Mededeling

**Marckie** · 09-01-08, 11:07

Dag Charlene,

Je gebruikt een oude versie van HijackThis. Best dat je deze versie gebruikt: http://www.trendsecure.com/portal/en...HJTInstall.exe

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll
O2 - BHO: (no name) - {4EED7E02-B719-4DE2-AED5-6BD0B33409DB} - C:\WINDOWS\system32\ATIDD.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing)

Klik daarna op "Fix checked" en sluit HijackThis af.

Herstart de computer.

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**charlene** · 10-01-08, 23:18

re

hoi ik heb gedaan wat je hebt gezegd dit is het logje van combofix:

ComboFix 08-01-10.2 - Charleen 2008-01-10 23:11:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.190 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Charleen\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gzmrt.dll
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\msnav32.ax

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))
.

2008-01-10 23:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 22:52 . 2008-01-10 22:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-09 03:01 . 2008-01-09 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-09 02:32 . 2008-01-09 02:33 <DIR> d-------- C:\hjt
2008-01-09 02:23 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-08 21:51 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-08 21:51 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-08 21:50 . 2007-09-21 10:35 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-01-08 21:50 . 2007-09-21 10:35 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-01-08 21:48 . 2007-07-06 16:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-01-08 21:47 . 2008-01-08 21:47 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-08 21:47 . 2007-03-29 14:01 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-01-08 21:47 . 2007-03-29 14:01 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-01-08 21:47 . 2007-03-29 14:01 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-01-08 21:47 . 2007-03-29 14:01 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-01-08 21:47 . 2007-03-29 14:01 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-01-08 21:47 . 2007-03-29 14:01 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-01-08 21:35 . 2008-01-10 22:31 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-08 21:24 . 2008-01-08 21:26 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-03 19:44 . 2008-01-03 19:44 <DIR> d-------- C:\Documents and Settings\Charleen\Application Data\Datalayer
2008-01-02 20:55 . 2008-01-02 20:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-02 20:55 . 2008-01-02 20:55 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 14:36 . 2008-01-08 21:30 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2007-12-16 14:47 . 19,456 C:\WINDOWS\system32\drivers\dpddfyim.dat
2007-12-16 14:46 . 2007-08-22 02:56 84,992 --a------ C:\WINDOWS\system32\ATIDD.dll
2007-12-13 14:32 . 1998-08-20 12:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2007-12-13 14:32 . 1998-09-02 09:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2007-12-13 14:31 . 1998-08-27 05:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2007-12-13 14:30 . 1998-09-02 09:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2007-12-13 14:29 . 1998-09-02 09:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2007-12-13 14:29 . 1998-08-17 10:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2007-12-13 14:29 . 1998-08-17 10:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2007-12-13 14:29 . 1998-08-17 10:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2007-12-13 14:29 . 2007-12-13 14:29 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2007-12-13 14:29 . 2007-12-13 14:29 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2007-12-13 14:24 . 2007-12-13 14:52 <DIR> d-------- C:\Program Files\Catan
2007-12-13 14:24 . 1998-10-09 14:36 327,168 --a------ C:\WINDOWS\IsUn0413.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-01-08 20:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-08 20:18 --------- d-----w C:\Program Files\Windows Live
2008-01-08 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-12-27 20:46 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-16 14:52 --------- d-----w C:\Documents and Settings\Charleen\Application Data\LimeWire
2007-12-06 19:32 --------- d-----w C:\Program Files\Ubisoft
2007-12-06 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-15 13:19 --------- d-----w C:\Program Files\Ares
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EED7E02-B719-4DE2-AED5-6BD0B33409DB}]
2007-08-22 02:56 84992 --a------ C:\WINDOWS\system32\ATIDD.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 22:54 961536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-12-11 09:42 67112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R0 ivdmbltf;ivdmbltf;C:\WINDOWS\system32\drivers\dpddfyim.dat

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps snelle ethernet-adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 21:31]
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 23:15:34
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-10 23:17:04
ComboFix-quarantined-files.txt 2008-01-10 22:16:44
.
2008-01-10 02:34:58 --- E O F ---

hier het hjt logje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:42, on 10-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4EED7E02-B719-4DE2-AED5-6BD0B33409DB} - C:\WINDOWS\system32\ATIDD.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183829073652
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183828926152
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 4343 bytes

gr charlene

**Marckie** · 11-01-08, 08:13

Dag charlene,

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

File::
C:\WINDOWS\system32\rightonadz-uninst.exe

Driver::
ivdmbltf

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

**charlene** · 11-01-08, 16:54

ComboFix 08-01-10.2 - Charleen 2008-01-11 16:45:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.144 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Charleen\Bureaublad\ComboFix.exe
Command switches used :: and Settings\Charleen\Bureaublad\ComboFix.exe C:\Documents and Settings\Charleen\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))
.

