ComboFix 15-04-09.01 - sabine 11/04/2015  21:09:10.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1043.18.3327.1743 [GMT 2:00]
Gestart vanuit: c:\users\sabine.PC_van_Sabine\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\programdata\ntuser.pol
c:\users\Public\sdelev.tmp
c:\users\Public\sdelevURL.tmp
c:\users\sabine.PC_van_Sabine\AppData\Roaming\inst.exe
c:\users\Sabine\AppData\Roaming\inst.exe
c:\windows\msdownld.tmp
c:\windows\system32\00004ea7.TMP
D:\install.exe
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2015-03-11 to 2015-04-11  ))))))))))))))))))))))))))))))
.
.
2015-04-11 19:18 . 2015-04-11 19:18	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-04-11 18:52 . 2015-04-11 18:52	--------	d-----w-	c:\users\sabine.PC_van_Sabine\AppData\Local\AVG Web TuneUp
2015-04-09 14:49 . 2015-04-09 14:49	--------	d-----w-	c:\program files\trend micro
2015-04-09 14:49 . 2015-04-09 14:50	--------	d-----w-	C:\rsit
2015-04-09 13:25 . 2015-04-09 13:28	--------	d-----w-	c:\users\Thibault\AppData\Local\AVG Web TuneUp
2015-04-09 13:25 . 2015-04-09 13:25	--------	d-----w-	c:\programdata\AVG Security Toolbar
2015-04-09 13:23 . 2015-04-09 13:23	--------	d-----w-	c:\programdata\AVG Secure Search
2015-04-09 13:22 . 2015-04-09 13:23	--------	d-----w-	c:\program files\Common Files\AVG Secure Search
2015-04-09 13:22 . 2015-04-09 13:25	--------	d-----w-	c:\programdata\AVG Web TuneUp
2015-04-09 13:21 . 2015-04-09 13:22	--------	d-----w-	c:\program files\AVG Web TuneUp
2015-04-09 13:19 . 2015-04-09 13:19	--------	d-----w-	c:\users\Thibault\AppData\Roaming\AVG2015
2015-04-09 13:19 . 2015-04-09 13:19	--------	d-----w-	c:\users\Thibault\AppData\Local\Avg2015
2015-04-08 23:48 . 2015-04-08 23:48	--------	d-----w-	c:\programdata\Emsisoft
2015-04-08 21:09 . 2015-04-09 12:34	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2015-04-08 20:48 . 2015-03-23 00:32	9119072	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD5A5EC5-89EB-41CA-AC20-3462DA7E6987}\mpengine.dll
2015-04-06 21:41 . 2015-04-06 21:41	--------	d-----w-	c:\users\sabine.PC_van_Sabine\AppData\Roaming\AVG2015
2015-04-06 21:36 . 2015-04-09 13:02	--------	d-----w-	c:\programdata\AVG2015
2015-04-06 21:25 . 2015-04-11 18:54	--------	d-----w-	c:\programdata\MFAData
2015-04-06 21:25 . 2015-04-06 21:43	--------	d-----w-	c:\users\sabine.PC_van_Sabine\AppData\Local\Avg2015
2015-04-06 21:25 . 2015-04-06 21:25	--------	d-----w-	c:\users\sabine.PC_van_Sabine\AppData\Local\MFAData
2015-03-25 09:23 . 2015-03-25 09:23	224736	----a-w-	c:\windows\system32\drivers\avgidsdriverx.sys
2015-03-24 21:42 . 2015-03-24 22:16	--------	d-----w-	c:\programdata\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-09 13:19 . 2014-05-17 22:24	114904	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-06 04:01 . 2015-03-10 18:48	279040	----a-w-	c:\windows\system32\schannel.dll
2015-02-26 02:01 . 2015-03-10 18:48	3604408	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-02-26 02:01 . 2015-03-10 18:48	3552184	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-02-26 00:18 . 2015-03-10 19:01	2064384	----a-w-	c:\windows\system32\win32k.sys
2015-02-25 15:28 . 2015-02-25 15:28	210912	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2015-02-24 02:23 . 2009-10-03 21:26	246920	------w-	c:\windows\system32\MpSigStub.exe
2015-02-21 17:34 . 2015-03-10 18:23	367104	----a-w-	c:\windows\system32\html.iec
2015-02-21 17:28 . 2015-03-10 18:23	1810944	----a-w-	c:\windows\system32\jscript9.dll
2015-02-21 17:21 . 2015-03-10 18:23	1129472	----a-w-	c:\windows\system32\wininet.dll
2015-02-21 17:21 . 2015-03-10 18:23	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2015-02-21 17:19 . 2015-03-10 18:23	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2015-02-21 17:19 . 2015-03-10 18:23	421376	----a-w-	c:\windows\system32\vbscript.dll
