Here's my combofix log:
ComboFix 10-09-09.04 - George 10-09-2010 14:38:10.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.3037.1965 [GMT 2:00]
Gestart vanuit: c:\users\George\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Explorer
c:\windows\system32\Explorer\cd.txt
c:\windows\system32\drivers\discache.sys . . . is geïnfecteerd!! . . . Failed to find a valid replacement.
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-10 to 2010-09-10 ))))))))))))))))))))))))))))))
.
2010-09-10 12:52 . 2010-09-10 12:52 -------- d-----w- c:\users\George\AppData\Local\temp
2010-09-10 12:52 . 2010-09-10 12:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-09-10 12:52 . 2010-09-10 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-10 12:22 . 2010-09-10 12:22 -------- d-----w- C:\32788R22FWJFW
2010-09-08 19:38 . 2010-09-08 19:38 -------- d-----w- c:\program files\EasyPHP-5.3.3
2010-09-08 19:16 . 2010-09-08 19:16 -------- d-----w- c:\users\George\AppData\Roaming\ubot
2010-09-07 13:17 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-07 13:17 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-09-07 13:17 . 2010-09-07 13:17 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-07 13:16 . 2010-09-08 11:28 -------- d-----w- c:\windows\system32\drivers\N360
2010-09-07 13:16 . 2010-09-07 13:16 -------- d-----w- c:\program files\Norton 360
2010-09-07 13:16 . 2010-09-07 13:16 -------- d-----w- c:\program files\NortonInstaller
2010-09-06 18:43 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-06 18:35 . 2010-09-07 15:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-06 18:35 . 2010-09-07 12:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-04 19:24 . 2010-09-04 19:24 -------- d-----w- c:\program files\Instant Article Wizard Pro
2010-09-04 19:19 . 2010-09-04 19:34 -------- d-----w- c:\program files\Instant Article Wizard 2.0
2010-09-03 21:16 . 2010-09-03 21:16 -------- d-----w- c:\users\George\AppData\Local\Sophos
2010-09-03 20:40 . 2010-09-03 20:40 -------- d-----w- c:\windows\XSxS
2010-09-03 20:40 . 2010-09-03 20:40 -------- d-----w- c:\users\George\AppData\Local\Xenocode
2010-09-03 20:40 . 2010-09-03 20:40 -------- d-----w- c:\program files\Xenocode
2010-09-03 20:36 . 2010-09-03 22:35 -------- d-----w- c:\program files\Artisteer 2
2010-09-03 20:10 . 2010-09-07 13:40 -------- d-----w- c:\programdata\Sophos
2010-09-03 20:03 . 2010-08-30 12:34 1496064 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-03 20:03 . 2010-08-30 12:33 43008 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-03 20:03 . 2010-08-30 12:33 338944 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-03 20:03 . 2010-08-30 12:33 346112 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-30 21:56 . 2010-05-23 15:50 73216 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-08-30 21:56 . 2010-04-18 12:33 307200 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-08-30 21:56 . 2010-04-18 12:33 172032 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-08-29 02:31 . 2010-09-04 22:15 -------- d-----w- c:\users\George\AppData\Roaming\riujosodf
2010-08-29 02:31 . 2010-08-29 02:37 -------- d-----w- c:\users\George\AppData\Local\riujosodf
2010-08-29 02:25 . 2010-08-29 02:25 113395 ----a-r- c:\users\George\AppData\Roaming\Microsoft\Installer\{C05DAB66-DA77-40B2-9D51-C54B0F2AD8F5}\_DA950C4C370ED3A1DE096D.exe
2010-08-29 02:25 . 2010-08-29 02:25 10134 ----a-r- c:\users\George\AppData\Roaming\Microsoft\Installer\{C05DAB66-DA77-40B2-9D51-C54B0F2AD8F5}\_BE44F31A5B28B87342419B.exe
2010-08-28 18:39 . 2010-08-28 18:39 -------- d-----w- c:\users\George\AppData\Roaming\Artisteer
2010-08-28 15:35 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-28 15:32 . 2010-08-28 15:32 -------- d-----w- c:\users\George\AppData\Roaming\Tific
2010-08-24 20:27 . 2010-09-05 00:32 -------- d-----w- c:\program files\OnlyWire
2010-08-24 12:09 . 2010-08-24 12:09 -------- d-----w- c:\program files\Traffic Addict
2010-08-22 20:32 . 2010-08-22 20:32 -------- d-----w- c:\program files\CherryPicker
2010-08-20 14:36 . 2010-08-26 00:10 -------- d-----w- c:\program files\Magic Niche Finder
2010-08-19 21:38 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-19 21:38 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-19 21:38 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-19 21:38 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-08-19 21:38 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 12:35 . 2009-11-27 16:32 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-09-10 12:35 . 2009-11-27 20:04 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-09-10 10:49 . 2010-04-12 13:28 -------- d-----w- c:\users\George\AppData\Roaming\Winamp
