Ergelath

AVG heeft Win32/Patched.DX gevonden en heeft het in de kluis gezet. Verder is er niets gevonden. Er waren ineens ook een hele hoop automatische updates van windows (107), het was me niet opgevallen maar het was al een hele tijd geleden dat ik die nog eens kreeg. De problemen lijken verdwenen, hartelijk bedankt voor je hulp. Ergelath

ComboFix 11-07-27.02 - EIGENAAR 27/07/2011 23:10:18.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.510.246 [GMT 2:00] Gestart vanuit: c:\documents and settings\EIGENAAR\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\EIGENAAR\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . FILE :: "c:\windows\system32\drivers\bghivlil.sys" "c:\windows\SYSTEM32\DRIVERS\wjiqktklizgliru.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SYSTEM32\DRIVERS\wjiqktklizgliru.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_mmfdykiz . . (((((((((((((((((((( Bestanden Gemaakt van 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))) . . 2011-07-27 20:03 . 2011-07-27 20:46 -------- d-----w- c:\windows\SxsCaPendDel 2011-07-27 18:16 . 2011-07-27 18:16 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\AVG9 2011-07-27 15:49 . 2011-07-27 15:49 388096 ----a-r- c:\documents and settings\EIGENAAR\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-27 15:49 . 2011-07-27 15:49 -------- d-----w- c:\program files\Trend Micro 2011-07-27 14:19 . 2010-08-23 16:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-07-27 14:18 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-07-27 14:17 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-07-27 14:17 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-07-27 14:17 . 2010-08-27 08:03 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-07-27 14:17 . 2009-10-15 16:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-07-27 14:16 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2011-07-27 14:15 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-07-27 14:13 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys 2011-07-27 14:10 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-07-27 14:02 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-07-27 13:27 . 2011-07-27 13:27 162816 ----a-w- c:\windows\system32\drivers\NETBT.SYS 2011-07-27 10:39 . 2011-07-27 19:55 -------- d-----w- c:\windows\system32\MpEngineStore 2011-07-27 10:28 . 2011-07-27 10:28 -------- d-----w- c:\documents and settings\EIGENAAR\Local Settings\Application Data\Opera 2011-07-27 10:25 . 2011-07-27 10:26 -------- d-----w- c:\program files\Opera 2011-07-26 19:58 . 2011-07-26 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-07-26 19:58 . 2011-07-26 19:58 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\SUPERAntiSpyware.com 2011-07-26 19:57 . 2011-07-26 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-07-26 18:49 . 2011-07-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2011-07-26 18:49 . 2011-07-26 18:49 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\Spyware Terminator 2011-07-26 18:49 . 2011-07-26 19:01 -------- d-----w- c:\program files\Spyware Terminator 2011-07-26 18:39 . 2011-07-26 19:00 -------- d-s---w- c:\documents and settings\Administrator 2011-07-26 14:41 . 2011-07-26 14:41 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2011-07-26 14:41 . 2011-07-26 14:41 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2(2).sys 2011-07-25 10:31 . 2011-07-27 15:51 -------- d--h--r- c:\documents and settings\EIGENAAR\Onlangs geopend 2011-07-23 22:25 . 2011-07-23 22:31 -------- d-----w- c:\documents and settings\EIGENAAR\dwhelper 2011-07-18 18:47 . 2011-07-18 18:47 -------- d-----w- c:\documents and settings\EIGENAAR\Local Settings\Application Data\Downloaded Installations 2011-07-07 19:26 . 2011-07-07 19:26 1409 ----a-w- c:\windows\QTFont.for 2011-06-30 20:11 . 2011-07-03 10:07 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\vlc . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-26 08:11 . 2002-09-11 04:00 26112 ----a-w- c:\windows\system32\userinit.exe 2011-07-21 12:59 . 2009-02-10 17:08 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-07-06 17:52 . 2011-06-11 22:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2011-06-11 22:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-29 19:44 . 2010-12-01 19:54 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-19 19:07 . 2011-06-15 17:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-06 11:35 . 2002-09-11 04:00 1859072 ----a-w- c:\windows\system32\win32k.sys 2011-05-05 19:01 . 2010-08-24 18:03 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2011-05-02 15:31 . 2004-03-02 12:18 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-03-29 19:51 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2002-09-11 04:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 07:48 . 2011-07-25 18:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-27_18.55.09 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-18 20:51 . 2011-04-18 20:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll + 2011-04-18 20:51 . 2011-04-18 20:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll + 2011-04-18 20:51 . 2011-04-18 20:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll + 2011-04-18 20:51 . 2011-04-18 20:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll + 2011-04-18 20:51 . 2011-04-18 20:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll + 2011-04-18 20:51 . 2011-04-18 20:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll + 2011-04-18 20:51 . 2011-04-18 20:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll + 2011-04-18 20:51 . 2011-04-18 20:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll + 2011-04-18 20:51 . 2011-04-18 20:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll + 2011-04-18 20:51 . 2011-04-18 20:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll + 2011-04-18 20:51 . 2011-04-18 20:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll + 2011-04-18 20:51 . 2011-04-18 20:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll + 2011-04-18 20:51 . 2011-04-18 20:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll + 2011-04-18 20:51 . 2011-04-18 20:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll + 2011-05-13 18:17 . 2011-05-13 18:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll + 2011-05-13 17:45 . 2011-05-13 17:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll + 2011-05-13 17:45 . 2011-05-13 17:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll + 2011-05-13 17:45 . 2011-05-13 17:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll + 2011-05-13 17:45 . 2011-05-13 17:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll + 2011-05-13 17:45 . 2011-05-13 17:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll + 2011-05-13 17:45 . 2011-05-13 17:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll + 2011-05-13 17:45 . 2011-05-13 17:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll + 2011-05-13 17:45 . 2011-05-13 17:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll + 2011-05-13 17:45 . 2011-05-13 17:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll + 2011-05-13 23:06 . 2011-05-13 23:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll + 2011-05-13 23:23 . 2011-05-13 23:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll + 2011-05-13 16:37 . 2011-05-13 16:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll + 2011-07-27 21:26 . 2011-07-27 21:26 16384 c:\windows\Temp\Perflib_Perfdata_518.dat + 2002-09-11 04:00 . 2009-06-25 08:27 54272 c:\windows\SYSTEM32\wdigest.dll + 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\SYSTEM32\tzchange.exe - 2004-11-02 20:33 . 