2015-02-21 17:18 . 2015-03-10 18:23	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2015-02-21 17:18 . 2015-03-10 18:23	11776	----a-w-	c:\windows\system32\mshta.exe
2015-02-20 02:03 . 2015-03-10 18:50	34304	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 00:28 . 2015-03-10 18:50	296960	----a-w-	c:\windows\system32\atmfd.dll
2015-02-17 15:04 . 2015-02-17 15:04	1202848	----a-w-	c:\windows\system32\FM20.DLL
2015-02-05 17:28 . 2012-09-21 12:23	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-02-05 17:28 . 2011-06-17 08:07	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 08:28 . 2015-02-05 08:28	107488	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2015-02-03 08:47 . 2015-02-03 08:47	265184	----a-w-	c:\windows\system32\drivers\avglogx.sys
2015-01-30 14:12 . 2014-10-18 12:48	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-01-29 01:35 . 2015-03-10 19:03	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2015-01-29 01:35 . 2015-03-10 19:02	975360	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-01-21 02:02 . 2015-03-10 18:48	807936	----a-w-	c:\windows\system32\msctf.dll
2015-01-15 04:13 . 2015-02-11 21:45	440760	----a-w-	c:\windows\system32\drivers\ksecdd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2015-04-09 13:19	2424856	----a-w-	c:\program files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-27 6281760]
"EnergySettings"="c:\program files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe" [2008-09-19 113664]
"KeyConfiguration"="c:\program files\Fujitsu Siemens Computers\Key Configuration Tool\KeyConfigurationTool.exe" [2008-09-04 413184]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Skytel"="Skytel.exe" [2008-08-27 1833504]
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 106496]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-03-25 3723728]
"vProt"="c:\program files\AVG Web TuneUp\vprot.exe" [2015-04-09 3033112]
.
c:\users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
OneNote-inhoudsopgave.onetoc2 [2009-9-15 3656]
.
c:\users\Thibault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
OneNote-inhoudsopgave.onetoc2 [2012-1-16 3656]
.
c:\users\sabine.PC_van_Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote-inhoudsopgave.onetoc2 [2013-4-7 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-09 13:31	1061704	----a-w-	c:\program files\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2015-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 17:28]
.
2015-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-17 22:15]
.
2015-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-17 22:15]
.
2015-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-936437964-1681804940-741599920-1000Core.job
- c:\users\Sabine\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-17 08:19]
.
2015-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-936437964-1681804940-741599920-1000UA.job
- c:\users\Sabine\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-17 08:19]
.
.
------- Bijkomende Scan -------
.
uStart Page = https://www.google.com/?trackid=sp-006
mStart Page = https://www.google.com/?trackid=sp-006
mSearch Bar = https://www.google.com/?trackid=sp-006
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
Trusted Zone: zkj.be\mail.stvincentius
Trusted Zone: zkj.be\xpsonweb.stvincentius
TCP: DhcpNameServer = 195.130.130.5 195.130.131.5
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-Smartschool Me! - c:\program files\Smartbit bvba\Smartschool Me!\Smartschool Me!.exe\Smartschool Me!.exe
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-11 21:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Voltooingstijd: 2015-04-11  21:20:56
ComboFix-quarantined-files.txt  2015-04-11 19:20
.
Pre-Run: 5.566.865.408 bytes beschikbaar
Post-Run: 10.394.042.368 bytes beschikbaar
.
- - End Of File - - 281309869D9C187FE393ECEC484B96EB
5C616939100B85E558DA92B899A0FC36