Ga naar inhoud

Win32/Alureon.H


Aanbevolen berichten

Hallo,

Mijn computer blijkt besmet te zijn door Win32/Alureon.H

Het programma windows-kb89083v3.21 heeft het virus gedetecteerd. Het programma zei dat het het virus slechts gedeeltelijk kon verwijderen. Na het lezen van wat forums lijkt het verwijderen iets wat ik niet alleen kan.

AVG, Ad-Aware, Malwarebytes' Anti-Malware en SuperAntiSpyware hadden het echter niet opgespoord.

Sinds enige dagen crashen webbrowsers (firefox, IE, Opera) steeds enkele ogenblikken nadat ik naar een andere website ga dan de startpagina. Vandaar dat ik nu zo veel scanners heb gedraaid (tot zondag was het enkel AVG en Malwarebytes' Anti-Malware).

Het gedeeltelijk verwijderen van het virus door windows-kb89083v3.21 heeft er nu wel voor gezorgd dat mijn webbrowsers niet meer crashen. Maar ik heb het virus liever eerst volledig verwijderd voor ik terug met problemen zit (ik zit momenteel op een andere computer).

Kan iemand me helpen?

Alvast bedankt

Ergelath

Link naar reactie
Delen op andere sites

1. Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.


2. Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Dit (KLIK) filmpje kan je helpen om een hijackthis logje te plaatsen.


3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:51:09, on 27/07/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Officiële Site | Dell België

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ixquick Search Engine

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\peix\setup.exe (file missing)

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Unknown owner - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--

End of file - 7211 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 11-07-27.02 - EIGENAAR 27/07/2011 20:37:54.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.510.130 [GMT 2:00]

Gestart vanuit: c:\documents and settings\EIGENAAR\Bureaublad\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\EIGENAAR\Mijn documenten\Eviews4.1.ekospam.rar

c:\documents and settings\EIGENAAR\WINDOWS

c:\documents and settings\NetworkService\Application Data\desktop.ini

c:\documents and settings\NetworkService\Application Data\xssend2

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\IsUn0413.exe

c:\windows\iun6002.exe

c:\windows\system32\tmp.tmp

c:\windows\unin0413.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_USNJSVC

-------\Service_usnjsvc

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-06-27 to 2011-07-27 ))))))))))))))))))))))))))))))

.

.

2011-07-27 18:16 . 2011-07-27 18:16 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\AVG9

2011-07-27 15:49 . 2011-07-27 15:49 388096 ----a-r- c:\documents and settings\EIGENAAR\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-27 15:49 . 2011-07-27 15:49 -------- d-----w- c:\program files\Trend Micro

2011-07-27 13:27 . 2011-07-27 13:27 162816 ----a-w- c:\windows\system32\drivers\NETBT.SYS

2011-07-27 10:39 . 2011-07-27 13:35 -------- d-----w- c:\windows\system32\MpEngineStore

2011-07-27 10:28 . 2011-07-27 10:28 -------- d-----w- c:\documents and settings\EIGENAAR\Local Settings\Application Data\Opera

2011-07-27 10:25 . 2011-07-27 10:26 -------- d-----w- c:\program files\Opera

2011-07-26 19:58 . 2011-07-26 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-07-26 19:58 . 2011-07-26 19:58 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\SUPERAntiSpyware.com

2011-07-26 19:57 . 2011-07-26 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-26 18:49 . 2011-07-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator

2011-07-26 18:49 . 2011-07-26 18:49 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\Spyware Terminator

2011-07-26 18:49 . 2011-07-26 19:01 -------- d-----w- c:\program files\Spyware Terminator

2011-07-26 18:39 . 2011-07-26 19:00 -------- d-s---w- c:\documents and settings\Administrator

2011-07-26 14:41 . 2011-07-26 14:41 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2011-07-26 14:41 . 2011-07-26 14:41 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2(2).sys

2011-07-25 10:31 . 2011-07-27 15:51 -------- d--h--r- c:\documents and settings\EIGENAAR\Onlangs geopend

2011-07-23 22:25 . 2011-07-23 22:31 -------- d-----w- c:\documents and settings\EIGENAAR\dwhelper

2011-07-18 18:47 . 2011-07-18 18:47 -------- d-----w- c:\documents and settings\EIGENAAR\Local Settings\Application Data\Downloaded Installations

2011-07-07 19:26 . 2011-07-07 19:26 1409 ----a-w- c:\windows\QTFont.for

2011-06-30 20:11 . 2011-07-03 10:07 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\vlc

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-26 08:11 . 2002-09-11 04:00 26112 ----a-w- c:\windows\system32\userinit.exe

2011-07-21 12:59 . 2009-02-10 17:08 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-07-06 17:52 . 2011-06-11 22:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52 . 2011-06-11 22:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-29 19:44 . 2010-12-01 19:54 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-06-19 19:07 . 2011-06-15 17:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-05 19:01 . 2010-08-24 18:03 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-07-08 07:48 . 2011-07-25 18:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

<pre>
c:\program files\AVG\AVG9\avgtray .exe
</pre>

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sonic RecordNow!"="" [N/A]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, myfrbpnd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\UnrealTournament\\System\\UnrealTournament.exe"=

"c:\\Program Files\\Sierra\\Empire Earth\\Empire Earth.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

.

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/02/2009 19:08 64512]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [24/08/2010 20:02 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [24/08/2010 20:03 243152]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/07/2011 23:55 12880]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12/07/2011 23:55 67664]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [24/08/2010 19:58 308136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [21/07/2011 14:59 2151640]

S0 mmfdykiz;mmfdykiz;c:\windows\SYSTEM32\DRIVERS\wjiqktklizgliru.sys [22/10/2010 18:32 43904]

S1 bghivlil;bghivlil;\??\c:\windows\system32\drivers\bghivlil.sys --> c:\windows\system32\drivers\bghivlil.sys [?]

S2 AMService;AMService;c:\windows\TEMP\peix\setup.exe run --> c:\windows\TEMP\peix\setup.exe run [?]

S2 ISWKL;ZoneAlarm Toolbar ISWKL;\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys --> c:\program files\CheckPoint\ZAForceField\ISWKL.sys [?]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;"c:\program files\CheckPoint\ZAForceField\IswSvc.exe" --> c:\program files\CheckPoint\ZAForceField\IswSvc.exe [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [21/07/2011 14:59 15232]

S3 psa128s;psa128s;c:\windows\system32\DRIVERS\psa128s.sys --> c:\windows\system32\DRIVERS\psa128s.sys [?]

S3 psa128u;Nike psa[128max Player Control Driver;c:\windows\system32\Drivers\psa128u.sys --> c:\windows\system32\Drivers\psa128u.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-07-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 12:59]

.

2011-07-26 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

.

2011-07-27 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

.

2011-07-27 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-21 10:27]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.ixquick.com/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\EIGENAAR\Application Data\Mozilla\Firefox\Profiles\47gexv0m.Standaardgebruiker\

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-07-27 20:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(820)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(3648)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\SUPERAntiSpyware\SASSEH.DLL

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

c:\windows\system32\Rundll32.exe

.

**************************************************************************

.

Voltooingstijd: 2011-07-27 21:15:29 - machine werd herstart

ComboFix-quarantined-files.txt 2011-07-27 19:15

.

