RE: op hijackthis logje (de combofix log)

[kim gillissen]

Beste hulpverlener,
er werd mij een 5tal dagen geleden gevraagd om ComboFix te laten runnen op m'n PC nadat ik m'n hijackthis logje hier ook ergens gepost had.
Het ging toen omtrend een Sabam virus dat m'n pc deed vastlopen waarvoor ik de 'kaspersky rescue disc' heb moeten laten draaien als bootdisc.
Nadat alles terug normaal was waren al m'n desktop iconen weg en nu nog steeds.
Dus werd me aangeraden combofix te laten draaien, dus hier alvast het logje van Combofix:

ComboFix 12-06-16.02 - Kim 19/06/2012 1:09.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.8172.6314 [GMT 2:00]
Gestart vanuit: c:\users\Kim\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SysWow64\tmpBE2F.tmp
c:\windows\SysWow64\tmpBE30.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-18 to 2012-06-18 ))))))))))))))))))))))))))))))
.
.
2012-06-18 23:11 . 2012-06-18 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-18 01:44 . 2012-06-18 01:44 -------- d-----w- c:\windows\SysWow64\xlive
2012-06-18 01:44 . 2012-06-18 01:44 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-06-18 01:30 . 2012-06-18 01:38 -------- d-----w- c:\program files (x86)\Resident Evil - Operation Raccoon City
2012-06-13 00:48 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 00:48 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 00:48 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 00:48 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-10 17:38 . 2012-06-10 17:38 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-10 17:24 . 2012-06-10 17:24 -------- d-----w- c:\programdata\Malwarebytes
2012-06-10 17:24 . 2012-06-10 17:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-10 17:24 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 13:46 . 2012-06-09 13:46 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-06-09 13:46 . 2012-06-09 13:46 -------- d-----w- c:\program files\Realtek
2012-06-07 22:15 . 2012-06-07 22:15 -------- d-----w- c:\programdata\Common Files
2012-06-07 21:42 . 2012-06-07 21:42 -------- d-----w- c:\programdata\EA Core
2012-06-07 21:41 . 2012-06-07 21:41 -------- d-----w- c:\programdata\Origin
2012-06-07 21:41 . 2012-06-07 21:41 -------- d-----w- c:\programdata\Electronic Arts
2012-06-07 21:41 . 2012-06-07 21:41 -------- d-----w- c:\program files (x86)\Origin
2012-06-07 21:02 . 2012-06-07 21:02 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-06-07 21:02 . 2008-09-04 18:17 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2012-06-07 21:01 . 2012-06-07 22:16 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-06-07 19:19 . 2012-06-07 19:19 -------- d-----w- c:\windows\system32\appmgmt
2012-06-07 19:16 . 2012-06-07 19:19 -------- d-----w- c:\programdata\DeviceVM
2012-06-07 19:15 . 2012-06-07 20:49 -------- d-----w- c:\programdata\Norton
2012-06-07 19:15 . 2012-06-07 19:15 -------- d-----w- c:\programdata\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2012-06-07 19:13 . 2012-06-07 19:13 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2012-06-07 19:13 . 2009-07-08 13:32 1233195 ------w- c:\windows\SysWow64\AMBSPISyncService.exe
2012-06-07 19:13 . 2012-06-07 19:14 -------- d-----w- c:\programdata\Creative
2012-06-07 19:13 . 2012-06-07 19:14 -------- d-----w- c:\program files (x86)\Creative
2012-06-07 19:13 . 2012-06-07 19:13 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-06-07 19:12 . 2012-06-07 19:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-06-07 19:12 . 2012-06-07 19:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-07 19:12 . 2012-06-07 19:12 15936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2012-06-07 19:12 . 2012-06-07 19:12 -------- d-----w- c:\programdata\FNET
2012-06-07 19:12 . 2012-06-07 19:12 -------- d-----w- c:\program files (x86)\XFastUsb
2012-06-07 19:11 . 2011-02-01 11:06 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-06-07 19:10 . 2010-11-05 21:45 438808 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-06-07 19:10 . 2010-01-05 16:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-06-07 19:10 . 2009-12-03 09:27 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-06-07 19:09 . 2012-06-07 19:11 -------- d-----w- c:\program files (x86)\Intel
2012-06-07 19:09 . 2010-10-04 11:02 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-06-07 19:09 . 2012-06-07 19:09 -------- d-----w- C:\Intel
2012-06-06 07:27 . 2012-06-05 15:27 -------- d-----w- c:\windows\Panther
2012-06-05 19:12 . 2012-06-05 19:12 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-06-05 19:12 . 2012-06-05 19:12 -------- d-----w- c:\program files (x86)\Microsoft
2012-06-05 19:12 . 2012-06-05 19:12 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2012-06-05 19:11 . 2012-06-05 19:13 -------- d-----w- c:\program files (x86)\Windows Live
2012-06-05 19:11 . 2012-06-05 19:11 -------- d-----w- c:\windows\PCHEALTH
2012-06-05 19:08 . 2012-06-05 19:08 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-06-05 19:06 . 2012-06-05 19:06 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-06-05 19:06 . 2012-06-05 19:06 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-06-05 19:06 . 2012-06-05 19:06 -------- d-----w- c:\program files (x86)\Winamp
2012-06-05 19:03 . 2012-06-18 22:36 -------- d-----w- c:\programdata\Xfire
2012-06-05 19:03 . 2012-06-05 19:04 -------- d-----w- c:\program files (x86)\Xfire
2012-06-05 19:02 . 2012-06-05 19:02 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-05 19:02 . 2012-06-05 19:02 -------- d-----r- c:\program files (x86)\Skype
2012-06-05 19:02 . 2012-06-05 19:02 -------- d-----w- c:\programdata\Skype
2012-06-05 18:55 . 2012-06-18 19:33 -------- d-----w- c:\program files (x86)\Diablo III
2012-06-05 18:55 . 2012-06-05 19:07 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-06-05 18:55 . 2012-06-05 19:07 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-06-05 18:55 . 2012-06-05 18:55 -------- d-----w- c:\programdata\Battle.net
2012-06-05 18:28 . 2012-06-05 18:28 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-05 18:28 . 2012-06-05 18:28 -------- d-----w- c:\windows\system32\Wat
2012-06-05 18:12 . 2012-06-05 18:12 -------- d-----w- c:\program files (x86)\uTorrent
2012-06-05 18:10 . 2012-06-05 18:10 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-05 18:10 . 2012-06-05 18:10 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-06-05 18:10 . 2012-06-05 18:10 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-06-05 18:02 . 2012-06-06 16:32 -------- d-----w- c:\program files (x86)\Steam