2008-01-11 00:43 . 2008-01-11 00:43 <DIR> d-------- C:\Program Files\Hyves Kwekker
2008-01-10 23:51 . 2008-01-11 02:49 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2008-01-10 23:40 . 2008-01-10 23:40 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-10 23:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 22:52 . 2008-01-10 22:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-09 03:01 . 2008-01-09 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-09 02:32 . 2008-01-09 02:33 <DIR> d-------- C:\hjt
2008-01-09 02:23 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-08 21:51 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-08 21:51 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-08 21:50 . 2007-09-21 10:35 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-01-08 21:50 . 2007-09-21 10:35 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-01-08 21:48 . 2007-07-06 16:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-01-08 21:47 . 2008-01-08 21:47 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-08 21:47 . 2007-03-29 14:01 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-01-08 21:47 . 2007-03-29 14:01 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-01-08 21:47 . 2007-03-29 14:01 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-01-08 21:47 . 2007-03-29 14:01 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-01-08 21:47 . 2007-03-29 14:01 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-01-08 21:47 . 2007-03-29 14:01 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-01-08 21:35 . 2008-01-11 16:36 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-08 21:24 . 2008-01-08 21:26 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-03 19:44 . 2008-01-03 19:44 <DIR> d-------- C:\Documents and Settings\Charleen\Application Data\Datalayer
2008-01-02 20:55 . 2008-01-02 20:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-02 20:55 . 2008-01-02 20:55 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 14:36 . 2008-01-08 21:30 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2007-12-16 14:47 . 19,456 C:\WINDOWS\system32\drivers\dpddfyim.dat
2007-12-16 14:46 . 2007-08-22 02:56 84,992 --a------ C:\WINDOWS\system32\ATIDD.dll
2007-12-13 14:32 . 1998-08-20 12:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2007-12-13 14:32 . 1998-09-02 09:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2007-12-13 14:31 . 1998-08-27 05:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2007-12-13 14:30 . 1998-09-02 09:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2007-12-13 14:29 . 1998-09-02 09:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2007-12-13 14:29 . 1998-08-17 10:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2007-12-13 14:29 . 1998-08-17 10:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2007-12-13 14:29 . 1998-08-17 10:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2007-12-13 14:29 . 2007-12-13 14:29 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2007-12-13 14:29 . 2007-12-13 14:29 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2007-12-13 14:24 . 2007-12-13 14:52 <DIR> d-------- C:\Program Files\Catan
2007-12-13 14:24 . 1998-10-09 14:36 327,168 --a------ C:\WINDOWS\IsUn0413.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-01-08 20:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-08 20:18 --------- d-----w C:\Program Files\Windows Live
2008-01-08 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-12-27 20:46 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-16 14:52 --------- d-----w C:\Documents and Settings\Charleen\Application Data\LimeWire
2007-12-06 19:32 --------- d-----w C:\Program Files\Ubisoft
2007-12-06 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-15 13:19 --------- d-----w C:\Program Files\Ares
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( [email protected]_23.16.04,51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-10 22:10:44 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-11 15:44:16 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-10 22:10:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-11 15:44:16 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-10 22:10:44 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-11 15:44:16 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-10 22:10:45 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-11 15:44:16 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-10 22:10:46 3,780,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-11 15:44:17 4,005,888 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-10 22:10:46 290,816 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-11 15:44:18 290,816 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2004-08-03 23:03:06 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-03 23:03:06 100,864 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-03 23:03:08 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2007-10-11 06:14:44 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-10-11 06:14:44 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-10-11 06:14:44 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-03 23:03:12 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-03 23:03:30 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-03 23:03:12 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-03 23:03:12 220,160 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2001-09-07 12:00:00 237,568 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-03 23:03:12 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-03 23:03:12 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2007-10-11 06:14:44 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-03 23:03:12 48,640 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-03 23:03:12 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-03 23:03:30 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-03 23:03:12 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2007-10-11 06:14:44 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2007-11-14 07:29:20 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2007-10-11 06:14:44 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-03 23:03:14 22,016 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-03 23:03:34 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2007-10-30 10:20:44 3,079,680 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2007-10-11 06:14:45 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-03 23:02:16 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2001-09-07 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2007-10-11 06:14:45 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2007-10-11 06:14:45 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-03 23:03:20 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2007-10-11 06:14:45 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-10-04 09:35:52 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-10-04 09:33:40 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:46 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:46 389,856 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-03 23:03:24 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2007-10-11 06:14:45 616,960 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-03 23:03:24 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 13:58:08 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-03 23:03:24 279,552 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2007-10-11 06:14:46 662,528 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:58:28 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:59:37 389,856 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-13 17:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-13 17:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-02-12 15:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-13 17:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-13 17:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-13 17:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-13 17:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-13 17:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:58:28 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:59:37 389,856 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-13 17:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-13 17:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