Pre-Run: 89.485.824.000 bytes beschikbaar

Post-Run: 89.628.184.576 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 9C21AC71D2AAD936AD92BCE95072F9A4

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\SYSTEM32\DRIVERS\wjiqktklizgliru.sys

c:\windows\system32\drivers\bghivlil.sys

Driver::

mmfdykiz

bghivlil

Renv::

c:\program files\AVG\AVG9\avgtray .exe

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

ComboFix 11-07-27.02 - EIGENAAR 27/07/2011 23:10:18.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.510.246 [GMT 2:00]

Gestart vanuit: c:\documents and settings\EIGENAAR\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\EIGENAAR\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

FILE ::

"c:\windows\system32\drivers\bghivlil.sys"

"c:\windows\SYSTEM32\DRIVERS\wjiqktklizgliru.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SYSTEM32\DRIVERS\wjiqktklizgliru.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_mmfdykiz

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-06-27 to 2011-07-27 ))))))))))))))))))))))))))))))

.

.

2011-07-27 20:03 . 2011-07-27 20:46 -------- d-----w- c:\windows\SxsCaPendDel

2011-07-27 18:16 . 2011-07-27 18:16 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\AVG9

2011-07-27 15:49 . 2011-07-27 15:49 388096 ----a-r- c:\documents and settings\EIGENAAR\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-27 15:49 . 2011-07-27 15:49 -------- d-----w- c:\program files\Trend Micro

2011-07-27 14:19 . 2010-08-23 16:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-07-27 14:18 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-07-27 14:17 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-07-27 14:17 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-07-27 14:17 . 2010-08-27 08:03 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-07-27 14:17 . 2009-10-15 16:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-07-27 14:16 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2011-07-27 14:15 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2011-07-27 14:13 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2011-07-27 14:10 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-07-27 14:02 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-07-27 13:27 . 2011-07-27 13:27 162816 ----a-w- c:\windows\system32\drivers\NETBT.SYS

2011-07-27 10:39 . 2011-07-27 19:55 -------- d-----w- c:\windows\system32\MpEngineStore

2011-07-27 10:28 . 2011-07-27 10:28 -------- d-----w- c:\documents and settings\EIGENAAR\Local Settings\Application Data\Opera

2011-07-27 10:25 . 2011-07-27 10:26 -------- d-----w- c:\program files\Opera

2011-07-26 19:58 . 2011-07-26 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-07-26 19:58 . 2011-07-26 19:58 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\SUPERAntiSpyware.com

2011-07-26 19:57 . 2011-07-26 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-26 18:49 . 2011-07-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator

2011-07-26 18:49 . 2011-07-26 18:49 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\Spyware Terminator

2011-07-26 18:49 . 2011-07-26 19:01 -------- d-----w- c:\program files\Spyware Terminator

2011-07-26 18:39 . 2011-07-26 19:00 -------- d-s---w- c:\documents and settings\Administrator

2011-07-26 14:41 . 2011-07-26 14:41 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2011-07-26 14:41 . 2011-07-26 14:41 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2(2).sys

2011-07-25 10:31 . 2011-07-27 15:51 -------- d--h--r- c:\documents and settings\EIGENAAR\Onlangs geopend

2011-07-23 22:25 . 2011-07-23 22:31 -------- d-----w- c:\documents and settings\EIGENAAR\dwhelper

2011-07-18 18:47 . 2011-07-18 18:47 -------- d-----w- c:\documents and settings\EIGENAAR\Local Settings\Application Data\Downloaded Installations

2011-07-07 19:26 . 2011-07-07 19:26 1409 ----a-w- c:\windows\QTFont.for

2011-06-30 20:11 . 2011-07-03 10:07 -------- d-----w- c:\documents and settings\EIGENAAR\Application Data\vlc

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-26 08:11 . 2002-09-11 04:00 26112 ----a-w- c:\windows\system32\userinit.exe

2011-07-21 12:59 . 2009-02-10 17:08 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-07-06 17:52 . 2011-06-11 22:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52 . 2011-06-11 22:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-29 19:44 . 2010-12-01 19:54 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-06-19 19:07 . 2011-06-15 17:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-06 11:35 . 2002-09-11 04:00 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-05-05 19:01 . 2010-08-24 18:03 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-05-02 15:31 . 2004-03-02 12:18 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-03-29 19:51 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2002-09-11 04:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 07:48 . 2011-07-25 18:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-27_18.55.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-04-18 20:51 . 2011-04-18 20:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll

+ 2011-05-13 18:17 . 2011-05-13 18:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll

+ 2011-05-13 17:45 . 2011-05-13 17:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll

+ 2011-05-13 17:45 . 2011-05-13 17:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll

+ 2011-05-13 17:45 . 2011-05-13 17:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll

+ 2011-05-13 17:45 . 2011-05-13 17:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll

+ 2011-05-13 17:45 . 2011-05-13 17:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll

+ 2011-05-13 17:45 . 2011-05-13 17:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll

+ 2011-05-13 17:45 . 2011-05-13 17:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll

+ 2011-05-13 17:45 . 2011-05-13 17:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll

+ 2011-05-13 17:45 . 2011-05-13 17:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll

+ 2011-05-13 23:06 . 2011-05-13 23:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll

+ 2011-05-13 23:23 . 2011-05-13 23:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll

+ 2011-05-13 16:37 . 2011-05-13 16:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll

+ 2011-07-27 21:26 . 2011-07-27 21:26 16384 c:\windows\Temp\Perflib_Perfdata_518.dat

+ 2002-09-11 04:00 . 2009-06-25 08:27 54272 c:\windows\SYSTEM32\wdigest.dll

+ 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\SYSTEM32\tzchange.exe

- 2004-11-02 20:33 . 2008-07-09 07:44 26488 c:\windows\SYSTEM32\spupdsvc.exe

+ 2004-11-02 20:33 . 2007-07-27 21:11 26488 c:\windows\SYSTEM32\spupdsvc.exe

+ 2002-09-11 04:00 . 2010-08-17 13:17 58880 c:\windows\SYSTEM32\spoolsv.exe

+ 2007-02-13 13:21 . 2010-02-22 14:29 18808 c:\windows\SYSTEM32\spmsg.dll

- 2007-02-13 13:21 . 2008-07-09 07:44 18808 c:\windows\SYSTEM32\spmsg.dll

- 2002-09-11 04:00 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\secur32.dll

+ 2002-09-11 04:00 . 2009-06-25 08:27 56832 c:\windows\SYSTEM32\secur32.dll

+ 2002-09-11 04:00 . 2009-10-12 13:40 79872 c:\windows\SYSTEM32\raschap.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 79872 c:\windows\SYSTEM32\raschap.dll

+ 2004-10-21 05:44 . 2009-11-27 17:14 17920 c:\windows\SYSTEM32\msyuv.dll

+ 2002-09-11 04:00 . 2009-11-27 16:10 28672 c:\windows\SYSTEM32\msvidc32.dll

+ 2002-09-11 04:00 . 2009-11-27 16:10 11264 c:\windows\SYSTEM32\msrle32.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 11264 c:\windows\SYSTEM32\msrle32.dll

+ 2004-03-29 19:51 . 2009-09-04 21:05 58880 c:\windows\SYSTEM32\msasn1.dll

+ 2002-09-11 04:00 . 2009-11-27 16:10 48128 c:\windows\SYSTEM32\iyuv_32.dll

+ 2002-09-11 04:00 . 2010-11-18 18:15 86016 c:\windows\SYSTEM32\isign32.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 86016 c:\windows\SYSTEM32\isign32.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 80384 c:\windows\SYSTEM32\iccvid.dll

+ 2002-09-11 04:00 . 2010-06-17 14:03 80384 c:\windows\SYSTEM32\iccvid.dll

+ 2002-09-11 04:00 . 2009-10-15 16:38 81920 c:\windows\SYSTEM32\fontsub.dll

+ 2002-09-11 04:00 . 2010-11-02 15:17 40960 c:\windows\SYSTEM32\DRIVERS\ndproxy.sys

