combofix textbestand wie wil er even naar kijken?

[vanityme]

Hallo,

ik had gisteren problemen met mn burobladachtergrond en toen bleek er een virus in mn pc te zitten die mbam eruit haalde daarna nog gescan met diverse scans en werd verder niks gevonden, alles lijkt nu weer normaal te werken maar ik vroeg me af of er iemand is die even naar mn combofix bestandje wil kijken want ik snap er zelf eigenlijk niet zoveel van en misschien dat er nog dingen instaan die jullie opvallen die gewijzigd/aangepast moeten worden? ter aanvulling ook nog even een hijacklogthis file erbij gedaan

alvast bedankt!

ComboFix 11-02-08.02 - gebruiker 09-02-2011   1:11.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.31.1043.18.511.274 [GMT 1:00]
Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\tcpview\tcpview.exe
c:\windows\system32\ReadMe.txt
c:\windows\system32\ssvchost.exe

.
((((((((((((((((((((   Bestanden Gemaakt van 2011-01-09 to 2011-02-09  ))))))))))))))))))))))))))))))
.

2011-02-08 14:46 . 2010-03-15 10:31	165376	----a-w-	c:\windows\system32\unrar.dll
2011-02-08 14:46 . 2010-01-17 16:18	151552	----a-w-	c:\windows\system32\ac3acm.acm
2011-02-08 14:46 . 2006-10-18 19:05	232448	----a-w-	c:\windows\system32\mp3fhg.acm
2011-02-08 14:46 . 2010-12-07 18:40	183808	----a-w-	c:\windows\system32\xvidvfw.dll
2011-02-08 14:46 . 2010-12-07 18:22	810496	----a-w-	c:\windows\system32\xvidcore.dll
2011-02-08 14:46 . 2010-11-03 19:08	237568	----a-w-	c:\windows\system32\yv12vfw.dll
2011-02-08 14:46 . 2011-01-28 08:00	80896	----a-w-	c:\windows\system32\ff_vfw.dll
2011-02-08 14:46 . 2011-02-08 14:46	--------	d-----w-	c:\program files\K-Lite Codec Pack
2011-02-08 14:43 . 2011-02-08 14:43	20121151	----a-w-	c:\program files\K-Lite_Codec_Pack_690_Mega.exe
2011-02-07 21:20 . 2011-02-07 21:20	--------	d-----w-	c:\program files\Common Files\Protexis
2011-02-07 21:20 . 2011-02-07 21:22	--------	d-----w-	c:\documents and settings\All Users\Application Data\Corel
2011-02-07 21:16 . 2011-02-08 08:02	--------	d-----w-	c:\documents and settings\gebruiker\Local Settings\Application Data\Corel
2011-02-07 21:06 . 2011-02-07 21:13	--------	d-----w-	c:\program files\Common Files\Corel
2011-02-07 21:06 . 2011-02-07 21:06	--------	d-----w-	c:\program files\Corel
2011-02-07 21:06 . 2011-02-07 21:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Ulead Systems
2011-02-07 20:17 . 2011-02-07 20:17	143360	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-02-07 20:17 . 2011-02-07 20:17	143360	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-02-07 20:17 . 2011-02-07 20:17	143360	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-02-07 20:17 . 2011-02-07 20:17	143360	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-02-07 20:17 . 2011-02-07 20:17	143360	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-02-07 20:17 . 2011-02-07 20:17	143360	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-02-07 20:17 . 2011-02-07 20:17	143360	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-02-07 20:16 . 2011-02-07 20:16	--------	d-----w-	c:\program files\Common Files\Apple
2011-02-07 20:16 . 2011-02-07 20:17	--------	d-----w-	c:\program files\QuickTime
2011-02-07 20:06 . 2011-02-07 22:17	--------	d-----w-	c:\documents and settings\All Users\Bureaublad
2011-02-07 20:04 . 2011-02-07 20:18	--------	d-----w-	c:\documents and settings\gebruiker\Application Data\Corel
2011-02-07 15:23 . 2011-02-07 15:24	88	--sh--r-	c:\documents and settings\All Users\Application Data\D19196FA14.sys
2011-02-07 15:23 . 2011-02-08 08:02	5018	--sha-w-	c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-02-07 15:19 . 2011-02-07 15:19	--------	d-----w-	c:\windows\system32\windows media
2011-02-07 15:18 . 2011-02-07 15:19	--------	d--h--w-	c:\windows\msdownld.tmp
2011-02-07 14:48 . 2011-02-07 14:48	--------	d-----w-	c:\program files\Windows Media Components
2011-02-07 14:45 . 2006-07-28 08:30	236824	----a-w-	c:\windows\system32\xactengine2_3.dll
2011-02-07 14:45 . 2006-07-28 08:30	62744	----a-w-	c:\windows\system32\xinput1_2.dll
2011-02-07 14:45 . 2005-05-26 14:34	2297552	----a-w-	c:\windows\system32\d3dx9_26.dll
