ComboFix 10-11-03.01 - Johan 04/11/2010   7:23.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1043.18.2046.1156 [GMT 1:00]
Gestart vanuit: c:\users\Johan\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Johan\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\9EFA732347A048E28F7735DB5EED500A.TMP"
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Application Updater
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Application Updater\config.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Application Updater


((((((((((((((((((((   Bestanden Gemaakt van 2010-10-04 to 2010-11-04  ))))))))))))))))))))))))))))))
.

2010-11-04 06:28 . 2010-11-04 06:32	--------	d-----w-	c:\users\Johan\AppData\Local\temp
2010-11-01 20:02 . 2010-11-01 20:02	388096	----a-r-	c:\users\Johan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-01 20:02 . 2010-11-01 20:02	--------	d-----w-	c:\program files\Trend Micro
2010-10-31 12:32 . 2010-10-31 12:33	--------	d-----w-	c:\users\Johan\AppData\Local\Zattoo
2010-10-31 12:32 . 2010-10-31 12:34	--------	d-----w-	c:\program files\Zattoo
2010-10-31 10:41 . 2008-12-17 18:16	481792	----a-w-	c:\windows\system32\SQLite3.dll
2010-10-31 10:41 . 2010-11-02 22:51	--------	d-----w-	c:\users\Johan\AppData\Roaming\Radio Online
2010-10-31 10:41 . 2010-10-31 10:41	--------	d-----w-	c:\program files\Nend Software
2010-10-27 17:33 . 2010-08-26 16:34	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-10-27 17:33 . 2010-08-26 16:33	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-10-27 17:33 . 2010-08-26 14:23	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 17:12 . 2010-10-26 17:12	--------	d-----w-	c:\program files\Enigma Software Group
2010-10-26 17:11 . 2010-10-28 12:37	--------	d-----w-	c:\windows\9EFA732347A048E28F7735DB5EED500A.TMP
2010-10-26 17:11 . 2010-10-26 17:11	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-10-25 19:20 . 2010-10-25 19:20	--------	d-----w-	C:\71b3d8006ab3525dca74
2010-10-23 17:59 . 2010-09-22 22:21	39272	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2010-10-23 17:43 . 2010-10-23 17:43	469256	----a-w-	c:\program files\Common Files\Windows Live\.cache\dc8496b11cb72d91f\InstallManager_WLE_WLE.exe
2010-10-23 17:42 . 2010-10-23 17:42	94040	----a-w-	c:\program files\Common Files\Windows Live\.cache\a40d7ae11cb72d91a\DSETUP.dll
2010-10-23 17:42 . 2010-10-23 17:42	525656	----a-w-	c:\program files\Common Files\Windows Live\.cache\a40d7ae11cb72d91a\DXSETUP.exe
2010-10-23 17:42 . 2010-10-23 17:42	1691480	----a-w-	c:\program files\Common Files\Windows Live\.cache\a40d7ae11cb72d91a\dsetup32.dll
2010-10-23 17:42 . 2010-10-23 17:42	94040	----a-w-	c:\program files\Common Files\Windows Live\.cache\9a61bdd11cb72d917\DSETUP.dll
2010-10-23 17:42 . 2010-10-23 17:42	525656	----a-w-	c:\program files\Common Files\Windows Live\.cache\9a61bdd11cb72d917\DXSETUP.exe
2010-10-23 17:42 . 2010-10-23 17:42	1691480	----a-w-	c:\program files\Common Files\Windows Live\.cache\9a61bdd11cb72d917\dsetup32.dll
2010-10-23 17:40 . 2010-10-26 18:26	--------	d-----w-	c:\users\Johan\AppData\Local\Windows Live
2010-10-23 17:34 . 2009-08-04 08:02	754688	----a-w-	c:\windows\system32\webservices.dll
2010-10-15 12:42 . 2010-10-15 12:42	--------	d-----w-	c:\windows\system32\wbem\MOF\good
2010-10-15 12:42 . 2010-10-15 12:42	--------	d-----w-	c:\windows\system32\wbem\MOF\bad
2010-10-08 21:47 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-08 21:47 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-07 21:41 . 2010-10-07 21:41	--------	d-----w-	c:\programdata\Micro Application
2010-10-07 21:39 . 2010-10-07 21:39	--------	d-----w-	c:\users\Johan\AppData\Local\Micro_Application
2010-10-07 21:38 . 2010-10-07 21:41	--------	d-----w-	c:\users\Johan\AppData\Local\Micro Application
2010-10-07 21:23 . 2010-10-07 21:23	--------	d-----w-	c:\program files\Easy Computing
2010-10-07 19:04 . 2010-10-08 21:39	--------	d-----w-	c:\users\Johan\AppData\Local\Deployment
2010-10-06 09:07 . 2010-10-06 09:07	--------	d-----w-	C:\Eigen visitekaarten
2010-10-05 21:06 . 2004-03-08 22:00	152848	----a-w-	c:\windows\system32\comdlg32.OCX
2010-10-05 21:06 . 2004-03-08 22:00	124688	----a-w-	c:\windows\system32\mswinsck.ocx
2010-10-05 07:27 . 2010-10-05 08:37	--------	d-----w-	c:\users\Johan\AppData\Roaming\LimeWire

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-14 19:15 . 2009-02-08 16:30	2516	--sha-w-	c:\programdata\KGyGaAvL.sys
2010-09-22 22:47 . 2010-09-22 22:47	49016	----a-w-	c:\windows\system32\sirenacm.dll
2010-08-26 16:33 . 2010-10-27 17:33	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 17:33	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 17:33	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 17:33	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 17:00	128000	----a-w-	c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 09:31	2475336	----a-w-	c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13576736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-6-6 385024]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-14 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 18:42	54672	----a-w-	c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-02-13 05:52	4915200	----a-w-	c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15	1826816	----a-w-	c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31	85160	----a-w-	c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-16 717296]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-17 216400]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-17 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhoud van de 'Gedeelde Taken' map

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 09:57]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 09:57]

2010-11-04 c:\windows\Tasks\User_Feed_Synchronization-{2DC7134E-05EB-413C-AF51-30E2611CB6C5}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hln.be/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************
scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 

**************************************************************************
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\Mystify.scr
.
**************************************************************************
.
Voltooingstijd: 2010-11-04  07:37:06 - machine werd herstart
ComboFix-quarantined-files.txt  2010-11-04 06:36
ComboFix2.txt  2010-11-03 22:06

Pre-Run: 189.427.281.920 bytes beschikbaar
Post-Run: 189.205.659.648 bytes beschikbaar

- - End Of File - - B11EC6808E879A241A2F2F9FEC954FBA