2010-09-09 21:12 . 2010-08-01 16:41 -------- d-----w- c:\users\George\AppData\Roaming\FileZilla
2010-09-09 20:25 . 2009-12-03 09:06 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-09-08 18:47 . 2009-11-27 16:33 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-09-08 16:42 . 2010-07-09 17:41 -------- d-----w- c:\program files\SENuke
2010-09-07 23:05 . 2009-07-13 23:24 32256 ----a-w- c:\windows\system32\drivers\discache.sys
2010-09-07 13:42 . 2009-11-28 14:36 -------- d-----w- c:\programdata\Norton
2010-09-07 13:42 . 2009-11-28 14:35 -------- d-----w- c:\programdata\NortonInstaller
2010-09-07 13:17 . 2010-09-07 13:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-07 13:17 . 2010-09-07 13:17 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-07 13:17 . 2009-12-21 16:44 -------- d-----w- c:\program files\Symantec
2010-09-07 13:17 . 2009-12-21 16:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-07 12:29 . 2010-04-12 13:06 -------- d-----w- c:\program files\QuickTime
2010-09-07 12:28 . 2010-04-15 12:40 -------- d-----w- c:\program files\Google
2010-09-06 01:23 . 2009-12-02 19:13 -------- d-----w- c:\users\George\AppData\Roaming\GrabIt
2010-08-29 01:15 . 2009-12-17 14:40 -------- d-----w- c:\program files\Common Files\xing shared
2010-08-29 01:15 . 2009-12-17 14:40 -------- d-----w- c:\program files\Common Files\Real
2010-08-29 01:13 . 2009-12-17 14:40 -------- d-----w- c:\program files\Real
2010-08-26 22:51 . 2010-08-03 13:05 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-24 22:23 . 2010-07-24 14:52 140968 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-24 13:26 . 2010-07-16 14:00 -------- d-----w- c:\program files\Hummingbird
2010-08-24 12:43 . 2010-04-12 13:06 -------- d-----w- c:\programdata\Apple Computer
2010-08-24 12:43 . 2010-04-12 13:05 -------- d-----w- c:\program files\Common Files\Apple
2010-08-24 11:54 . 2009-11-28 15:49 -------- d-----w- c:\programdata\Microsoft Help
2010-08-22 20:31 . 2010-05-02 16:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-21 08:51 . 2009-12-02 20:06 -------- d-----w- c:\users\George\AppData\Roaming\vlc
2010-08-21 06:39 . 2010-08-01 16:40 -------- d-----w- c:\program files\FileZilla FTP Client
2010-08-04 19:55 . 2010-02-13 18:54 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-03 13:04 . 2009-11-27 17:48 109784 ----a-w- c:\users\George\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-03 13:04 . 2009-11-28 17:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-03 12:53 . 2010-08-03 12:53 -------- d-----w- c:\programdata\ALM
2010-08-03 12:09 . 2010-08-03 12:09 -------- d-----w- c:\program files\Adobe Media Player
2010-08-03 12:05 . 2010-08-03 12:05 10134 ----a-r- c:\users\George\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
2010-08-03 12:05 . 2009-11-28 14:39 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-03 12:05 . 2010-08-03 12:05 -------- d-----w- c:\program files\My Company Name
2010-07-25 17:54 . 2010-07-25 17:54 -------- d-----w- c:\program files\Market Samurai
2010-07-25 12:44 . 2010-07-25 12:44 -------- d-----w- c:\users\George\AppData\Roaming\CherryPickerLive
2010-07-18 14:14 . 2010-07-18 14:14 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-07-16 17:15 . 2010-07-16 17:15 -------- d-----w- c:\program files\Micro Niche Finder 5.0
2010-07-16 16:53 . 2010-04-12 13:28 -------- d-----w- c:\program files\Winamp
2010-07-16 16:17 . 2010-04-12 13:28 -------- d-----w- c:\program files\Winamp Detect
2010-07-16 14:58 . 2010-07-16 14:58 165232 ---ha-w- c:\users\George\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-07-16 14:57 . 2010-07-16 14:57 -------- d-----w- c:\program files\Microsoft Virtual PC
2010-07-16 14:00 . 2010-07-16 14:00 -------- d-----w- c:\users\George\AppData\Roaming\com.mesiablabs.Hummingbird.4F508AB529C1EC8AC04A1919276966C36BC93650.1
2010-07-16 13:48 . 2010-07-16 13:48 -------- d-----w- c:\programdata\Submit Suite
2010-07-14 21:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-07-14 21:21 . 2010-07-14 21:21 -------- d-----w- c:\programdata\Micro Niche Finder
2010-07-14 21:20 . 2010-07-14 21:19 -------- d-----w- c:\program files\EasyPHP-5.3.1
