Vraag & Antwoord

Beveiliging & privacy

hijackthis log ivm avg trojan detectie

Anoniem
jacie
13 antwoorden
 • hallo,

  de laatste paar dagen krijg ik steeds meldingen van trojans. ik heb spybot and adaware al gedraaid. die vinden beide niets.
  avg blijft echter trojans aangeven die vaak niet verwijderd kunnen worden.

  daarom hieronder even een hijackthis log. ik heb zelf al gekeken maar kan er niets in vinden.

  zou iemand hier even naar willen kijken?

  alvast bedankt

  groeten jaco

  ps: ja ik weet het, er zijn een paar entries die kunnen worden opgeruimd

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 13:32:35, on 4-11-2008
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\acs.exe
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\Program Files\Java\jre6\bin\jqs.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Atheros\ACU.exe
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  C:\Program Files\Windows Live\Contacts\wlcomm.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Program Files\AVG\AVG8\avgui.exe
  C:\Documents and Settings\onlineous\Bureaublad\fg677p.exe
  C:\Documents and Settings\onlineous\Bureaublad\HiJackThis.exe

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8580
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: (no name) - {A87E8B6B-D30F-416C-8709-8AB34A210CB5} - C:\WINDOWS\system32\hgGwUkJC.dll (file missing)
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: (no name) - {DD3EC823-D3A1-48B3-A18A-A1958795A18A} - C:\WINDOWS\system32\iifgDtsT.dll (file missing)
  O2 - BHO: {dba6db48-4401-24f8-f804-7b525d5b784f} - {f487b5d5-25b7-408f-8f42-104484bd6abd} - C:\WINDOWS\system32\igrnrm.dll (file missing)
  O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [Rizaakvp] C:\Documents and Settings\onlineous\Bureaublad\fg677p.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O17 - HKLM\System\CCS\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
  O17 - HKLM\System\CCS\Services\Tcpip\..\{F5262B6A-7A37-4180-B9FD-BA9E37B0D2A1}: NameServer = 192.168.2.1,212.45.33.3
  O17 - HKLM\System\CS1\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
  O17 - HKLM\System\CS2\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O20 - AppInit_DLLs: avgrsstx.dll igrnrm.dll
  O20 - Winlogon Notify: iifgDtsT - iifgDtsT.dll (file missing)
  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


  End of file - 7468 bytes
 • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

  [b:8d85a62839]O2 - BHO: (no name) - {A87E8B6B-D30F-416C-8709-8AB34A210CB5} - C:\WINDOWS\system32\hgGwUkJC.dll (file missing)
  O2 - BHO: (no name) - {DD3EC823-D3A1-48B3-A18A-A1958795A18A} - C:\WINDOWS\system32\iifgDtsT.dll (file missing)
  O2 - BHO: {dba6db48-4401-24f8-f804-7b525d5b784f} - {f487b5d5-25b7-408f-8f42-104484bd6abd} - C:\WINDOWS\system32\igrnrm.dll (file missing)
  O4 - HKLM\..\Run: [Rizaakvp] C:\Documents and Settings\onlineous\Bureaublad\fg677p.exe
  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
  O20 - AppInit_DLLs: avgrsstx.dll igrnrm.dll
  O20 - Winlogon Notify: iifgDtsT - iifgDtsT.dll (file missing)[/b:8d85a62839]

  Klik op 'Fix checked' om de items te verwijderen.

  Download [b:8d85a62839]MBAM (Malwarebytes' Anti-Malware)[/b:8d85a62839] : http://www.besttechie.net/tools/mbam-setup.exe

  Dubbelklik op mbam-setup.exe om het programma te installeren.

  Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
  Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
  Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
  Het scannen kan een tijdje duren, dus wees geduldig.
  Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
  Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
  De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

  Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
  Daarna zal het vragen om de computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.

  Post dit logje in je volgende antwoord, samen met een nieuw log van HJT.
 • weet je zeker dat fg677p.exe spyware is?
  dit is freegate http://en.wikipedia.org/wiki/Freegate
  zoals je kunt lezen is het een filter omzeilingsprogramma.
  ik heb m door virustotal gehaald en 5 van de 36 scanners geven m aan als troep. volgens mij komt dit puur door de functie die het programma heeft.
  als er echt spyware in zou zitten zouden meer virusscanners dit programma blokken volgens mij.
  ik had de problemen ook al voordat ik freegate op mijn computer zette.
 • Dit is inderdaad - bij verder nazicht - een bestand waar momenteel nog wat twijfel over bestaat : http://www.prevx.com/filenamedays/091920087.html.

  Laat dat dan maar even - voor alle zekerheid en vermits je de oorsprong er zelf duidelijk van kent - ongemoeid.
 • dit zijn de logs:

  Malwarebytes' Anti-Malware 1.30
  Database versie: 1368
  Windows 5.1.2600 Service Pack 3

  6-11-2008 12:40:29
  mbam-log-2008-11-06 (12-40-29).txt

  Scan type: Snelle Scan
  Objecten gescand: 43808
  Verstreken tijd: 9 minute(s), 25 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 7
  Registerwaarden geïnfecteerd: 1
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 2

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

  Registerwaarden geïnfecteerd:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo) -> Quarantined and deleted successfully.

  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Bestanden geïnfecteerd:
  C:\WINDOWS\system32\bwodxrtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\qoMdBQHY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 12:42:08, on 6-11-2008
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\acs.exe
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\Program Files\Java\jre6\bin\jqs.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Atheros\ACU.exe
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  C:\Program Files\Windows Live\Contacts\wlcomm.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
  C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  C:\Program Files\Radmin Viewer 3.0\Radmin.exe
  C:\Documents and Settings\onlineous\Bureaublad\HiJackThis.exe

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [Rizaakvp] C:\Documents and Settings\onlineous\Bureaublad\fg677p.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O17 - HKLM\System\CCS\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
  O17 - HKLM\System\CCS\Services\Tcpip\..\{F5262B6A-7A37-4180-B9FD-BA9E37B0D2A1}: NameServer = 192.168.2.1,212.45.33.3
  O17 - HKLM\System\CS1\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
  O17 - HKLM\System\CS2\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


  End of file - 6848 bytes  ps: misschien dat radmin word gezien als troep. dit is namelijk remote administrator software en net als freegate kan dat wel eens als schadelijk worden gezien
 • Logjes zien er goed uit … en dan de belangrijkste vraag : hoe staat het met de trojans of (beter) de meldingen ervan ?
 • ik heb na het schoonmaken toch nog enkele trojan waarschuwingen gehad.

  ik heb opnieuw een scan met malwarebytes gedaan (deze keer een volledige)
  deze scan vond niets.

  hier is nog een hijackthis logje maar ik neem aan dat daar niets in veranderd is.
  zodra ik opnieuw een trojan melding krijg van avg plak ik m hier in het forum.