2008-07-09 07:44 26488 c:\windows\SYSTEM32\spupdsvc.exe + 2004-11-02 20:33 . 2007-07-27 21:11 26488 c:\windows\SYSTEM32\spupdsvc.exe + 2002-09-11 04:00 . 2010-08-17 13:17 58880 c:\windows\SYSTEM32\spoolsv.exe + 2007-02-13 13:21 . 2010-02-22 14:29 18808 c:\windows\SYSTEM32\spmsg.dll - 2007-02-13 13:21 . 2008-07-09 07:44 18808 c:\windows\SYSTEM32\spmsg.dll - 2002-09-11 04:00 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\secur32.dll + 2002-09-11 04:00 . 2009-06-25 08:27 56832 c:\windows\SYSTEM32\secur32.dll + 2002-09-11 04:00 . 2009-10-12 13:40 79872 c:\windows\SYSTEM32\raschap.dll - 2002-09-11 04:00 . 2008-04-14 17:02 79872 c:\windows\SYSTEM32\raschap.dll + 2004-10-21 05:44 . 2009-11-27 17:14 17920 c:\windows\SYSTEM32\msyuv.dll + 2002-09-11 04:00 . 2009-11-27 16:10 28672 c:\windows\SYSTEM32\msvidc32.dll + 2002-09-11 04:00 . 2009-11-27 16:10 11264 c:\windows\SYSTEM32\msrle32.dll - 2002-09-11 04:00 . 2008-04-14 17:02 11264 c:\windows\SYSTEM32\msrle32.dll + 2004-03-29 19:51 . 2009-09-04 21:05 58880 c:\windows\SYSTEM32\msasn1.dll + 2002-09-11 04:00 . 2009-11-27 16:10 48128 c:\windows\SYSTEM32\iyuv_32.dll + 2002-09-11 04:00 . 2010-11-18 18:15 86016 c:\windows\SYSTEM32\isign32.dll - 2002-09-11 04:00 . 2008-04-14 17:02 86016 c:\windows\SYSTEM32\isign32.dll - 2002-09-11 04:00 . 2008-04-14 17:02 80384 c:\windows\SYSTEM32\iccvid.dll + 2002-09-11 04:00 . 2010-06-17 14:03 80384 c:\windows\SYSTEM32\iccvid.dll + 2002-09-11 04:00 . 2009-10-15 16:38 81920 c:\windows\SYSTEM32\fontsub.dll + 2002-09-11 04:00 . 2010-11-02 15:17 40960 c:\windows\SYSTEM32\DRIVERS\ndproxy.sys + 2002-09-11 04:00 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DRIVERS\ksecdd.sys - 2002-09-11 04:00 . 2008-04-14 17:02 45568 c:\windows\SYSTEM32\dnsrslvr.dll + 2002-09-11 04:00 . 2009-04-20 17:22 45568 c:\windows\SYSTEM32\dnsrslvr.dll + 2009-06-25 08:27 . 2009-06-25 08:27 54272 c:\windows\SYSTEM32\DLLCACHE\wdigest.dll + 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\SYSTEM32\DLLCACHE\spoolsv.exe + 2009-02-03 19:59 . 2009-06-25 08:27 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll - 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll + 2009-10-12 13:40 . 2009-10-12 13:40 79872 c:\windows\SYSTEM32\DLLCACHE\raschap.dll + 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\SYSTEM32\DLLCACHE\msyuv.dll + 2009-11-27 16:10 . 2009-11-27 16:10 28672 c:\windows\SYSTEM32\DLLCACHE\msvidc32.dll + 2009-11-27 16:10 . 2009-11-27 16:10 11264 c:\windows\SYSTEM32\DLLCACHE\msrle32.dll + 2009-09-04 21:05 . 2009-09-04 21:05 58880 c:\windows\SYSTEM32\DLLCACHE\msasn1.dll + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DLLCACHE\ksecdd.sys + 2009-11-27 16:10 . 2009-11-27 16:10 48128 c:\windows\SYSTEM32\DLLCACHE\iyuv_32.dll + 2010-11-18 18:15 . 2010-11-18 18:15 86016 c:\windows\SYSTEM32\DLLCACHE\isign32.dll + 2009-04-20 17:22 . 2009-04-20 17:22 45568 c:\windows\SYSTEM32\DLLCACHE\dnsrslvr.dll + 2011-04-26 11:07 . 2011-04-26 11:07 33280 c:\windows\SYSTEM32\DLLCACHE\csrsrv.dll + 2010-01-13 14:06 . 2010-01-13 14:06 87040 c:\windows\SYSTEM32\DLLCACHE\cabview.dll + 2009-11-27 16:10 . 2009-11-27 16:10 85504 c:\windows\SYSTEM32\DLLCACHE\avifil32.dll + 2009-07-17 19:04 . 2009-07-17 19:04 58880 c:\windows\SYSTEM32\DLLCACHE\atl.dll + 2010-03-05 14:42 . 2010-03-05 14:42 65536 c:\windows\SYSTEM32\DLLCACHE\asycfilt.dll + 2002-09-11 04:00 . 2011-04-26 11:07 33280 c:\windows\SYSTEM32\csrsrv.dll + 2002-09-11 04:00 . 2010-01-13 14:06 87040 c:\windows\SYSTEM32\cabview.dll - 2002-09-11 04:00 . 2008-04-14 17:02 85504 c:\windows\SYSTEM32\avifil32.dll + 2002-09-11 04:00 . 2009-11-27 16:10 85504 c:\windows\SYSTEM32\avifil32.dll - 2002-09-11 04:00 . 2008-04-14 17:02 58880 c:\windows\SYSTEM32\atl.dll + 2002-09-11 04:00 . 2009-07-17 19:04 58880 c:\windows\SYSTEM32\atl.dll + 2002-09-11 04:00 . 2010-03-05 14:42 65536 c:\windows\SYSTEM32\asycfilt.dll + 2009-06-24 17:56 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe + 2010-09-23 13:55 . 2010-09-23 13:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll - 2010-04-01 09:42 . 2010-04-01 09:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll + 2010-09-23 00:26 . 2010-09-23 00:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2010-03-31 12:51 . 2010-03-31 12:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2010-03-31 12:51 . 2010-03-31 12:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2010-09-23 00:26 . 2010-09-23 00:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll - 2010-03-31 12:51 . 2010-03-31 12:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2010-09-23 00:26 . 2010-09-23 00:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2010-09-23 01:17 . 2010-09-23 01:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2010-03-31 13:32 . 2010-03-31 13:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2010-03-31 13:32 . 2010-03-31 13:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll + 2010-09-23 01:17 . 2010-09-23 01:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll + 2010-09-10 23:00 . 2011-07-27 20:44 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2010-09-10 23:00 . 2010-09-15 18:59 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2010-09-10 23:00 . 2010-09-15 18:59 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2010-09-10 23:00 . 2011-07-27 20:44 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2010-09-10 23:00 . 2010-09-15 18:59 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2010-09-10 23:00 . 2011-07-27 20:44 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\Driver Cache\I386\msyuv.dll + 2009-11-27 16:10 . 2009-11-27 16:10 48128 c:\windows\Driver Cache\I386\iyuv_32.dll + 2011-07-27 20:05 . 2011-07-27 20:05 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_cddae7d8\System.Drawing.Design.dll + 2011-07-27 20:05 . 2011-07-27 20:05 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_61b3809d\CustomMarshalers.dll - 2010-08-25 20:03 . 2010-08-25 20:03 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2011-07-27 20:05 . 2011-07-27 20:05 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2011-07-27 20:00 . 2010-02-22 14:29 26488 c:\windows\$hf_mig$\KB982665\update\spcustom.dll + 2011-07-27 20:00 . 2010-02-22 14:29 18808 c:\windows\$hf_mig$\KB982665\spmsg.dll + 2010-06-17 14:02 . 2010-06-17 14:02 80384 c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll + 2011-07-27 20:15 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll + 2011-07-27 20:15 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB980436\spmsg.dll + 2011-07-27 20:08 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll + 2011-07-27 20:08 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB979482\spmsg.dll + 2010-03-05 14:53 . 2010-03-05 14:53 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll + 2011-07-27 20:09 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll + 2011-07-27 20:09 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB979309\spmsg.dll + 2010-01-13 13:49 . 2010-01-13 13:49 87040 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll + 2011-07-27 20:07 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB978706\update\spcustom.dll + 2011-07-27 20:07 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB978706\spmsg.dll + 2011-07-27 20:15 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll + 2011-07-27 20:15 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB978601\spmsg.dll + 2011-07-27 20:09 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll + 2011-07-27 20:09 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB978542\spmsg.dll + 2011-07-27 20:30 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll + 2011-07-27 20:30 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB978338\spmsg.dll + 2011-07-27 20:09 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll + 2011-07-27 20:09 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB977914\spmsg.dll + 2009-11-27 16:30 . 