Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijackthis log ivm avg trojan detectie

jacie
13 antwoorden
  • hallo,

    de laatste paar dagen krijg ik steeds meldingen van trojans. ik heb spybot and adaware al gedraaid. die vinden beide niets.
    avg blijft echter trojans aangeven die vaak niet verwijderd kunnen worden.

    daarom hieronder even een hijackthis log. ik heb zelf al gekeken maar kan er niets in vinden.

    zou iemand hier even naar willen kijken?

    alvast bedankt

    groeten jaco

    ps: ja ik weet het, er zijn een paar entries die kunnen worden opgeruimd

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:32:35, on 4-11-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Atheros\ACU.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Documents and Settings\onlineous\Bureaublad\fg677p.exe
    C:\Documents and Settings\onlineous\Bureaublad\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8580
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A87E8B6B-D30F-416C-8709-8AB34A210CB5} - C:\WINDOWS\system32\hgGwUkJC.dll (file missing)
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {DD3EC823-D3A1-48B3-A18A-A1958795A18A} - C:\WINDOWS\system32\iifgDtsT.dll (file missing)
    O2 - BHO: {dba6db48-4401-24f8-f804-7b525d5b784f} - {f487b5d5-25b7-408f-8f42-104484bd6abd} - C:\WINDOWS\system32\igrnrm.dll (file missing)
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Rizaakvp] C:\Documents and Settings\onlineous\Bureaublad\fg677p.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F5262B6A-7A37-4180-B9FD-BA9E37B0D2A1}: NameServer = 192.168.2.1,212.45.33.3
    O17 - HKLM\System\CS1\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
    O17 - HKLM\System\CS2\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll igrnrm.dll
    O20 - Winlogon Notify: iifgDtsT - iifgDtsT.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


    End of file - 7468 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

    [b:8d85a62839]O2 - BHO: (no name) - {A87E8B6B-D30F-416C-8709-8AB34A210CB5} - C:\WINDOWS\system32\hgGwUkJC.dll (file missing)
    O2 - BHO: (no name) - {DD3EC823-D3A1-48B3-A18A-A1958795A18A} - C:\WINDOWS\system32\iifgDtsT.dll (file missing)
    O2 - BHO: {dba6db48-4401-24f8-f804-7b525d5b784f} - {f487b5d5-25b7-408f-8f42-104484bd6abd} - C:\WINDOWS\system32\igrnrm.dll (file missing)
    O4 - HKLM\..\Run: [Rizaakvp] C:\Documents and Settings\onlineous\Bureaublad\fg677p.exe
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O20 - AppInit_DLLs: avgrsstx.dll igrnrm.dll
    O20 - Winlogon Notify: iifgDtsT - iifgDtsT.dll (file missing)[/b:8d85a62839]

    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:8d85a62839]MBAM (Malwarebytes' Anti-Malware)[/b:8d85a62839] : http://www.besttechie.net/tools/mbam-setup.exe

    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
    Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
    Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
    De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
    Daarna zal het vragen om de computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.

    Post dit logje in je volgende antwoord, samen met een nieuw log van HJT.
  • weet je zeker dat fg677p.exe spyware is?
    dit is freegate http://en.wikipedia.org/wiki/Freegate
    zoals je kunt lezen is het een filter omzeilingsprogramma.
    ik heb m door virustotal gehaald en 5 van de 36 scanners geven m aan als troep. volgens mij komt dit puur door de functie die het programma heeft.
    als er echt spyware in zou zitten zouden meer virusscanners dit programma blokken volgens mij.
    ik had de problemen ook al voordat ik freegate op mijn computer zette.
  • Dit is inderdaad - bij verder nazicht - een bestand waar momenteel nog wat twijfel over bestaat : http://www.prevx.com/filenamedays/091920087.html.

    Laat dat dan maar even - voor alle zekerheid en vermits je de oorsprong er zelf duidelijk van kent - ongemoeid.
  • dit zijn de logs:

    Malwarebytes' Anti-Malware 1.30
    Database versie: 1368
    Windows 5.1.2600 Service Pack 3

    6-11-2008 12:40:29
    mbam-log-2008-11-06 (12-40-29).txt

    Scan type: Snelle Scan
    Objecten gescand: 43808
    Verstreken tijd: 9 minute(s), 25 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 7
    Registerwaarden geïnfecteerd: 1
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 2

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\bwodxrtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qoMdBQHY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.











    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:42:08, on 6-11-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Atheros\ACU.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Radmin Viewer 3.0\Radmin.exe
    C:\Documents and Settings\onlineous\Bureaublad\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Rizaakvp] C:\Documents and Settings\onlineous\Bureaublad\fg677p.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F5262B6A-7A37-4180-B9FD-BA9E37B0D2A1}: NameServer = 192.168.2.1,212.45.33.3
    O17 - HKLM\System\CS1\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
    O17 - HKLM\System\CS2\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


    End of file - 6848 bytes



    ps: misschien dat radmin word gezien als troep. dit is namelijk remote administrator software en net als freegate kan dat wel eens als schadelijk worden gezien
  • Logjes zien er goed uit … en dan de belangrijkste vraag : hoe staat het met de trojans of (beter) de meldingen ervan ?
  • ik heb na het schoonmaken toch nog enkele trojan waarschuwingen gehad.

    ik heb opnieuw een scan met malwarebytes gedaan (deze keer een volledige)
    deze scan vond niets.

    hier is nog een hijackthis logje maar ik neem aan dat daar niets in veranderd is.
    zodra ik opnieuw een trojan melding krijg van avg plak ik m hier in het forum.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:52:59, on 7-11-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Atheros\ACU.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\onlineous\Bureaublad\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Rizaakvp] C:\Documents and Settings\onlineous\Bureaublad\fg677p.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F5262B6A-7A37-4180-B9FD-BA9E37B0D2A1}: NameServer = 192.168.2.1,212.45.33.3
    O17 - HKLM\System\CS1\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
    O17 - HKLM\System\CS2\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


    End of file - 6722 bytes
  • HJT-logje is inderdaad OK.