  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 9:52:59, on 7-11-2008
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\acs.exe
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\Program Files\Java\jre6\bin\jqs.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Atheros\ACU.exe
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
  C:\Program Files\LimeWire\LimeWire.exe
  C:\Program Files\PeerGuardian2\pg2.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\onlineous\Bureaublad\HiJackThis.exe

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [Rizaakvp] C:\Documents and Settings\onlineous\Bureaublad\fg677p.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O17 - HKLM\System\CCS\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
  O17 - HKLM\System\CCS\Services\Tcpip\..\{F5262B6A-7A37-4180-B9FD-BA9E37B0D2A1}: NameServer = 192.168.2.1,212.45.33.3
  O17 - HKLM\System\CS1\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
  O17 - HKLM\System\CS2\Services\Tcpip\..\{39991A13-5EF0-4EAA-BF8F-C9DACB99FD7F}: NameServer = 192.168.2.1,212.45.33.3
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


  End of file - 6722 bytes
 • HJT-logje is inderdaad OK.

  Download [b:c2e0a579b4] naar je Bureaublad.

  OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:c2e0a579b4]download Combofix opnieuw[/b:c2e0a579b4].
  Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:c2e0a579b4]
  Dubbelklik op [b:c2e0a579b4]Combofix.exe[/b:c2e0a579b4] om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op [b:c2e0a579b4]Ja[/b:c2e0a579b4] te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:c2e0a579b4]JA[/b:c2e0a579b4] te klikken in het "Query - Recovery Console" venster.
  Klik op [b:c2e0a579b4]OK[/b:c2e0a579b4] en [b:c2e0a579b4]Ja[/b:c2e0a579b4] om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op [b:c2e0a579b4]Ja[/b:c2e0a579b4] om het scannen op malware te starten.
  Tijdens het runnen van de fix, [b:c2e0a579b4]NIET[/b:c2e0a579b4] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:c2e0a579b4]
  Wanneer de fix voltooid is en na herstart, zal de log [b:c2e0a579b4]Combofix.txt[/b:c2e0a579b4] openen.

  Post dit logje in je volgende antwoord.
 • dit is de combofix log:  ComboFix 08-11-06.01 - onlineous 2008-11-07 16:42:46.1 - NTFSx86
  Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.278 [GMT 1:00]
  Gestart vanuit: c:\documents and settings\onlineous\Bureaublad\ComboFix.exe
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  c:\windows\system32\CJkUwGgh.ini
  c:\windows\system32\CJkUwGgh.ini2
  c:\windows\system32\ehovqdxn.ini
  c:\windows\system32\skaoscpa.ini
  c:\windows\system32\tljckvaa.ini
  c:\windows\system32\yjugcpxj.ini

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2008-10-07 to 2008-11-07 ))))))))))))))))))))))))))))))
  .