+ 2002-09-11 04:00 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DRIVERS\ksecdd.sys

- 2002-09-11 04:00 . 2008-04-14 17:02 45568 c:\windows\SYSTEM32\dnsrslvr.dll

+ 2002-09-11 04:00 . 2009-04-20 17:22 45568 c:\windows\SYSTEM32\dnsrslvr.dll

+ 2009-06-25 08:27 . 2009-06-25 08:27 54272 c:\windows\SYSTEM32\DLLCACHE\wdigest.dll

+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\SYSTEM32\DLLCACHE\spoolsv.exe

+ 2009-02-03 19:59 . 2009-06-25 08:27 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll

- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll

+ 2009-10-12 13:40 . 2009-10-12 13:40 79872 c:\windows\SYSTEM32\DLLCACHE\raschap.dll

+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\SYSTEM32\DLLCACHE\msyuv.dll

+ 2009-11-27 16:10 . 2009-11-27 16:10 28672 c:\windows\SYSTEM32\DLLCACHE\msvidc32.dll

+ 2009-11-27 16:10 . 2009-11-27 16:10 11264 c:\windows\SYSTEM32\DLLCACHE\msrle32.dll

+ 2009-09-04 21:05 . 2009-09-04 21:05 58880 c:\windows\SYSTEM32\DLLCACHE\msasn1.dll

+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DLLCACHE\ksecdd.sys

+ 2009-11-27 16:10 . 2009-11-27 16:10 48128 c:\windows\SYSTEM32\DLLCACHE\iyuv_32.dll

+ 2010-11-18 18:15 . 2010-11-18 18:15 86016 c:\windows\SYSTEM32\DLLCACHE\isign32.dll

+ 2009-04-20 17:22 . 2009-04-20 17:22 45568 c:\windows\SYSTEM32\DLLCACHE\dnsrslvr.dll

+ 2011-04-26 11:07 . 2011-04-26 11:07 33280 c:\windows\SYSTEM32\DLLCACHE\csrsrv.dll

+ 2010-01-13 14:06 . 2010-01-13 14:06 87040 c:\windows\SYSTEM32\DLLCACHE\cabview.dll

+ 2009-11-27 16:10 . 2009-11-27 16:10 85504 c:\windows\SYSTEM32\DLLCACHE\avifil32.dll

+ 2009-07-17 19:04 . 2009-07-17 19:04 58880 c:\windows\SYSTEM32\DLLCACHE\atl.dll

+ 2010-03-05 14:42 . 2010-03-05 14:42 65536 c:\windows\SYSTEM32\DLLCACHE\asycfilt.dll

+ 2002-09-11 04:00 . 2011-04-26 11:07 33280 c:\windows\SYSTEM32\csrsrv.dll

+ 2002-09-11 04:00 . 2010-01-13 14:06 87040 c:\windows\SYSTEM32\cabview.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 85504 c:\windows\SYSTEM32\avifil32.dll

+ 2002-09-11 04:00 . 2009-11-27 16:10 85504 c:\windows\SYSTEM32\avifil32.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 58880 c:\windows\SYSTEM32\atl.dll

+ 2002-09-11 04:00 . 2009-07-17 19:04 58880 c:\windows\SYSTEM32\atl.dll

+ 2002-09-11 04:00 . 2010-03-05 14:42 65536 c:\windows\SYSTEM32\asycfilt.dll

+ 2009-06-24 17:56 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe

+ 2010-09-23 13:55 . 2010-09-23 13:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

- 2010-04-01 09:42 . 2010-04-01 09:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

+ 2010-09-23 00:26 . 2010-09-23 00:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2010-03-31 12:51 . 2010-03-31 12:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2010-03-31 12:51 . 2010-03-31 12:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2010-09-23 00:26 . 2010-09-23 00:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2010-03-31 12:51 . 2010-03-31 12:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2010-09-23 00:26 . 2010-09-23 00:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2010-09-23 01:17 . 2010-09-23 01:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2010-03-31 13:32 . 2010-03-31 13:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2010-03-31 13:32 . 2010-03-31 13:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2010-09-23 01:17 . 2010-09-23 01:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2010-09-10 23:00 . 2011-07-27 20:44 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2010-09-10 23:00 . 2010-09-15 18:59 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2010-09-10 23:00 . 2010-09-15 18:59 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2010-09-10 23:00 . 2011-07-27 20:44 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-09-10 23:00 . 2010-09-15 18:59 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2010-09-10 23:00 . 2011-07-27 20:44 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\Driver Cache\I386\msyuv.dll

+ 2009-11-27 16:10 . 2009-11-27 16:10 48128 c:\windows\Driver Cache\I386\iyuv_32.dll

+ 2011-07-27 20:05 . 2011-07-27 20:05 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_cddae7d8\System.Drawing.Design.dll

+ 2011-07-27 20:05 . 2011-07-27 20:05 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_61b3809d\CustomMarshalers.dll

- 2010-08-25 20:03 . 2010-08-25 20:03 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-07-27 20:05 . 2011-07-27 20:05 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-07-27 20:00 . 2010-02-22 14:29 26488 c:\windows\$hf_mig$\KB982665\update\spcustom.dll

+ 2011-07-27 20:00 . 2010-02-22 14:29 18808 c:\windows\$hf_mig$\KB982665\spmsg.dll

+ 2010-06-17 14:02 . 2010-06-17 14:02 80384 c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll

+ 2011-07-27 20:15 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll

+ 2011-07-27 20:15 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB980436\spmsg.dll

+ 2011-07-27 20:08 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll

+ 2011-07-27 20:08 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB979482\spmsg.dll

+ 2010-03-05 14:53 . 2010-03-05 14:53 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll

+ 2011-07-27 20:09 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll

+ 2011-07-27 20:09 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB979309\spmsg.dll

+ 2010-01-13 13:49 . 2010-01-13 13:49 87040 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll

+ 2011-07-27 20:07 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB978706\update\spcustom.dll

+ 2011-07-27 20:07 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB978706\spmsg.dll

+ 2011-07-27 20:15 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll

+ 2011-07-27 20:15 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB978601\spmsg.dll

+ 2011-07-27 20:09 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll

+ 2011-07-27 20:09 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB978542\spmsg.dll

+ 2011-07-27 20:30 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll

+ 2011-07-27 20:30 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB978338\spmsg.dll

+ 2011-07-27 20:09 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll

+ 2011-07-27 20:09 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB977914\spmsg.dll

+ 2009-11-27 16:30 . 2009-11-27 16:30 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll

+ 2009-11-27 16:30 . 2009-11-27 16:30 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll

+ 2009-11-27 16:30 . 2009-11-27 16:30 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll

+ 2009-11-27 16:30 . 2009-11-27 16:30 85504 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll

+ 2011-07-27 20:19 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll

+ 2011-07-27 20:19 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB977816\spmsg.dll

+ 2011-07-27 20:31 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB975713\update\spcustom.dll

+ 2011-07-27 20:31 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB975713\spmsg.dll

+ 2011-07-27 20:07 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll

+ 2011-07-27 20:07 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB975562\spmsg.dll

+ 2011-07-27 20:19 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB975560\update\spcustom.dll

+ 2011-07-27 20:19 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB975560\spmsg.dll

+ 2009-11-27 17:25 . 2009-11-27 17:25 17920 c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll

+ 2011-07-27 19:59 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll

+ 2011-07-27 19:59 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB975467\spmsg.dll

