log combofix

[nmfdh]

Hallo..

Ik heb zojuist de combofix gedraaid op mijn computer, en de volgende log is eruit gekomen. Weet alleen niet wat ik nu verder moet doen. Wie kan me helpen???

Log:
ComboFix 10-01-17.02 - Vito en Ninon 18-01-2010 12:17:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.31.1043.18.1791.1091 [GMT 1:00]
Gestart vanuit: c:\users\Vito en Ninon\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1979166443-2527759828-4247376380-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-12-18 to 2010-01-18 ))))))))))))))))))))))))))))))
.

2010-01-18 11:24 . 2010-01-18 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-30 16:21 . 2009-12-30 16:21 -------- d-----w- c:\users\Vito en Ninon\AppData\Roaming\Anvil-Soft
2009-12-30 16:21 . 2009-12-30 16:21 -------- d-----w- c:\program files\Anvil-Soft
2009-12-30 15:41 . 2009-12-30 15:41 8854 ----a-r- c:\users\Vito en Ninon\AppData\Roaming\Microsoft\Installer\{889A8C89-5FF3-489A-9ED9-4FDE1615C1C6}\UNINST_Uninstall_T_889A8C895FF3489A9ED94FDE1615C1C6.exe
2009-12-30 15:41 . 2009-12-30 15:41 65536 ----a-r- c:\users\Vito en Ninon\AppData\Roaming\Microsoft\Installer\{889A8C89-5FF3-489A-9ED9-4FDE1615C1C6}\manual.pdf_889A8C895FF3489A9ED94FDE1615C1C6.exe
2009-12-30 15:41 . 2009-12-30 15:41 40960 ----a-r- c:\users\Vito en Ninon\AppData\Roaming\Microsoft\Installer\{889A8C89-5FF3-489A-9ED9-4FDE1615C1C6}\tpt_retail.exe1_889A8C895FF3489A9ED94FDE1615C1C6.exe
2009-12-30 15:41 . 2009-12-30 15:41 40960 ----a-r- c:\users\Vito en Ninon\AppData\Roaming\Microsoft\Installer\{889A8C89-5FF3-489A-9ED9-4FDE1615C1C6}\tpt_retail.exe_889A8C895FF3489A9ED94FDE1615C1C6.exe
2009-12-30 15:41 . 2009-12-30 15:41 10134 ----a-r- c:\users\Vito en Ninon\AppData\Roaming\Microsoft\Installer\{889A8C89-5FF3-489A-9ED9-4FDE1615C1C6}\ARPPRODUCTICON.exe
2009-12-30 15:40 . 2009-12-30 15:40 -------- d-----w- c:\program files\Trailer Park Tycoon
2009-12-27 16:06 . 2009-12-27 16:06 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-12-27 16:03 . 2009-12-27 16:16 -------- d-----w- c:\users\Vito en Ninon\AppData\Roaming\FUJIFILM
2009-12-27 16:01 . 2006-07-12 13:39 208896 ----a-w- c:\windows\system32\FFRafShellEx.dll
2009-12-27 16:01 . 2004-07-24 20:28 155648 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2009-12-27 16:01 . 2003-09-03 15:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2009-12-27 15:59 . 2009-12-27 16:03 -------- d-----w- c:\program files\FinePixViewer
2009-12-24 15:00 . 2009-12-24 15:00 970504 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-19 16:00 . 2007-10-22 02:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2009-12-19 16:00 . 2007-10-12 14:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-12-19 16:00 . 2007-10-02 08:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2009-12-19 16:00 . 2007-10-12 14:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-12-19 16:00 . 2007-07-19 23:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2009-12-19 16:00 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2009-12-19 16:00 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-12-19 15:59 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-12-19 15:59 . 2007-10-22 02:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2009-12-19 15:59 . 2007-06-20 19:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2009-12-19 15:59 . 2007-05-16 15:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2009-12-19 15:59 . 2007-05-16 15:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2009-12-19 15:59 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-12-19 15:59 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-12-19 15:59 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-12-19 15:59 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-12-19 15:59 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-12-19 15:59 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-12-19 15:59 . 2007-03-05 11:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-12-19 15:51 . 2009-12-19 15:55 -------- d-----w- c:\program files\Restaurant Empire 2