    Download [b:c2e0a579b4] naar je Bureaublad.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:c2e0a579b4]download Combofix opnieuw[/b:c2e0a579b4].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:c2e0a579b4]
    Dubbelklik op [b:c2e0a579b4]Combofix.exe[/b:c2e0a579b4] om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op [b:c2e0a579b4]Ja[/b:c2e0a579b4] te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:c2e0a579b4]JA[/b:c2e0a579b4] te klikken in het "Query - Recovery Console" venster.
    Klik op [b:c2e0a579b4]OK[/b:c2e0a579b4] en [b:c2e0a579b4]Ja[/b:c2e0a579b4] om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op [b:c2e0a579b4]Ja[/b:c2e0a579b4] om het scannen op malware te starten.
    Tijdens het runnen van de fix, [b:c2e0a579b4]NIET[/b:c2e0a579b4] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:c2e0a579b4]
    Wanneer de fix voltooid is en na herstart, zal de log [b:c2e0a579b4]Combofix.txt[/b:c2e0a579b4] openen.

    Post dit logje in je volgende antwoord.
  • dit is de combofix log:



    ComboFix 08-11-06.01 - onlineous 2008-11-07 16:42:46.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.278 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\onlineous\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\CJkUwGgh.ini
    c:\windows\system32\CJkUwGgh.ini2
    c:\windows\system32\ehovqdxn.ini
    c:\windows\system32\skaoscpa.ini
    c:\windows\system32\tljckvaa.ini
    c:\windows\system32\yjugcpxj.ini

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-10-07 to 2008-11-07 ))))))))))))))))))))))))))))))
    .