+ 2011-07-27 20:22 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll

+ 2011-07-27 20:22 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB975025\spmsg.dll

+ 2011-07-27 20:20 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll

+ 2011-07-27 20:20 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB974571\spmsg.dll

+ 2009-09-04 21:02 . 2009-09-04 21:02 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll

+ 2011-07-27 20:10 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll

+ 2011-07-27 20:10 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB974392\spmsg.dll

+ 2011-07-27 20:32 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll

+ 2011-07-27 20:32 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB974318\spmsg.dll

+ 2009-10-12 13:33 . 2009-10-12 13:33 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll

+ 2011-07-27 20:26 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll

+ 2011-07-27 20:26 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB974112\spmsg.dll

+ 2011-07-27 20:07 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll

+ 2011-07-27 20:07 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB973815\spmsg.dll

+ 2011-07-27 20:19 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll

+ 2011-07-27 20:19 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB973507\spmsg.dll

+ 2009-07-17 19:28 . 2009-07-17 19:28 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll

+ 2011-07-27 20:30 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll

+ 2011-07-27 20:30 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB971657\spmsg.dll

+ 2011-07-27 20:32 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll

+ 2011-07-27 20:32 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB969059\spmsg.dll

+ 2011-07-27 19:58 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll

+ 2011-07-27 19:58 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB968389\spmsg.dll

+ 2009-06-25 08:42 . 2009-06-25 08:42 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll

+ 2009-06-25 08:42 . 2009-06-25 08:42 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll

+ 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys

+ 2011-07-27 20:26 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB2347290\update\spcustom.dll

+ 2011-07-27 20:26 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB2347290\spmsg.dll

+ 2010-08-17 13:19 . 2010-08-17 13:19 58880 c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

+ 2011-07-27 20:38 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll

+ 2011-07-27 20:38 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB2115168\spmsg.dll

+ 2011-07-27 20:25 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll

+ 2011-07-27 20:25 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB2079403\spmsg.dll

+ 2008-05-05 05:25 . 2011-02-17 12:54 5632 c:\windows\SYSTEM32\xpsp4res.dll

+ 2002-09-11 04:00 . 2009-11-27 16:10 8704 c:\windows\SYSTEM32\tsbyuv.dll

+ 2009-11-27 16:10 . 2009-11-27 16:10 8704 c:\windows\SYSTEM32\DLLCACHE\tsbyuv.dll

+ 2009-11-27 16:10 . 2009-11-27 16:10 8704 c:\windows\Driver Cache\I386\tsbyuv.dll

+ 2009-11-27 16:30 . 2009-11-27 16:30 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll

+ 2011-05-13 23:17 . 2011-05-13 23:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll

+ 2011-05-13 23:12 . 2011-05-13 23:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll

+ 2011-05-13 23:11 . 2011-05-13 23:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll

+ 2004-08-04 08:03 . 2009-04-01 21:02 604160 c:\windows\SYSTEM32\wmspdmod.dll

+ 2004-08-04 08:03 . 2009-07-13 21:43 286208 c:\windows\SYSTEM32\wmpdxm.dll

- 2003-10-21 16:30 . 2008-04-14 17:02 132096 c:\windows\SYSTEM32\wkssvc.dll

+ 2003-10-21 16:30 . 2009-06-10 06:16 132096 c:\windows\SYSTEM32\wkssvc.dll

+ 2002-09-11 04:00 . 2009-12-24 07:05 177664 c:\windows\SYSTEM32\wintrust.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 293888 c:\windows\SYSTEM32\winsrv.dll

+ 2002-09-11 04:00 . 2011-04-26 11:07 293888 c:\windows\SYSTEM32\winsrv.dll

+ 2002-09-11 04:00 . 2011-03-04 06:44 434176 c:\windows\SYSTEM32\vbscript.dll

+ 2002-09-11 04:00 . 2010-04-16 15:38 406016 c:\windows\SYSTEM32\usp10.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 406016 c:\windows\SYSTEM32\usp10.dll

+ 2002-09-11 04:00 . 2010-08-27 08:03 119808 c:\windows\SYSTEM32\t2embed.dll

- 2002-09-11 04:00 . 2008-10-03 10:05 247326 c:\windows\SYSTEM32\strmdll.dll

+ 2002-09-11 04:00 . 2009-08-26 08:02 247326 c:\windows\SYSTEM32\strmdll.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 135680 c:\windows\SYSTEM32\shsvcs.dll

+ 2002-09-11 04:00 . 2009-07-27 23:19 135680 c:\windows\SYSTEM32\shsvcs.dll

- 2004-08-20 12:54 . 2008-04-14 17:02 474624 c:\windows\SYSTEM32\shlwapi.dll

+ 2004-08-20 12:54 . 2009-12-08 09:25 474624 c:\windows\SYSTEM32\shlwapi.dll

+ 2002-09-11 04:00 . 2011-01-21 14:44 441344 c:\windows\SYSTEM32\shimgvw.dll

+ 2004-03-05 20:19 . 2010-08-16 08:45 590848 c:\windows\SYSTEM32\rpcrt4.dll

+ 2002-09-11 04:00 . 2009-10-12 13:40 150016 c:\windows\SYSTEM32\rastls.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 551936 c:\windows\SYSTEM32\oleaut32.dll

+ 2002-09-11 04:00 . 2010-12-20 17:32 551936 c:\windows\SYSTEM32\oleaut32.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 249856 c:\windows\SYSTEM32\odbc32.dll

+ 2002-09-11 04:00 . 2010-11-09 14:52 249856 c:\windows\SYSTEM32\odbc32.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 270848 c:\windows\SYSTEM32\oakley.dll

+ 2002-09-11 04:00 . 2009-10-13 10:38 270848 c:\windows\SYSTEM32\oakley.dll

+ 2002-09-11 04:00 . 2010-12-09 15:15 739328 c:\windows\SYSTEM32\ntdll.dll

- 2002-09-11 04:00 . 2008-06-20 17:49 247296 c:\windows\SYSTEM32\mswsock.dll

+ 2002-09-11 04:00 . 2008-06-20 16:04 247296 c:\windows\SYSTEM32\mswsock.dll

+ 2002-12-11 23:14 . 2009-08-05 09:01 205312 c:\windows\SYSTEM32\mswebdvd.dll

+ 2002-09-11 04:00 . 2009-09-11 14:20 136192 c:\windows\SYSTEM32\msv1_0.dll

+ 2002-09-11 04:00 . 2011-01-27 11:57 677888 c:\windows\SYSTEM32\mstsc.exe

- 2002-09-11 04:00 . 2008-04-14 17:03 677888 c:\windows\SYSTEM32\mstsc.exe

+ 2002-09-11 04:00 . 2009-12-17 07:42 345600 c:\windows\SYSTEM32\mspaint.exe

- 2002-09-11 04:00 . 2008-04-14 17:03 345600 c:\windows\SYSTEM32\mspaint.exe

+ 2009-11-05 20:17 . 2009-11-05 20:17 297808 c:\windows\SYSTEM32\mscoree.dll

- 2006-10-18 20:47 . 2006-10-18 20:47 317440 c:\windows\SYSTEM32\MP4SDECD.dll

+ 2006-10-18 20:47 . 2010-03-30 10:24 317440 c:\windows\SYSTEM32\mp4sdecd.dll

+ 2002-09-11 04:00 . 2011-02-08 13:33 974848 c:\windows\SYSTEM32\mfc42u.dll

+ 2002-09-11 04:00 . 2011-02-08 13:33 978944 c:\windows\SYSTEM32\mfc42.dll

+ 2004-03-29 19:51 . 2010-12-20 17:25 735232 c:\windows\SYSTEM32\lsasrv.dll

+ 2002-09-11 04:00 . 2010-12-22 12:34 301568 c:\windows\SYSTEM32\kerberos.dll

- 2003-01-13 13:57 . 2008-05-09 10:56 512000 c:\windows\SYSTEM32\jscript.dll

+ 2003-01-13 13:57 . 2011-03-04 06:44 512000 c:\windows\SYSTEM32\jscript.dll

+ 2004-10-21 05:44 . 2011-02-11 14:44 236544 c:\windows\SYSTEM32\fxscover.exe

- 2002-09-30 12:41 . 2011-03-07 19:08 295664 c:\windows\SYSTEM32\FNTCACHE.DAT

+ 2002-09-30 12:41 . 2011-07-27 20:46 295664 c:\windows\SYSTEM32\FNTCACHE.DAT

+ 2002-09-11 04:00 . 2010-02-11 12:02 226880 c:\windows\SYSTEM32\DRIVERS\tcpip6.sys

