ComboFix 14-02-19.01 - Witte 20/02/2014  14:17:39.1.1 - x86
Gestart vanuit: c:\users\Witte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J92I2YDN\ComboFix.exe
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-01-20 to 2014-02-20  ))))))))))))))))))))))))))))))
.
.
2014-02-20 13:27 . 2014-02-20 13:28	--------	d-----w-	c:\users\Witte\AppData\Local\temp
2014-02-20 13:27 . 2014-02-20 13:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-02-20 13:27 . 2014-02-20 13:27	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-02-20 13:14 . 2014-02-20 13:14	39464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08EA2806-9F78-434A-AC9F-DA224B445DC2}\MpKslcd6a77fa.sys
2014-02-19 11:49 . 2014-02-06 07:08	7947048	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08EA2806-9F78-434A-AC9F-DA224B445DC2}\mpengine.dll
2014-02-18 14:36 . 2014-02-06 07:08	7947048	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-18 14:29 . 2014-02-18 14:29	--------	d-----w-	C:\zoek_backup
2014-02-18 08:42 . 2013-10-18 09:14	719224	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AA42BA4-1D7B-4FC9-8B33-0A6E62B0DA01}\gapaengine.dll
2014-02-16 23:39 . 2014-02-16 23:39	--------	d-----w-	c:\program files\trend micro
2014-02-12 09:58 . 2013-12-05 02:12	1248768	----a-w-	c:\windows\system32\msxml3.dll
2014-02-12 00:01 . 2014-02-12 00:01	--------	d-----w-	c:\users\Witte\AppData\Roaming\Systweak
2014-02-12 00:00 . 2013-12-20 15:00	17192	----a-w-	c:\windows\system32\roboot.exe
2014-02-12 00:00 . 2012-01-25 11:00	17136	----a-w-	c:\windows\system32\sasnative32.exe
2014-02-12 00:00 . 2014-02-12 00:00	--------	d-----w-	c:\programdata\Systweak
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-18 16:42 . 2012-05-18 12:12	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-02-18 16:42 . 2011-05-17 20:38	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2009-10-05 09:32	231584	------w-	c:\windows\system32\MpSigStub.exe
2013-12-18 20:10 . 2014-01-17 00:39	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2238704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"Skytel"="Skytel.exe" [2008-08-19 1833504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Witte^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk]
path=c:\users\Witte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Productregistratie.lnk
backup=c:\windows\pss\Logitech . Productregistratie.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2010-02-05 12:29	2056192	----a-w-	c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2013-12-29 17:49	895328	----a-w-	c:\users\Witte\AppData\Roaming\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36	2793304	----a-w-	c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-08-19 10:26	6265376	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-08-19 10:27	1833504	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-05-09 17:18	49152	----a-w-	c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2010-03-20 35712]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MPKSLCD6A77FA
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
rsmsvcs	REG_MULTI_SZ   	ntmssvc
.
Inhoud van de 'Gedeelde Taken' map
.
2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-26 11:36]
.
2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-26 11:36]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://breedband.telenet.be
mWindow Title = Telenet Internet
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.131.1 195.130.130.129
FF - ProfilePath - c:\users\Witte\AppData\Roaming\Mozilla\Firefox\Profiles\na1r8wc5.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)
WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-HTC Sync Loader - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MSConfigStartUp-Smart File Advisor - c:\program files\Smart File Advisor\sfa.exe
AddRemove-Kalua Cocktails - c:\progra~1\Kalua\UNWISE32
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update - c:\program files\NVIDIA Corporation\Installer2\installer.{C7855BA4-C1A4-48BB-ADA4-2E2A81E78F3A}\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.{C7855BA4-C1A4-48BB-ADA4-2E2A81E78F3A}\NVI2.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-20 14:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5BD7.tmp"
.
Voltooingstijd: 2014-02-20  14:30:33
ComboFix-quarantined-files.txt  2014-02-20 13:30
.
Pre-Run: 18.447.884.288 bytes beschikbaar
Post-Run: 18.318.323.712 bytes beschikbaar
.
- - End Of File - - 9781397D50042E4FE12FD6BC3A5D560B
8C9F9E03865C35F0F3829A23CDA42F5D