    2008-11-06 12:29 . 2008-11-06 12:29 <DIR> d——– c:\documents and settings\onlineous\Application Data\Radmin
    2008-11-06 12:20 . 2001-08-18 06:00 98,176 –a—— c:\windows\system32\drivers\NBF.SYS
    2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d——– c:\documents and settings\onlineous\Application Data\Malwarebytes
    2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-06 12:18 . 2008-10-22 16:10 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-06 12:18 . 2008-10-22 16:10 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2008-11-06 00:06 . 2008-11-06 00:07 <DIR> d——– c:\program files\Radmin Viewer 3.0
    2008-11-03 19:05 . 2008-11-03 19:05 260 –a—— C:\sqmdata02.sqm
    2008-11-03 19:05 . 2008-11-03 19:05 200 –a—— C:\sqmnoopt02.sqm
    2008-11-02 15:08 . 2008-11-02 15:08 <DIR> d——– c:\documents and settings\onlineous\Application Data\Media Player Classic
    2008-11-02 14:49 . 2008-11-02 14:49 <DIR> d——– c:\windows\Sun
    2008-11-01 00:02 . 2008-11-01 00:02 272 –a—— C:\sqmdata01.sqm
    2008-11-01 00:02 . 2008-11-01 00:02 212 –a—— C:\sqmnoopt01.sqm
    2008-10-31 10:05 . 2008-10-31 10:05 <DIR> d——– c:\program files\SpaceMonger
    2008-10-31 10:05 . 2008-10-31 10:05 <DIR> d——– c:\documents and settings\onlineous\Application Data\SpaceMonger
    2008-10-31 10:05 . 2008-10-31 10:05 4 –a—— c:\windows\system32\wnsm2i.rdb
    2008-10-31 09:40 . 2008-10-31 09:42 <DIR> d——– C:\drivers
    2008-10-30 21:10 . 2008-10-30 21:10 0 –a—— c:\windows\system32\tljckvaa.tmp
    2008-10-30 01:15 . 2008-11-07 14:10 <DIR> d——– c:\documents and settings\onlineous\Application Data\LimeWire
    2008-10-29 19:37 . 2008-10-29 19:37 <DIR> d——– c:\program files\Java
    2008-10-29 19:37 . 2008-10-29 19:37 410,976 –a—— c:\windows\system32\deploytk.dll
    2008-10-29 19:37 . 2008-10-29 19:37 73,728 –a—— c:\windows\system32\javacpl.cpl
    2008-10-28 23:13 . 2008-04-14 00:16 18,944 –a—— c:\windows\system32\drivers\BTHUSB.SYS
    2008-10-28 23:13 . 2008-04-14 00:16 18,944 –a–c— c:\windows\system32\dllcache\bthusb.sys
    2008-10-28 19:11 . 2008-10-28 19:11 <DIR> d——– c:\program files\Lavasoft
    2008-10-28 19:11 . 2008-10-28 19:46 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
    2008-10-28 19:09 . 2008-10-28 19:09 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
    2008-10-28 18:14 . 2008-10-28 18:14 <DIR> d——– c:\program files\TightVNC
    2008-10-27 15:05 . 2008-11-06 20:59 <DIR> d–h—– C:\$AVG8.VAULT$
    2008-10-24 22:58 . 2008-10-24 22:58 <DIR> d——– c:\program files\K-Lite Codec Pack
    2008-10-24 22:48 . 2008-11-07 14:09 69 –a—— c:\windows\NeroDigital.ini
    2008-10-24 17:00 . 2008-10-24 17:00 <DIR> d——– c:\documents and settings\All Users\Application Data\FLEXnet
    2008-10-24 15:21 . 2008-10-24 15:21 <DIR> d——– c:\program files\Common Files\Macrovision Shared
    2008-10-24 14:34 . 2008-10-24 14:34 <DIR> d—s—- c:\documents and settings\onlineous\UserData
    2008-10-24 14:27 . 2007-07-30 18:19 271,224 –a—— c:\windows\system32\mucltui.dll
    2008-10-24 14:27 . 2007-07-30 18:19 207,736 –a—— c:\windows\system32\muweb.dll
    2008-10-24 14:27 . 2007-07-30 18:18 30,072 –a—— c:\windows\system32\mucltui.dll.mui
    2008-10-23 23:46 . 2008-11-03 19:06 <DIR> d——– c:\documents and settings\onlineous\Tracing
    2008-10-23 23:42 . 2008-10-23 23:42 236 –a—— C:\sqmdata00.sqm
    2008-10-23 23:42 . 2008-10-23 23:42 200 –a—— C:\sqmnoopt00.sqm
    2008-10-23 23:39 . 2006-11-29 12:06 3,426,072 –a—— c:\windows\system32\d3dx9_32.dll
    2008-10-23 23:38 . 2008-10-23 23:38 <DIR> d——– c:\program files\Microsoft SQL Server Compact Edition
    2008-10-23 23:38 . 2008-10-23 23:38 <DIR> d——– c:\program files\Microsoft
    2008-10-23 23:22 . 2008-10-23 23:22 <DIR> d——– c:\program files\Common Files\Windows Live
    2008-10-23 23:01 . 2008-10-23 23:38 <DIR> d——– c:\program files\Windows Live
    2008-10-23 23:01 . 2008-10-23 23:01 <DIR> d–hsc— c:\program files\Common Files\WindowsLiveInstaller
    2008-10-23 23:01 . 2008-10-23 23:04 <DIR> d——– c:\documents and settings\All Users\Application Data\WLInstaller
    2008-10-23 22:24 . 2008-11-07 16:49 <DIR> d——– c:\program files\PeerGuardian2
    2008-10-23 21:49 . 2008-10-23 21:49 <DIR> d——– c:\program files\uTorrent
    2008-10-23 21:48 . 2008-11-02 01:19 <DIR> d——– c:\documents and settings\onlineous\Application Data\uTorrent
    2008-10-23 19:08 . 2008-10-23 19:08 <DIR> d——– c:\program files\Microsoft Visual Studio 8
    2008-10-23 18:39 . 2008-10-23 19:06 <DIR> d——– c:\windows\SHELLNEW
    2008-10-23 18:38 . 2008-11-07 03:09 <DIR> d——– c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-10-23 18:37 . 2008-10-23 18:37 <DIR> dr-h—– C:\MSOCache
    2008-10-23 14:53 . 2008-10-23 14:53 <DIR> d——– c:\program files\MSXML 4.0
    2008-10-22 23:22 . 2008-10-22 23:23 <DIR> d——– c:\program files\Aspell
    2008-10-22 20:05 . 2008-06-14 18:36 272,640 ——— c:\windows\system32\drivers\bthport.sys
    2008-10-22 20:05 . 2008-06-14 18:36 272,640 —–c— c:\windows\system32\dllcache\bthport.sys
    2008-10-22 20:04 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache
    toskrnl.exe
    2008-10-22 20:04 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache
    tkrnlmp.exe
    2008-10-22 20:04 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache
    tkrnlpa.exe
    2008-10-22 20:04 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache
    tkrpamp.exe
    2008-10-22 19:59 . 2008-10-25 02:04 <DIR> d–h—– c:\windows\$hf_mig$
    2008-10-22 19:26 . 2008-10-22 19:26 0 –a—— c:\windows
    sreg.dat
    2008-10-22 19:19 . 2008-10-22 19:27 <DIR> d-a—— c:\documents and settings\All Users\Application Data\TEMP
    2008-10-22 19:09 . 2008-04-13 23:47 83,072 –a—— c:\windows\system32\drivers\wdmaud.sys
    2008-10-22 19:09 . 2008-04-13 23:47 83,072 –a–c— c:\windows\system32\dllcache\wdmaud.sys
    2008-10-22 19:09 . 2008-04-13 23:15 6,272 –a—— c:\windows\system32\drivers\splitter.sys
    2008-10-22 19:09 . 2008-04-13 23:15 6,272 –a–c— c:\windows\system32\dllcache\splitter.sys
    2008-10-22 19:05 . 2008-10-22 19:05 <DIR> d——– c:\program files\LimeWire
    2008-10-22 19:03 . 2001-09-06 18:04 12,288 –a—— c:\windows\system32\drivers\mouhid.sys
    2008-10-22 19:03 . 2001-09-06 18:04 12,288 –a–c— c:\windows\system32\dllcache\mouhid.sys
    2008-10-22 19:03 . 2008-04-13 23:15 10,368 –a—— c:\windows\system32\drivers\hidusb.sys
    2008-10-22 19:03 . 2008-04-13 23:15 10,368 –a–c— c:\windows\system32\dllcache\hidusb.sys
    2008-10-22 19:02 . 2008-10-22 19:02 <DIR> d——– c:\program files\Alcohol Soft
    2008-10-22 18:57 . 2008-10-22 18:57 <DIR> d——– c:\program files\PowerISO