2010-07-14 20:36 . 2010-07-14 20:36 -------- d-----w- c:\users\George\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2010-07-14 20:35 . 2010-07-14 20:35 -------- d-----w- c:\program files\Domain Samurai
2010-06-30 06:25 . 2010-08-19 21:37 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-29 13:33 . 2010-03-05 05:13 439816 ----a-w- c:\users\George\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-22 02:47 . 2010-08-19 21:37 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-19 21:37 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-19 21:37 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-19 21:37 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-19 21:37 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 04:07 . 2010-08-19 21:37 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 08:28 . 2010-06-16 08:28 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-16 08:28 . 2010-06-16 08:28 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-16 05:48 . 2010-08-19 21:37 224256 ----a-w- c:\windows\system32\schannel.dll
2009-04-08 09:31 . 2009-04-08 09:31 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-08-11 20:45 . 2008-08-11 20:45 155648 ----a-w- c:\program files\Common Files\MSIactionall.dll
2008-05-22 07:35 . 2008-05-22 07:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 08:34 . 2007-06-12 08:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 398568]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-11 1474560]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-20 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-20 167960]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart 7BF8F58D8D8D5DEDCEE34185622A4B64702EFB8E"="c:\windows\System32\calc.exe" [2009-07-14 776192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\d:\0autocheck autochk /r \??\c:\0autocheck autochk /r \??\d:\0autocheck autochk /r \??\C:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk]
path=c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun]
2009-09-01 07:10 233472 ----a-w- c:\program files\AmIcoSingLun\AmIcoSinglun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\George\AppData\Local\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"skb"=rundll32 "tihfs.dll",,Run
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ADSMTray"=c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 EraserUtilDrv10710;EraserUtilDrv10710;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10710.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15416]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [2010-08-09 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100909.001\IDSvix86.sys [2010-08-26 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 27136]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-04 102448]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1066496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 12:40]
2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 12:40]
2010-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1938754323-729904025-910476438-1001Core.job
- c:\users\George\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 18:52]
2010-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1938754323-729904025-910476438-1001UA.job
- c:\users\George\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 18:52]
.
.
------- Bijkomende Scan -------
.
uStart Page =
hxxp://www.asus.comuInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Torrent Finder
FF - prefs.js: browser.startup.homepage -
www.google.nlFF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll
FF - component: c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\George\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\George\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\George\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS VERWIJDERD - - - -
Toolbar-Locked - (no file)
MSConfigStartUp-setupupdate70700 - c:\users\George\AppData\Roaming\D6EBB0A2A1556570AE82E9C207CD6115\setupupdate70700.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8700FEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x85595398
QueryNameProcedure -> 0x85595528
user & kernel MBR OK
copy of MBR has been found in sector 61 !
copy of MBR has been found in sector 62 !
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-09-10 14:56:43
ComboFix-quarantined-files.txt 2010-09-10 12:56
Pre-Run: 28.522.811.392 bytes free
Post-Run: 28.423.921.664 bytes free
- - End Of File - - 7E02CD9E593DB1D9659F23C367A13AA0