ComboFix 16-04-13.01 - vdb 18/04/2016  13:04:03.1.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.32.1043.18.1983.971 [GMT 2:00]
Gestart vanuit: c:\users\vdb\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\vdb\GoToAssistDownloadHelper.exe
c:\windows\IsUn0413.exe
c:\windows\system32\ccbcdcbecbb_r.dll
c:\windows\system32\taskmgr.exe.tmp
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2016-03-18 to 2016-04-18  ))))))))))))))))))))))))))))))
.
.
2016-04-18 10:07 . 2016-04-18 10:12	--------	d-----w-	C:\72f0f0f2fe33580e965327
2016-04-18 10:06 . 2016-04-18 10:07	--------	d-----w-	C:\1930fc85ed791979c2b6
2016-04-18 09:54 . 2016-04-18 09:54	--------	d-----w-	C:\3ef2c2cb10720fb48abefef04b0402
2016-04-18 09:52 . 2016-04-18 09:52	--------	d-----w-	C:\57f50a63aa53d7c658dbad9c496ef436
2016-04-17 14:58 . 2016-03-17 01:50	9302992	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0AD0183-BEED-4E51-BA0A-39474F2C9B29}\mpengine.dll
2016-04-16 11:31 . 2016-03-17 01:50	9302992	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-04-15 12:56 . 2016-04-16 11:19	--------	d-----w-	c:\users\vdb\AppData\Local\Temp(30)
2016-04-15 12:14 . 2016-04-15 12:17	--------	d-----w-	C:\FRST
2016-04-15 12:00 . 2016-04-15 12:00	--------	d-----w-	c:\users\vdb\AppData\Roaming\ParetoLogic
2016-04-15 12:00 . 2016-04-15 18:11	--------	d-----w-	c:\programdata\ParetoLogic
2016-03-21 17:01 . 2016-03-21 17:03	--------	d-----w-	c:\users\vdb\{861f2b63-d220-469b-98e1-19b14db570a1}
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-17 15:45 . 2015-09-05 10:58	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2011-04-14 12:01 . 2016-04-17 14:55	24376	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 986872]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740]
"Skynet Connection"="c:\windows\SkyGoOn.exe" [2002-12-04 245760]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-09-04 295512]
"VTTimer"="VTTimer.exe" [2004-03-26 49152]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe -systray -startup [2007-1-13 124912]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
dot3svc	REG_MULTI_SZ   	dot3svc
eapsvcs	REG_MULTI_SZ   	eaphost
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
WudfServiceGroup	REG_MULTI_SZ   	WUDFSvc
.
Inhoud van de 'Gedeelde Taken' map
.
2016-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 12:52]
.
2016-04-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-13 14:42]
.
2016-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-13 13:52]
.
2016-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-13 13:52]
.
2014-04-03 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2005-06-27 09:14]
.
2014-04-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2016-01-29 17:44]
.
2016-04-18 c:\windows\Tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job
- c:\windows\system32\xp_eos.exe [2014-03-18 23:28]
.
2015-11-08 c:\windows\Tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job
- c:\windows\system32\xp_eos.exe [2014-03-18 23:28]
.
2009-02-06 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2016-04-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2016-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3810374152-2727765747-1476870060-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
2016-04-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3810374152-2727765747-1476870060-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
.
------- Bijkomende Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.belgacom.net
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
Trusted Zone: internet
Trusted Zone: kbc.be
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\users\vdb\AppData\Roaming\Mozilla\Firefox\Profiles\ou7lojba.default-1410260103702\
FF - prefs.js: browser.startup.homepage - hxxp://be.msn.com/?rd=1&ucc=BE&dcc=BE&opt=0
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-AccessRunner ADSL - c:\program files\USB ADSL\CnxUnist.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe
AddRemove-Shockwave - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-04-18 13:18
Windows 6.0.6000  NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2016-04-18  13:23:15
ComboFix-quarantined-files.txt  2016-04-18 11:22
.
Pre-Run: 112.308.592.640 bytes beschikbaar
Post-Run: 114.375.741.440 bytes beschikbaar
.
- - End Of File - - C4E5BFCDE52733A8632DB13ABA3888FF
5C616939100B85E558DA92B899A0FC36