    2008-10-22 18:57 . 2008-10-22 18:57 685,816 –a—— c:\windows\system32\drivers\sptd.sys
    2008-10-22 18:55 . 2008-10-22 18:55 <DIR> d——– c:\program files\Webteh
    2008-10-22 18:55 . 2008-10-29 00:28 <DIR> d——– c:\documents and settings\onlineous\Application Data\BSplayer PRO
    2008-10-22 18:49 . 2001-08-17 22:59 3,072 –a—— c:\windows\system32\drivers\audstub.sys
    2008-10-22 18:48 . 2008-04-14 23:04 58,112 –a—— c:\windows\system32\drivers\redbook.sys
    2008-10-22 18:48 . 2001-08-17 22:46 6,400 –a—— c:\windows\system32\drivers\enum1394.sys
    2008-10-22 18:48 . 2008-04-14 23:07 5,504 –a—— c:\windows\system32\drivers\intelide.sys
    2008-10-22 18:47 . 2008-04-14 23:32 76,288 –a—— c:\windows\system32\usbui.dll
    2008-10-22 18:47 . 2008-04-14 01:06 42,368 –a—— c:\windows\system32\drivers\AGP440.SYS
    2008-10-22 18:47 . 2008-04-14 01:06 14,208 –a—— c:\windows\system32\drivers\battc.sys
    2008-10-22 18:47 . 2008-04-14 01:06 13,952 –a—— c:\windows\system32\drivers\CmBatt.sys
    2008-10-22 18:47 . 2008-04-14 01:06 10,240 –a—— c:\windows\system32\drivers\compbatt.sys
    2008-10-22 18:45 . 2008-10-22 18:45 <DIR> d——– c:\program files\Nero
    2008-10-22 18:45 . 2008-10-22 18:46 <DIR> d——– c:\program files\Common Files\Ahead
    2008-10-22 18:45 . 2008-10-22 18:45 <DIR> d——– c:\documents and settings\All Users\Application Data\Nero
    2008-10-22 18:37 . 2007-03-07 12:27 4,245,008 –a—— c:\windows\system32\qtp-mt334.dll
    2008-10-22 18:37 . 2007-03-07 12:27 247,824 –a—— c:\windows\system32\prgiso.dll
    2008-10-22 18:37 . 2007-03-07 12:27 38,448 –a—— c:\windows\system32\drivers\hotcore3.sys
    2008-10-22 18:37 . 2007-03-07 12:27 13,840 –a—— c:\windows\system32\wnaspi32.dll
    2008-10-22 18:36 . 2008-10-22 18:36 <DIR> d——– c:\program files\Paragon Software
    2008-10-22 18:35 . 2008-10-22 18:35 <DIR> d——– c:\program files\Common Files\InstallShield
    2008-10-22 18:34 . 2008-10-22 18:34 <DIR> d——– c:\program files\winLAME
    2008-10-22 18:34 . 2008-10-22 19:20 <DIR> d——– c:\program files\SpywareBlaster
    2008-10-22 18:34 . 2005-04-15 19:58 1,071,088 –a—— c:\windows\system32\MSCOMCTL.OCX
    2008-10-22 18:34 . 2005-08-25 18:18 118,784 –a—— c:\windows\system32\MSSTDFMT.DLL
    2008-10-22 18:33 . 2008-10-28 15:41 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2008-10-22 18:33 . 2008-10-27 23:19 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-22 18:32 . 2008-10-22 18:32 <DIR> d——– c:\program files\CCleaner
    2008-10-22 18:31 . 2008-11-07 16:52 <DIR> d——– c:\windows\system32\drivers\Avg
    2008-10-22 18:31 . 2008-10-22 18:31 <DIR> d——– c:\program files\AVG
    2008-10-22 18:31 . 2008-10-22 18:31 <DIR> d——– c:\documents and settings\All Users\Application Data\avg8
    2008-10-22 18:31 . 2008-10-22 18:31 97,928 –a—— c:\windows\system32\drivers\avgldx86.sys
    2008-10-22 18:31 . 2008-10-22 18:31 10,520 –a—— c:\windows\system32\avgrsstx.dll
    2008-10-22 18:27 . 2008-10-24 15:27 <DIR> d——– c:\program files\Common Files\Adobe
    2008-10-22 18:25 . 2008-10-22 18:25 <DIR> d——– c:\program files\7-Zip
    2008-10-22 18:24 . 2008-10-22 18:24 <DIR> d——– c:\program files\Windows Media Connect 2
    2008-10-22 18:22 . 2008-10-22 18:22 <DIR> d——– c:\windows\system32\LogFiles
    2008-10-22 18:22 . 2008-10-22 18:23 <DIR> d——– c:\windows\system32\drivers\UMDF
    2008-10-22 18:22 . 2006-09-25 16:58 23,856 –a—— c:\windows\system32\spupdsvc.exe
    2008-10-22 18:12 . 2008-10-22 18:36 <DIR> d–h—– c:\program files\InstallShield Installation Information
    2008-10-22 18:12 . 2008-10-22 18:13 <DIR> d——– c:\program files\Atheros
    2008-10-22 18:12 . 2003-04-01 09:47 6,652,928 –a—— c:\windows\system32\ALSNDMGR.CPL
    2008-10-22 18:11 . 2008-10-22 18:11 <DIR> d——– c:\documents and settings\onlineous\Application Data\InstallShield
    2008-10-22 18:11 . 2008-10-22 18:13 <DIR> d——– c:\documents and settings\All Users\Application Data\Atheros
    2008-10-22 18:10 . 2008-11-03 17:31 <DIR> d——– c:\documents and settings\onlineous\Application Data\U3
    2008-10-22 18:09 . 2008-04-13 23:15 26,368 –a–c— c:\windows\system32\dllcache\usbstor.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-22 16:46 ——— d—–w c:\program files\microsoft frontpage
    2008-09-16 00:14 3,596,288 —-a-w c:\windows\system32\qt-dx331.dll
    2008-09-16 00:12 81,920 —-a-w c:\windows\system32\dpl100.dll
    2008-09-16 00:11 683,520 —-a-w c:\windows\system32\divx.dll
    2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
    2008-09-08 22:03 51,712 —-a-w c:\windows\system32\sirenacm.dll
    2008-09-08 10:41 333,824 —-a-w c:\windows\system32\drivers\srv.sys
    2008-09-05 13:56 287,744 —-a-w c:\windows\WLXPGSS.SCR
    2008-08-20 05:30 669,184 —-a-w c:\windows\system32\wininet.dll
    2008-08-14 13:27 2,193,536 —-a-w c:\windows\system32
    toskrnl.exe
    2008-08-14 13:27 2,070,400 —-a-w c:\windows\system32
    tkrnlpa.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-10-23 3513344]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ACU"="c:\program files\Atheros\ACU.exe" [2008-07-07 450649]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-22 1234712]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-29 136600]
    "Rizaakvp"="c:\documents and settings\onlineous\Bureaublad\fg677p.exe" [2008-11-04 149504]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
    "SoundMan"="SOUNDMAN.EXE" [2003-03-27 c:\windows\SOUNDMAN.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-03-07 38448]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-22 97928]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-22 231704]
    R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-29 152984]
    R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-02-08 57408]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{488d3e37-a05a-11dd-a1cf-dffb90a0c225}]
    \Shell\AutoRun\command - H:\LaunchU3.exe -a
    .
    .
    ——- Bijkomende Scan ——-
    .
    FireFox -: Profile - c:\documents and settings\onlineous\Application Data\Mozilla\Firefox\Profiles\10qn636y.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.nl
    FF -: plugin - c:\program files\Java\jre6\bin
    ew_plugin
    pdeploytk.dll
    FF -: plugin - c:\program files\Java\jre6\bin
    ew_plugin
    pjp2.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins
    pdeploytk.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-07 16:54:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\windows\system32\acs.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\windows\system32\rundll32.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-11-07 17:00:38 - machine werd herstart
    ComboFix-quarantined-files.txt 2008-11-07 16:00:30

