ComboFix 10-06-01.01 - user 01/06/2010  22:48:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1033.18.3002.1547 [GMT 2:00]
Gestart vanuit: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\user\AppData\Local\TempDIR
c:\users\user\AppData\Roaming\8F762A9BF432CDFAFDC1633024362E6B
c:\users\user\AppData\Roaming\8F762A9BF432CDFAFDC1633024362E6B\enemies-names.txt
c:\users\user\AppData\Roaming\8F762A9BF432CDFAFDC1633024362E6B\gotnewupdate000.exe
c:\users\user\AppData\Roaming\8F762A9BF432CDFAFDC1633024362E6B\local.ini
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\system32\iubnpnwc.dll

.
((((((((((((((((((((   Bestanden Gemaakt van 2010-05-01 to 2010-06-01  ))))))))))))))))))))))))))))))
.

2010-06-01 20:59 . 2010-06-01 20:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-06-01 20:07 . 2010-06-01 20:07	--------	d-----w-	c:\users\user\AppData\Roaming\Malwarebytes
2010-06-01 20:06 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-01 20:06 . 2010-06-01 20:06	--------	d-----w-	c:\programdata\Malwarebytes
2010-06-01 20:06 . 2010-06-01 20:07	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-01 20:06 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-06-01 19:47 . 2010-06-01 19:47	388096	----a-r-	c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-01 19:47 . 2010-06-01 19:47	--------	d-----w-	c:\program files\Trend Micro
2010-06-01 19:40 . 2010-06-01 19:40	110080	----a-r-	c:\users\user\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2010-06-01 19:40 . 2010-06-01 19:40	110080	----a-r-	c:\users\user\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2010-06-01 19:40 . 2010-06-01 19:40	--------	dc----w-	C:\sh4ldr
2010-06-01 19:40 . 2010-06-01 19:40	--------	d-----w-	c:\program files\Enigma Software Group
2010-06-01 19:40 . 2010-06-01 19:40	--------	d-----w-	c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-01 19:30 . 2010-06-01 19:30	50981	----a-w-	c:\windows\system32\uwozkgiowqauvy.exe
2010-06-01 19:30 . 2010-06-01 19:30	--------	d-----w-	c:\program files\$NtUninstallWTF1012$
2010-05-27 11:57 . 2010-05-27 11:57	169472	----a-w-	c:\windows\system32\albboefjhlyptfdev.dll
2010-05-26 21:02 . 2010-04-23 14:13	2048	----a-w-	c:\windows\system32\tzres.dll
2010-05-25 05:38 . 2010-05-25 05:38	309248	----a-w-	c:\windows\system32\baqknhne.dll
2010-05-24 16:31 . 2010-05-24 16:31	40633	----a-w-	c:\windows\system32\adtuvpqi.exe
2010-05-12 07:37 . 2010-01-29 15:40	738816	----a-w-	c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 20:51 . 2009-09-01 08:18	--------	d-----w-	c:\users\user\AppData\Roaming\Skype
2010-06-01 19:40 . 2010-04-07 09:12	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-06-01 14:07 . 2009-09-01 08:20	--------	d-----w-	c:\users\user\AppData\Roaming\skypePM
2010-05-13 07:21 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-05-13 07:20 . 2009-04-22 14:57	--------	d-----w-	c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-04 14:32	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-04-19 13:43 . 2010-03-15 10:23	--------	d-----w-	c:\program files\PokerStars
2010-04-11 19:51 . 2010-04-11 17:48	--------	d-----w-	c:\program files\CDex
2010-04-07 10:31 . 2009-06-19 12:21	111448	----a-w-	c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-07 09:15 . 2010-04-07 09:14	--------	d-----w-	c:\program files\TI Education
2010-04-07 09:14 . 2010-04-07 09:14	--------	d-----w-	c:\program files\Common Files\TI Shared
2010-03-29 15:13 . 2010-03-29 15:13	129512	---ha-w-	c:\windows\system32\mlfcache.dat
2010-03-29 14:09 . 2010-03-29 14:09	72488	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-29 14:07 . 2010-03-29 14:07	79144	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-15 19:48 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-03-11 12:30 . 2010-03-15 19:40	10496	----a-w-	c:\windows\system32\drivers\easytthr.sys
2010-03-05 14:01 . 2010-04-14 21:21	420352	----a-w-	c:\windows\system32\vbscript.dll
2009-04-22 14:18 . 2009-04-22 14:09	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-14 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"MChk"="c:\windows\system32\adtuvpqi.exe" [2010-05-24 40633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4c,7a,0d,e1,78,7f,ca,01

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-23 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-08-23 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-03-11 10496]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]


--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3183379999-3556506710-3557409203-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-14 18:55]

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3183379999-3556506710-3557409203-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-14 18:55]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\336ivs0o.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\user\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\user\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-skb - iubnpnwc.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 23:00
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2010-06-01  23:07:12
ComboFix-quarantined-files.txt  2010-06-01 21:07

Pre-Run: 167.770.972.160 bytes free
Post-Run: 168.619.421.696 bytes free

- - End Of File - - C44364E9A3C6C6E15F8DA9E4B23F9EA7