- 2004-08-03 23:03:06 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 17:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-03 23:03:06 100,864 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:53:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-03 23:03:08 35,328 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 17:42:54 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 17:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-10-10 23:53:51 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-13 17:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2007-08-13 17:54:10 33,792 -c----w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-10-11 06:14:44 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-13 17:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-10-11 06:14:44 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-10 23:53:51 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-10-11 06:14:44 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-10 23:53:51 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-13 17:18:02 60,416 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-10-10 23:53:51 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2007-10-10 11:02:26 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-10-10 23:53:51 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-10-10 23:53:52 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2001-09-07 12:00:00 237,568 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 05:46:55 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2007-10-10 23:53:52 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2007-10-10 23:53:52 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 17:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-10-10 23:53:54 6,065,664 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-10-11 06:14:44 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 17:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-10-10 23:53:54 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-10-10 23:53:54 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2007-08-13 17:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2007-10-10 11:02:43 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 17:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-10-11 06:14:44 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 17:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-11-14 07:29:20 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 17:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-10-11 06:14:44 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-10 23:53:55 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 17:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-10-10 23:53:55 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2007-10-10 23:53:55 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 17:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-10-30 10:20:44 3,079,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 23:27:15 3,590,656 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-10-11 06:14:45 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:53:57 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 17:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2001-09-07 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 17:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-10-11 06:14:45 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-10 23:53:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-10-11 06:14:45 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:53:58 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:53:58 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-10-11 06:14:45 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-13 17:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-10 23:53:58 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-10-11 06:14:45 616,960 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-10 23:53:59 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-13 17:54:10 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 13:58:08 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:32:14 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-10-10 23:53:59 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-10-11 06:14:46 662,528 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-10 23:54:00 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-10-11 06:14:44 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 17:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-10-11 06:14:44 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:53:51 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-10-11 06:14:44 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:53:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:53:51 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-03 23:03:30 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 11:02:26 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-03 23:03:12 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:53:51 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-03 23:03:12 220,160 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:53:52 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2001-09-07 12:00:00 237,568 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-10-10 23:53:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-03 23:03:12 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:53:52 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-03 23:03:12 81,920 ------w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 17:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-10-10 23:53:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-10-11 06:14:44 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-03 23:03:12 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:53:54 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:53:54 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-03 23:03:12 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 17:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 17:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-03 23:03:12 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 17:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-10-11 06:14:44 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:29:20 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 17:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-10-11 06:14:44 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:53:55 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-03 23:03:14 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-10-10 23:53:55 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:53:55 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 17:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-03 23:03:34 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 17:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-10-30 10:20:44 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 23:27:15 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-10-11 06:14:45 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:53:57 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-03 23:02:16 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2001-09-07 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 17:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-10-11 06:14:45 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:53:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-10-11 06:14:45 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:53:58 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-03 23:03:20 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:53:58 102,400 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-10-11 06:14:45 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 17:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-03 23:03:24 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:53:58 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-10-11 06:14:45 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:53:59 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-03 23:03:24 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 17:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-03 23:03:24 279,552 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:53:59 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 17:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-10-11 06:14:46 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:54:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-01-11 15:32:27 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_d4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EED7E02-B719-4DE2-AED5-6BD0B33409DB}]
2007-08-22 02:56 84992 --a------ C:\WINDOWS\system32\ATIDD.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 22:54 961536]
"HyvesKwekker"="C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" [2007-04-06 10:12 1588736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-12-11 09:42 67112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R0 ivdmbltf;ivdmbltf;C:\WINDOWS\system32\drivers\dpddfyim.dat

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps snelle ethernet-adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 21:31]
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 16:49:50
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-11 16:52:05
ComboFix-quarantined-files.txt 2008-01-11 15:51:53
ComboFix2.txt 2008-01-10 22:17:05
.
2008-01-11 01:49:54 --- E O F ---

**Marckie** · 11-01-08, 19:39

Herhaal dit even Charlene: http://www.nucia.eu/forum/showpost.p...29&postcount=4
Want er is blijkbaar wat misgelopen.
Kopieer exact wat ik daar aangegeven heb, anders lukt het niet.

Mededeling

dll trojan

dll trojan

Comment

Comment

Comment

Comment

Comment