014-11-14 17:24	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2014-10-17 12:34 . 2014-07-24 11:50	363328	----a-w-	c:\windows\system32\drivers\USBHUB3.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:24 . 2012-12-17 10:52	229000	------w-	c:\windows\system32\MpSigStub.exe
2014-10-10 17:14 . 2014-08-05 11:08	110296	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2014-09-07 18:24 . 2012-07-26 06:53	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-28 06:52 . 2014-09-11 11:51	52632	----a-w-	c:\windows\system32\wuauclt.exe
2014-08-28 06:05 . 2014-09-11 11:51	35328	----a-w-	c:\windows\system32\wuapp.exe
2014-08-28 06:05 . 2014-09-11 11:51	630272	----a-w-	c:\windows\system32\wuapi.dll
2014-08-28 06:05 . 2014-09-11 11:51	2601472	----a-w-	c:\windows\system32\wuaueng.dll
2014-08-28 06:05 . 2014-09-11 11:51	1557504	----a-w-	c:\windows\system32\wucltux.dll
2014-08-28 06:05 . 2014-09-11 11:51	216576	----a-w-	c:\windows\system32\WUSettingsProvider.dll
2014-08-28 06:05 . 2014-09-11 11:51	16384	----a-w-	c:\windows\system32\wuaext.dll
2014-08-28 06:05 . 2014-09-11 11:51	86528	----a-w-	c:\windows\system32\wudriver.dll
2014-08-28 06:05 . 2014-09-11 11:51	128000	----a-w-	c:\windows\system32\wuwebv.dll
2014-08-28 06:04 . 2014-09-11 11:51	149504	----a-w-	c:\windows\system32\storewuauth.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-07 43816]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]
"AppleIEDAV"="c:\program files\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2014-08-04 1080104]
"Spotify Web Helper"="c:\users\Geo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-08 1514040]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2014-02-14 1564992]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2013-08-27 248208]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-09-26 4811032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung Link"="c:\program files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" [2014-03-13 569696]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2014-02-14 311616]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
c:\users\Geo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2011-4-29 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-06-24 42784]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [2013-12-21 401800]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe [2014-03-13 577376]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072]
S3 NETwNs32;@netwns32.inf,___ %NIC_Service_DispName_WIN7%;___ Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter voor 32-bits Windows 7;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 RTL8168;Realtek 8168 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt630x86.sys [2012-07-25 495104]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService	REG_MULTI_SZ   	HPSLPSVC
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-19 16:05]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-19 16:05]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dashost.exe
c:\windows\system32\taskhostex.exe
c:\windows\System32\AutoUpdate.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
c:\program files\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\System32\RuntimeBroker.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
c:\windows\system32\conhost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\msiexec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\vssvc.exe
c:\windows\SoftwareDistribution\Download\0fa20ec87b11f2348d77a29fb0b04300\WindowsStoreSetupBox.exe
c:\$windows.~bt\Sources\SetupHost.Exe
c:\windows\System32\ThumbnailExtractionHost.exe
.
**************************************************************************
.
Voltooingstijd: 2014-11-15  10:42:50 - machine werd herstart
ComboFix-quarantined-files.txt  2014-11-15 09:42
.
Pre-Run: 101 034 827 776 bytes free
Post-Run: 94 617 124 864 bytes free
.
- - End Of File - - 37DE6EDF26029D86A8715B993FA3ACBF
5C616939100B85E558DA92B899A0FC36