2009-11-27 16:30 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll + 2009-11-27 16:30 . 2009-11-27 16:30 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll + 2009-11-27 16:30 . 2009-11-27 16:30 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll + 2009-11-27 16:30 . 2009-11-27 16:30 85504 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll + 2011-07-27 20:19 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll + 2011-07-27 20:19 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB977816\spmsg.dll + 2011-07-27 20:31 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB975713\update\spcustom.dll + 2011-07-27 20:31 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB975713\spmsg.dll + 2011-07-27 20:07 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll + 2011-07-27 20:07 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB975562\spmsg.dll + 2011-07-27 20:19 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB975560\update\spcustom.dll + 2011-07-27 20:19 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB975560\spmsg.dll + 2009-11-27 17:25 . 2009-11-27 17:25 17920 c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll + 2011-07-27 19:59 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll + 2011-07-27 19:59 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB975467\spmsg.dll + 2011-07-27 20:22 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll + 2011-07-27 20:22 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB975025\spmsg.dll + 2011-07-27 20:20 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll + 2011-07-27 20:20 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB974571\spmsg.dll + 2009-09-04 21:02 . 2009-09-04 21:02 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll + 2011-07-27 20:10 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll + 2011-07-27 20:10 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB974392\spmsg.dll + 2011-07-27 20:32 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll + 2011-07-27 20:32 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB974318\spmsg.dll + 2009-10-12 13:33 . 2009-10-12 13:33 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll + 2011-07-27 20:26 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll + 2011-07-27 20:26 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB974112\spmsg.dll + 2011-07-27 20:07 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll + 2011-07-27 20:07 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB973815\spmsg.dll + 2011-07-27 20:19 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll + 2011-07-27 20:19 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB973507\spmsg.dll + 2009-07-17 19:28 . 2009-07-17 19:28 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll + 2011-07-27 20:30 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll + 2011-07-27 20:30 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB971657\spmsg.dll + 2011-07-27 20:32 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll + 2011-07-27 20:32 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB969059\spmsg.dll + 2011-07-27 19:58 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll + 2011-07-27 19:58 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB968389\spmsg.dll + 2009-06-25 08:42 . 2009-06-25 08:42 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll + 2009-06-25 08:42 . 2009-06-25 08:42 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll + 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys + 2011-07-27 20:26 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB2347290\update\spcustom.dll + 2011-07-27 20:26 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB2347290\spmsg.dll + 2010-08-17 13:19 . 2010-08-17 13:19 58880 c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe + 2011-07-27 20:38 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll + 2011-07-27 20:38 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB2115168\spmsg.dll + 2011-07-27 20:25 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll + 2011-07-27 20:25 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB2079403\spmsg.dll + 2008-05-05 05:25 . 2011-02-17 12:54 5632 c:\windows\SYSTEM32\xpsp4res.dll + 2002-09-11 04:00 . 2009-11-27 16:10 8704 c:\windows\SYSTEM32\tsbyuv.dll + 2009-11-27 16:10 . 2009-11-27 16:10 8704 c:\windows\SYSTEM32\DLLCACHE\tsbyuv.dll + 2009-11-27 16:10 . 2009-11-27 16:10 8704 c:\windows\Driver Cache\I386\tsbyuv.dll + 2009-11-27 16:30 . 2009-11-27 16:30 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll + 2011-04-18 20:51 . 2011-04-18 20:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll + 2011-04-18 20:51 . 2011-04-18 20:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll + 2011-04-18 20:51 . 2011-04-18 20:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll + 2011-04-18 20:51 . 2011-04-18 20:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll + 2011-05-13 23:17 . 2011-05-13 23:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll + 2011-05-13 23:12 . 2011-05-13 23:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll + 2011-05-13 23:11 . 2011-05-13 23:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll + 2004-08-04 08:03 . 2009-04-01 21:02 604160 c:\windows\SYSTEM32\wmspdmod.dll + 2004-08-04 08:03 . 2009-07-13 21:43 286208 c:\windows\SYSTEM32\wmpdxm.dll - 2003-10-21 16:30 . 2008-04-14 17:02 132096 c:\windows\SYSTEM32\wkssvc.dll + 2003-10-21 16:30 . 2009-06-10 06:16 132096 c:\windows\SYSTEM32\wkssvc.dll + 2002-09-11 04:00 . 2009-12-24 07:05 177664 c:\windows\SYSTEM32\wintrust.dll - 2002-09-11 04:00 . 2008-04-14 17:02 293888 c:\windows\SYSTEM32\winsrv.dll + 2002-09-11 04:00 . 2011-04-26 11:07 293888 c:\windows\SYSTEM32\winsrv.dll + 2002-09-11 04:00 . 2011-03-04 06:44 434176 c:\windows\SYSTEM32\vbscript.dll + 2002-09-11 04:00 . 2010-04-16 15:38 406016 c:\windows\SYSTEM32\usp10.dll - 2002-09-11 04:00 . 2008-04-14 17:02 406016 c:\windows\SYSTEM32\usp10.dll + 2002-09-11 04:00 . 2010-08-27 08:03 119808 c:\windows\SYSTEM32\t2embed.dll - 2002-09-11 04:00 . 2008-10-03 10:05 247326 c:\windows\SYSTEM32\strmdll.dll + 2002-09-11 04:00 . 2009-08-26 08:02 247326 c:\windows\SYSTEM32\strmdll.dll - 2002-09-11 04:00 . 2008-04-14 17:02 135680 c:\windows\SYSTEM32\shsvcs.dll + 2002-09-11 04:00 . 2009-07-27 23:19 135680 c:\windows\SYSTEM32\shsvcs.dll - 2004-08-20 12:54 . 2008-04-14 17:02 474624 c:\windows\SYSTEM32\shlwapi.dll + 2004-08-20 12:54 . 2009-12-08 09:25 474624 c:\windows\SYSTEM32\shlwapi.dll + 2002-09-11 04:00 . 2011-01-21 14:44 441344 c:\windows\SYSTEM32\shimgvw.dll + 2004-03-05 20:19 . 2010-08-16 08:45 590848 c:\windows\SYSTEM32\rpcrt4.dll + 2002-09-11 04:00 . 2009-10-12 13:40 150016 c:\windows\SYSTEM32\rastls.dll - 2002-09-11 04:00 . 2008-04-14 17:02 551936 c:\windows\SYSTEM32\oleaut32.dll + 2002-09-11 04:00 . 2010-12-20 17:32 551936 c:\windows\SYSTEM32\oleaut32.dll - 2002-09-11 04:00 . 2008-04-14 17:02 249856 c:\windows\SYSTEM32\odbc32.dll + 2002-09-11 04:00 . 2010-11-09 14:52 249856 c:\windows\SYSTEM32\odbc32.dll - 2002-09-11 04:00 . 2008-04-14 17:02 270848 c:\windows\SYSTEM32\oakley.dll + 2002-09-11 04:00 . 2009-10-13 10:38 270848 c:\windows\SYSTEM32\oakley.dll + 2002-09-11 04:00 . 2010-12-09 15:15 739328 c:\windows\SYSTEM32\ntdll.dll - 2002-09-11 04:00 . 2008-06-20 17:49 247296 c:\windows\SYSTEM32\mswsock.dll + 2002-09-11 04:00 . 2008-06-20 16:04 247296 c:\windows\SYSTEM32\mswsock.dll + 2002-12-11 23:14 . 2009-08-05 09:01 205312 c:\windows\SYSTEM32\mswebdvd.dll + 2002-09-11 04:00 . 