    Pre-Run: 529.477.632 bytes beschikbaar
    Post-Run: 735,068,160 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    244 — E O F — 2008-11-07 02:09:31











  • edit: sorry 2x. de computer was vanmorgen traag en ik dacht dat ie nog niet verstuurd was
  • Open een kladblokbestand.

    Kopieer en plak daarin de onderstaande vetgedrukte tekst.

    [b:2a1b48c9a6]File::
    C:\sqmdata02.sqm
    C:\sqmnoopt02.sqm
    C:\sqmdata01.sqm
    C:\sqmnoopt01.sqm
    c:\windows\system32\tljckvaa.tmp
    C:\sqmdata00.sqm
    C:\sqmnoopt00.sqm[/b:2a1b48c9a6]

    Sla dit bestand op je bureaublad op als CFScript.txt.

    Sleep CFScript.txt in ComboFix.exe
    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

    Laat dan MBAM nog eens opnieuw scannen.

    Post na herstart de inhoud van de Combofix.txt en het log van MBAM. En weet dan eens te vertellen of er nog meldingen komen opduiken ?
  • combofix:

    ComboFix 08-11-07.01 - onlineous 2008-11-08 19:55:32.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.162 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\onlineous\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\onlineous\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    C:\sqmdata00.sqm
    C:\sqmdata01.sqm
    C:\sqmdata02.sqm
    C:\sqmnoopt00.sqm
    C:\sqmnoopt01.sqm
    C:\sqmnoopt02.sqm
    c:\windows\system32\tljckvaa.tmp
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\sqmdata00.sqm
    C:\sqmdata01.sqm
    C:\sqmdata02.sqm
    C:\sqmnoopt00.sqm
    C:\sqmnoopt01.sqm
    C:\sqmnoopt02.sqm
    c:\windows\system32\tljckvaa.tmp

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-10-08 to 2008-11-08 ))))))))))))))))))))))))))))))
    .

