ComboFix 10-07-27.02 - Loet 04-08-2010  13:50:54.1.2 - x86
Microsoft Windows Vista Home Premium   6.0.6002.2.1252.31.1043.18.2046.1162 [GMT 2:00]
Gestart vanuit: c:\users\Loet\Desktop\ComboFix.exe
SP: Spyware Doctor *disabled* (Outdated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- VERMINDERDE FUNCTIONALITEIT MODUS -
.

((((((((((((((((((((   Bestanden Gemaakt van 2010-07-04 to 2010-08-04  ))))))))))))))))))))))))))))))
.

2010-08-04 11:52 . 2010-08-04 11:52	--------	d-----w-	c:\users\tineke\AppData\Local\temp
2010-08-04 11:52 . 2010-08-04 11:52	--------	d-----w-	c:\users\karin\AppData\Local\temp
2010-08-04 11:52 . 2010-08-04 11:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-07-26 09:57 . 2010-07-26 09:57	--------	d-----w-	c:\users\karin\AppData\Local\Adobe
2010-07-22 09:31 . 2010-07-22 09:31	--------	d-----w-	C:\rsit
2010-07-18 15:37 . 2010-07-18 15:37	--------	d-----w-	c:\users\Loet\AppData\Local\Apple
2010-07-11 13:39 . 2010-07-11 13:39	--------	d-----w-	c:\users\tineke\AppData\Local\Apple
2010-07-08 11:47 . 2010-07-08 11:47	--------	d-----w-	c:\users\Loet\AppData\Local\Adobe
2010-07-06 14:58 . 2010-07-06 14:58	--------	d-----w-	c:\users\karin\AppData\Roaming\AVG9
2010-07-05 18:16 . 2010-07-05 18:16	--------	d-----w-	c:\users\Loet\AppData\Roaming\Malwarebytes
2010-07-05 18:15 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 18:15 . 2010-07-05 18:15	--------	d-----w-	c:\programdata\Malwarebytes
2010-07-05 18:15 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-05 18:15 . 2010-07-05 18:16	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 11:44 . 2010-07-01 16:39	--------	d-----w-	c:\programdata\avg9
2010-08-04 11:37 . 2008-09-08 19:56	--------	d-----w-	c:\programdata\Google Updater
2010-08-04 11:35 . 2009-12-09 10:37	88240	----a-w-	c:\programdata\nvModes.dat
2010-08-02 11:20 . 2010-08-02 11:20	4368224	----a-w-	c:\programdata\avg9\update\backup\avgcorex.dll
2010-08-02 11:20 . 2010-08-02 11:20	1615200	----a-w-	c:\programdata\avg9\update\backup\avgssie.dll
2010-08-02 11:20 . 2010-08-02 11:20	1107296	----a-w-	c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-29 07:19 . 2006-11-02 16:11	667114	----a-w-	c:\windows\system32\perfh013.dat
2010-07-29 07:19 . 2006-11-02 16:11	126648	----a-w-	c:\windows\system32\perfc013.dat
2010-07-27 22:01 . 2008-06-30 18:28	--------	d-----w-	c:\users\Loet\AppData\Roaming\Apple Computer
2010-07-22 19:01 . 2008-07-13 21:54	--------	d-----w-	c:\program files\Google
2010-07-22 09:31 . 2010-07-04 09:50	--------	d-----w-	c:\program files\Trend Micro
2010-07-22 09:20 . 2008-06-29 12:57	--------	d-----w-	c:\program files\Hitman Pro
2010-07-22 09:14 . 2008-06-29 14:46	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-07-22 07:39 . 2008-06-29 14:45	--------	d-----w-	c:\program files\SpywareBlaster
2010-07-08 11:35 . 2008-09-26 19:13	--------	d-----w-	c:\users\Loet\AppData\Roaming\Vso
2010-07-04 09:50 . 2010-07-04 09:50	388096	----a-r-	c:\users\Loet\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-03 18:13 . 2010-07-03 18:13	--------	d-----w-	c:\users\tineke\AppData\Roaming\AVG9
2010-07-03 16:47 . 2010-07-03 16:47	--------	d-----w-	c:\users\Loet\AppData\Roaming\AVG9
2010-07-01 16:12 . 2008-06-29 16:05	--------	d-----w-	c:\program files\Realtek
2010-07-01 16:12 . 2008-06-29 16:05	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-01 09:18 . 2010-07-01 09:17	--------	d--h--w-	c:\program files\Temp
2010-07-01 09:18 . 2010-07-01 09:18	319456	----a-w-	c:\windows\DIFxAPI.dll
2010-07-01 08:07 . 2010-07-01 08:07	--------	d-----w-	c:\program files\iTunes
2010-07-01 08:07 . 2010-07-01 08:07	--------	d-----w-	c:\program files\iPod
2010-07-01 08:07 . 2008-12-21 19:41	--------	d-----w-	c:\programdata\Apple Computer
2010-07-01 08:07 . 2008-06-30 18:26	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-01 08:06 . 2009-05-31 15:59	--------	d-----w-	c:\program files\QuickTime
2010-07-01 08:01 . 2010-07-01 08:01	--------	d-----w-	c:\program files\Bonjour
2010-07-01 07:56 . 2010-07-01 07:56	72504	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-30 17:39 . 2010-04-20 11:54	--------	d-----w-	c:\program files\TomTom HOME 2
2010-06-30 17:34 . 2008-07-17 18:36	--------	d-----w-	c:\users\Loet\AppData\Roaming\IrfanView
2010-06-30 17:33 . 2010-03-11 17:10	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-06-30 11:12 . 2010-06-30 11:09	--------	d-----w-	c:\program files\Microsoft Security Essentials
2010-06-29 18:39 . 2010-06-28 11:52	--------	d-----w-	c:\program files\iPod(115)
2010-06-29 18:39 . 2010-06-28 11:47	--------	d-----w-	c:\program files\Bonjour(23)
2010-06-29 18:15 . 2010-06-29 18:15	--------	d-----w-	c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-06-28 11:52 . 2010-06-28 11:52	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-28 11:52 . 2010-06-28 11:52	--------	d-----w-	c:\program files\iTunes(116)
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	197920	----a-w-	c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-08 68856]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Loet\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-22 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SoundMan"="SOUNDMAN.EXE" [2006-05-04 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f4,12,df,6f,c9,0e,ca,01

