ComboFix 15-10-23.01 - Paul 24/10/2015 11:53:06.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1014.541 [GMT 2:00] Gestart vanuit: c:\documents and settings\Paul\Mijn documenten\ComboFix.exe AV: BullGuard Antivirus *Disabled/Outdated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard Firewall *Disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Paul\Mijn documenten\53C.tmp c:\documents and settings\Paul\Mijn documenten\53D.tmp c:\documents and settings\Paul\Mijn documenten\53F.tmp c:\documents and settings\Paul\Mijn documenten\540.tmp c:\documents and settings\Paul\Mijn documenten\541.tmp c:\documents and settings\Paul\Mijn documenten\542.tmp c:\documents and settings\Paul\Mijn documenten\543.tmp c:\windows\system32\C . . (((((((((((((((((((( Bestanden Gemaakt van 2015-09-24 to 2015-10-24 )))))))))))))))))))))))))))))) . . 2015-10-23 09:46 . 2015-10-23 09:46 -------- d-----w- c:\program files\ESET 2015-10-21 11:21 . 2015-10-21 11:22 -------- d-----w- C:\AdwCleaner 2015-10-20 15:15 . 2015-10-20 14:58 24064 ----a-w- c:\windows\zoek-delete.exe 2015-10-20 14:30 . 2015-10-20 15:08 -------- d-----w- C:\zoek_backup 2015-10-19 17:11 . 2015-10-19 17:12 -------- d-----w- c:\program files\trend micro 2015-10-19 17:11 . 2015-10-19 17:12 -------- d-----w- C:\rsit 2015-10-18 14:40 . 2015-10-23 21:05 -------- d--h--r- c:\documents and settings\Paul\Onlangs geopend 2015-10-16 14:52 . 2015-10-16 14:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG 2015-10-16 14:51 . 2015-10-16 14:51 -------- d-----w- c:\documents and settings\Paul\Application Data\AVG 2015-10-16 14:50 . 2015-10-17 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg 2015-10-16 14:49 . 2015-10-16 14:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2015-10-16 14:49 . 2015-10-16 14:51 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Avg 2015-10-16 14:45 . 2015-10-23 11:24 -------- d-----w- c:\program files\commview 2015-10-10 18:40 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll 2015-10-10 10:05 . 2015-10-23 11:14 -------- d-----w- C:\progamma'spat 2015-10-09 00:12 . 2014-02-26 23:28 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe 2015-10-09 00:12 . 2014-02-26 23:28 13312 ------w- c:\windows\system32\xp_eos.exe 2015-10-08 18:27 . 2015-10-08 18:27 -------- d-----w- c:\documents and settings\Paul\Application Data\Simply Super Software 2015-10-08 17:20 . 2010-01-13 10:18 1498560 ----a-w- c:\windows\system32\igkrng400.bin 2015-10-08 17:20 . 2010-01-13 10:28 155648 ----a-w- c:\windows\system32\igfxCoIn_v5218.dll 2015-10-08 13:13 . 2015-10-08 15:49 -------- d-----w- c:\program files\CCleaner 2015-10-08 12:05 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys 2015-10-08 12:05 . 2015-10-08 12:05 -------- d-----w- c:\program files\VS Revo Group 2015-10-08 11:50 . 2015-10-08 11:50 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\VS Revo Group 2015-10-08 11:49 . 2015-10-08 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group 2015-10-07 17:46 . 2015-10-23 11:24 -------- d-----w- c:\program files\HitmanPro 2015-10-07 17:45 . 2015-10-07 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2015-10-07 15:59 . 2013-03-12 11:36 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2015-10-07 15:59 . 2013-03-12 11:36 782240 ----a-w- c:\windows\system32\deployJava1.dll 2015-10-07 15:59 . 2015-10-07 15:59 -------- d-----w- c:\program files\Common Files\Java 2015-10-07 15:57 . 2015-10-07 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Oracle 2015-10-07 15:54 . 2015-10-07 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Ashampoo 2015-10-07 15:11 . 2015-10-08 07:56 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-10-07 15:10 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-10-07 15:10 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-10-07 15:10 . 2015-10-07 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2015-10-06 18:13 . 2015-10-06 18:13 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\TeamViewer 2015-10-06 18:09 . 2015-10-06 18:09 -------- d-----w- c:\documents and settings\Paul\Application Data\TeamViewer 2015-10-06 18:09 . 2015-10-06 18:10 -------- d-----w- c:\program files\TeamViewer 2015-10-02 14:40 . 2015-10-02 14:40 17314496 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL 2015-09-25 10:31 . 2015-09-25 10:31 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Opera Software 2015-09-25 10:31 . 2015-09-25 10:31 -------- d-----w- c:\documents and settings\Paul\Application Data\Opera Software 2015-09-25 10:30 . 2015-10-15 17:21 -------- d-----w- c:\program files\Opera . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-10-17 15:27 . 2013-08-28 15:26 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-10-17 15:27 . 2012-01-01 16:00 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-10-12 14:19 . 2014-08-28 10:51 61992 ----a-w- c:\windows\system32\BGLsp.dll 2015-10-12 14:19 . 2014-08-28 10:51 147768 ----a-w- c:\windows\system32\BgGamingMonitor.dll 2015-10-12 14:18 . 2014-02-26 13:46 67088 ----a-w- c:\windows\system32\drivers\BdSpy.sys 2015-10-12 14:18 . 2014-02-26 13:46 422664 ----a-w- c:\windows\system32\drivers\Trufos.sys 2015-10-07 15:58 . 2013-03-12 11:36 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2015-10-07 15:58 . 