    2008-11-06 12:29 . 2008-11-06 12:29 <DIR> d——– c:\documents and settings\onlineous\Application Data\Radmin
    2008-11-06 12:20 . 2001-08-18 06:00 98,176 –a—— c:\windows\system32\drivers\NBF.SYS
    2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d——– c:\documents and settings\onlineous\Application Data\Malwarebytes
    2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-06 12:18 . 2008-10-22 16:10 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-06 12:18 . 2008-10-22 16:10 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2008-11-06 00:06 . 2008-11-06 00:07 <DIR> d——– c:\program files\Radmin Viewer 3.0
    2008-11-02 15:08 . 2008-11-02 15:08 <DIR> d——– c:\documents and settings\onlineous\Application Data\Media Player Classic
    2008-11-02 14:49 . 2008-11-02 14:49 <DIR> d——– c:\windows\Sun
    2008-10-31 10:05 . 2008-10-31 10:05 <DIR> d——– c:\program files\SpaceMonger
    2008-10-31 10:05 . 2008-10-31 10:05 <DIR> d——– c:\documents and settings\onlineous\Application Data\SpaceMonger
    2008-10-31 10:05 . 2008-10-31 10:05 4 –a—— c:\windows\system32\wnsm2i.rdb
    2008-10-31 09:40 . 2008-10-31 09:42 <DIR> d——– C:\drivers
    2008-10-30 01:15 . 2008-11-07 14:10 <DIR> d——– c:\documents and settings\onlineous\Application Data\LimeWire
    2008-10-29 19:37 . 2008-10-29 19:37 <DIR> d——– c:\program files\Java
    2008-10-29 19:37 . 2008-10-29 19:37 410,976 –a—— c:\windows\system32\deploytk.dll
    2008-10-29 19:37 . 2008-10-29 19:37 73,728 –a—— c:\windows\system32\javacpl.cpl
    2008-10-28 23:13 . 2008-04-14 00:16 18,944 –a—— c:\windows\system32\drivers\BTHUSB.SYS
    2008-10-28 23:13 . 2008-04-14 00:16 18,944 –a–c— c:\windows\system32\dllcache\bthusb.sys
    2008-10-28 19:11 . 2008-10-28 19:11 <DIR> d——– c:\program files\Lavasoft
    2008-10-28 19:11 . 2008-10-28 19:46 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
    2008-10-28 19:09 . 2008-10-28 19:09 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
    2008-10-28 18:14 . 2008-10-28 18:14 <DIR> d——– c:\program files\TightVNC
    2008-10-27 15:05 . 2008-11-06 20:59 <DIR> d–h—– C:\$AVG8.VAULT$
    2008-10-24 22:58 . 2008-10-24 22:58 <DIR> d——– c:\program files\K-Lite Codec Pack
    2008-10-24 22:48 . 2008-11-07 14:09 69 –a—— c:\windows\NeroDigital.ini
    2008-10-24 17:00 . 2008-10-24 17:00 <DIR> d——– c:\documents and settings\All Users\Application Data\FLEXnet
    2008-10-24 15:21 . 2008-10-24 15:21 <DIR> d——– c:\program files\Common Files\Macrovision Shared
    2008-10-24 14:34 . 2008-10-24 14:34 <DIR> d—s—- c:\documents and settings\onlineous\UserData
    2008-10-24 14:27 . 2007-07-30 18:19 271,224 –a—— c:\windows\system32\mucltui.dll
    2008-10-24 14:27 . 2007-07-30 18:19 207,736 –a—— c:\windows\system32\muweb.dll
    2008-10-24 14:27 . 2007-07-30 18:18 30,072 –a—— c:\windows\system32\mucltui.dll.mui
    2008-10-23 23:46 . 2008-11-03 19:06 <DIR> d——– c:\documents and settings\onlineous\Tracing
    2008-10-23 23:39 . 2006-11-29 12:06 3,426,072 –a—— c:\windows\system32\d3dx9_32.dll
    2008-10-23 23:38 . 2008-10-23 23:38 <DIR> d——– c:\program files\Microsoft SQL Server Compact Edition
    2008-10-23 23:38 . 2008-10-23 23:38 <DIR> d——– c:\program files\Microsoft
    2008-10-23 23:22 . 2008-10-23 23:22 <DIR> d——– c:\program files\Common Files\Windows Live
    2008-10-23 23:01 . 2008-10-23 23:38 <DIR> d——– c:\program files\Windows Live
    2008-10-23 23:01 . 2008-10-23 23:01 <DIR> d–hsc— c:\program files\Common Files\WindowsLiveInstaller
    2008-10-23 23:01 . 2008-10-23 23:04 <DIR> d——– c:\documents and settings\All Users\Application Data\WLInstaller
    2008-10-23 22:24 . 2008-11-07 16:49 <DIR> d——– c:\program files\PeerGuardian2
    2008-10-23 21:49 . 2008-10-23 21:49 <DIR> d——– c:\program files\uTorrent
    2008-10-23 21:48 . 2008-11-02 01:19 <DIR> d——– c:\documents and settings\onlineous\Application Data\uTorrent
    2008-10-23 19:08 . 2008-10-23 19:08 <DIR> d——– c:\program files\Microsoft Visual Studio 8
    2008-10-23 18:39 . 2008-10-23 19:06 <DIR> d——– c:\windows\SHELLNEW
    2008-10-23 18:38 . 2008-11-08 09:35 <DIR> d——– c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-10-23 18:37 . 2008-10-23 18:37 <DIR> dr-h—– C:\MSOCache
    2008-10-23 14:53 . 2008-10-23 14:53 <DIR> d——– c:\program files\MSXML 4.0
    2008-10-22 23:22 . 2008-10-22 23:23 <DIR> d——– c:\program files\Aspell
    2008-10-22 20:05 . 2008-06-14 18:36 272,640 ——— c:\windows\system32\drivers\bthport.sys
    2008-10-22 20:05 . 2008-06-14 18:36 272,640 —–c— c:\windows\system32\dllcache\bthport.sys
    2008-10-22 20:04 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache
    toskrnl.exe
    2008-10-22 20:04 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache
    tkrnlmp.exe
    2008-10-22 20:04 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache
    tkrnlpa.exe
    2008-10-22 20:04 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache
    tkrpamp.exe
    2008-10-22 19:59 . 2008-10-25 02:04 <DIR> d–h—– c:\windows\$hf_mig$
    2008-10-22 19:26 . 2008-10-22 19:26 0 –a—— c:\windows
    sreg.dat
    2008-10-22 19:19 . 2008-10-22 19:27 <DIR> d-a—— c:\documents and settings\All Users\Application Data\TEMP
    2008-10-22 19:09 . 2008-04-13 23:47 83,072 –a—— c:\windows\system32\drivers\wdmaud.sys
    2008-10-22 19:09 . 2008-04-13 23:47 83,072 –a–c— c:\windows\system32\dllcache\wdmaud.sys
    2008-10-22 19:09 . 2008-04-13 23:15 6,272 –a—— c:\windows\system32\drivers\splitter.sys
    2008-10-22 19:09 . 2008-04-13 23:15 6,272 –a–c— c:\windows\system32\dllcache\splitter.sys
    2008-10-22 19:05 . 2008-10-22 19:05 <DIR> d——– c:\program files\LimeWire
    2008-10-22 19:03 . 2001-09-06 18:04 12,288 –a—— c:\windows\system32\drivers\mouhid.sys
    2008-10-22 19:03 . 2001-09-06 18:04 12,288 –a–c— c:\windows\system32\dllcache\mouhid.sys
    2008-10-22 19:03 . 2008-04-13 23:15 10,368 –a—— c:\windows\system32\drivers\hidusb.sys
    2008-10-22 19:03 . 2008-04-13 23:15 10,368 –a–c— c:\windows\system32\dllcache\hidusb.sys
    2008-10-22 19:02 . 2008-10-22 19:02 <DIR> d——– c:\program files\Alcohol Soft
    2008-10-22 18:57 . 2008-10-22 18:57 <DIR> d——– c:\program files\PowerISO
    2008-10-22 18:57 . 2008-10-22 18:57 685,816 –a—— c:\windows\system32\drivers\sptd.sys
    2008-10-22 18:55 . 2008-10-22 18:55 <DIR> d——– c:\program files\Webteh
    2008-10-22 18:55 . 2008-10-29 00:28 <DIR> d——– c:\documents and settings\onlineous\Application Data\BSplayer PRO
    2008-10-22 18:49 . 2001-08-17 22:59 3,072 –a—— c:\windows\system32\drivers\audstub.sys
    2008-10-22 18:48 . 2008-04-14 23:04 58,112 –a—— c:\windows\system32\drivers\redbook.sys
    2008-10-22 18:48 . 2001-08-17 22:46 6,400 –a—— c:\windows\system32\drivers\enum1394.sys
    2008-10-22 18:48 . 2008-04-14 23:07 5,504 –a—— c:\windows\system32\drivers\intelide.sys