2011-02-07 13:35 . 2011-02-07 13:37	--------	d-----w-	c:\program files\BitTorrent
2011-02-07 13:08 . 2011-02-07 13:10	88	--sh--r-	c:\windows\system32\D19196FA14.sys
2011-02-07 09:51 . 2011-02-07 09:51	--------	d-----w-	c:\program files\everesthome220
2011-02-06 21:44 . 2011-02-06 21:44	--------	d-----w-	c:\windows\Performance
2011-02-06 21:44 . 2011-02-06 21:44	--------	d-----w-	c:\documents and settings\gebruiker\Local Settings\Application Data\Microsoft Corporation
2011-02-06 20:43 . 2011-02-06 20:43	--------	d-----w-	c:\program files\Autoruns
2011-02-06 20:28 . 2011-02-06 20:28	--------	d-----w-	c:\program files\ProcessExplorer
2011-02-05 19:08 . 2011-02-08 16:29	--------	d-sh--w-	c:\documents and settings\gebruiker\Onlangs geopend
2011-02-05 17:51 . 2011-02-05 17:51	--------	d-----w-	c:\program files\CCleaner
2011-02-05 13:39 . 2011-02-05 13:39	--------	d-----w-	c:\documents and settings\gebruiker\Application Data\abelhadigital.com
2011-02-05 13:39 . 2011-02-05 13:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\abelhadigital.com
2011-02-05 13:39 . 2011-02-05 23:17	--------	d-----w-	c:\program files\HostsMan
2011-02-05 12:22 . 2011-02-05 12:22	--------	d-----w-	c:\documents and settings\gebruiker\Application Data\aignes
2011-02-03 23:11 . 2011-02-09 00:22	--------	d-----w-	c:\program files\TCPView
2011-02-03 12:36 . 2011-02-03 12:36	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-02-01 21:50 . 2011-02-01 21:50	--------	d-----w-	c:\documents and settings\gebruiker\Local Settings\Application Data\Windows Live Writer
2011-02-01 21:50 . 2011-02-01 21:50	--------	d-----w-	c:\documents and settings\gebruiker\Application Data\Windows Live Writer
2011-01-29 15:00 . 2011-01-29 15:00	--------	d-----w-	c:\documents and settings\gebruiker\Local Settings\Application Data\PackageAware
2011-01-29 11:17 . 2011-01-29 12:33	--------	d-----w-	c:\program files\COMODO
2011-01-29 11:15 . 2011-01-29 23:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Comodo
2011-01-29 11:12 . 2011-01-29 11:12	--------	d-----w-	c:\windows\Internet Logs
2011-01-28 12:25 . 2011-01-28 12:25	--------	d-----w-	c:\windows\system32\winrm
2011-01-28 12:25 . 2011-01-28 12:25	--------	dc-h--w-	c:\windows\$968930Uinstall_KB968930$
2011-01-28 12:05 . 2011-01-28 12:05	--------	d-----w-	c:\program files\Microsoft.NET
2011-01-28 10:57 . 2010-05-26 09:45	18816	------w-	c:\windows\system32\SAVRKBootTasks.sys
2011-01-27 20:49 . 2011-01-27 20:50	--------	d-----w-	c:\program files\Common Files\Adobe
2011-01-27 19:51 . 2011-01-27 19:50	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-01-27 12:53 . 2011-01-27 12:53	--------	d-----w-	c:\documents and settings\gebruiker\Application Data\Malwarebytes
2011-01-27 12:52 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-27 12:52 . 2011-01-27 12:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-27 12:52 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-27 12:52 . 2011-01-27 20:35	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-25 08:53 . 2011-01-25 08:53	343040	----a-w-	c:\windows\system32\MSVCRT.DLL
2011-01-25 08:17 . 2004-03-18 18:36	401484	----a-w-	c:\windows\system32\msvcrtd.dll
2011-01-24 20:14 . 2011-01-24 20:14	193920	----a-w-	c:\windows\system32\msvcrtnt.exe
2011-01-22 18:40 . 2010-07-27 06:30	8509440	----a-w-	c:\windows\system32\shell32.backup
2011-01-22 15:21 . 2008-08-24 09:15	11874816	----a-w-	c:\windows\shell32.dll
2011-01-22 14:32 . 2011-01-22 14:32	--------	d-----w-	c:\documents and settings\gebruiker\Application Data\Stardock
2011-01-22 14:31 . 2011-01-22 14:32	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{62902F53-D725-44F9-B385-979CC0E00E8A}
2011-01-22 13:35 . 2011-01-22 13:35	63063	----a-w-	c:\windows\BricoPackUninst.cmd
2011-01-22 13:30 . 2011-01-22 13:35	5400	----a-w-	c:\windows\BricoPackFoldersDelete.cmd
2011-01-18 14:04 . 2011-01-18 14:04	--------	d-----w-	c:\program files\Sophos
2011-01-10 15:06 . 2011-01-16 16:52	--------	d-----w-	c:\program files\Windows Live Safety Center
2011-01-10 13:34 . 2008-04-26 15:14	42672	----a-w-	c:\windows\system32\wbsys.dll