  2008-11-06 12:29 . 2008-11-06 12:29 <DIR> d——– c:\documents and settings\onlineous\Application Data\Radmin
  2008-11-06 12:20 . 2001-08-18 06:00 98,176 –a—— c:\windows\system32\drivers\NBF.SYS
  2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
  2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d——– c:\documents and settings\onlineous\Application Data\Malwarebytes
  2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
  2008-11-06 12:18 . 2008-10-22 16:10 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
  2008-11-06 12:18 . 2008-10-22 16:10 15,504 –a—— c:\windows\system32\drivers\mbam.sys
  2008-11-06 00:06 . 2008-11-06 00:07 <DIR> d——– c:\program files\Radmin Viewer 3.0
  2008-11-03 19:05 . 2008-11-03 19:05 260 –a—— C:\sqmdata02.sqm
  2008-11-03 19:05 . 2008-11-03 19:05 200 –a—— C:\sqmnoopt02.sqm
  2008-11-02 15:08 . 2008-11-02 15:08 <DIR> d——– c:\documents and settings\onlineous\Application Data\Media Player Classic
  2008-11-02 14:49 . 2008-11-02 14:49 <DIR> d——– c:\windows\Sun
  2008-11-01 00:02 . 2008-11-01 00:02 272 –a—— C:\sqmdata01.sqm
  2008-11-01 00:02 . 2008-11-01 00:02 212 –a—— C:\sqmnoopt01.sqm
  2008-10-31 10:05 . 2008-10-31 10:05 <DIR> d——– c:\program files\SpaceMonger
  2008-10-31 10:05 . 2008-10-31 10:05 <DIR> d——– c:\documents and settings\onlineous\Application Data\SpaceMonger
  2008-10-31 10:05 . 2008-10-31 10:05 4 –a—— c:\windows\system32\wnsm2i.rdb
  2008-10-31 09:40 . 2008-10-31 09:42 <DIR> d——– C:\drivers
  2008-10-30 21:10 . 2008-10-30 21:10 0 –a—— c:\windows\system32\tljckvaa.tmp
  2008-10-30 01:15 . 2008-11-07 14:10 <DIR> d——– c:\documents and settings\onlineous\Application Data\LimeWire
  2008-10-29 19:37 . 2008-10-29 19:37 <DIR> d——– c:\program files\Java
  2008-10-29 19:37 . 2008-10-29 19:37 410,976 –a—— c:\windows\system32\deploytk.dll
  2008-10-29 19:37 . 2008-10-29 19:37 73,728 –a—— c:\windows\system32\javacpl.cpl
  2008-10-28 23:13 . 2008-04-14 00:16 18,944 –a—— c:\windows\system32\drivers\BTHUSB.SYS
  2008-10-28 23:13 . 2008-04-14 00:16 18,944 –a–c— c:\windows\system32\dllcache\bthusb.sys
  2008-10-28 19:11 . 2008-10-28 19:11 <DIR> d——– c:\program files\Lavasoft
  2008-10-28 19:11 . 2008-10-28 19:46 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
  2008-10-28 19:09 . 2008-10-28 19:09 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
  2008-10-28 18:14 . 2008-10-28 18:14 <DIR> d——– c:\program files\TightVNC
  2008-10-27 15:05 . 2008-11-06 20:59 <DIR> d–h—– C:\$AVG8.VAULT$
  2008-10-24 22:58 . 2008-10-24 22:58 <DIR> d——– c:\program files\K-Lite Codec Pack
  2008-10-24 22:48 . 2008-11-07 14:09 69 –a—— c:\windows\NeroDigital.ini
  2008-10-24 17:00 . 2008-10-24 17:00 <DIR> d——– c:\documents and settings\All Users\Application Data\FLEXnet
  2008-10-24 15:21 . 2008-10-24 15:21 <DIR> d——– c:\program files\Common Files\Macrovision Shared
  2008-10-24 14:34 . 2008-10-24 14:34 <DIR> d—s—- c:\documents and settings\onlineous\UserData
  2008-10-24 14:27 . 2007-07-30 18:19 271,224 –a—— c:\windows\system32\mucltui.dll
  2008-10-24 14:27 . 2007-07-30 18:19 207,736 –a—— c:\windows\system32\muweb.dll
  2008-10-24 14:27 . 2007-07-30 18:18 30,072 –a—— c:\windows\system32\mucltui.dll.mui
  2008-10-23 23:46 . 2008-11-03 19:06 <DIR> d——– c:\documents and settings\onlineous\Tracing
  2008-10-23 23:42 . 2008-10-23 23:42 236 –a—— C:\sqmdata00.sqm
  2008-10-23 23:42 . 2008-10-23 23:42 200 –a—— C:\sqmnoopt00.sqm
  2008-10-23 23:39 . 2006-11-29 12:06 3,426,072 –a—— c:\windows\system32\d3dx9_32.dll
  2008-10-23 23:38 . 2008-10-23 23:38 <DIR> d——– c:\program files\Microsoft SQL Server Compact Edition
  2008-10-23 23:38 . 2008-10-23 23:38 <DIR> d——– c:\program files\Microsoft
  2008-10-23 23:22 . 2008-10-23 23:22 <DIR> d——– c:\program files\Common Files\Windows Live
  2008-10-23 23:01 . 2008-10-23 23:38 <DIR> d——– c:\program files\Windows Live
  2008-10-23 23:01 . 2008-10-23 23:01 <DIR> d–hsc— c:\program files\Common Files\WindowsLiveInstaller
  2008-10-23 23:01 . 2008-10-23 23:04 <DIR> d——– c:\documents and settings\All Users\Application Data\WLInstaller
  2008-10-23 22:24 . 2008-11-07 16:49 <DIR> d——– c:\program files\PeerGuardian2
  2008-10-23 21:49 . 2008-10-23 21:49 <DIR> d——– c:\program files\uTorrent
  2008-10-23 21:48 . 2008-11-02 01:19 <DIR> d——– c:\documents and settings\onlineous\Application Data\uTorrent
  2008-10-23 19:08 . 2008-10-23 19:08 <DIR> d——– c:\program files\Microsoft Visual Studio 8
  2008-10-23 18:39 . 2008-10-23 19:06 <DIR> d——– c:\windows\SHELLNEW
  2008-10-23 18:38 . 2008-11-07 03:09 <DIR> d——– c:\documents and settings\All Users\Application Data\Microsoft Help
  2008-10-23 18:37 . 2008-10-23 18:37 <DIR> dr-h—– C:\MSOCache
  2008-10-23 14:53 . 2008-10-23 14:53 <DIR> d——– c:\program files\MSXML 4.0
  2008-10-22 23:22 . 2008-10-22 23:23 <DIR> d——– c:\program files\Aspell
  2008-10-22 20:05 . 2008-06-14 18:36 272,640 ——— c:\windows\system32\drivers\bthport.sys
  2008-10-22 20:05 . 2008-06-14 18:36 272,640 —–c— c:\windows\system32\dllcache\bthport.sys
  2008-10-22 20:04 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache\ntoskrnl.exe
  2008-10-22 20:04 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache\ntkrnlmp.exe
  2008-10-22 20:04 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache\ntkrnlpa.exe