+ 2002-09-11 04:00 . 2011-02-17 13:18 357888 c:\windows\SYSTEM32\DRIVERS\srv.sys

+ 2002-09-11 04:00 . 2011-04-21 13:37 105472 c:\windows\SYSTEM32\DRIVERS\mup.sys

+ 2002-09-11 04:00 . 2011-02-16 13:22 138496 c:\windows\SYSTEM32\DRIVERS\afd.sys

- 2002-09-11 04:00 . 2008-08-14 10:04 138496 c:\windows\SYSTEM32\DRIVERS\afd.sys

+ 2002-09-11 04:00 . 2011-03-03 06:55 149504 c:\windows\SYSTEM32\dnsapi.dll

+ 2009-04-15 11:42 . 2010-07-16 11:58 221184 c:\windows\SYSTEM32\DLLCACHE\wordpad.exe

+ 2004-08-04 08:03 . 2009-04-01 21:02 604160 c:\windows\SYSTEM32\DLLCACHE\wmspdmod.dll

+ 2004-08-04 08:03 . 2009-07-13 21:43 286208 c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll

+ 2009-06-10 06:16 . 2009-06-10 06:16 132096 c:\windows\SYSTEM32\DLLCACHE\wkssvc.dll

+ 2009-12-24 07:05 . 2009-12-24 07:05 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll

+ 2011-04-26 11:07 . 2011-04-26 11:07 293888 c:\windows\SYSTEM32\DLLCACHE\winsrv.dll

+ 2006-09-18 14:16 . 2011-04-30 08:50 766464 c:\windows\SYSTEM32\DLLCACHE\vgx.dll

+ 2008-05-09 10:56 . 2011-03-04 06:44 434176 c:\windows\SYSTEM32\DLLCACHE\vbscript.dll

+ 2010-04-16 15:38 . 2010-04-16 15:38 406016 c:\windows\SYSTEM32\DLLCACHE\usp10.dll

+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\SYSTEM32\DLLCACHE\tcpip6.sys

+ 2006-08-24 12:19 . 2009-08-26 08:02 247326 c:\windows\SYSTEM32\DLLCACHE\strmdll.dll

- 2006-08-24 12:19 . 2008-10-03 10:05 247326 c:\windows\SYSTEM32\DLLCACHE\strmdll.dll

+ 2008-10-16 13:57 . 2011-02-17 13:18 357888 c:\windows\SYSTEM32\DLLCACHE\srv.sys

+ 2009-07-27 23:19 . 2009-07-27 23:19 135680 c:\windows\SYSTEM32\DLLCACHE\shsvcs.dll

+ 2009-12-08 09:25 . 2009-12-08 09:25 474624 c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll

+ 2011-01-21 14:44 . 2011-01-21 14:44 441344 c:\windows\SYSTEM32\DLLCACHE\shimgvw.dll

+ 2008-12-05 06:58 . 2011-04-29 17:25 151552 c:\windows\SYSTEM32\DLLCACHE\schannel.dll

+ 2009-04-15 14:55 . 2010-08-16 08:45 590848 c:\windows\SYSTEM32\DLLCACHE\rpcrt4.dll

+ 2009-10-12 13:40 . 2009-10-12 13:40 150016 c:\windows\SYSTEM32\DLLCACHE\rastls.dll

+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\SYSTEM32\DLLCACHE\oleaut32.dll

+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\SYSTEM32\DLLCACHE\odbc32.dll

+ 2009-10-13 10:38 . 2009-10-13 10:38 270848 c:\windows\SYSTEM32\DLLCACHE\oakley.dll

+ 2009-04-15 11:44 . 2010-12-09 15:15 739328 c:\windows\SYSTEM32\DLLCACHE\ntdll.dll

+ 2008-06-20 17:49 . 2008-06-20 16:04 247296 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll

- 2008-06-20 17:49 . 2008-06-20 17:49 247296 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll

+ 2009-08-05 09:01 . 2009-08-05 09:01 205312 c:\windows\SYSTEM32\DLLCACHE\mswebdvd.dll

+ 2009-06-25 08:27 . 2009-09-11 14:20 136192 c:\windows\SYSTEM32\DLLCACHE\msv1_0.dll

+ 2009-12-17 07:42 . 2009-12-17 07:42 345600 c:\windows\SYSTEM32\DLLCACHE\mspaint.exe

+ 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\SYSTEM32\DLLCACHE\msjro.dll

+ 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\SYSTEM32\DLLCACHE\msadox.dll

+ 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\SYSTEM32\DLLCACHE\msadomd.dll

+ 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\SYSTEM32\DLLCACHE\msado15.dll

+ 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\SYSTEM32\DLLCACHE\msadco.dll

+ 2008-11-13 14:22 . 2011-04-29 16:19 456320 c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

+ 2010-03-30 10:24 . 2010-03-30 10:24 317440 c:\windows\SYSTEM32\DLLCACHE\mp4sdecd.dll

+ 2006-10-14 08:13 . 2011-02-08 13:33 974848 c:\windows\SYSTEM32\DLLCACHE\mfc42u.dll

+ 2011-02-08 13:33 . 2011-02-08 13:33 978944 c:\windows\SYSTEM32\DLLCACHE\mfc42.dll

+ 2009-04-15 11:44 . 2010-12-20 17:25 735232 c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll

+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\SYSTEM32\DLLCACHE\lhmstsc.exe

+ 2009-06-25 08:27 . 2010-12-22 12:34 301568 c:\windows\SYSTEM32\DLLCACHE\kerberos.dll

+ 2008-05-09 10:56 . 2011-03-04 06:44 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll

- 2008-05-09 10:56 . 2008-05-09 10:56 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll

+ 2008-08-16 14:16 . 2011-05-02 15:31 692736 c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll

+ 2011-02-11 14:44 . 2011-02-11 14:44 236544 c:\windows\SYSTEM32\DLLCACHE\fxscover.exe

+ 2008-06-20 17:49 . 2011-03-03 06:55 149504 c:\windows\SYSTEM32\DLLCACHE\dnsapi.dll

+ 2011-02-15 12:56 . 2011-02-15 12:56 290432 c:\windows\SYSTEM32\DLLCACHE\atmfd.dll

- 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\SYSTEM32\DLLCACHE\afd.sys

+ 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\SYSTEM32\DLLCACHE\afd.sys

+ 2010-02-12 04:35 . 2010-02-12 04:35 100864 c:\windows\SYSTEM32\DLLCACHE\6to4svc.dll

+ 2002-09-11 04:00 . 2010-08-23 16:13 617472 c:\windows\SYSTEM32\comctl32.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 617472 c:\windows\SYSTEM32\comctl32.dll