2009-09-11 14:20 136192 c:\windows\SYSTEM32\msv1_0.dll + 2002-09-11 04:00 . 2011-01-27 11:57 677888 c:\windows\SYSTEM32\mstsc.exe - 2002-09-11 04:00 . 2008-04-14 17:03 677888 c:\windows\SYSTEM32\mstsc.exe + 2002-09-11 04:00 . 2009-12-17 07:42 345600 c:\windows\SYSTEM32\mspaint.exe - 2002-09-11 04:00 . 2008-04-14 17:03 345600 c:\windows\SYSTEM32\mspaint.exe + 2009-11-05 20:17 . 2009-11-05 20:17 297808 c:\windows\SYSTEM32\mscoree.dll - 2006-10-18 20:47 . 2006-10-18 20:47 317440 c:\windows\SYSTEM32\MP4SDECD.dll + 2006-10-18 20:47 . 2010-03-30 10:24 317440 c:\windows\SYSTEM32\mp4sdecd.dll + 2002-09-11 04:00 . 2011-02-08 13:33 974848 c:\windows\SYSTEM32\mfc42u.dll + 2002-09-11 04:00 . 2011-02-08 13:33 978944 c:\windows\SYSTEM32\mfc42.dll + 2004-03-29 19:51 . 2010-12-20 17:25 735232 c:\windows\SYSTEM32\lsasrv.dll + 2002-09-11 04:00 . 2010-12-22 12:34 301568 c:\windows\SYSTEM32\kerberos.dll - 2003-01-13 13:57 . 2008-05-09 10:56 512000 c:\windows\SYSTEM32\jscript.dll + 2003-01-13 13:57 . 2011-03-04 06:44 512000 c:\windows\SYSTEM32\jscript.dll + 2004-10-21 05:44 . 2011-02-11 14:44 236544 c:\windows\SYSTEM32\fxscover.exe - 2002-09-30 12:41 . 2011-03-07 19:08 295664 c:\windows\SYSTEM32\FNTCACHE.DAT + 2002-09-30 12:41 . 2011-07-27 20:46 295664 c:\windows\SYSTEM32\FNTCACHE.DAT + 2002-09-11 04:00 . 2010-02-11 12:02 226880 c:\windows\SYSTEM32\DRIVERS\tcpip6.sys + 2002-09-11 04:00 . 2011-02-17 13:18 357888 c:\windows\SYSTEM32\DRIVERS\srv.sys + 2002-09-11 04:00 . 2011-04-21 13:37 105472 c:\windows\SYSTEM32\DRIVERS\mup.sys + 2002-09-11 04:00 . 2011-02-16 13:22 138496 c:\windows\SYSTEM32\DRIVERS\afd.sys - 2002-09-11 04:00 . 2008-08-14 10:04 138496 c:\windows\SYSTEM32\DRIVERS\afd.sys + 2002-09-11 04:00 . 2011-03-03 06:55 149504 c:\windows\SYSTEM32\dnsapi.dll + 2009-04-15 11:42 . 2010-07-16 11:58 221184 c:\windows\SYSTEM32\DLLCACHE\wordpad.exe + 2004-08-04 08:03 . 2009-04-01 21:02 604160 c:\windows\SYSTEM32\DLLCACHE\wmspdmod.dll + 2004-08-04 08:03 . 2009-07-13 21:43 286208 c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll + 2009-06-10 06:16 . 2009-06-10 06:16 132096 c:\windows\SYSTEM32\DLLCACHE\wkssvc.dll + 2009-12-24 07:05 . 2009-12-24 07:05 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll + 2011-04-26 11:07 . 2011-04-26 11:07 293888 c:\windows\SYSTEM32\DLLCACHE\winsrv.dll + 2006-09-18 14:16 . 2011-04-30 08:50 766464 c:\windows\SYSTEM32\DLLCACHE\vgx.dll + 2008-05-09 10:56 . 2011-03-04 06:44 434176 c:\windows\SYSTEM32\DLLCACHE\vbscript.dll + 2010-04-16 15:38 . 2010-04-16 15:38 406016 c:\windows\SYSTEM32\DLLCACHE\usp10.dll + 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\SYSTEM32\DLLCACHE\tcpip6.sys + 2006-08-24 12:19 . 2009-08-26 08:02 247326 c:\windows\SYSTEM32\DLLCACHE\strmdll.dll - 2006-08-24 12:19 . 2008-10-03 10:05 247326 c:\windows\SYSTEM32\DLLCACHE\strmdll.dll + 2008-10-16 13:57 . 2011-02-17 13:18 357888 c:\windows\SYSTEM32\DLLCACHE\srv.sys + 2009-07-27 23:19 . 2009-07-27 23:19 135680 c:\windows\SYSTEM32\DLLCACHE\shsvcs.dll + 2009-12-08 09:25 . 2009-12-08 09:25 474624 c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll + 2011-01-21 14:44 . 2011-01-21 14:44 441344 c:\windows\SYSTEM32\DLLCACHE\shimgvw.dll + 2008-12-05 06:58 . 2011-04-29 17:25 151552 c:\windows\SYSTEM32\DLLCACHE\schannel.dll + 2009-04-15 14:55 . 2010-08-16 08:45 590848 c:\windows\SYSTEM32\DLLCACHE\rpcrt4.dll + 2009-10-12 13:40 . 2009-10-12 13:40 150016 c:\windows\SYSTEM32\DLLCACHE\rastls.dll + 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\SYSTEM32\DLLCACHE\oleaut32.dll + 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\SYSTEM32\DLLCACHE\odbc32.dll + 2009-10-13 10:38 . 2009-10-13 10:38 270848 c:\windows\SYSTEM32\DLLCACHE\oakley.dll + 2009-04-15 11:44 . 2010-12-09 15:15 739328 c:\windows\SYSTEM32\DLLCACHE\ntdll.dll + 2008-06-20 17:49 . 2008-06-20 16:04 247296 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll - 2008-06-20 17:49 . 2008-06-20 17:49 247296 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll + 2009-08-05 09:01 . 2009-08-05 09:01 205312 c:\windows\SYSTEM32\DLLCACHE\mswebdvd.dll + 2009-06-25 08:27 . 2009-09-11 14:20 136192 c:\windows\SYSTEM32\DLLCACHE\msv1_0.dll + 2009-12-17 07:42 . 2009-12-17 07:42 345600 c:\windows\SYSTEM32\DLLCACHE\mspaint.exe + 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\SYSTEM32\DLLCACHE\msjro.dll + 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\SYSTEM32\DLLCACHE\msadox.dll + 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\SYSTEM32\DLLCACHE\msadomd.dll + 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\SYSTEM32\DLLCACHE\msado15.dll + 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\SYSTEM32\DLLCACHE\msadco.dll + 2008-11-13 14:22 . 2011-04-29 16:19 456320 c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys + 2010-03-30 10:24 . 2010-03-30 10:24 317440 c:\windows\SYSTEM32\DLLCACHE\mp4sdecd.dll + 2006-10-14 08:13 . 2011-02-08 13:33 974848 c:\windows\SYSTEM32\DLLCACHE\mfc42u.dll + 2011-02-08 13:33 . 2011-02-08 13:33 978944 c:\windows\SYSTEM32\DLLCACHE\mfc42.dll + 2009-04-15 11:44 . 2010-12-20 17:25 735232 c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll + 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\SYSTEM32\DLLCACHE\lhmstsc.exe + 2009-06-25 08:27 . 2010-12-22 12:34 301568 c:\windows\SYSTEM32\DLLCACHE\kerberos.dll + 2008-05-09 10:56 . 2011-03-04 06:44 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll - 2008-05-09 10:56 . 2008-05-09 10:56 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll + 2008-08-16 14:16 . 2011-05-02 15:31 692736 c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll + 2011-02-11 14:44 . 2011-02-11 14:44 236544 c:\windows\SYSTEM32\DLLCACHE\fxscover.exe + 2008-06-20 17:49 . 2011-03-03 06:55 149504 c:\windows\SYSTEM32\DLLCACHE\dnsapi.dll + 2011-02-15 12:56 . 2011-02-15 12:56 290432 c:\windows\SYSTEM32\DLLCACHE\atmfd.dll - 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\SYSTEM32\DLLCACHE\afd.sys + 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\SYSTEM32\DLLCACHE\afd.sys + 2010-02-12 04:35 . 2010-02-12 04:35 100864 c:\windows\SYSTEM32\DLLCACHE\6to4svc.dll + 2002-09-11 04:00 . 2010-08-23 16:13 617472 c:\windows\SYSTEM32\comctl32.dll - 2002-09-11 04:00 . 2008-04-14 17:02 617472 c:\windows\SYSTEM32\comctl32.dll + 2002-09-11 04:00 . 2011-02-15 12:56 290432 c:\windows\SYSTEM32\atmfd.dll + 2002-09-11 04:00 . 2010-02-12 04:35 100864 c:\windows\SYSTEM32\6to4svc.dll + 2011-02-11 14:44 . 2011-02-11 14:44 236544 c:\windows\ServicePackFiles\ServicePackCache\i386\fxscover.exe - 2002-09-11 04:00 . 2008-04-14 17:03 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe + 2002-09-11 04:00 . 2010-06-14 14:31 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe - 2010-03-31 12:51 . 2010-03-31 12:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2010-09-23 00:26 . 2010-09-23 00:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2010-09-23 00:25 . 2010-09-23 00:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2010-03-31 12:49 . 2010-03-31 12:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2010-03-31 13:32 . 2010-03-31 13:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2010-09-23 01:17 . 2010-09-23 01:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2011-03-17 18:03 . 2011-03-17 18:03 308736 c:\windows\Installer\3dd82a.msp + 2011-07-27 20:35 . 2011-07-27 20:35 223744 c:\windows\Installer\3dd7ea.msi + 2010-07-22 23:03 . 2010-07-22 23:03 338432 c:\windows\Installer\3dd743.msp + 2011-07-27 20:03 . 2011-07-27 20:03 467456 c:\windows\Installer\3dd701.msi + 2010-09-10 23:00 . 2011-07-27 20:44 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2010-09-10 23:00 . 2010-09-15 18:59 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2010-09-10 23:00 . 