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-08 16:28 . 2004-08-04 12:00	6217728	----a-w-	c:\windows\system32\logonuiX.exe
2011-01-27 19:50 . 2008-05-14 09:03	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-01-25 08:55 . 2008-04-14 17:02	994304	----a-w-	c:\windows\system32\msgina.dll
2011-01-25 08:10 . 2011-01-25 08:10	165440	----a-w-	c:\windows\system32\msvcrtd.zip
2011-01-13 08:47 . 2011-01-09 15:04	188216	----a-w-	c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2011-01-09 15:04	294608	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2011-01-09 15:04	47440	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2011-01-09 15:04	100176	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2011-01-09 15:04	94544	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2011-01-09 15:04	23632	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2011-01-09 15:04	29392	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2011-01-09 15:04	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-01-10 00:07 . 2011-01-10 00:07	388096	----a-r-	c:\documents and settings\gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-07 20:54 . 2002-02-10 01:00	72748	----a-w-	c:\windows\system32\unins000.exe
2011-01-06 16:37 . 2011-01-06 16:37	94784	----a-w-	c:\windows\system32\drivers\inspect.sys
2011-01-06 16:37 . 2011-01-06 16:37	27576	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 16:37 . 2011-01-06 16:37	239368	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 16:37 . 2011-01-06 16:37	15592	----a-w-	c:\windows\system32\drivers\cmderd.sys
2011-01-06 14:12 . 2004-08-04 12:00	219136	----a-w-	c:\windows\system32\uxtheme.dll
2011-01-03 11:36 . 2011-01-03 11:36	231248	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2010-12-31 20:06 . 2011-01-09 15:04	38848	----a-w-	c:\windows\avastSS.scr
2010-12-29 00:42 . 2010-12-29 00:42	285480	----a-w-	c:\windows\system32\guard32.dll
2010-12-08 03:12 . 2010-09-07 02:48	251728	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-11-18 18:15 . 2008-04-17 13:04	86016	----a-w-	c:\windows\system32\isign32.dll
2010-11-12 12:19 . 2010-09-07 02:49	299984	----a-w-	c:\windows\system32\drivers\avgtdix.sys
.