+ 2002-09-11 04:00 . 2011-02-15 12:56 290432 c:\windows\SYSTEM32\atmfd.dll

+ 2002-09-11 04:00 . 2010-02-12 04:35 100864 c:\windows\SYSTEM32\6to4svc.dll

+ 2011-02-11 14:44 . 2011-02-11 14:44 236544 c:\windows\ServicePackFiles\ServicePackCache\i386\fxscover.exe

- 2002-09-11 04:00 . 2008-04-14 17:03 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

+ 2002-09-11 04:00 . 2010-06-14 14:31 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

- 2010-03-31 12:51 . 2010-03-31 12:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2010-09-23 00:26 . 2010-09-23 00:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2010-09-23 00:25 . 2010-09-23 00:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2010-03-31 12:49 . 2010-03-31 12:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2010-03-31 13:32 . 2010-03-31 13:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2010-09-23 01:17 . 2010-09-23 01:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2011-03-17 18:03 . 2011-03-17 18:03 308736 c:\windows\Installer\3dd82a.msp

+ 2011-07-27 20:35 . 2011-07-27 20:35 223744 c:\windows\Installer\3dd7ea.msi

+ 2010-07-22 23:03 . 2010-07-22 23:03 338432 c:\windows\Installer\3dd743.msp

+ 2011-07-27 20:03 . 2011-07-27 20:03 467456 c:\windows\Installer\3dd701.msi

+ 2010-09-10 23:00 . 2011-07-27 20:44 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-09-10 23:00 . 2010-09-15 18:59 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2010-09-10 23:00 . 2011-07-27 20:44 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2010-09-10 23:00 . 2010-09-15 18:59 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2010-09-10 23:00 . 2011-07-27 20:44 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2010-09-10 23:00 . 2010-09-15 18:59 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2010-09-10 23:00 . 2010-09-15 18:59 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2010-09-10 23:00 . 2011-07-27 20:44 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2010-09-10 23:00 . 2011-07-27 20:44 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2010-09-10 23:00 . 2010-09-15 18:59 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2010-09-10 23:00 . 2010-09-15 18:59 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2010-09-10 23:00 . 2011-07-27 20:44 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2010-09-10 23:00 . 2010-09-15 18:59 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2010-09-10 23:00 . 2011-07-27 20:44 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-11-04 02:13 . 2008-11-04 02:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCONV97.DLL

+ 2009-02-14 04:04 . 2009-02-14 04:04 625520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBSERVICES.DLL

+ 2009-02-12 13:19 . 2009-02-12 13:19 688512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBPLATFORMSERVICES.DLL

+ 2009-03-06 02:33 . 2009-03-06 02:33 961888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEUTIL.DLL

+ 2009-02-14 04:03 . 2009-02-14 04:03 337264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVE.EXE

+ 2011-07-27 20:38 . 2008-05-27 17:30 765952 c:\windows\ie7updates\KB2544521-IE7\vgx.dll

+ 2011-07-27 20:38 . 2010-07-05 13:21 401272 c:\windows\ie7updates\KB2544521-IE7\spuninst\updspapi.dll

+ 2011-07-27 20:38 . 2010-07-05 13:21 234872 c:\windows\ie7updates\KB2544521-IE7\spuninst\spuninst.exe

+ 2008-11-13 14:22 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\I386\mrxsmb.sys

+ 2011-07-27 20:49 . 2011-07-27 20:49 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_c3fbd88e\System.Drawing.dll

+ 2011-07-27 20:56 . 2011-07-27 20:56 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_44bd8ded\System.Drawing.Design.dll

+ 2011-07-27 20:56 . 2011-07-27 20:56 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6dedaf2b\CustomMarshalers.dll

+ 2002-09-11 04:00 . 2009-11-21 16:03 471552 c:\windows\AppPatch\aclayers.dll

+ 2011-07-27 20:00 . 2010-02-22 14:29 401272 c:\windows\$hf_mig$\KB982665\update\updspapi.dll

+ 2011-07-27 20:00 . 2010-02-22 14:29 765304 c:\windows\$hf_mig$\KB982665\update\update.exe

+ 2011-07-27 20:00 . 2010-02-22 14:29 234872 c:\windows\$hf_mig$\KB982665\spuninst.exe

+ 2011-07-27 20:15 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB980436\update\updspapi.dll

+ 2011-07-27 20:15 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB980436\update\update.exe

+ 2011-07-27 20:15 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB980436\spuninst.exe

+ 2010-06-30 12:25 . 2010-06-30 12:25 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll

+ 2011-07-27 20:08 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB979482\update\updspapi.dll

+ 2011-07-27 20:08 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB979482\update\update.exe

+ 2011-07-27 20:08 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB979482\spuninst.exe

+ 2011-07-27 20:09 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB979309\update\updspapi.dll

+ 2011-07-27 20:09 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB979309\update\update.exe

+ 2011-07-27 20:09 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB979309\spuninst.exe

+ 2011-07-27 20:07 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB978706\update\updspapi.dll

+ 2011-07-27 20:07 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB978706\update\update.exe

+ 2011-07-27 20:07 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB978706\spuninst.exe

+ 2009-12-17 07:39 . 2009-12-17 07:39 345600 c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe

+ 2011-07-27 20:15 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB978601\update\updspapi.dll

+ 2011-07-27 20:15 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB978601\update\update.exe

+ 2011-07-27 20:15 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB978601\spuninst.exe

+ 2009-12-24 06:44 . 2009-12-24 06:44 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll

+ 2011-07-27 20:09 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB978542\update\updspapi.dll

+ 2011-07-27 20:09 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB978542\update\update.exe

+ 2011-07-27 20:09 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB978542\spuninst.exe

+ 2010-01-29 14:54 . 2010-01-29 14:54 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll

+ 2011-07-27 20:30 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB978338\update\updspapi.dll

+ 2011-07-27 20:30 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB978338\update\update.exe

+ 2011-07-27 20:30 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB978338\spuninst.exe

+ 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys

+ 2010-02-12 04:32 . 2010-02-12 04:32 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll

+ 2011-07-27 20:09 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB977914\update\updspapi.dll

+ 2011-07-27 20:09 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB977914\update\update.exe

+ 2011-07-27 20:09 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB977914\spuninst.exe

+ 2011-07-27 20:19 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB977816\update\updspapi.dll

+ 2011-07-27 20:19 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB977816\update\update.exe

+ 2011-07-27 20:19 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB977816\spuninst.exe

+ 2011-07-27 20:31 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB975713\update\updspapi.dll

+ 2011-07-27 20:31 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB975713\update\update.exe

+ 2011-07-27 20:31 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB975713\spuninst.exe

+ 2009-12-08 09:03 . 2009-12-08 09:03 474624 c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll

+ 2011-07-27 20:07 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB975562\update\updspapi.dll

+ 2011-07-27 20:07 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB975562\update\update.exe

+ 2011-07-27 20:07 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB975562\spuninst.exe

+ 2011-07-27 20:19 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB975560\update\updspapi.dll

+ 2011-07-27 20:19 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB975560\update\update.exe

+ 2011-07-27 20:19 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB975560\spuninst.exe

+ 2011-07-27 19:59 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB975467\update\updspapi.dll

+ 2011-07-27 19:59 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB975467\update\update.exe

+ 2011-07-27 19:59 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB975467\spuninst.exe

+ 2009-09-11 14:16 . 2009-09-11 14:16 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll

+ 2011-07-27 20:22 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB975025\update\updspapi.dll

+ 2011-07-27 20:22 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB975025\update\update.exe