R2 gupdate1c9daf56f322610;Google Updateservice (gupdate1c9daf56f322610);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 133104]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-05 356920]
R3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-01-08 4136960]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S4 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [x]


--- Andere Services/Drivers In Geheugen ---

*Deregistered* - AvgLdx86

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0084a716-4bc2-11df-954b-0015588ba6ee}]
\shell\AutoRun\command - I:\InstallTomTomHOME.exe
.
Inhoud van de 'Gedeelde Taken' map

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 15:53]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 15:53]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839889018-2924812836-2156126128-1000Core.job
- c:\users\Loet\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-22 15:53]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839889018-2924812836-2156126128-1000UA.job
- c:\users\Loet\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-22 15:53]

2010-08-03 c:\windows\Tasks\User_Feed_Synchronization-{2083E536-0F16-4A8C-807B-F95E2A396555}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

2010-08-03 c:\windows\Tasks\User_Feed_Synchronization-{44AD6497-E86E-4FEE-9923-9751DE1BC652}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

2010-08-04 c:\windows\Tasks\User_Feed_Synchronization-{C41E66D5-43C4-426E-A03D-8880F1C4B312}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.ziggo.nl/
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS VERWIJDERD - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 13:54
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84E29EC5]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x87fa1d24
\Driver\ACPI -> acpi.sys @ 0x8069fd68
\Driver\atapi -> ataport.SYS @ 0x807b5a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK 

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2010-08-04  14:00:35
ComboFix-quarantined-files.txt  2010-08-04 12:00

Pre-Run: 212.358.332.416 bytes beschikbaar
Post-Run: 213.194.575.872 bytes beschikbaar

- - End Of File - - C8C24D2D0670DECECCD03CF048239B9D