------- Sigcheck -------

[-] 2011-01-25 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\MSVCRT.DLL
[7] 2008-04-14 . 074C38B50CE71E3EC6DD3F6DAABF4EEF . 343040 . . [7.0.2600.5512] . . c:\windows\msvcrt.dll
[7] 2008-04-14 . 074C38B50CE71E3EC6DD3F6DAABF4EEF . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . 61E70054981A2F9E64CEA7CA9479C0AA . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2004-08-04 . 687ABDBF4790F907FB0D3A50B8D9FE3A . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[7] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[7] 2004-08-04 . 40AC9CE966A05B05C9A4DB5B306A26C3 . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2011-01-25 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
[7] 2008-04-14 . CFB406497D9CF95DFFE17594899FD367 . 135680 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . D6F2B8963663F2014FAFCD8E15E4E778 . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 20A1DFA416579DACEE28E15E331C3930 . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-17 2548552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2010-07-28 01:23	526992	----a-w-	c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09	413696	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 

R0 klbg;klbg;c:\windows\system32\drivers\klbg.sys [29-1-2008 17:29 32784]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9-1-2011 16:04 294608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6-1-2011 17:37 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6-1-2011 17:37 27576]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [11-5-2009 21:51 11889]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [28-1-2011 11:57 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9-1-2011 16:04 17744]
R3 KLFLTDEV;KLFLTDEV;c:\windows\system32\drivers\klfltdev.sys [13-3-2008 18:02 26640]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S2 gupdate1ca14fdd201c736;Google Updateservice (gupdate1ca14fdd201c736);c:\program files\Google\Update\GoogleUpdate.exe [4-8-2009 13:19 133104]
S3 klim5;klim5;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\89.tmp --> c:\windows\system32\89.tmp [?]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [17-4-2008 13:18 24544]
S3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\drivers\RTL8187B.sys [26-3-2009 14:39 264576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4-8-2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
Inhoud van de 'Gedeelde Taken' map

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 12:19]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 12:19]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/ig?source=gapg&hl=nl
IE: Add to Anti-Banner
IE: Free YouTube Download - c:\documents and settings\gebruiker\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
.
- - - - ORPHANS VERWIJDERD - - - -

Notify-WBSrv - (no file)
MSConfigStartUp-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2011-02-09 01:24
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\89.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\.Default\Software\Stardock\WindowBlinds]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\ESENT\Process\avgfrw\DEBUG]
@DACL=(02 0000)
"Trace Level"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\ESENT\Process\avgtray\DEBUG]
@DACL=(02 0000)
"Trace Level"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\ESENT\Process\avgui\DEBUG]
@DACL=(02 0000)
"Trace Level"=""
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\msv1_0.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\guard32.dll
c:\windows\system32\msv1_0.dll
.
Voltooingstijd: 2011-02-09  01:31:13
ComboFix-quarantined-files.txt  2011-02-09 00:31

Pre-Run: 54.356.623.360 bytes beschikbaar
Post-Run: 54.495.993.856 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=""

- - End Of File - - 899DC19B88CEAF2628C9555C260C3824

ter aanvulling nog even een hijcklogthis.file

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:29:11, on 9-2-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

 

[crash]

Hijackthis logs worden op Helpmij.nl niet (meer) nagekeken. Hiervoor zijn er gespecialiseerde forums. De log heb ik verwijderd en tevens een code tag om de combofix log gezet.

 

[vanityme]

oh dat wist ik niet dus ook niet die combofix log begrijp ik?
nou dan ga ik ff verder zoeken
bedankt zover