  2008-10-22 20:04 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache\ntkrpamp.exe
  2008-10-22 19:59 . 2008-10-25 02:04 <DIR> d–h—– c:\windows\$hf_mig$
  2008-10-22 19:26 . 2008-10-22 19:26 0 –a—— c:\windows\nsreg.dat
  2008-10-22 19:19 . 2008-10-22 19:27 <DIR> d-a—— c:\documents and settings\All Users\Application Data\TEMP
  2008-10-22 19:09 . 2008-04-13 23:47 83,072 –a—— c:\windows\system32\drivers\wdmaud.sys
  2008-10-22 19:09 . 2008-04-13 23:47 83,072 –a–c— c:\windows\system32\dllcache\wdmaud.sys
  2008-10-22 19:09 . 2008-04-13 23:15 6,272 –a—— c:\windows\system32\drivers\splitter.sys
  2008-10-22 19:09 . 2008-04-13 23:15 6,272 –a–c— c:\windows\system32\dllcache\splitter.sys
  2008-10-22 19:05 . 2008-10-22 19:05 <DIR> d——– c:\program files\LimeWire
  2008-10-22 19:03 . 2001-09-06 18:04 12,288 –a—— c:\windows\system32\drivers\mouhid.sys
  2008-10-22 19:03 . 2001-09-06 18:04 12,288 –a–c— c:\windows\system32\dllcache\mouhid.sys
  2008-10-22 19:03 . 2008-04-13 23:15 10,368 –a—— c:\windows\system32\drivers\hidusb.sys
  2008-10-22 19:03 . 2008-04-13 23:15 10,368 –a–c— c:\windows\system32\dllcache\hidusb.sys
  2008-10-22 19:02 . 2008-10-22 19:02 <DIR> d——– c:\program files\Alcohol Soft
  2008-10-22 18:57 . 2008-10-22 18:57 <DIR> d——– c:\program files\PowerISO
  2008-10-22 18:57 . 2008-10-22 18:57 685,816 –a—— c:\windows\system32\drivers\sptd.sys
  2008-10-22 18:55 . 2008-10-22 18:55 <DIR> d——– c:\program files\Webteh
  2008-10-22 18:55 . 2008-10-29 00:28 <DIR> d——– c:\documents and settings\onlineous\Application Data\BSplayer PRO
  2008-10-22 18:49 . 2001-08-17 22:59 3,072 –a—— c:\windows\system32\drivers\audstub.sys
  2008-10-22 18:48 . 2008-04-14 23:04 58,112 –a—— c:\windows\system32\drivers\redbook.sys
  2008-10-22 18:48 . 2001-08-17 22:46 6,400 –a—— c:\windows\system32\drivers\enum1394.sys
  2008-10-22 18:48 . 2008-04-14 23:07 5,504 –a—— c:\windows\system32\drivers\intelide.sys
  2008-10-22 18:47 . 2008-04-14 23:32 76,288 –a—— c:\windows\system32\usbui.dll
  2008-10-22 18:47 . 2008-04-14 01:06 42,368 –a—— c:\windows\system32\drivers\AGP440.SYS
  2008-10-22 18:47 . 2008-04-14 01:06 14,208 –a—— c:\windows\system32\drivers\battc.sys
  2008-10-22 18:47 . 2008-04-14 01:06 13,952 –a—— c:\windows\system32\drivers\CmBatt.sys
  2008-10-22 18:47 . 2008-04-14 01:06 10,240 –a—— c:\windows\system32\drivers\compbatt.sys
  2008-10-22 18:45 . 2008-10-22 18:45 <DIR> d——– c:\program files\Nero
  2008-10-22 18:45 . 2008-10-22 18:46 <DIR> d——– c:\program files\Common Files\Ahead
  2008-10-22 18:45 . 2008-10-22 18:45 <DIR> d——– c:\documents and settings\All Users\Application Data\Nero
  2008-10-22 18:37 . 2007-03-07 12:27 4,245,008 –a—— c:\windows\system32\qtp-mt334.dll
  2008-10-22 18:37 . 2007-03-07 12:27 247,824 –a—— c:\windows\system32\prgiso.dll
  2008-10-22 18:37 . 2007-03-07 12:27 38,448 –a—— c:\windows\system32\drivers\hotcore3.sys
  2008-10-22 18:37 . 2007-03-07 12:27 13,840 –a—— c:\windows\system32\wnaspi32.dll
  2008-10-22 18:36 . 2008-10-22 18:36 <DIR> d——– c:\program files\Paragon Software
  2008-10-22 18:35 . 2008-10-22 18:35 <DIR> d——– c:\program files\Common Files\InstallShield
  2008-10-22 18:34 . 2008-10-22 18:34 <DIR> d——– c:\program files\winLAME
  2008-10-22 18:34 . 2008-10-22 19:20 <DIR> d——– c:\program files\SpywareBlaster
  2008-10-22 18:34 . 2005-04-15 19:58 1,071,088 –a—— c:\windows\system32\MSCOMCTL.OCX
  2008-10-22 18:34 . 2005-08-25 18:18 118,784 –a—— c:\windows\system32\MSSTDFMT.DLL
  2008-10-22 18:33 . 2008-10-28 15:41 <DIR> d——– c:\program files\Spybot - Search & Destroy
  2008-10-22 18:33 . 2008-10-27 23:19 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
  2008-10-22 18:32 . 2008-10-22 18:32 <DIR> d——– c:\program files\CCleaner
  2008-10-22 18:31 . 2008-11-07 16:52 <DIR> d——– c:\windows\system32\drivers\Avg
  2008-10-22 18:31 . 2008-10-22 18:31 <DIR> d——– c:\program files\AVG
  2008-10-22 18:31 . 2008-10-22 18:31 <DIR> d——– c:\documents and settings\All Users\Application Data\avg8
  2008-10-22 18:31 . 2008-10-22 18:31 97,928 –a—— c:\windows\system32\drivers\avgldx86.sys
  2008-10-22 18:31 . 2008-10-22 18:31 10,520 –a—— c:\windows\system32\avgrsstx.dll
  2008-10-22 18:27 . 2008-10-24 15:27 <DIR> d——– c:\program files\Common Files\Adobe
  2008-10-22 18:25 . 2008-10-22 18:25 <DIR> d——– c:\program files\7-Zip
  2008-10-22 18:24 . 2008-10-22 18:24 <DIR> d——– c:\program files\Windows Media Connect 2
  2008-10-22 18:22 . 2008-10-22 18:22 <DIR> d——– c:\windows\system32\LogFiles
  2008-10-22 18:22 . 2008-10-22 18:23 <DIR> d——– c:\windows\system32\drivers\UMDF
  2008-10-22 18:22 . 2006-09-25 16:58 23,856 –a—— c:\windows\system32\spupdsvc.exe
  2008-10-22 18:12 . 2008-10-22 18:36 <DIR> d–h—– c:\program files\InstallShield Installation Information
  2008-10-22 18:12 . 2008-10-22 18:13 <DIR> d——– c:\program files\Atheros
  2008-10-22 18:12 . 2003-04-01 09:47 6,652,928 –a—— c:\windows\system32\ALSNDMGR.CPL
  2008-10-22 18:11 . 2008-10-22 18:11 <DIR> d——– c:\documents and settings\onlineous\Application Data\InstallShield
  2008-10-22 18:11 . 2008-10-22 18:13 <DIR> d——– c:\documents and settings\All Users\Application Data\Atheros
  2008-10-22 18:10 . 2008-11-03 17:31 <DIR> d——– c:\documents and settings\onlineous\Application Data\U3
  2008-10-22 18:09 . 2008-04-13 23:15 26,368 –a–c— c:\windows\system32\dllcache\usbstor.sys