2011-07-27 20:44 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2010-09-10 23:00 . 2010-09-15 18:59 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2010-09-10 23:00 . 2011-07-27 20:44 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2010-09-10 23:00 . 2010-09-15 18:59 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2010-09-10 23:00 . 2010-09-15 18:59 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2010-09-10 23:00 . 2011-07-27 20:44 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2010-09-10 23:00 . 2011-07-27 20:44 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2010-09-10 23:00 . 2010-09-15 18:59 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2010-09-10 23:00 . 2010-09-15 18:59 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2010-09-10 23:00 . 2011-07-27 20:44 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2010-09-10 23:00 . 2010-09-15 18:59 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2010-09-10 23:00 . 2011-07-27 20:44 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-11-04 02:13 . 2008-11-04 02:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCONV97.DLL + 2009-02-14 04:04 . 2009-02-14 04:04 625520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBSERVICES.DLL + 2009-02-12 13:19 . 2009-02-12 13:19 688512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBPLATFORMSERVICES.DLL + 2009-03-06 02:33 . 2009-03-06 02:33 961888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEUTIL.DLL + 2009-02-14 04:03 . 2009-02-14 04:03 337264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVE.EXE + 2011-07-27 20:38 . 2008-05-27 17:30 765952 c:\windows\ie7updates\KB2544521-IE7\vgx.dll + 2011-07-27 20:38 . 2010-07-05 13:21 401272 c:\windows\ie7updates\KB2544521-IE7\spuninst\updspapi.dll + 2011-07-27 20:38 . 2010-07-05 13:21 234872 c:\windows\ie7updates\KB2544521-IE7\spuninst\spuninst.exe + 2008-11-13 14:22 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\I386\mrxsmb.sys + 2011-07-27 20:49 . 2011-07-27 20:49 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_c3fbd88e\System.Drawing.dll + 2011-07-27 20:56 . 2011-07-27 20:56 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_44bd8ded\System.Drawing.Design.dll + 2011-07-27 20:56 . 2011-07-27 20:56 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6dedaf2b\CustomMarshalers.dll + 2002-09-11 04:00 . 2009-11-21 16:03 471552 c:\windows\AppPatch\aclayers.dll + 2011-07-27 20:00 . 2010-02-22 14:29 401272 c:\windows\$hf_mig$\KB982665\update\updspapi.dll + 2011-07-27 20:00 . 2010-02-22 14:29 765304 c:\windows\$hf_mig$\KB982665\update\update.exe + 2011-07-27 20:00 . 2010-02-22 14:29 234872 c:\windows\$hf_mig$\KB982665\spuninst.exe + 2011-07-27 20:15 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB980436\update\updspapi.dll + 2011-07-27 20:15 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB980436\update\update.exe + 2011-07-27 20:15 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB980436\spuninst.exe + 2010-06-30 12:25 . 2010-06-30 12:25 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll + 2011-07-27 20:08 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB979482\update\updspapi.dll + 2011-07-27 20:08 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB979482\update\update.exe + 2011-07-27 20:08 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB979482\spuninst.exe + 2011-07-27 20:09 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB979309\update\updspapi.dll + 2011-07-27 20:09 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB979309\update\update.exe + 2011-07-27 20:09 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB979309\spuninst.exe + 2011-07-27 20:07 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB978706\update\updspapi.dll + 2011-07-27 20:07 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB978706\update\update.exe + 2011-07-27 20:07 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB978706\spuninst.exe + 2009-12-17 07:39 . 2009-12-17 07:39 345600 c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe + 2011-07-27 20:15 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB978601\update\updspapi.dll + 2011-07-27 20:15 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB978601\update\update.exe + 2011-07-27 20:15 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB978601\spuninst.exe + 2009-12-24 06:44 . 2009-12-24 06:44 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll + 2011-07-27 20:09 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB978542\update\updspapi.dll + 2011-07-27 20:09 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB978542\update\update.exe + 2011-07-27 20:09 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB978542\spuninst.exe + 2010-01-29 14:54 . 2010-01-29 14:54 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll + 2011-07-27 20:30 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB978338\update\updspapi.dll + 2011-07-27 20:30 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB978338\update\update.exe + 2011-07-27 20:30 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB978338\spuninst.exe + 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys + 2010-02-12 04:32 . 2010-02-12 04:32 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll + 2011-07-27 20:09 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB977914\update\updspapi.dll + 2011-07-27 20:09 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB977914\update\update.exe + 2011-07-27 20:09 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB977914\spuninst.exe + 2011-07-27 20:19 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB977816\update\updspapi.dll + 2011-07-27 20:19 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB977816\update\update.exe + 2011-07-27 20:19 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB977816\spuninst.exe + 2011-07-27 20:31 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB975713\update\updspapi.dll + 2011-07-27 20:31 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB975713\update\update.exe + 2011-07-27 20:31 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB975713\spuninst.exe + 2009-12-08 09:03 . 2009-12-08 09:03 474624 c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll + 2011-07-27 20:07 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB975562\update\updspapi.dll + 2011-07-27 20:07 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB975562\update\update.exe + 2011-07-27 20:07 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB975562\spuninst.exe + 2011-07-27 20:19 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB975560\update\updspapi.dll + 2011-07-27 20:19 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB975560\update\update.exe + 2011-07-27 20:19 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB975560\spuninst.exe + 2011-07-27 19:59 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB975467\update\updspapi.dll + 2011-07-27 19:59 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB975467\update\update.exe + 2011-07-27 19:59 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB975467\spuninst.exe + 2009-09-11 14:16 . 2009-09-11 14:16 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll + 2011-07-27 20:22 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB975025\update\updspapi.dll + 2011-07-27 20:22 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB975025\update\update.exe + 2011-07-27 20:22 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB975025\spuninst.exe + 2011-07-27 20:20 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB974571\update\updspapi.dll + 2011-07-27 20:20 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB974571\update\update.exe + 2011-07-27 20:20 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB974571\spuninst.exe + 2011-07-27 20:10 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB974392\update\updspapi.dll + 2011-07-27 20:10 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB974392\update\update.exe + 2011-07-27 20:10 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB974392\spuninst.exe + 2009-10-13 10:39 . 