+ 2011-07-27 20:22 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB975025\spuninst.exe

+ 2011-07-27 20:20 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB974571\update\updspapi.dll

+ 2011-07-27 20:20 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB974571\update\update.exe

+ 2011-07-27 20:20 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB974571\spuninst.exe

+ 2011-07-27 20:10 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB974392\update\updspapi.dll

+ 2011-07-27 20:10 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB974392\update\update.exe

+ 2011-07-27 20:10 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB974392\spuninst.exe

+ 2009-10-13 10:39 . 2009-10-13 10:39 270848 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll

+ 2011-07-27 20:32 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB974318\update\updspapi.dll

+ 2011-07-27 20:32 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB974318\update\update.exe

+ 2011-07-27 20:32 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB974318\spuninst.exe

+ 2009-10-12 13:33 . 2009-10-12 13:33 150528 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll

+ 2011-07-27 20:26 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB974112\update\updspapi.dll

+ 2011-07-27 20:26 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB974112\update\update.exe

+ 2011-07-27 20:26 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB974112\spuninst.exe

+ 2009-08-26 08:03 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll

+ 2011-07-27 20:07 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB973815\update\updspapi.dll

+ 2011-07-27 20:07 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB973815\update\update.exe

+ 2011-07-27 20:07 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB973815\spuninst.exe

+ 2009-08-05 08:54 . 2009-08-05 08:54 205312 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll

+ 2011-07-27 20:19 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB973507\update\updspapi.dll

+ 2011-07-27 20:19 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB973507\update\update.exe

+ 2011-07-27 20:19 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB973507\spuninst.exe

+ 2011-07-27 20:30 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB971657\update\updspapi.dll

+ 2011-07-27 20:30 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB971657\update\update.exe

+ 2011-07-27 20:30 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB971657\spuninst.exe

+ 2009-06-10 06:20 . 2009-06-10 06:20 134144 c:\windows\$hf_mig$\KB971657\SP3QFE\wkssvc.dll

+ 2011-07-27 20:32 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB969059\update\updspapi.dll

+ 2011-07-27 20:32 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB969059\update\update.exe

+ 2011-07-27 20:32 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB969059\spuninst.exe

+ 2011-07-27 19:58 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB968389\update\updspapi.dll

+ 2011-07-27 19:58 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB968389\update\update.exe

+ 2011-07-27 19:58 . 2008-07-08 13:07 234872 c:\windows\$hf_mig$\KB968389\spuninst.exe

+ 2009-06-25 08:42 . 2009-06-25 08:42 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll

+ 2009-06-25 08:42 . 2009-06-25 08:42 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll

+ 2009-06-26 09:42 . 2009-06-26 09:42 735232 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll

+ 2009-06-25 08:42 . 2009-06-25 08:42 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll

+ 2011-07-27 20:26 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB2347290\update\updspapi.dll

+ 2011-07-27 20:26 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB2347290\update\update.exe

+ 2011-07-27 20:26 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB2347290\spuninst.exe

+ 2011-07-27 20:38 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll

+ 2011-07-27 20:38 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB2115168\update\update.exe

+ 2011-07-27 20:38 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB2115168\spuninst.exe

+ 2011-07-27 20:25 . 2009-05-26 11:41 401272 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll

+ 2011-07-27 20:25 . 2009-05-26 11:41 765304 c:\windows\$hf_mig$\KB2079403\update\update.exe

+ 2011-07-27 20:25 . 2009-05-26 11:41 234872 c:\windows\$hf_mig$\KB2079403\spuninst.exe

+ 2011-07-27 14:16 . 2010-10-23 00:48 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll

+ 2011-07-27 14:19 . 2010-08-23 16:13 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll

+ 2011-04-18 20:51 . 2011-04-18 20:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll

+ 2011-05-13 18:04 . 2011-05-13 18:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll

+ 2011-05-13 18:04 . 2011-05-13 18:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll

+ 2002-09-11 04:00 . 2010-04-06 02:52 2462720 c:\windows\SYSTEM32\WMVCore.dll

+ 2004-10-21 05:52 . 2011-01-21 14:44 8509440 c:\windows\SYSTEM32\shell32.dll

+ 2002-09-11 04:00 . 2009-07-17 16:22 1440768 c:\windows\SYSTEM32\query.dll

- 2002-09-11 04:00 . 2008-04-14 17:02 1440768 c:\windows\SYSTEM32\query.dll

+ 2003-05-30 08:00 . 2010-02-05 18:27 1295872 c:\windows\SYSTEM32\quartz.dll

+ 2004-03-05 20:19 . 2010-07-16 12:01 1287680 c:\windows\SYSTEM32\ole32.dll

+ 1979-12-31 23:00 . 2010-12-09 15:14 2153472 c:\windows\SYSTEM32\ntoskrnl.exe

+ 1979-12-31 23:00 . 2010-12-09 15:14 2031616 c:\windows\SYSTEM32\ntkrnlpa.exe

+ 2008-09-23 08:45 . 2009-07-31 08:05 1372672 c:\windows\SYSTEM32\msxml6.dll

+ 2002-09-11 04:00 . 2010-06-14 07:43 1172480 c:\windows\SYSTEM32\msxml3.dll

+ 2002-09-11 04:00 . 2011-02-02 07:58 2067456 c:\windows\SYSTEM32\mstscax.dll

+ 2002-09-11 04:00 . 2010-04-06 02:52 2462720 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll

+ 2008-10-16 13:56 . 2011-06-06 11:35 1859072 c:\windows\SYSTEM32\DLLCACHE\win32k.sys

+ 2008-06-17 19:03 . 2011-01-21 14:44 8509440 c:\windows\SYSTEM32\DLLCACHE\shell32.dll

+ 2009-07-17 16:22 . 2009-07-17 16:22 1440768 c:\windows\SYSTEM32\DLLCACHE\query.dll

+ 2008-05-07 05:12 . 2010-02-05 18:27 1295872 c:\windows\SYSTEM32\DLLCACHE\quartz.dll

+ 2010-07-16 12:01 . 2010-07-16 12:01 1287680 c:\windows\SYSTEM32\DLLCACHE\ole32.dll

+ 2008-10-16 13:56 . 2010-12-09 15:14 2197120 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe

+ 2008-10-16 13:56 . 2010-12-09 15:14 2031616 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe

+ 2008-10-16 13:56 . 2010-12-09 15:14 2073728 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe

+ 2008-10-16 13:56 . 2010-12-09 15:14 2153472 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe

+ 2008-09-23 08:45 . 2009-07-31 08:05 1372672 c:\windows\SYSTEM32\DLLCACHE\msxml6.dll

+ 2008-11-13 14:21 . 2010-06-14 07:43 1172480 c:\windows\SYSTEM32\DLLCACHE\msxml3.dll

+ 2009-06-10 07:22 . 2009-06-10 07:22 2066432 c:\windows\SYSTEM32\DLLCACHE\mstscax.dll

+ 2010-01-29 15:01 . 2010-01-29 15:01 1315328 c:\windows\SYSTEM32\DLLCACHE\msoe.dll

+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\SYSTEM32\DLLCACHE\lhmstscx.dll

- 2010-04-01 09:42 . 2010-04-01 09:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2010-09-23 13:55 . 2010-09-23 13:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2010-09-23 13:55 . 2010-09-23 13:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2010-04-01 09:42 . 2010-04-01 09:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2010-09-23 00:26 . 2010-09-23 00:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

- 2010-03-31 12:50 . 2010-03-31 12:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2010-09-23 00:25 . 2010-09-23 00:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2010-09-23 13:55 . 2010-09-23 13:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