    2008-10-22 18:47 . 2008-04-14 23:32 76,288 –a—— c:\windows\system32\usbui.dll
    2008-10-22 18:47 . 2008-04-14 01:06 42,368 –a—— c:\windows\system32\drivers\AGP440.SYS
    2008-10-22 18:47 . 2008-04-14 01:06 14,208 –a—— c:\windows\system32\drivers\battc.sys
    2008-10-22 18:47 . 2008-04-14 01:06 13,952 –a—— c:\windows\system32\drivers\CmBatt.sys
    2008-10-22 18:47 . 2008-04-14 01:06 10,240 –a—— c:\windows\system32\drivers\compbatt.sys
    2008-10-22 18:45 . 2008-10-22 18:45 <DIR> d——– c:\program files\Nero
    2008-10-22 18:45 . 2008-10-22 18:46 <DIR> d——– c:\program files\Common Files\Ahead
    2008-10-22 18:45 . 2008-10-22 18:45 <DIR> d——– c:\documents and settings\All Users\Application Data\Nero
    2008-10-22 18:37 . 2007-03-07 12:27 4,245,008 –a—— c:\windows\system32\qtp-mt334.dll
    2008-10-22 18:37 . 2007-03-07 12:27 247,824 –a—— c:\windows\system32\prgiso.dll
    2008-10-22 18:37 . 2007-03-07 12:27 38,448 –a—— c:\windows\system32\drivers\hotcore3.sys
    2008-10-22 18:37 . 2007-03-07 12:27 13,840 –a—— c:\windows\system32\wnaspi32.dll
    2008-10-22 18:36 . 2008-10-22 18:36 <DIR> d——– c:\program files\Paragon Software
    2008-10-22 18:35 . 2008-10-22 18:35 <DIR> d——– c:\program files\Common Files\InstallShield
    2008-10-22 18:34 . 2008-10-22 18:34 <DIR> d——– c:\program files\winLAME
    2008-10-22 18:34 . 2008-10-22 19:20 <DIR> d——– c:\program files\SpywareBlaster
    2008-10-22 18:34 . 2005-04-15 19:58 1,071,088 –a—— c:\windows\system32\MSCOMCTL.OCX
    2008-10-22 18:34 . 2005-08-25 18:18 118,784 –a—— c:\windows\system32\MSSTDFMT.DLL
    2008-10-22 18:33 . 2008-10-28 15:41 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2008-10-22 18:33 . 2008-10-27 23:19 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-22 18:32 . 2008-10-22 18:32 <DIR> d——– c:\program files\CCleaner
    2008-10-22 18:31 . 2008-11-08 19:48 <DIR> d——– c:\windows\system32\drivers\Avg
    2008-10-22 18:31 . 2008-10-22 18:31 <DIR> d——– c:\program files\AVG
    2008-10-22 18:31 . 2008-10-22 18:31 <DIR> d——– c:\documents and settings\All Users\Application Data\avg8
    2008-10-22 18:31 . 2008-10-22 18:31 97,928 –a—— c:\windows\system32\drivers\avgldx86.sys
    2008-10-22 18:31 . 2008-10-22 18:31 10,520 –a—— c:\windows\system32\avgrsstx.dll
    2008-10-22 18:27 . 2008-10-24 15:27 <DIR> d——– c:\program files\Common Files\Adobe
    2008-10-22 18:25 . 2008-10-22 18:25 <DIR> d——– c:\program files\7-Zip
    2008-10-22 18:24 . 2008-10-22 18:24 <DIR> d——– c:\program files\Windows Media Connect 2
    2008-10-22 18:22 . 2008-10-22 18:22 <DIR> d——– c:\windows\system32\LogFiles
    2008-10-22 18:22 . 2008-10-22 18:23 <DIR> d——– c:\windows\system32\drivers\UMDF
    2008-10-22 18:22 . 2006-09-25 16:58 23,856 –a—— c:\windows\system32\spupdsvc.exe
    2008-10-22 18:12 . 2008-10-22 18:36 <DIR> d–h—– c:\program files\InstallShield Installation Information
    2008-10-22 18:12 . 2008-10-22 18:13 <DIR> d——– c:\program files\Atheros
    2008-10-22 18:12 . 2003-04-01 09:47 6,652,928 –a—— c:\windows\system32\ALSNDMGR.CPL
    2008-10-22 18:11 . 2008-10-22 18:11 <DIR> d——– c:\documents and settings\onlineous\Application Data\InstallShield
    2008-10-22 18:11 . 2008-10-22 18:13 <DIR> d——– c:\documents and settings\All Users\Application Data\Atheros
    2008-10-22 18:10 . 2008-11-03 17:31 <DIR> d——– c:\documents and settings\onlineous\Application Data\U3
    2008-10-22 18:09 . 2008-04-13 23:15 26,368 –a–c— c:\windows\system32\dllcache\usbstor.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-22 16:46 ——— d—–w c:\program files\microsoft frontpage
    2008-09-16 00:14 3,596,288 —-a-w c:\windows\system32\qt-dx331.dll
    2008-09-16 00:12 81,920 —-a-w c:\windows\system32\dpl100.dll
    2008-09-16 00:11 683,520 —-a-w c:\windows\system32\divx.dll
    2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
    2008-09-08 22:03 51,712 —-a-w c:\windows\system32\sirenacm.dll
    2008-09-08 10:41 333,824 —-a-w c:\windows\system32\drivers\srv.sys
    2008-09-05 13:56 287,744 —-a-w c:\windows\WLXPGSS.SCR
    2008-08-20 05:30 669,184 —-a-w c:\windows\system32\wininet.dll
    2008-08-14 13:27 2,193,536 —-a-w c:\windows\system32
    toskrnl.exe
    2008-08-14 13:27 2,070,400 —-a-w c:\windows\system32
    tkrnlpa.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-07_16.59.56.87 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-10-26 17:49:48 1,011,488 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
    + 2006-10-26 17:49:46 970,528 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
    + 2006-10-27 13:00:12 1,751,904 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
    + 2006-10-27 13:00:10 576,376 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
    + 2006-10-27 13:00:06 47,976 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
    + 2006-10-27 13:00:08 191,360 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
    + 2006-10-26 18:13:34 338,800 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
    + 2006-10-26 18:13:44 629,616 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
    + 2006-10-26 18:13:28 207,736 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
    + 2006-10-26 18:13:32 279,352 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
    + 2006-10-26 18:13:08 15,160 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
    + 2006-10-26 18:13:08 15,160 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
    + 2006-10-26 18:13:08 15,160 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
    + 2006-10-26 18:13:12 15,160 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
    + 2006-10-27 13:00:06 387,960 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
    + 2006-10-26 18:13:38 392,048 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
    + 2006-10-26 18:13:30 260,976 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
    + 2006-10-26 18:13:32 289,648 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
    + 2006-10-26 18:13:38 551,800 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
    + 2006-10-26 18:13:30 224,104 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
    + 2006-10-26 18:13:34 371,568 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
    + 2006-10-27 13:41:04 399,640 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
    + 2006-10-26 17:59:24 205,616 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
    + 2006-10-26 18:12:52 189,760 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
    + 2006-10-26 17:48:14 439,568 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
    + 2006-10-26 12:10:08 1,190,688 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\FM20.DLL
    + 2006-10-26 17:21:24 1,682,232 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