2009-10-13 10:39 270848 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll + 2011-07-27 20:32 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB974318\update\updspapi.dll + 2011-07-27 20:32 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB974318\update\update.exe + 2011-07-27 20:32 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB974318\spuninst.exe + 2009-10-12 13:33 . 2009-10-12 13:33 150528 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll + 2011-07-27 20:26 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB974112\update\updspapi.dll + 2011-07-27 20:26 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB974112\update\update.exe + 2011-07-27 20:26 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB974112\spuninst.exe + 2009-08-26 08:03 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll + 2011-07-27 20:07 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB973815\update\updspapi.dll + 2011-07-27 20:07 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB973815\update\update.exe + 2011-07-27 20:07 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB973815\spuninst.exe + 2009-08-05 08:54 . 2009-08-05 08:54 205312 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll + 2011-07-27 20:19 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB973507\update\updspapi.dll + 2011-07-27 20:19 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB973507\update\update.exe + 2011-07-27 20:19 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB973507\spuninst.exe + 2011-07-27 20:30 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB971657\update\updspapi.dll + 2011-07-27 20:30 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB971657\update\update.exe + 2011-07-27 20:30 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB971657\spuninst.exe + 2009-06-10 06:20 . 2009-06-10 06:20 134144 c:\windows\$hf_mig$\KB971657\SP3QFE\wkssvc.dll + 2011-07-27 20:32 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB969059\update\updspapi.dll + 2011-07-27 20:32 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB969059\update\update.exe + 2011-07-27 20:32 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB969059\spuninst.exe + 2011-07-27 19:58 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB968389\update\updspapi.dll + 2011-07-27 19:58 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB968389\update\update.exe + 2011-07-27 19:58 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB968389\spuninst.exe + 2009-06-25 08:42 . 2009-06-25 08:42 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll + 2009-06-25 08:42 . 2009-06-25 08:42 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll + 2009-06-26 09:42 . 2009-06-26 09:42 735232 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll + 2009-06-25 08:42 . 2009-06-25 08:42 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll + 2011-07-27 20:26 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB2347290\update\updspapi.dll + 2011-07-27 20:26 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB2347290\update\update.exe + 2011-07-27 20:26 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB2347290\spuninst.exe + 2011-07-27 20:38 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll + 2011-07-27 20:38 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB2115168\update\update.exe + 2011-07-27 20:38 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB2115168\spuninst.exe + 2011-07-27 20:25 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll + 2011-07-27 20:25 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB2079403\update\update.exe + 2011-07-27 20:25 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB2079403\spuninst.exe + 2011-07-27 14:16 . 2010-10-23 00:48 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll + 2011-07-27 14:19 . 2010-08-23 16:13 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll + 2011-04-18 20:51 . 2011-04-18 20:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll + 2011-04-18 20:51 . 2011-04-18 20:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll + 2011-05-13 18:04 . 2011-05-13 18:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll + 2011-05-13 18:04 . 2011-05-13 18:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll + 2002-09-11 04:00 . 2010-04-06 02:52 2462720 c:\windows\SYSTEM32\WMVCore.dll + 2004-10-21 05:52 . 2011-01-21 14:44 8509440 c:\windows\SYSTEM32\shell32.dll + 2002-09-11 04:00 . 2009-07-17 16:22 1440768 c:\windows\SYSTEM32\query.dll - 2002-09-11 04:00 . 2008-04-14 17:02 1440768 c:\windows\SYSTEM32\query.dll + 2003-05-30 08:00 . 2010-02-05 18:27 1295872 c:\windows\SYSTEM32\quartz.dll + 2004-03-05 20:19 . 2010-07-16 12:01 1287680 c:\windows\SYSTEM32\ole32.dll + 1979-12-31 23:00 . 2010-12-09 15:14 2153472 c:\windows\SYSTEM32\ntoskrnl.exe + 1979-12-31 23:00 . 2010-12-09 15:14 2031616 c:\windows\SYSTEM32\ntkrnlpa.exe + 2008-09-23 08:45 . 2009-07-31 08:05 1372672 c:\windows\SYSTEM32\msxml6.dll + 2002-09-11 04:00 . 2010-06-14 07:43 1172480 c:\windows\SYSTEM32\msxml3.dll + 2002-09-11 04:00 . 2011-02-02 07:58 2067456 c:\windows\SYSTEM32\mstscax.dll + 2002-09-11 04:00 . 2010-04-06 02:52 2462720 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll + 2008-10-16 13:56 . 2011-06-06 11:35 1859072 c:\windows\SYSTEM32\DLLCACHE\win32k.sys + 2008-06-17 19:03 . 2011-01-21 14:44 8509440 c:\windows\SYSTEM32\DLLCACHE\shell32.dll + 2009-07-17 16:22 . 2009-07-17 16:22 1440768 c:\windows\SYSTEM32\DLLCACHE\query.dll + 2008-05-07 05:12 . 2010-02-05 18:27 1295872 c:\windows\SYSTEM32\DLLCACHE\quartz.dll + 2010-07-16 12:01 . 2010-07-16 12:01 1287680 c:\windows\SYSTEM32\DLLCACHE\ole32.dll + 2008-10-16 13:56 . 2010-12-09 15:14 2197120 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe + 2008-10-16 13:56 . 2010-12-09 15:14 2031616 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe + 2008-10-16 13:56 . 2010-12-09 15:14 2073728 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe + 2008-10-16 13:56 . 2010-12-09 15:14 2153472 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe + 2008-09-23 08:45 . 2009-07-31 08:05 1372672 c:\windows\SYSTEM32\DLLCACHE\msxml6.dll + 2008-11-13 14:21 . 2010-06-14 07:43 1172480 c:\windows\SYSTEM32\DLLCACHE\msxml3.dll + 2009-06-10 07:22 . 2009-06-10 07:22 2066432 c:\windows\SYSTEM32\DLLCACHE\mstscax.dll + 2010-01-29 15:01 . 2010-01-29 15:01 1315328 c:\windows\SYSTEM32\DLLCACHE\msoe.dll + 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\SYSTEM32\DLLCACHE\lhmstscx.dll - 2010-04-01 09:42 . 2010-04-01 09:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2010-09-23 13:55 . 2010-09-23 13:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2010-09-23 13:55 . 2010-09-23 13:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2010-04-01 09:42 . 2010-04-01 09:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2010-09-23 00:26 . 2010-09-23 00:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2010-03-31 12:50 . 2010-03-31 12:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2010-09-23 00:25 . 2010-09-23 00:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2010-09-23 13:55 . 2010-09-23 13:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2010-04-01 09:42 . 2010-04-01 09:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2011-04-29 10:31 . 2011-04-29 10:31 9006080 c:\windows\Installer\3dd815.msp + 2011-04-29 10:28 . 