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 11:03 . 2008-11-01 16:54 -------- d-----w- c:\program files\Norton Security Scan
2010-01-18 10:57 . 2007-07-08 03:35 699038 ----a-w- c:\windows\system32\perfh013.dat
2010-01-18 10:57 . 2007-07-08 03:35 127210 ----a-w- c:\windows\system32\perfc013.dat
2010-01-18 10:51 . 2010-01-18 10:33 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-18 10:44 . 2010-01-18 10:44 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-01-18 10:44 . 2010-01-18 10:33 -------- d-----w- c:\programdata\Hitman Pro
2010-01-18 10:44 . 2009-12-30 16:26 -------- d-----w- c:\program files\Huisdieren Tycoon
2010-01-18 10:33 . 2010-01-18 10:33 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-01-14 09:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-01 17:07 . 2007-12-27 17:05 -------- d-----w- c:\users\Vito en Ninon\AppData\Roaming\Skype
2009-12-30 17:29 . 2009-12-30 17:29 -------- d-----w- c:\program files\BiP media
2009-12-30 17:26 . 2008-12-07 14:17 -------- d-----w- c:\program files\JoWood
2009-12-30 16:26 . 2009-12-30 16:26 -------- d-----w- c:\programdata\Total Gameplay
2009-12-27 16:05 . 2007-07-07 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 09:07 . 2009-03-03 17:08 -------- d-----w- c:\users\Vito en Ninon\AppData\Roaming\Belastingdienst
2009-12-12 20:45 . 2009-12-12 20:45 -------- d-----w- c:\program files\Activision
2009-12-07 21:38 . 2009-12-07 21:38 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA61E.tmp.exe
2009-11-19 10:48 . 2009-11-30 21:13 872960 ----a-w- c:\users\Vito en Ninon\AppData\Roaming\Mozilla\Firefox\Profiles\w57nz78v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 10:48 . 2009-11-30 21:13 43008 ----a-w- c:\users\Vito en Ninon\AppData\Roaming\Mozilla\Firefox\Profiles\w57nz78v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-11-30 21:13 340480 ----a-w- c:\users\Vito en Ninon\AppData\Roaming\Mozilla\Firefox\Profiles\w57nz78v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-11-30 21:13 346624 ----a-w- c:\users\Vito en Ninon\AppData\Roaming\Mozilla\Firefox\Profiles\w57nz78v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-09 13:34 . 2009-12-10 11:08 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:30 . 2009-12-10 11:08 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:17 . 2009-12-10 11:08 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 07:59 . 2009-11-26 10:18 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 15:05 . 2009-12-09 10:09 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 15:01 . 2009-12-09 10:09 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-27 15:01 . 2009-12-09 10:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 15:01 . 2009-12-09 10:09 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-10-27 14:59 . 2009-12-09 10:09 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-27 12:27 . 2009-12-09 10:09 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 10:56 . 2009-12-09 10:09 48128 ----a-w- c:\windows\system32\mshtmler.dll
2008-09-27 21:48 . 2008-09-27 21:48 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-07-08 03:44 . 2007-07-08 03:37 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 1116728]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-07-08 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-27 29744]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-18 79416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 136600]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-12-27 303104]
Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Common\RaUI.exe [2009-3-7 1552384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080208.001\IDSvix86.sys [9-2-2008 16:48 180272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10-2-2008 11:36 109616]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [30-10-2007 19:55 37936]
S2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Sitecom\Common\RalinkRegistryWriter.exe [7-3-2009 17:22 54272]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7-7-2007 19:21 29744]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [7-3-2009 17:20 604160]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map

2009-12-11 c:\windows\Tasks\Norton Internet Security - Volledige systeemscan - Vito en Ninon.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

2010-01-17 c:\windows\Tasks\Norton Security Scan for Vito en Ninon.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18]

2010-01-18 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-07-07 16:34]

2010-01-18 c:\windows\Tasks\Uitgebreide garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-07-07 16:38]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://format.packardbell.com/cgi-bin/redirect/?country=NL&range=AD&phase=8&key=IESTART
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
FF - ProfilePath - c:\users\Vito en Ninon\AppData\Roaming\Mozilla\Firefox\Profiles\w57nz78v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Vito en Ninon\AppData\Roaming\Mozilla\Firefox\Profiles\w57nz78v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
AddRemove-Huisdieren Tycoon - c:\program files\Huisdieren Tycoon\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 12:25
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-4022246362-430544342-1287108503-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cf,66,eb,49,1a,a9,ca,66,e6,4a,eb,e1,54,9f,9f,37,c7,8f,91,10,16,f1,d9,
73,d5,44,8b,ae,da,8a,e3,f2,1f,d3,17,df,96,0e,db,9c,a7,35,1d,4d,05,9a,3e,61,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Voltooingstijd: 2010-01-18 12:28:03
ComboFix-quarantined-files.txt 2010-01-18 11:28

Pre-Run: 186.077.503.488 bytes beschikbaar
Post-Run: 190.319.312.896 bytes beschikbaar

- - End Of File - - 3AE71E7EA40B8A6C8B7634249CD24741

[miekiemoes]

Hoi,

Wat is de reden waarom je Combofix hebt gebruikt? Combofix is geen tool die je zomaar mag gebruiken. Het wordt aangeraden om die enkel maar te gebruiken indien dit aangeraden wordt.