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-10-22 16:46 ——— d—–w c:\program files\microsoft frontpage
  2008-09-16 00:14 3,596,288 —-a-w c:\windows\system32\qt-dx331.dll
  2008-09-16 00:12 81,920 —-a-w c:\windows\system32\dpl100.dll
  2008-09-16 00:11 683,520 —-a-w c:\windows\system32\divx.dll
  2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
  2008-09-08 22:03 51,712 —-a-w c:\windows\system32\sirenacm.dll
  2008-09-08 10:41 333,824 —-a-w c:\windows\system32\drivers\srv.sys
  2008-09-05 13:56 287,744 —-a-w c:\windows\WLXPGSS.SCR
  2008-08-20 05:30 669,184 —-a-w c:\windows\system32\wininet.dll
  2008-08-14 13:27 2,193,536 —-a-w c:\windows\system32\ntoskrnl.exe
  2008-08-14 13:27 2,070,400 —-a-w c:\windows\system32\ntkrnlpa.exe
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
  "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-10-23 3513344]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ACU"="c:\program files\Atheros\ACU.exe" [2008-07-07 450649]
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
  "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-22 1234712]
  "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
  "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
  "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-29 136600]
  "Rizaakvp"="c:\documents and settings\onlineous\Bureaublad\fg677p.exe" [2008-11-04 149504]
  "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
  "SoundMan"="SOUNDMAN.EXE" [2003-03-27 c:\windows\SOUNDMAN.EXE]
  "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "msacm.l3fhg"= mp3fhg.acm
  "msacm.divxa32"= divxa32.acm
  "VIDC.X264"= x264vfw.dll
  "VIDC.HFYU"= huffyuv.dll
  "vidc.i263"= i263_32.drv

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "%windir%\\system32\\sessmgr.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
  "c:\\Program Files\\uTorrent\\uTorrent.exe"=
  "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "5353:TCP"= 5353:TCP:Adobe CSI CS4

  R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-03-07 38448]
  R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-22 97928]
  R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-22 231704]
  R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-29 152984]
  R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-02-08 57408]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{488d3e37-a05a-11dd-a1cf-dffb90a0c225}]
  \Shell\AutoRun\command - H:\LaunchU3.exe -a
  .
  .
  ——- Bijkomende Scan ——-
  .
  FireFox -: Profile - c:\documents and settings\onlineous\Application Data\Mozilla\Firefox\Profiles\10qn636y.default\
  FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.nl
  FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
  FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
  FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
  .