    + 2006-10-27 13:09:36 983,376 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
    + 2006-10-26 18:02:12 2,526,520 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
    + 2006-10-26 18:12:52 173,328 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
    + 2006-10-27 13:10:10 5,281,592 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
    + 2006-10-27 12:59:06 161,080 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
    + 2006-10-26 17:48:12 14,664 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
    + 2006-10-26 18:12:58 428,816 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
    + 2006-10-26 19:13:36 26,936 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
    + 2006-10-26 18:00:08 6,635,320 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
    + 2006-10-26 11:56:36 436,520 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
    + 2006-10-26 17:50:04 672,024 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
    + 2006-10-26 11:56:40 505,136 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
    + 2006-10-26 18:12:30 65,824 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\NAME.DLL
    + 2006-10-27 13:14:34 14,151,456 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OART.DLL
    + 2006-10-26 18:06:54 232,816 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
    + 2006-10-26 18:14:06 7,033,152 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
    + 2006-10-26 18:00:08 274,744 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OIS.EXE
    + 2006-10-26 18:00:12 998,208 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
    + 2006-10-26 18:00:10 285,008 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
    + 2006-10-26 18:07:04 6,536,992 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
    + 2006-07-26 16:53:56 459,080 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
    + 2006-10-26 19:30:44 482,088 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
    + 2006-10-26 17:52:10 2,012,480 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
    + 2006-10-26 19:13:38 38,168 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
    + 2006-10-26 18:06:58 439,600 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
    + 2006-10-27 12:57:08 2,330,968 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
    - 2008-11-06 11:59:14 1,165,584 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2008-11-08 08:28:55 1,165,584 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    - 2008-11-06 11:59:15 20,240 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-11-08 08:29:02 20,240 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    - 2008-11-06 11:59:14 159,504 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2008-11-08 08:28:58 159,504 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    - 2008-11-06 11:59:14 184,080 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    + 2008-11-08 08:28:58 184,080 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    - 2008-11-06 11:59:15 217,864 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    + 2008-11-08 08:29:00 217,864 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    - 2008-11-06 11:59:15 18,704 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-11-08 08:29:02 18,704 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    - 2008-11-06 11:59:15 35,088 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-11-08 08:29:03 35,088 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-11-06 11:59:14 845,584 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    + 2008-11-08 08:28:59 845,584 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    - 2008-11-06 11:59:14 922,384 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-11-08 08:29:00 922,384 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    - 2008-11-06 11:59:15 272,648 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    + 2008-11-08 08:29:01 272,648 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    - 2008-11-06 11:59:15 888,080 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    + 2008-11-08 08:29:03 888,080 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-11-06 11:59:14 1,172,240 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-11-08 08:28:57 1,172,240 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    - 2008-10-23 17:39:14 217,864 —-a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
    + 2008-11-08 08:32:59 217,864 —-a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
    - 2008-10-23 18:04:45 217,864 —-a-r c:\windows\Installer\{90120000-006E-0413-0000-0000000FF1CE}\misc.exe
    + 2008-11-08 08:34:39 217,864 —-a-r c:\windows\Installer\{90120000-006E-0413-0000-0000000FF1CE}\misc.exe
    - 2006-10-26 12:10:08 1,190,688 —-a-w c:\windows\system32\FM20.DLL
    + 2007-08-23 00:03:38 1,195,888 —-a-w c:\windows\system32\FM20.DLL
    .
    – Snapshot teruggezet naar huidige datum –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-10-23 3513344]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ACU"="c:\program files\Atheros\ACU.exe" [2008-07-07 450649]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-22 1234712]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-29 136600]
    "Rizaakvp"="c:\documents and settings\onlineous\Bureaublad\fg677p.exe" [2008-11-04 149504]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
    "SoundMan"="SOUNDMAN.EXE" [2003-03-27 c:\windows\SOUNDMAN.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-03-07 38448]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-22 97928]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-22 231704]
    R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-29 152984]
    R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-02-08 57408]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{488d3e37-a05a-11dd-a1cf-dffb90a0c225}]
    \Shell\AutoRun\command - H:\LaunchU3.exe -a

    *Newly Created Service* - CATCHME
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-08 20:01:15
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-11-08 20:04:08
    ComboFix-quarantined-files.txt 2008-11-08 19:03:44
    ComboFix2.txt 2008-11-07 16:00:39

    Pre-Run: 2.106.933.248 bytes beschikbaar
    Post-Run: 2,097,434,624 bytes beschikbaar

    310 — E O F — 2008-11-08 08:35:12




    malwarebytes heeft niets gevonden.
    hieronder toch maar even de log:


    Malwarebytes' Anti-Malware 1.30
    Database versie: 1368
    Windows 5.1.2600 Service Pack 3

    8-11-2008 20:14:02
    mbam-log-2008-11-08 (20-14-02).txt

    Scan type: Snelle Scan
    Objecten gescand: 42409
    Verstreken tijd: 7 minute(s), 38 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)






  • En duiken er nu nog nieuwe Trojan-waarschuwingen op ?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.