[cute-jj]

kan iemand mij helpen??? ik heb combofix gebruikt omdat bepaalde services niet werken en hij dat steeds aangaf/geeft en ook omdat bij aparaatbeheer kreeg ik een leeg scherm .. het probleem van aparaatbeheer is nu wel opgelost met combofix maar zoals met services die uitgeschakelt zijn geeft hij nog steeds de melding ook als ik bij netwerk verbindingen kijk is dat leeg kan geen verbindingen aanklikken en ook geen thuisnetwerk instellingen geeft hij ook de melding dat services niet gestart is ookal wil ik die handmatig instellen werkt dat ook niet ..kan iemand mij helpen en pc is ook traag. heb daarom ook gelijk even de log van combofix erbij gezet



ComboFix 10-02-05.01 - test 05-02-2010 19:39:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.247.89 [GMT 1:00]
Gestart vanuit: c:\documents and settings\test\Bureaublad\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\EventSystem.log

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-05 to 2010-02-05 ))))))))))))))))))))))))))))))
.

2010-02-05 17:26 . 2010-02-05 17:26 -------- d-----w- c:\documents and settings\test\Tracing
2010-02-05 17:20 . 2010-02-05 17:20 -------- d-----w- c:\program files\Add Remove Pro
2010-02-05 17:18 . 2010-02-05 17:18 -------- d-sh--w- c:\documents and settings\test\PrivacIE
2010-02-05 17:15 . 2010-02-05 17:15 69624 ----a-w- c:\documents and settings\test\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-05 17:11 . 2010-02-05 17:11 -------- d-----w- c:\documents and settings\test\Application Data\DisplayTune
2010-02-05 17:06 . 2010-02-05 17:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-05 17:00 . 2010-02-05 17:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-13 11:08 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 18:38 . 2004-09-09 16:40 87302 ----a-w- c:\windows\system32\perfc013.dat
2010-02-05 18:38 . 2004-09-09 16:40 502182 ----a-w- c:\windows\system32\perfh013.dat
2010-02-05 17:44 . 2009-03-17 14:39 -------- d-----w- c:\program files\Windows Live
2010-01-26 14:20 . 2009-11-10 14:57 79488 ----a-w- c:\documents and settings\Sheriel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-01 20:19 . 2009-03-22 18:05 -------- d-----w- c:\documents and settings\Sheriel\Application Data\LimeWire
2009-12-21 19:10 . 2004-08-04 00:03 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 16:03 . 2004-08-04 00:03 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 136600]
"DT HPW"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-09-28 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26622:TCP"= 26622:TCP:BitComet 26622 TCP
"26622:UDP"= 26622:UDP:BitComet 26622 UDP

.
Inhoud van de 'Gedeelde Taken' map

2009-12-21 c:\windows\Tasks\User_Feed_Synchronization-{E4BBB588-913C-45FB-B6FD-089E79CC44CB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2009-10-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-08 20:18]
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 19:57
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2010-02-05 20:01:45
ComboFix-quarantined-files.txt 2010-02-05 19:01

Pre-Run: 7.034.970.112 bytes beschikbaar
Post-Run: 8.048.025.600 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 08C89CC51ACB5A12A74528D6CE7A84CB

[miekiemoes]

cutejj, je hebt hier al je log geplaatst, die ik daarna heb afgesplits naar deze thread:
http://support.bluemedicine.be/mybb/thread-7440.html
Want er staat duidelijk in grote letters hier bovenaan in het Hijackthisgedeelte:

Citaat:Ga niet in andermans thread posten indien u hetzelfde probleem hebt.
Start een nieuwe thread met uw probleem.

Dus gelieve verder te doen in de thread die al afgesplitst is en niet hier.

[captain kirk]

Aangezien het probleem opgelost is, wordt deze thread verplaatst naar het "Opgeloste/Inactieve HijackThislogs" forum, waar je niet meer kan posten, enkel lezen.

Indien je terug problemen ondervindt in de eerstvolgende dagen, gelieve een PM te sturen naar één van de Moderators of Administrators om deze thread terug te zetten zodat je verder kan geholpen worden.

Bij problemen die opduiken na enkele weken is het beter om een nieuwe thread te starten met een nieuwe log.
Indien er problemen zijn die niks met malware te maken hebben, gelieve een nieuwe thread te starten in het juist forumonderdeel.