  **************************************************************************

  catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-11-07 16:54:29
  Windows 5.1.2600 Service Pack 3 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  ———————— Andere Aktieve Processen ————————
  .
  c:\windows\system32\ati2evxx.exe
  c:\program files\Lavasoft\Ad-Aware\aawservice.exe
  c:\windows\system32\acs.exe
  c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
  c:\program files\AVG\AVG8\avgrsx.exe
  c:\windows\system32\rundll32.exe
  .
  **************************************************************************
  .
  Voltooingstijd: 2008-11-07 17:00:38 - machine werd herstart
  ComboFix-quarantined-files.txt 2008-11-07 16:00:30

  Pre-Run: 529.477.632 bytes beschikbaar
  Post-Run: 735,068,160 bytes beschikbaar

  WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
  [boot loader]
  timeout=2
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  [operating systems]
  c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

  244 — E O F — 2008-11-07 02:09:31
 • edit: sorry 2x. de computer was vanmorgen traag en ik dacht dat ie nog niet verstuurd was
 • Open een kladblokbestand.

  Kopieer en plak daarin de onderstaande vetgedrukte tekst.

  [b:2a1b48c9a6]File::
  C:\sqmdata02.sqm
  C:\sqmnoopt02.sqm
  C:\sqmdata01.sqm
  C:\sqmnoopt01.sqm
  c:\windows\system32\tljckvaa.tmp
  C:\sqmdata00.sqm
  C:\sqmnoopt00.sqm[/b:2a1b48c9a6]

  Sla dit bestand op je bureaublad op als CFScript.txt.

  Sleep CFScript.txt in ComboFix.exe
  Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

  Laat dan MBAM nog eens opnieuw scannen.

  Post na herstart de inhoud van de Combofix.txt en het log van MBAM. En weet dan eens te vertellen of er nog meldingen komen opduiken ?
 • combofix:

  ComboFix 08-11-07.01 - onlineous 2008-11-08 19:55:32.2 - NTFSx86
  Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.162 [GMT 1:00]
  Gestart vanuit: c:\documents and settings\onlineous\Bureaublad\ComboFix.exe
  gebruikte Opdracht switches :: c:\documents and settings\onlineous\Bureaublad\CFScript.txt
  * Nieuw herstelpunt werd aangemaakt

  FILE ::
  C:\sqmdata00.sqm
  C:\sqmdata01.sqm
  C:\sqmdata02.sqm
  C:\sqmnoopt00.sqm
  C:\sqmnoopt01.sqm
  C:\sqmnoopt02.sqm
  c:\windows\system32\tljckvaa.tmp
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\sqmdata00.sqm
  C:\sqmdata01.sqm
  C:\sqmdata02.sqm
  C:\sqmnoopt00.sqm
  C:\sqmnoopt01.sqm
  C:\sqmnoopt02.sqm
  c:\windows\system32\tljckvaa.tmp

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2008-10-08 to 2008-11-08 ))))))))))))))))))))))))))))))
  .

