ComboFix 16-04-13.01 - vdb 18/04/2016 13:04:03.1.1 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.32.1043.18.1983.971 [GMT 2:00] Gestart vanuit: c:\users\vdb\Downloads\ComboFix.exe . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\vdb\GoToAssistDownloadHelper.exe c:\windows\IsUn0413.exe c:\windows\system32\ccbcdcbecbb_r.dll c:\windows\system32\taskmgr.exe.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2016-03-18 to 2016-04-18 )))))))))))))))))))))))))))))) . . 2016-04-18 10:07 . 2016-04-18 10:12 -------- d-----w- C:\72f0f0f2fe33580e965327 2016-04-18 10:06 . 2016-04-18 10:07 -------- d-----w- C:\1930fc85ed791979c2b6 2016-04-18 09:54 . 2016-04-18 09:54 -------- d-----w- C:\3ef2c2cb10720fb48abefef04b0402 2016-04-18 09:52 . 2016-04-18 09:52 -------- d-----w- C:\57f50a63aa53d7c658dbad9c496ef436 2016-04-17 14:58 . 2016-03-17 01:50 9302992 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0AD0183-BEED-4E51-BA0A-39474F2C9B29}\mpengine.dll 2016-04-16 11:31 . 2016-03-17 01:50 9302992 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2016-04-15 12:56 . 2016-04-16 11:19 -------- d-----w- c:\users\vdb\AppData\Local\Temp(30) 2016-04-15 12:14 . 2016-04-15 12:17 -------- d-----w- C:\FRST 2016-04-15 12:00 . 2016-04-15 12:00 -------- d-----w- c:\users\vdb\AppData\Roaming\ParetoLogic 2016-04-15 12:00 . 2016-04-15 18:11 -------- d-----w- c:\programdata\ParetoLogic 2016-03-21 17:01 . 2016-03-21 17:03 -------- d-----w- c:\users\vdb\{861f2b63-d220-469b-98e1-19b14db570a1} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-04-17 15:45 . 2015-09-05 10:58 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2011-04-14 12:01 . 2016-04-17 14:55 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 986872] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740] "Skynet Connection"="c:\windows\SkyGoOn.exe" [2002-12-04 245760] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-09-04 295512] "VTTimer"="VTTimer.exe" [2004-03-26 49152] "SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe -systray -startup [2007-1-13 124912] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] dot3svc REG_MULTI_SZ dot3svc eapsvcs REG_MULTI_SZ eaphost nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper WudfServiceGroup REG_MULTI_SZ WUDFSvc . Inhoud van de 'Gedeelde Taken' map . 2016-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 12:52] . 2016-04-18 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-13 14:42] . 2016-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-13 13:52] . 2016-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-13 13:52] . 2014-04-03 c:\windows\Tasks\HDReg.job - c:\apps\HDReg\HDRegRem.exe [2005-06-27 09:14] . 2014-04-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2016-01-29 17:44] . 2016-04-18 c:\windows\Tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job - c:\windows\system32\xp_eos.exe [2014-03-18 23:28] . 2015-11-08 c:\windows\Tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job - c:\windows\system32\xp_eos.exe [2014-03-18 23:28] . 2009-02-06 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . 2016-04-18 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . 2016-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3810374152-2727765747-1476870060-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13] . 2016-04-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3810374152-2727765747-1476870060-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.belgacom.net uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx Trusted Zone: internet Trusted Zone: kbc.be Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.1.254 DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\users\vdb\AppData\Roaming\Mozilla\Firefox\Profiles\ou7lojba.default-1410260103702\ FF - prefs.js: browser.startup.homepage - hxxp://be.msn.com/?rd=1&ucc=BE&dcc=BE&opt=0 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-AccessRunner ADSL - c:\program files\USB ADSL\CnxUnist.exe AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe AddRemove-Shockwave - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2016-04-18 13:18 Windows 6.0.6000 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2016-04-18 13:23:15 ComboFix-quarantined-files.txt 2016-04-18 11:22 . Pre-Run: 112.308.592.640 bytes beschikbaar Post-Run: 114.375.741.440 bytes beschikbaar . - - End Of File - - C4E5BFCDE52733A8632DB13ABA3888FF 5C616939100B85E558DA92B899A0FC36