2012-06-05 18:02 . 2012-06-05 18:31 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-06-05 18:00 . 2011-09-21 08:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-06-05 18:00 . 2012-06-05 18:00 -------- d-----w- c:\program files\CPUID
2012-06-05 17:56 . 2012-06-18 19:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-05 17:53 . 2012-06-05 17:53 0 ----a-w- c:\windows\ativpsrm.bin
2012-06-05 17:48 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-06-05 17:48 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-06-05 17:37 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-06-05 17:37 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-06-05 17:29 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-06-05 17:29 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-06-05 17:29 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-06-05 17:29 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-06-05 17:29 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-06-05 17:29 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-06-05 17:29 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-06-05 17:29 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-06-05 17:29 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-06-05 17:29 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-06-05 17:29 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-06-05 17:23 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-05 17:23 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-05 17:23 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-05 17:23 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-05 17:23 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-05 17:23 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-05 17:23 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-05 17:23 . 2012-06-11 14:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-05 17:23 . 2012-06-11 14:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-05 17:23 . 2012-06-05 17:23 -------- d-----w- c:\windows\SysWow64\Macromed
2012-06-05 17:23 . 2012-06-05 17:23 -------- d-----w- c:\windows\system32\Macromed
2012-06-05 17:21 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-06-05 17:20 . 2011-07-16 05:21 422400 ----a-w- c:\windows\system32\KernelBase.dll
2012-06-05 17:19 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2012-06-05 17:19 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-06-05 17:18 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-06-05 17:18 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-06-05 17:18 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-05 17:18 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-05 17:18 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-05 17:18 . 2012-06-05 17:18 -------- d-----w- c:\programdata\ATI
2012-06-05 17:17 . 2012-06-05 17:17 -------- d-----w- c:\programdata\AMD
2012-06-05 17:17 . 2012-06-05 17:17 -------- d-----w- c:\program files (x86)\AMD AVT
2012-06-05 17:17 . 2012-06-05 17:17 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-05 17:17 . 2012-06-05 17:17 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-06-05 17:17 . 2012-06-05 17:17 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-06-05 17:16 . 2012-06-05 17:16 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-06-05 17:16 . 2012-06-05 17:17 -------- d-----w- c:\program files\ATI Technologies
2012-06-05 17:16 . 2012-06-05 17:16 -------- d-----w- c:\program files\ATI
2012-06-05 17:14 . 2012-06-05 17:14 -------- d-----w- C:\AMD
2012-06-05 17:12 . 2012-06-05 17:12 -------- d-----w- c:\program files (x86)\SSD Tweaker
2012-06-05 15:31 . 2012-06-18 01:44 -------- d-sh--w- c:\windows\Installer
2012-06-05 15:31 . 2010-06-23 09:10 344680 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-06-05 15:31 . 2012-06-09 13:40 -------- d-----w- c:\program files (x86)\Realtek
2012-06-05 15:31 . 2012-06-09 13:40 -------- d-----w- c:\program files (x86)\InstallShield Installation Information
2012-06-05 15:27 . 2012-06-05 19:16 -------- d-----w- c:\users\Kim
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-06-18 01:52 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wl idui.dll
2012-06-18 01:52 . 2009-08-18 09:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:54 . 2012-05-03 02:54 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-05 880528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Kim\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\
Xfire.lnk - c:\program files (x86)\Xfire\xfire.exe [2012-5-3 3553176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPl ayerUpdateService.exe [2012-06-11 257224]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-06-07 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-06-07 79360]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNET URPX.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz13 5_x64.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atik mdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-06-07 79360]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-06-05 14:19]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-17941889-2564353769-2587114080-1000Core.job
- c:\users\Kim\AppData\Local\Google\Update\GoogleUpd ate.exe [2012-06-05 17:57]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-17941889-2564353769-2587114080-1000UA.job
- c:\users\Kim\AppData\Local\Google\Update\GoogleUpd ate.exe [2012-06-05 17:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RunDLLEntry"="c:\windows\system32\RunDLL32.ex e" [2009-07-14 45568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={A7E16FB1-C3D0-44A3-B930-ABCD6012A6D6}&mid=9f86a4fee6f547d0bce96d16b2ef97f9-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&d s=yu012&pr=sa&d=2012-06-08 00:15&v=11.1.0.7&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 195.130.130.131 195.130.131.131
FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profi les\2h599dg5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.9lives.be/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\users\Kim\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
.
************************************************** ************************
.
Voltooingstijd: 2012-06-19 01:13:13 - machine werd herstart
ComboFix-quarantined-files.txt 2012-06-18 23:13
.
Pre-Run: 124.471.496.704 bytes free
Post-Run: 125.005.348.864 bytes free
.
- - End Of File - - 96C4DE4E1353E7C02B0AF6758A0D4059