  2008-11-06 12:29 . 2008-11-06 12:29 <DIR> d——– c:\documents and settings\onlineous\Application Data\Radmin
  2008-11-06 12:20 . 2001-08-18 06:00 98,176 –a—— c:\windows\system32\drivers\NBF.SYS
  2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
  2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d——– c:\documents and settings\onlineous\Application Data\Malwarebytes
  2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
  2008-11-06 12:18 . 2008-10-22 16:10 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
  2008-11-06 12:18 . 2008-10-22 16:10 15,504 –a—— c:\windows\system32\drivers\mbam.sys
  2008-11-06 00:06 . 2008-11-06 00:07 <DIR> d——– c:\program files\Radmin Viewer 3.0
  2008-11-02 15:08 . 2008-11-02 15:08 <DIR> d——– c:\documents and settings\onlineous\Application Data\Media Player Classic
  2008-11-02 14:49 . 2008-11-02 14:49 <DIR> d——– c:\windows\Sun
  2008-10-31 10:05 . 2008-10-31 10:05 <DIR> d——– c:\program files\SpaceMonger
  2008-10-31 10:05 . 2008-10-31 10:05 <DIR> d——– c:\documents and settings\onlineous\Application Data\SpaceMonger
  2008-10-31 10:05 . 2008-10-31 10:05 4 –a—— c:\windows\system32\wnsm2i.rdb
  2008-10-31 09:40 . 2008-10-31 09:42 <DIR> d——– C:\drivers
  2008-10-30 01:15 . 2008-11-07 14:10 <DIR> d——– c:\documents and settings\onlineous\Application Data\LimeWire
  2008-10-29 19:37 . 2008-10-29 19:37 <DIR> d——– c:\program files\Java
  2008-10-29 19:37 . 2008-10-29 19:37 410,976 –a—— c:\windows\system32\deploytk.dll
  2008-10-29 19:37 . 2008-10-29 19:37 73,728 –a—— c:\windows\system32\javacpl.cpl
  2008-10-28 23:13 . 2008-04-14 00:16 18,944 –a—— c:\windows\system32\drivers\BTHUSB.SYS
  2008-10-28 23:13 . 2008-04-14 00:16 18,944 –a–c— c:\windows\system32\dllcache\bthusb.sys
  2008-10-28 19:11 . 2008-10-28 19:11 <DIR> d——– c:\program files\Lavasoft
  2008-10-28 19:11 . 2008-10-28 19:46 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
  2008-10-28 19:09 . 2008-10-28 19:09 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
  2008-10-28 18:14 . 2008-10-28 18:14 <DIR> d——– c:\program files\TightVNC
  2008-10-27 15:05 . 2008-11-06 20:59 <DIR> d–h—– C:\$AVG8.VAULT$
  2008-10-24 22:58 . 2008-10-24 22:58 <DIR> d——– c:\program files\K-Lite Codec Pack
  2008-10-24 22:48 . 2008-11-07 14:09 69 –a—— c:\windows\NeroDigital.ini
  2008-10-24 17:00 . 2008-10-24 17:00 <DIR> d——– c:\documents and settings\All Users\Application Data\FLEXnet
  2008-10-24 15:21 . 2008-10-24 15:21 <DIR> d——– c:\program files\Common Files\Macrovision Shared
  2008-10-24 14:34 . 2008-10-24 14:34 <DIR> d—s—- c:\documents and settings\onlineous\UserData
  2008-10-24 14:27 . 2007-07-30 18:19 271,224 –a—— c:\windows\system32\mucltui.dll
  2008-10-24 14:27 . 2007-07-30 18:19 207,736 –a—— c:\windows\system32\muweb.dll
  2008-10-24 14:27 . 2007-07-30 18:18 30,072 –a—— c:\windows\system32\mucltui.dll.mui
  2008-10-23 23:46 . 2008-11-03 19:06 <DIR> d——– c:\documents and settings\onlineous\Tracing
  2008-10-23 23:39 . 2006-11-29 12:06 3,426,072 –a—— c:\windows\system32\d3dx9_32.dll
  2008-10-23 23:38 . 2008-10-23 23:38 <DIR> d——– c:\program files\Microsoft SQL Server Compact Edition
  2008-10-23 23:38 . 2008-10-23 23:38 <DIR> d——– c:\program files\Microsoft
  2008-10-23 23:22 . 2008-10-23 23:22 <DIR> d——– c:\program files\Common Files\Windows Live
  2008-10-23 23:01 . 2008-10-23 23:38 <DIR> d——– c:\program files\Windows Live
  2008-10-23 23:01 . 2008-10-23 23:01 <DIR> d–hsc— c:\program files\Common Files\WindowsLiveInstaller
  2008-10-23 23:01 . 2008-10-23 23:04 <DIR> d——– c:\documents and settings\All Users\Application Data\WLInstaller
  2008-10-23 22:24 . 2008-11-07 16:49 <DIR> d——– c:\program files\PeerGuardian2
  2008-10-23 21:49 . 2008-10-23 21:49 <DIR> d——– c:\program files\uTorrent
  2008-10-23 21:48 . 2008-11-02 01:19 <DIR> d——– c:\documents and settings\onlineous\Application Data\uTorrent
  2008-10-23 19:08 . 2008-10-23 19:08 <DIR> d——– c:\program files\Microsoft Visual Studio 8
  2008-10-23 18:39 . 2008-10-23 19:06 <DIR> d——– c:\windows\SHELLNEW
  2008-10-23 18:38 . 2008-11-08 09:35 <DIR> d——– c:\documents and settings\All Users\Application Data\Microsoft Help
  2008-10-23 18:37 . 2008-10-23 18:37 <DIR> dr-h—– C:\MSOCache
  2008-10-23 14:53 . 2008-10-23 14:53 <DIR> d——– c:\program files\MSXML 4.0
  2008-10-22 23:22 . 2008-10-22 23:23 <DIR> d——– c:\program files\Aspell
  2008-10-22 20:05 . 2008-06-14 18:36 272,640 ——— c:\windows\system32\drivers\bthport.sys
  2008-10-22 20:05 . 2008-06-14 18:36 272,640 —–c— c:\windows\system32\dllcache\bthport.sys
  2008-10-22 20:04 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache\ntoskrnl.exe
  2008-10-22 20:04 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache\ntkrnlmp.exe
  2008-10-22 20:04 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache\ntkrnlpa.exe
  2008-10-22 20:04 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache\ntkrpamp.exe
  2008-10-22 19:59 . 2008-10-25 02:04 <DIR> d–h—– c:\windows\$hf_mig$
  2008-10-22 19:26 . 2008-10-22 19:26 0 –a—— c:\windows\nsreg.dat
  2008-10-22 19:19 . 2008-10-22 19:27 <DIR> d-a—— c:\documents and settings\All Users\Application Data\TEMP
  2008-10-22 19:09 . 2008-04-13 23:47 83,072 –a—— c:\windows\system32\drivers\wdmaud.sys
  2008-10-22 19:09 . 2008-04-13 23:47 83,072 –a–c— c:\windows\system32\dllcache\wdmaud.sys
  2008-10-22 19:09 . 2008-04-13 23:15 6,272 –a—— c:\windows\system32\drivers\splitter.sys
  2008-10-22 19:09 . 2008-04-13 23:15 6,272 –a–c— c:\windows\system32\dllcache\splitter.sys
  2008-10-22 19:05 . 2008-10-22 19:05 <DIR> d——– c:\program files\LimeWire
  2008-10-22 19:03 . 2001-09-06 18:04 12,288 –a—— c:\windows\system32\drivers\mouhid.sys
  2008-10-22 19:03 . 2001-09-06 18:04 12,288 –a–c— c:\windows\system32\dllcache\mouhid.sys
  2008-10-22 19:03 . 2008-04-13 23:15 10,368 –a—— c:\windows\system32\drivers\hidusb.sys
  2008-10-22 19:03 . 2008-04-13 23:15 10,368 –a–c— c:\windows\system32\dllcache\hidusb.sys
  2008-10-22 19:02 . 2008-10-22 19:02 <DIR> d——– c:\program files\Alcohol Soft
  2008-10-22 18:57 . 2008-10-22 18:57 <DIR> d——– c:\program files\PowerISO
  2008-10-22 18:57 . 2008-10-22 18:57 685,816 –a—— c:\windows\system32\drivers\sptd.sys
  2008-10-22 18:55 . 2008-10-22 18:55 <DIR> d——– c:\program files\Webteh
  2008-10-22 18:55 . 2008-10-29 00:28 <DIR> d——– c:\documents and settings\onlineous\Application Data\BSplayer PRO
  2008-10-22 18:49 . 2001-08-17 22:59 3,072 –a—— c:\windows\system32\drivers\audstub.sys
  2008-10-22 18:48 . 2008-04-14 23:04 58,112 –a—— c:\windows\system32\drivers\redbook.sys
  2008-10-22 18:48 . 2001-08-17 22:46 6,400 –a—— c:\windows\system32\drivers\enum1394.sys
  2008-10-22 18:48 . 2008-04-14 23:07 5,504 –a—— c:\windows\system32\drivers\intelide.sys
  2008-10-22 18:47 . 2008-04-14 23:32 76,288 –a—— c:\windows\system32\usbui.dll
  2008-10-22 18:47 . 2008-04-14 01:06 42,368 –a—— c:\windows\system32\drivers\AGP440.SYS
  2008-10-22 18:47 . 2008-04-14 01:06 14,208 –a—— c:\windows\system32\drivers\battc.sys
  2008-10-22 18:47 . 2008-04-14 01:06 13,952 –a—— c:\windows\system32\drivers\CmBatt.sys
  2008-10-22 18:47 . 2008-04-14 01:06 10,240 –a—— c:\windows\system32\drivers\compbatt.sys
  2008-10-22 18:45 . 2008-10-22 18:45 <DIR> d——– c:\program files\Nero
  2008-10-22 18:45 . 2008-10-22 18:46 <DIR> d——– c:\program files\Common Files\Ahead
  2008-10-22 18:45 . 2008-10-22 18:45 <DIR> d——– c:\documents and settings\All Users\Application Data\Nero
  2008-10-22 18:37 . 2007-03-07 12:27 4,245,008 –a—— c:\windows\system32\qtp-mt334.dll
  2008-10-22 18:37 . 2007-03-07 12:27 247,824 –a—— c:\windows\system32\prgiso.dll
  2008-10-22 18:37 . 2007-03-07 12:27 38,448 –a—— c:\windows\system32\drivers\hotcore3.sys
  2008-10-22 18:37 . 2007-03-07 12:27 13,840 –a—— c:\windows\system32\wnaspi32.dll
  2008-10-22 18:36 . 2008-10-22 18:36 <DIR> d——– c:\program files\Paragon Software
  2008-10-22 18:35 . 2008-10-22 18:35 <DIR> d——– c:\program files\Common Files\InstallShield
  2008-10-22 18:34 . 2008-10-22 18:34 <DIR> d——– c:\program files\winLAME
  2008-10-22 18:34 . 2008-10-22 19:20 <DIR> d——– c:\program files\SpywareBlaster
  2008-10-22 18:34 . 2005-04-15 19:58 1,071,088 –a—— c:\windows\system32\MSCOMCTL.OCX
  2008-10-22 18:34 . 2005-08-25 18:18 118,784 –a—— c:\windows\system32\MSSTDFMT.DLL
  2008-10-22 18:33 . 2008-10-28 15:41 <DIR> d——– c:\program files\Spybot - Search & Destroy
  2008-10-22 18:33 . 2008-10-27 23:19 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
  2008-10-22 18:32 . 2008-10-22 18:32 <DIR> d——– c:\program files\CCleaner
  2008-10-22 18:31 . 2008-11-08 19:48 <DIR> d——– c:\windows\system32\drivers\Avg
  2008-10-22 18:31 . 2008-10-22 18:31 <DIR> d——– c:\program files\AVG
  2008-10-22 18:31 . 2008-10-22 18:31 <DIR> d——– c:\documents and settings\All Users\Application Data\avg8
  2008-10-22 18:31 . 2008-10-22 18:31 97,928 –a—— c:\windows\system32\drivers\avgldx86.sys
  2008-10-22 18:31 . 2008-10-22 18:31 10,520 –a—— c:\windows\system32\avgrsstx.dll
  2008-10-22 18:27 . 2008-10-24 15:27 <DIR> d——– c:\program files\Common Files\Adobe
  2008-10-22 18:25 . 2008-10-22 18:25 <DIR> d——– c:\program files\7-Zip
  2008-10-22 18:24 . 2008-10-22 18:24 <DIR> d——– c:\program files\Windows Media Connect 2
  2008-10-22 18:22 . 2008-10-22 18:22 <DIR> d——– c:\windows\system32\LogFiles
  2008-10-22 18:22 . 2008-10-22 18:23 <DIR> d——– c:\windows\system32\drivers\UMDF
  2008-10-22 18:22 . 2006-09-25 16:58 23,856 –a—— c:\windows\system32\spupdsvc.exe
  2008-10-22 18:12 . 2008-10-22 18:36 <DIR> d–h—– c:\program files\InstallShield Installation Information
  2008-10-22 18:12 . 2008-10-22 18:13 <DIR> d——– c:\program files\Atheros
  2008-10-22 18:12 . 2003-04-01 09:47 6,652,928 –a—— c:\windows\system32\ALSNDMGR.CPL
  2008-10-22 18:11 . 2008-10-22 18:11 <DIR> d——– c:\documents and settings\onlineous\Application Data\InstallShield
  2008-10-22 18:11 . 2008-10-22 18:13 <DIR> d——– c:\documents and settings\All Users\Application Data\Atheros
  2008-10-22 18:10 . 2008-11-03 17:31 <DIR> d——– c:\documents and settings\onlineous\Application Data\U3
  2008-10-22 18:09 . 2008-04-13 23:15 26,368 –a–c— c:\windows\system32\dllcache\usbstor.sys

