ComboFix 10-09-16.06 - Lydia 17/09/2010  16:07:23.1.3 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1043.18.2813.1789 [GMT 2:00]
Gestart vanuit: c:\users\Lydia\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Lydia\installer_windows_movie_maker_beta_Nederlands_Dutch.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((   Bestanden Gemaakt van 2010-08-17 to 2010-09-17  ))))))))))))))))))))))))))))))
.

2010-09-15 05:22 . 2010-04-16 16:46	502272	----a-w-	c:\windows\system32\usp10.dll
2010-09-15 05:22 . 2010-08-17 14:11	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-15 05:22 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-15 05:22 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-12 16:05 . 2010-09-12 16:05	--------	d-----w-	c:\users\Lydia\AppData\Roaming\Malwarebytes
2010-09-12 16:04 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 16:04 . 2010-09-12 16:05	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-12 16:04 . 2010-09-12 16:04	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-12 16:04 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-10 15:27 . 2010-09-10 15:27	--------	d-----w-	c:\program files\Hijack

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 14:33 . 2009-05-31 12:38	12	----a-w-	c:\windows\bthservsdp.dat
2010-09-17 06:17 . 2009-04-13 14:05	--------	d-----w-	c:\programdata\Google Updater
2010-09-16 17:17 . 2008-01-21 06:47	679906	----a-w-	c:\windows\system32\perfh013.dat
2010-09-16 17:17 . 2008-01-21 06:47	131026	----a-w-	c:\windows\system32\perfc013.dat
2010-09-15 07:51 . 2008-07-07 11:08	--------	d-----w-	c:\programdata\Microsoft Help
2010-09-15 07:45 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-05 22:57 . 2008-07-07 10:22	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-08-28 19:21 . 2008-09-19 23:53	--------	d-----w-	c:\program files\Microsoft.NET
2010-08-22 21:01 . 2010-01-10 00:11	20	---h--w-	c:\programdata\PKP_DLdu.DAT
2010-08-12 14:40 . 2008-07-07 11:02	--------	d-----w-	c:\program files\Microsoft Works
2010-08-08 20:00 . 2008-09-06 09:21	--------	d-----w-	c:\program files\Common Files\Java
2010-08-08 19:59 . 2008-09-06 09:21	--------	d-----w-	c:\program files\Java
2010-07-31 21:46 . 2010-07-31 21:46	--------	d-----w-	c:\program files\PC Connectivity Solution
2010-07-31 21:41 . 2010-06-22 21:07	--------	d-----w-	c:\program files\Nokia
2010-07-31 21:36 . 2010-07-31 21:36	--------	d-----w-	c:\programdata\Nokia
2010-07-20 19:01 . 2009-09-17 21:16	--------	d-----w-	c:\users\Lydia\AppData\Roaming\HpUpdate
2010-07-19 21:26 . 2008-08-28 20:38	--------	d-----w-	c:\users\Lydia\AppData\Roaming\Image Zone Express
2010-07-19 15:25 . 2008-08-28 20:13	140288	----a-w-	c:\windows\hpoins18.dat
2010-07-19 15:24 . 2010-07-19 15:21	--------	d-----w-	c:\program files\Common Files\HP
2010-07-19 15:24 . 2008-08-28 20:16	--------	d-----w-	c:\program files\HP
2010-07-19 15:23 . 2008-08-28 20:12	--------	d-----w-	c:\programdata\HP
2010-07-19 15:22 . 2010-07-19 15:22	--------	d-----w-	c:\program files\Hewlett-Packard
2010-07-17 03:00 . 2010-05-12 08:15	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-06-26 06:05 . 2010-08-12 14:29	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 14:29	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 14:29	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 14:29	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-23 22:19 . 2008-08-28 05:42	1356	----a-w-	c:\users\Lydia\AppData\Local\d3d9caps.dat
2010-06-21 13:37 . 2010-08-12 14:28	2037760	----a-w-	c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-13 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2007-04-11 26704]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-29 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-12-16 15:44	479232	----a-w-	c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50	413696	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-13 14:05	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9bc40f35b6789;Google Updateservice (gupdate1c9bc40f35b6789);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 133104]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2006-03-24 33536]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-06-23 208896]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
bthsvcs	REG_MULTI_SZ   	BthServ
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map

2010-09-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-06 14:05]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 14:05]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 14:05]

2010-09-17 c:\windows\Tasks\User_Feed_Synchronization-{92CD75E1-6F37-49B1-AA28-C4A6A052DA3B}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyServer = pac.telenet.be:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************
scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(2196)
c:\program files\Common Files\muvee Technologies\030625\QuickTimeSource.dll
c:\windows\system32\btncopy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\lotus\notes\ntmulti.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Voltooingstijd: 2010-09-17  16:44:22 - machine werd herstart
ComboFix-quarantined-files.txt  2010-09-17 14:43

Pre-Run: 348.720.852.992 bytes beschikbaar
Post-Run: 354.638.368.768 bytes beschikbaar

- - End Of File - - 3DEC5E24F1F0CE542FCCE6FA0ABC754F