2011-04-29 10:28 1995264 c:\windows\Installer\3dd7ff.msp + 2010-10-21 16:10 . 2010-10-21 16:10 3995136 c:\windows\Installer\3dd7e3.msp + 2010-08-13 16:02 . 2010-08-13 16:02 2545664 c:\windows\Installer\3dd7c9.msp + 2011-04-29 10:27 . 2011-04-29 10:27 4158464 c:\windows\Installer\3dd7b3.msp + 2010-08-13 16:00 . 2010-08-13 16:00 9404928 c:\windows\Installer\3dd79c.msp + 2011-06-21 10:01 . 2011-06-21 10:01 4991488 c:\windows\Installer\3dd785.msp + 2011-04-29 10:33 . 2011-04-29 10:33 8173568 c:\windows\Installer\3dd76f.msp + 2011-03-17 18:01 . 2011-03-17 18:01 9563648 c:\windows\Installer\3dd759.msp + 2010-11-20 21:33 . 2010-11-20 21:33 1980928 c:\windows\Installer\3dd72d.msp + 2011-01-11 15:53 . 2011-01-11 15:53 1763328 c:\windows\Installer\3dd6f7.msp - 2010-09-10 23:00 . 2010-09-15 18:59 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2010-09-10 23:00 . 2011-07-27 20:44 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2010-09-10 23:00 . 2010-09-15 18:59 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2010-09-10 23:00 . 2011-07-27 20:44 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-11-10 00:41 . 2008-11-10 00:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTVIEW.EXE + 2009-02-14 04:03 . 2009-02-14 04:03 3070832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEDOCUMENTSHARETOOL.DLL + 2008-10-16 13:56 . 2010-12-09 15:14 2197120 c:\windows\Driver Cache\I386\ntoskrnl.exe + 2008-10-16 13:56 . 2010-12-09 15:14 2031616 c:\windows\Driver Cache\I386\ntkrpamp.exe + 2008-10-16 13:56 . 2010-12-09 15:14 2073728 c:\windows\Driver Cache\I386\ntkrnlpa.exe + 2008-10-16 13:56 . 2010-12-09 15:14 2153472 c:\windows\Driver Cache\I386\ntkrnlmp.exe + 2011-07-27 20:05 . 2011-07-27 20:05 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_cfc74af6\System.dll + 2011-07-27 20:54 . 2011-07-27 20:54 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_cab36f94\System.dll + 2011-07-27 20:06 . 2011-07-27 20:06 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_866a8807\System.Xml.dll + 2011-07-27 20:57 . 2011-07-27 20:57 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_282021c5\System.Xml.dll + 2011-07-27 20:57 . 2011-07-27 20:57 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_79afb51c\System.Windows.Forms.dll + 2011-07-27 20:05 . 2011-07-27 20:05 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_0e9235c3\System.Windows.Forms.dll + 2011-07-27 20:58 . 2011-07-27 20:58 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e5851e90\System.Drawing.dll + 2011-07-27 20:48 . 2011-07-27 20:48 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c18cdaa9\System.Design.dll + 2011-07-27 20:58 . 2011-07-27 20:58 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4494ca64\System.Design.dll + 2011-07-27 20:50 . 2011-07-27 20:51 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3c710ee2\mscorlib.dll + 2011-07-27 20:58 . 2011-07-27 20:58 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_219f9419\mscorlib.dll + 2011-07-27 20:05 . 2011-07-27 20:05 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - 2010-08-25 20:03 . 2010-08-25 20:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - 2010-08-25 20:03 . 2010-08-25 20:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2011-07-27 20:05 . 2011-07-27 20:05 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2010-01-29 14:54 . 2010-01-29 14:54 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll + 2010-02-05 18:34 . 2010-02-05 18:34 1295872 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll + 2009-11-27 17:25 . 2009-11-27 17:25 1295872 c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll + 2009-07-17 16:03 . 2009-07-17 16:03 1440768 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll + 2010-06-14 07:40 . 2010-06-14 07:40 1172480 c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll + 2004-08-04 08:03 . 2010-08-25 21:36 10841088 c:\windows\SYSTEM32\wmp.dll + 2009-07-13 21:43 . 2010-08-25 21:36 10841088 c:\windows\SYSTEM32\DLLCACHE\wmp.dll + 2010-09-24 12:08 . 2010-09-24 12:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp + 2011-04-22 17:41 . 2011-04-22 17:41 11507712 c:\windows\Installer\3dd84c.msp + 2010-09-24 05:08 . 2010-09-24 05:08 17518080 c:\windows\Installer\3dd718.msp . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, myfrbpnd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\UnrealTournament\\System\\UnrealTournament.exe"= "c:\\Program Files\\Sierra\\Empire Earth\\Empire Earth.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/02/2009 19:08 64512] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [24/08/2010 20:02 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [24/08/2010 20:03 243152] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/07/2011 23:55 12880] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12/07/2011 23:55 67664] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [24/08/2010 19:58 308136] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [21/07/2011 14:59 2151640] S2 AMService;AMService;c:\windows\TEMP\peix\setup.exe run --> c:\windows\TEMP\peix\setup.exe run [?] S2 ISWKL;ZoneAlarm Toolbar ISWKL;\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys --> c:\program files\CheckPoint\ZAForceField\ISWKL.sys [?] S2 IswSvc;ZoneAlarm Toolbar IswSvc;"c:\program files\CheckPoint\ZAForceField\IswSvc.exe" --> c:\program files\CheckPoint\ZAForceField\IswSvc.exe [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [21/07/2011 14:59 15232] S3 psa128s;psa128s;c:\windows\system32\DRIVERS\psa128s.sys --> c:\windows\system32\DRIVERS\psa128s.sys [?] S3 psa128u;Nike psa[128max Player Control Driver;c:\windows\system32\Drivers\psa128u.sys --> c:\windows\system32\Drivers\psa128u.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2011-07-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 12:59] . 2011-07-26 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . 2011-07-27 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . 2011-07-27 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-21 10:27] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.ixquick.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Connection Wizard,ShellNext = iexplore IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\EIGENAAR\Application Data\Mozilla\Firefox\Profiles\47gexv0m.Standaardgebruiker\ . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-Sonic RecordNow! - (no file) HKLM-Run-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-27 23:27 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(820) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > 'explorer.exe'(2408) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Voltooingstijd: 2011-07-27 23:48:30 - machine werd herstart ComboFix-quarantined-files.txt 2011-07-27 21:48 ComboFix2.txt 2011-07-27 19:15 . Pre-Run: 88.445.960.192 bytes beschikbaar Post-Run: 88.429.604.864 bytes beschikbaar . - - End Of File - - 29AF61B2C52A49F9371AB0CB32C6AEB7 ---------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:51:45, on 27/07/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ixquick Search Engine R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\peix\setup.exe (file missing) O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Unknown owner - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -- End of file - 6610 bytes