- 2010-04-01 09:42 . 2010-04-01 09:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2011-04-29 10:31 . 2011-04-29 10:31 9006080 c:\windows\Installer\3dd815.msp

+ 2011-04-29 10:28 . 2011-04-29 10:28 1995264 c:\windows\Installer\3dd7ff.msp

+ 2010-10-21 16:10 . 2010-10-21 16:10 3995136 c:\windows\Installer\3dd7e3.msp

+ 2010-08-13 16:02 . 2010-08-13 16:02 2545664 c:\windows\Installer\3dd7c9.msp

+ 2011-04-29 10:27 . 2011-04-29 10:27 4158464 c:\windows\Installer\3dd7b3.msp

+ 2010-08-13 16:00 . 2010-08-13 16:00 9404928 c:\windows\Installer\3dd79c.msp

+ 2011-06-21 10:01 . 2011-06-21 10:01 4991488 c:\windows\Installer\3dd785.msp

+ 2011-04-29 10:33 . 2011-04-29 10:33 8173568 c:\windows\Installer\3dd76f.msp

+ 2011-03-17 18:01 . 2011-03-17 18:01 9563648 c:\windows\Installer\3dd759.msp

+ 2010-11-20 21:33 . 2010-11-20 21:33 1980928 c:\windows\Installer\3dd72d.msp

+ 2011-01-11 15:53 . 2011-01-11 15:53 1763328 c:\windows\Installer\3dd6f7.msp

- 2010-09-10 23:00 . 2010-09-15 18:59 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2010-09-10 23:00 . 2011-07-27 20:44 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2010-09-10 23:00 . 2010-09-15 18:59 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2010-09-10 23:00 . 2011-07-27 20:44 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-11-10 00:41 . 2008-11-10 00:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTVIEW.EXE

+ 2009-02-14 04:03 . 2009-02-14 04:03 3070832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEDOCUMENTSHARETOOL.DLL

+ 2008-10-16 13:56 . 2010-12-09 15:14 2197120 c:\windows\Driver Cache\I386\ntoskrnl.exe

+ 2008-10-16 13:56 . 2010-12-09 15:14 2031616 c:\windows\Driver Cache\I386\ntkrpamp.exe

+ 2008-10-16 13:56 . 2010-12-09 15:14 2073728 c:\windows\Driver Cache\I386\ntkrnlpa.exe

+ 2008-10-16 13:56 . 2010-12-09 15:14 2153472 c:\windows\Driver Cache\I386\ntkrnlmp.exe

+ 2011-07-27 20:05 . 2011-07-27 20:05 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_cfc74af6\System.dll

+ 2011-07-27 20:54 . 2011-07-27 20:54 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_cab36f94\System.dll

+ 2011-07-27 20:06 . 2011-07-27 20:06 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_866a8807\System.Xml.dll

+ 2011-07-27 20:57 . 2011-07-27 20:57 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_282021c5\System.Xml.dll

+ 2011-07-27 20:57 . 2011-07-27 20:57 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_79afb51c\System.Windows.Forms.dll

+ 2011-07-27 20:05 . 2011-07-27 20:05 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_0e9235c3\System.Windows.Forms.dll

+ 2011-07-27 20:58 . 2011-07-27 20:58 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e5851e90\System.Drawing.dll

+ 2011-07-27 20:48 . 2011-07-27 20:48 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c18cdaa9\System.Design.dll

+ 2011-07-27 20:58 . 2011-07-27 20:58 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4494ca64\System.Design.dll

+ 2011-07-27 20:50 . 2011-07-27 20:51 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3c710ee2\mscorlib.dll

+ 2011-07-27 20:58 . 2011-07-27 20:58 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_219f9419\mscorlib.dll

+ 2011-07-27 20:05 . 2011-07-27 20:05 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2010-08-25 20:03 . 2010-08-25 20:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2010-08-25 20:03 . 2010-08-25 20:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2011-07-27 20:05 . 2011-07-27 20:05 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-01-29 14:54 . 2010-01-29 14:54 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll

+ 2010-02-05 18:34 . 2010-02-05 18:34 1295872 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll

+ 2009-11-27 17:25 . 2009-11-27 17:25 1295872 c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll

+ 2009-07-17 16:03 . 2009-07-17 16:03 1440768 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll

+ 2010-06-14 07:40 . 2010-06-14 07:40 1172480 c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll

+ 2004-08-04 08:03 . 2010-08-25 21:36 10841088 c:\windows\SYSTEM32\wmp.dll

+ 2009-07-13 21:43 . 2010-08-25 21:36 10841088 c:\windows\SYSTEM32\DLLCACHE\wmp.dll

+ 2010-09-24 12:08 . 2010-09-24 12:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp

+ 2011-04-22 17:41 . 2011-04-22 17:41 11507712 c:\windows\Installer\3dd84c.msp

+ 2010-09-24 05:08 . 2010-09-24 05:08 17518080 c:\windows\Installer\3dd718.msp

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, myfrbpnd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\UnrealTournament\\System\\UnrealTournament.exe"=

"c:\\Program Files\\Sierra\\Empire Earth\\Empire Earth.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

.

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/02/2009 19:08 64512]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [24/08/2010 20:02 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [24/08/2010 20:03 243152]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/07/2011 23:55 12880]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12/07/2011 23:55 67664]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [24/08/2010 19:58 308136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [21/07/2011 14:59 2151640]

S2 AMService;AMService;c:\windows\TEMP\peix\setup.exe run --> c:\windows\TEMP\peix\setup.exe run [?]

S2 ISWKL;ZoneAlarm Toolbar ISWKL;\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys --> c:\program files\CheckPoint\ZAForceField\ISWKL.sys [?]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;"c:\program files\CheckPoint\ZAForceField\IswSvc.exe" --> c:\program files\CheckPoint\ZAForceField\IswSvc.exe [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [21/07/2011 14:59 15232]

S3 psa128s;psa128s;c:\windows\system32\DRIVERS\psa128s.sys --> c:\windows\system32\DRIVERS\psa128s.sys [?]

S3 psa128u;Nike psa[128max Player Control Driver;c:\windows\system32\Drivers\psa128u.sys --> c:\windows\system32\Drivers\psa128u.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-07-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 12:59]

.

2011-07-26 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

.

2011-07-27 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

.

2011-07-27 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-21 10:27]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.ixquick.com/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\EIGENAAR\Application Data\Mozilla\Firefox\Profiles\47gexv0m.Standaardgebruiker\

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKCU-Run-Sonic RecordNow! - (no file)

HKLM-Run-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-07-27 23:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(820)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(2408)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Voltooingstijd: 2011-07-27 23:48:30 - machine werd herstart

ComboFix-quarantined-files.txt 2011-07-27 21:48

ComboFix2.txt 2011-07-27 19:15

.

Pre-Run: 88.445.960.192 bytes beschikbaar

Post-Run: 88.429.604.864 bytes beschikbaar

.

- - End Of File - - 29AF61B2C52A49F9371AB0CB32C6AEB7

----------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:51:45, on 27/07/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ixquick Search Engine

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\peix\setup.exe (file missing)

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Unknown owner - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--

End of file - 6610 bytes

Link naar reactie
Delen op andere sites

AVG heeft Win32/Patched.DX gevonden en heeft het in de kluis gezet.

Verder is er niets gevonden.

Er waren ineens ook een hele hoop automatische updates van windows (107), het was me niet opgevallen maar het was al een hele tijd geleden dat ik die nog eens kreeg.

De problemen lijken verdwenen, hartelijk bedankt voor je hulp.

Ergelath

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.