2011-12-23 13:50 146432 ----a-w- c:\windows\system32\javacpl.cpl 2015-08-19 13:13 . 2014-09-04 10:31 20216 ----a-w- c:\windows\system32\drivers\NSNetmon.sys 2015-08-19 13:13 . 2014-09-04 10:31 822456 ----a-w- c:\windows\system32\drivers\NSKernel.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlayErr] @="{8749448C-D907-45BF-A842-4D3898894AC8}" [HKEY_CLASSES_ROOT\CLSID\{8749448C-D907-45BF-A842-4D3898894AC8}] 2015-10-12 14:19 214056 ----a-w- c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlayInProgress] @="{3FFBF330-7839-476B-BE14-2C8597CE11B6}" [HKEY_CLASSES_ROOT\CLSID\{3FFBF330-7839-476B-BE14-2C8597CE11B6}] 2015-10-12 14:19 214056 ----a-w- c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlaySynced] @="{C62CF4DB-48CB-4B03-BFD0-30A29125FA49}" [HKEY_CLASSES_ROOT\CLSID\{C62CF4DB-48CB-4B03-BFD0-30A29125FA49}] 2015-10-12 14:19 214056 ----a-w- c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-08-19 6490904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" [2015-10-12 2081832] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableVirtualization"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R1 BdAgent;BullGuard Security Agent;c:\windows\system32\drivers\BdAgent.sys [15/05/2014 13:56 100944] R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [26/02/2014 15:46 67088] R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [4/09/2014 12:31 822456] R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [4/09/2014 12:31 20216] R2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe -k BullGuard_Backup [4/08/2004 14:00 14336] R2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [16/09/2014 14:50 542760] R2 BsCache;BullGuard CODS service;c:\windows\System32\SvcHost.exe -k BullGuard_Cache [4/08/2004 14:00 14336] R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe -k BullGuard [4/08/2004 14:00 14336] R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe -k BullGuard [4/08/2004 14:00 14336] R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe -k BullGuard_Proxy [4/08/2004 14:00 14336] R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe -k BullGuard_Main [4/08/2004 14:00 14336] R2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [1/09/2014 9:25 247848] R2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [20/10/2015 8:03 342056] R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [7/10/2015 19:46 106248] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [4/09/2014 12:09 32928] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [4/09/2014 12:09 277152] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [7/10/2015 17:11 110296] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [8/10/2015 14:05 27064] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - POLICYAGENT . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc BullGuard_Main REG_MULTI_SZ BsMain BullGuard REG_MULTI_SZ BsFileScan BsFire BullGuard_Proxy REG_MULTI_SZ BsMailProxy BullGuard_Cache REG_MULTI_SZ BsCache BullGuard_Backup REG_MULTI_SZ BsBackup . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-10-16 06:20 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2015-10-24 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job - c:\windows\system32\Macromed\Flash\FlashUtil32_19_0_0_226_pepper.exe [2015-10-17 15:27] . 2015-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-28 15:27] . 2015-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-09-05 12:08] . 2015-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-09-05 12:08] . 2015-10-24 c:\windows\Tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job - c:\windows\system32\xp_eos.exe [2015-10-09 23:28] . 2015-10-09 c:\windows\Tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job - c:\windows\system32\xp_eos.exe [2015-10-09 23:28] . 2015-10-24 c:\windows\Tasks\Opera scheduled Autoupdate 1443177067.job - c:\program files\Opera\launcher.exe [2015-09-25 07:30] . . ------- Bijkomende Scan ------- . uStart Page = https://www.google.be/ TCP: DhcpNameServer = 195.130.130.132 195.130.131.132 FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\98tjfgal.default\ FF - prefs.js: browser.startup.homepage - hxxp://ereporter.concentra.be FF - ExtSQL: !HIDDEN! 2012-01-19 17:18; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\documents and settings\All Users\Application Data\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\documents and settings\All Users\Application Data\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-10-24 12:00 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(3828) c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll c:\windows\system32\MSVCP120.dll c:\windows\system32\MSVCR120.dll c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\HitmanPro\HitmanPro.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\TeamViewer\TeamViewer_Service.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wscntfy.exe c:\windows\system32\imapi.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Voltooingstijd: 2015-10-24 12:01:57 - machine werd herstart ComboFix-quarantined-files.txt 2015-10-24 10:01 ComboFix2.txt 2013-03-12 10:38 . Pre-Run: 165.838.876.672 bytes beschikbaar Post-Run: 165.952.696.320 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 24CE608E3DEBCB6AF9D91B7FF000F5F7 3051207086651214E435112E51817DC5