ComboFix 11-07-27.02 - EIGENAAR 27/07/2011 20:37:54.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.510.130 [GMT 2:00] Gestart vanuit: c:\documents and settings\EIGENAAR\Bureaublad\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\EIGENAAR\Mijn documenten\Eviews4.1.ekospam.rar c:\documents and settings\EIGENAAR\WINDOWS c:\documents and settings\NetworkService\Application Data\desktop.ini c:\documents and settings\NetworkService\Application Data\xssend2 c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\IsUn0413.exe c:\windows\iun6002.exe c:\windows\system32\tmp.tmp c:\windows\unin0413.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_USNJSVC -------\Service_usnjsvc . . (((((((((((((((((((( Bestanden Gemaakt van 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))) . . 2011-07-27 18:16 . 2011-07-27 18:16 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\AVG9 2011-07-27 15:49 . 2011-07-27 15:49 388096 ----a-r- c:\documents and settings\EIGENAAR\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-27 15:49 . 2011-07-27 15:49 -------- d-----w- c:\program files\Trend Micro 2011-07-27 13:27 . 2011-07-27 13:27 162816 ----a-w- c:\windows\system32\drivers\NETBT.SYS 2011-07-27 10:39 . 2011-07-27 13:35 -------- d-----w- c:\windows\system32\MpEngineStore 2011-07-27 10:28 . 2011-07-27 10:28 -------- d-----w- c:\documents and settings\EIGENAAR\Local Settings\Application Data\Opera 2011-07-27 10:25 . 2011-07-27 10:26 -------- d-----w- c:\program files\Opera 2011-07-26 19:58 . 2011-07-26 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-07-26 19:58 . 2011-07-26 19:58 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\SUPERAntiSpyware.com 2011-07-26 19:57 . 2011-07-26 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-07-26 18:49 . 2011-07-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2011-07-26 18:49 . 2011-07-26 18:49 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\Spyware Terminator 2011-07-26 18:49 . 2011-07-26 19:01 -------- d-----w- c:\program files\Spyware Terminator 2011-07-26 18:39 . 2011-07-26 19:00 -------- d-s---w- c:\documents and settings\Administrator 2011-07-26 14:41 . 2011-07-26 14:41 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2011-07-26 14:41 . 2011-07-26 14:41 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2(2).sys 2011-07-25 10:31 . 2011-07-27 15:51 -------- d--h--r- c:\documents and settings\EIGENAAR\Onlangs geopend 2011-07-23 22:25 . 2011-07-23 22:31 -------- d-----w- c:\documents and settings\EIGENAAR\dwhelper 2011-07-18 18:47 . 2011-07-18 18:47 -------- d-----w- c:\documents and settings\EIGENAAR\Local Settings\Application Data\Downloaded Installations 2011-07-07 19:26 . 2011-07-07 19:26 1409 ----a-w- c:\windows\QTFont.for 2011-06-30 20:11 . 2011-07-03 10:07 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\vlc . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-26 08:11 . 2002-09-11 04:00 26112 ----a-w- c:\windows\system32\userinit.exe 2011-07-21 12:59 . 2009-02-10 17:08 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-07-06 17:52 . 2011-06-11 22:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2011-06-11 22:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-29 19:44 . 2010-12-01 19:54 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-19 19:07 . 2011-06-15 17:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-05 19:01 . 2010-08-24 18:03 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2011-07-08 07:48 . 2011-07-25 18:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\AVG\AVG9\avgtray .exe </pre> . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sonic RecordNow!"="" [N/A] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, myfrbpnd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\UnrealTournament\\System\\UnrealTournament.exe"= "c:\\Program Files\\Sierra\\Empire Earth\\Empire Earth.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/02/2009 19:08 64512] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [24/08/2010 20:02 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [24/08/2010 20:03 243152] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/07/2011 23:55 12880] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12/07/2011 23:55 67664] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [24/08/2010 19:58 308136] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [21/07/2011 14:59 2151640] S0 mmfdykiz;mmfdykiz;c:\windows\SYSTEM32\DRIVERS\wjiqktklizgliru.sys [22/10/2010 18:32 43904] S1 bghivlil;bghivlil;\??\c:\windows\system32\drivers\bghivlil.sys --> c:\windows\system32\drivers\bghivlil.sys [?] S2 AMService;AMService;c:\windows\TEMP\peix\setup.exe run --> c:\windows\TEMP\peix\setup.exe run [?] S2 ISWKL;ZoneAlarm Toolbar ISWKL;\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys --> c:\program files\CheckPoint\ZAForceField\ISWKL.sys [?] S2 IswSvc;ZoneAlarm Toolbar IswSvc;"c:\program files\CheckPoint\ZAForceField\IswSvc.exe" --> c:\program files\CheckPoint\ZAForceField\IswSvc.exe [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [21/07/2011 14:59 15232] S3 psa128s;psa128s;c:\windows\system32\DRIVERS\psa128s.sys --> c:\windows\system32\DRIVERS\psa128s.sys [?] S3 psa128u;Nike psa[128max Player Control Driver;c:\windows\system32\Drivers\psa128u.sys --> c:\windows\system32\Drivers\psa128u.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2011-07-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 12:59] . 2011-07-26 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . 2011-07-27 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . 2011-07-27 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-21 10:27] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.ixquick.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Connection Wizard,ShellNext = iexplore IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\EIGENAAR\Application Data\Mozilla\Firefox\Profiles\47gexv0m.Standaardgebruiker\ . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-27 20:56 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(820) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > 'explorer.exe'(3648) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\SUPERAntiSpyware\SASSEH.DLL . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\windows\system32\Rundll32.exe . ************************************************************************** . Voltooingstijd: 2011-07-27 21:15:29 - machine werd herstart ComboFix-quarantined-files.txt 2011-07-27 19:15 . Pre-Run: 89.485.824.000 bytes beschikbaar Post-Run: 89.628.184.576 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 9C21AC71D2AAD936AD92BCE95072F9A4

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:51:09, on 27/07/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Officiële Site | Dell België R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ixquick Search Engine R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\peix\setup.exe (file missing) O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Unknown owner - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -- End of file - 7211 bytes

Hallo, Mijn computer blijkt besmet te zijn door Win32/Alureon.H Het programma windows-kb89083v3.21 heeft het virus gedetecteerd. Het programma zei dat het het virus slechts gedeeltelijk kon verwijderen. Na het lezen van wat forums lijkt het verwijderen iets wat ik niet alleen kan. AVG, Ad-Aware, Malwarebytes' Anti-Malware en SuperAntiSpyware hadden het echter niet opgespoord. Sinds enige dagen crashen webbrowsers (firefox, IE, Opera) steeds enkele ogenblikken nadat ik naar een andere website ga dan de startpagina. Vandaar dat ik nu zo veel scanners heb gedraaid (tot zondag was het enkel AVG en Malwarebytes' Anti-Malware). Het gedeeltelijk verwijderen van het virus door windows-kb89083v3.21 heeft er nu wel voor gezorgd dat mijn webbrowsers niet meer crashen. Maar ik heb het virus liever eerst volledig verwijderd voor ik terug met problemen zit (ik zit momenteel op een andere computer). Kan iemand me helpen? Alvast bedankt Ergelath