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-10-22 16:46 ——— d—–w c:\program files\microsoft frontpage
  2008-09-16 00:14 3,596,288 —-a-w c:\windows\system32\qt-dx331.dll
  2008-09-16 00:12 81,920 —-a-w c:\windows\system32\dpl100.dll
  2008-09-16 00:11 683,520 —-a-w c:\windows\system32\divx.dll
  2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
  2008-09-08 22:03 51,712 —-a-w c:\windows\system32\sirenacm.dll
  2008-09-08 10:41 333,824 —-a-w c:\windows\system32\drivers\srv.sys
  2008-09-05 13:56 287,744 —-a-w c:\windows\WLXPGSS.SCR
  2008-08-20 05:30 669,184 —-a-w c:\windows\system32\wininet.dll
  2008-08-14 13:27 2,193,536 —-a-w c:\windows\system32\ntoskrnl.exe
  2008-08-14 13:27 2,070,400 —-a-w c:\windows\system32\ntkrnlpa.exe
  .

  ((((((((((((((((((((((((((((( snapshot@2008-11-07_16.59.56.87 )))))))))))))))))))))))))))))))))))))))))
  .
  + 2006-10-26 17:49:48 1,011,488 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
  + 2006-10-26 17:49:46 970,528 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
  + 2006-10-27 13:00:12 1,751,904 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
  + 2006-10-27 13:00:10 576,376 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
  + 2006-10-27 13:00:06 47,976 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
  + 2006-10-27 13:00:08 191,360 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
  + 2006-10-26 18:13:34 338,800 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
  + 2006-10-26 18:13:44 629,616 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
  + 2006-10-26 18:13:28 207,736 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
  + 2006-10-26 18:13:32 279,352 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
  + 2006-10-26 18:13:08 15,160 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
  + 2006-10-26 18:13:08 15,160 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
  + 2006-10-26 18:13:08 15,160 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
  + 2006-10-26 18:13:12 15,160 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
  + 2006-10-27 13:00:06 387,960 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
  + 2006-10-26 18:13:38 392,048 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
  + 2006-10-26 18:13:30 260,976 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
  + 2006-10-26 18:13:32 289,648 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
  + 2006-10-26 18:13:38 551,800 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
  + 2006-10-26 18:13:30 224,104 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
  + 2006-10-26 18:13:34 371,568 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
  + 2006-10-27 13:41:04 399,640 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
  + 2006-10-26 17:59:24 205,616 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
  + 2006-10-26 18:12:52 189,760 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
  + 2006-10-26 17:48:14 439,568 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
  + 2006-10-26 12:10:08 1,190,688 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\FM20.DLL
  + 2006-10-26 17:21:24 1,682,232 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
  + 2006-10-27 13:09:36 983,376 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
  + 2006-10-26 18:02:12 2,526,520 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
  + 2006-10-26 18:12:52 173,328 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
  + 2006-10-27 13:10:10 5,281,592 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
  + 2006-10-27 12:59:06 161,080 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
  + 2006-10-26 17:48:12 14,664 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
  + 2006-10-26 18:12:58 428,816 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
  + 2006-10-26 19:13:36 26,936 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
  + 2006-10-26 18:00:08 6,635,320 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
  + 2006-10-26 11:56:36 436,520 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
  + 2006-10-26 17:50:04 672,024 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
  + 2006-10-26 11:56:40 505,136 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
  + 2006-10-26 18:12:30 65,824 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\NAME.DLL
  + 2006-10-27 13:14:34 14,151,456 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OART.DLL
  + 2006-10-26 18:06:54 232,816 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
  + 2006-10-26 18:14:06 7,033,152 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
  + 2006-10-26 18:00:08 274,744 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OIS.EXE
  + 2006-10-26 18:00:12 998,208 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
  + 2006-10-26 18:00:10 285,008 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
  + 2006-10-26 18:07:04 6,536,992 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
  + 2006-07-26 16:53:56 459,080 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
  + 2006-10-26 19:30:44 482,088 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
  + 2006-10-26 17:52:10 2,012,480 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
  + 2006-10-26 19:13:38 38,168 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
  + 2006-10-26 18:06:58 439,600 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
  + 2006-10-27 12:57:08 2,330,968 —-a-r c:\windows\Installer\$PatchCache$\Managed\[u:4687fef8ec]0[/u:4687fef8ec]0002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
  - 2008-11-06 11:59:14 1,165,584 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
  + 2008-11-08 08:28:55 1,165,584 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
  - 2008-11-06 11:59:15 20,240 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
  + 2008-11-08 08:29:02 20,240 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
  - 2008-11-06 11:59:14 159,504 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
  + 2008-11-08 08:28:58 159,504 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
  - 2008-11-06 11:59:14 184,080 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
  + 2008-11-08 08:28:58 184,080 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
  - 2008-11-06 11:59:15 217,864 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
  + 2008-11-08 08:29:00 217,864 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
  - 2008-11-06 11:59:15 18,704 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
  + 2008-11-08 08:29:02 18,704 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
  - 2008-11-06 11:59:15 35,088 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
  + 2008-11-08 08:29:03 35,088 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
  - 2008-11-06 11:59:14 845,584 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
  + 2008-11-08 08:28:59 845,584 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
  - 2008-11-06 11:59:14 922,384 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
  + 2008-11-08 08:29:00 922,384 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
  - 2008-11-06 11:59:15 272,648 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
  + 2008-11-08 08:29:01 272,648 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
  - 2008-11-06 11:59:15 888,080 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
  + 2008-11-08 08:29:03 888,080 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
  - 2008-11-06 11:59:14 1,172,240 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
  + 2008-11-08 08:28:57 1,172,240 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
  - 2008-10-23 17:39:14 217,864 —-a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
  + 2008-11-08 08:32:59 217,864 —-a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
  - 2008-10-23 18:04:45 217,864 —-a-r c:\windows\Installer\{90120000-006E-0413-0000-0000000FF1CE}\misc.exe
  + 2008-11-08 08:34:39 217,864 —-a-r c:\windows\Installer\{90120000-006E-0413-0000-0000000FF1CE}\misc.exe
  - 2006-10-26 12:10:08 1,190,688 —-a-w c:\windows\system32\FM20.DLL
  + 2007-08-23 00:03:38 1,195,888 —-a-w c:\windows\system32\FM20.DLL
  .
  – Snapshot teruggezet naar huidige datum –
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
  "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-10-23 3513344]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ACU"="c:\program files\Atheros\ACU.exe" [2008-07-07 450649]
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
  "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-22 1234712]
  "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
  "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
  "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-29 136600]
  "Rizaakvp"="c:\documents and settings\onlineous\Bureaublad\fg677p.exe" [2008-11-04 149504]
  "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
  "SoundMan"="SOUNDMAN.EXE" [2003-03-27 c:\windows\SOUNDMAN.EXE]
  "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "msacm.l3fhg"= mp3fhg.acm
  "msacm.divxa32"= divxa32.acm
  "VIDC.X264"= x264vfw.dll
  "VIDC.HFYU"= huffyuv.dll
  "vidc.i263"= i263_32.drv

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "%windir%\\system32\\sessmgr.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
  "c:\\Program Files\\uTorrent\\uTorrent.exe"=
  "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "5353:TCP"= 5353:TCP:Adobe CSI CS4

  R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-03-07 38448]
  R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-22 97928]
  R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-22 231704]
  R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-29 152984]
  R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-02-08 57408]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{488d3e37-a05a-11dd-a1cf-dffb90a0c225}]
  \Shell\AutoRun\command - H:\LaunchU3.exe -a

  *Newly Created Service* - CATCHME
  .

  **************************************************************************

  catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-11-08 20:01:15
  Windows 5.1.2600 Service Pack 3 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2008-11-08 20:04:08
  ComboFix-quarantined-files.txt 2008-11-08 19:03:44
  ComboFix2.txt 2008-11-07 16:00:39

  Pre-Run: 2.106.933.248 bytes beschikbaar
  Post-Run: 2,097,434,624 bytes beschikbaar

  310 — E O F — 2008-11-08 08:35:12
  malwarebytes heeft niets gevonden.
  hieronder toch maar even de log:


  Malwarebytes' Anti-Malware 1.30
  Database versie: 1368
  Windows 5.1.2600 Service Pack 3

  8-11-2008 20:14:02
  mbam-log-2008-11-08 (20-14-02).txt

  Scan type: Snelle Scan
  Objecten gescand: 42409
  Verstreken tijd: 7 minute(s), 38 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 0
  Registerwaarden geïnfecteerd: 0
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 0

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)
 • En duiken er nu nog nieuwe Trojan-waarschuwingen op ?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.