ComboFix 12-09-20.02 - Eigenaar 20-09-2012  19:42:48.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.31.1043.18.3006.1937 [GMT 2:00]
Gestart vanuit: c:\users\Eigenaar\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Eigenaar\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Nieuw herstelpunt werd aangemaakt
.
FILE ::
"c:\program files\GUMB55.tmp"
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxAPI.dll
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxInstallLog.txt
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspi.dll
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspiWDM.inf
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\gearaspiwdmx86.cat
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86\GEARAspiWDM.sys
c:\users\Eigenaar\AppData\Local\AskToolbar
c:\users\Eigenaar\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll
c:\users\Eigenaar\AppData\Local\AskToolbar\Downloaded Program Files\avr-3.inf
c:\users\Eigenaar\AppData\Local\Temp\ppcrlui_5056_2
c:\users\Eigenaar\AppData\Roaming\BrowserCompanion
c:\users\Eigenaar\AppData\Roaming\BrowserCompanion\tcbhn.exe
c:\users\Eigenaar\AppData\Roaming\BrowserCompanion\valuese.xml
.
Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd  
Hersteld exemplaar van - c:\windows\erdnt\cache\userinit.exe 
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-08-20 to 2012-09-20  ))))))))))))))))))))))))))))))
.
.
2012-09-20 17:48 . 2012-09-20 17:50	--------	d-----w-	c:\users\Eigenaar\AppData\Local\temp
2012-09-20 17:48 . 2012-09-20 17:48	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-09-20 17:48 . 2012-09-20 17:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-19 20:38 . 2012-09-19 20:38	--------	d-----w-	c:\program files\CCleaner
2012-09-19 20:38 . 2012-09-19 20:38	--------	d-----w-	c:\program files\GUMB55.tmp
2012-09-19 20:38 . 2012-09-19 20:38	--------	d-----w-	c:\program files\Google
2012-09-19 19:07 . 2012-09-19 19:07	--------	d-----w-	c:\users\Eigenaar\AppData\Roaming\Malwarebytes
2012-09-19 19:07 . 2012-09-19 19:07	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-19 19:07 . 2012-09-19 19:07	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-19 19:07 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-19 19:05 . 2012-09-19 19:05	--------	d-----w-	c:\users\Eigenaar\AppData\Roaming\Avira
2012-09-19 18:58 . 2012-09-07 18:26	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-09-19 18:58 . 2012-09-07 18:26	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-09-19 18:58 . 2012-09-07 18:26	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-09-19 18:58 . 2012-09-19 18:59	--------	d-----w-	c:\programdata\Avira
2012-09-19 18:58 . 2012-09-19 18:58	--------	d-----w-	c:\program files\Avira
2012-09-18 17:31 . 2012-08-23 07:15	7022536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1DE14A1-1ED1-49DF-B6DC-EBF9FC44C5DB}\mpengine.dll
2012-09-16 12:28 . 2012-08-21 11:01	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-16 12:26 . 2012-09-16 12:26	--------	d-----w-	c:\program files\iPod
2012-09-16 12:26 . 2012-09-16 12:28	--------	d-----w-	c:\program files\iTunes
2012-09-15 06:28 . 2012-09-15 06:28	--------	d-----w-	c:\program files\Common Files\Skype
2012-09-15 06:28 . 2012-09-15 06:28	--------	d-----r-	c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 11:01 . 2011-04-07 19:55	106928	----a-w-	c:\windows\system32\GEARAspi.dll
2012-07-04 14:02 . 2012-08-16 14:30	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-06-29 00:16 . 2012-08-16 14:30	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-16 14:30	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-16 14:30	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 14:30	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 14:30	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Amazon Cloud Drive"="c:\users\Eigenaar\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-09-15 875512]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-13 6335008]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-13 1833504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-05-20 40072]
.
c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-29 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
tcbhn.lnk - c:\users\Eigenaar\AppData\Roaming\BrowserCompanion\tcbhn.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-31 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0
.
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 20:38]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 20:38]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1176920450-3925209464-3760352564-1000Core.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-19 12:32]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1176920450-3925209464-3760352564-1000UA.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-19 12:32]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-20 19:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Voltooingstijd: 2012-09-20  19:54:14 - machine werd herstart
ComboFix-quarantined-files.txt  2012-09-20 17:54
ComboFix2.txt  2012-09-20 14:46
.
Pre-Run: 425.369.870.336 bytes beschikbaar
Post-Run: 425.416.466.432 bytes beschikbaar
.
- - End Of File - - 8DA19432341A4BACCDD6061D5D34637C