PS: ik weet niet of dit hoort, maar alle desktop iconen zijn nog steeds weg, alhoewel ik tijdens het process van Combofix een drietal windwos bestanden heb zien verwijdert worden die geïnfecteerd waren.

[Hooky]

Download Unhide.exe naar het bureaublad, als u een melding krijgt dat het bestand mogelijk onveilig is kunt u dit negeren.

• Dubbelklik op "Unhide.exe" om de tool te starten.
• Let op!!! Windows Vista & 7 gebruikers dienen "Unhide.exe" als administrator uit te voeren "Rechtermuisknop uitvoeren als administrator",
• Wacht rustig af totdat de tool gereed is en doe in de tussentijd verder niets op de computer.
• Als de tool gereed is krijgt u het onderstaande scherm te zien, met de melding "Your files should now be visible"
  
  • http://www.imgdumper.nl/uploads4/4d9...01-unhide..jpg
• Vermeld in uw volgende bericht of u deze melding heeft gekregen.

[kim gillissen]

Ik heb dit thans de eerste keer al eens gedaan, ik heb dat progje nog, maar het hielp toen niks.
Nuja, ik heb onderstussen wel combofix laten draaien, dus mss dat het nu wel werkt, ik zal het straks laten weten.

[kim gillissen]

Nope, werkt nog steeds niet, heb zelfs twee maal geprobeerd, 1x met en 1x zonder anti-virus en firewall.

Dit is de log file van Unhide.exe:

Unhide by Lawrence Abrams (Grinler)
Bleeping Computer - Computer Help and Discussion
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
Unhide.exe - A introduction as to what this program does

Program started at: 06/20/2012 04:08:09 AM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 211534 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 238490 files processed.

The C:\Users\Kim\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: Unhide.exe - A introduction as to what this program does

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced
* HideIcons was set to 1! It was set back to 0!

Restarting Explorer.exe in order to apply changes.

Program finished at: 06/20/2012 04:13:14 AM
Execution time: 0 hours(s), 5 minute(s), and 4 seconds(s)

[Hooky]

Van wie had je instrnucties gekregen dan de eerste keer?

[kim gillissen]

Juisterr of zoiets.

[Hooky]

En heeft hij je niet verder geholpen dan? Wat heb je nog moeten doen dan?

[kim gillissen]

Hetzelfde als dat ik in't begin van m'n eerste post geschreven heb: Ik heb van hem combofix moeten runnen en daarna het HijackThis logje moeten posten, maar de thread was gesloten voor ik iets terug kon replyen.

[kim gillissen]

Ik heb gevonden wat het probleem is: in de Local\Temp\ folder mist een mapje dat SMTMP noemt, dat zul je ook in de logs hier zien staan, ik heb ondertussen al geprobeerd om een windows reparatie te doen en een programme te downloaden van microsoft dat folders ivm desktop en starmenu hersteld, maar niks helpt.

Plz help?