Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Virussen!!

None
30 antwoorden
  • Hallo,

    Probleem 1:
    Sinds 3 dagen heb ik een virus, ik krijg steeds de melding "Je PC vertoont problemen, download nu SecurityCenter(zoiets) om je systeem nu te scannen." Als ik op annuleren druk krijg ik een site waar staat dat hij aan het scannen is, volledig nep overigens die scan en er komt te staan dat ik 3 wormen heb maarja ik vertrouw die rommel niet.
    Hoe kan ik hier vanaf komen, ik heb al gescand met Nod32 en Spybot maar het is nog steeds niet weg… ik krijg trouwens ook pop-ups met reclame als ik naar sites ga waar dat eerder niet zo was.


    Probleem 2:
    Als ik op Internet Explorer zit, en ik klik op een hyperlink, loopt mijn hele Internet Explorer vast. Dan moet ik de 'taak beëindigen' voordat ik weer verder kan..
    Is vast en zeker een virus, hoe kom ik er vanaf? En ik moet een paar keer klikken op Internet Explorer in mn Quick Start balk voordat het eindelijk opstart, (Is met Firefox ook zo alleen start deze vaak helemaal niet op, alleen als ik de PC net aan heb..) de processen van al die ieexplore staan overigens wél bij alt-ctrl-del->Processen.
  • Download Hijackthis-setup naar je [u:2d038601f2]Bureaublad[/u:2d038601f2].

    Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren.
    Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen.
    Kies nu voor [b:2d038601f2]'Do a system scan and save a logfile'[/b:2d038601f2].
    Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:2d038601f2]ctrl-A[/b:2d038601f2]), kopieer ([b:2d038601f2]ctrl C[/b:2d038601f2]) en plak deze tekst in je volgende bericht.

    Succes! 8)

    Pim
  • [quote:3541729b3b]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:21:44, on 24-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    TrayFw.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\FRAPS\FRAPS.EXE
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    TrayFw.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204904657484
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 7821 bytes
    [/quote:3541729b3b]
    Hier ..
  • Volg deze[/color:a7ab8c64e8] instructies om [b:a7ab8c64e8]ComboFix[/b:a7ab8c64e8] te downloaden:
    [list:a7ab8c64e8]
    Voer de instructies op de BleepingComputer pagina uit, [i:a7ab8c64e8]inclusief het installeren van de XP Recovery Console[/i:a7ab8c64e8]
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
    schakel dan deze scanner uit en [b:a7ab8c64e8]download Combofix opnieuw.[/b:a7ab8c64e8]
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    [list:a7ab8c64e8]
    Dubbelklik op [b:a7ab8c64e8]Combofix.exe[/b:a7ab8c64e8]
    Tijdens het runnen van de fix, [b:a7ab8c64e8]NIET[/b:a7ab8c64e8] in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log [b:a7ab8c64e8]Combofix.txt[/b:a7ab8c64e8] openen.
    [/list:u:a7ab8c64e8]

    [i:a7ab8c64e8]Plaats deze log in je volgende post, samen met een vers HijackThis logje.[/i:a7ab8c64e8][/list:u:a7ab8c64e8]
  • [quote:5d456d3964]WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons[/quote:5d456d3964]

    Dit is het enige wat ik krijg ..

    En het HiJack logje

    [quote:5d456d3964]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:21:43, on 27-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    TrayFw.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\FRAPS\FRAPS.EXE
    C:\Program Files\Xfire\xfire.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    TrayFw.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [a4952d8e] rundll32.exe "C:\WINDOWS\system32\vsqhirls.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204904657484
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 7614 bytes
    [/quote:5d456d3964]
  • En heeft iemand de oplossing al ??
  • Sorry voor de late reactie,

    Kan je het logje van Combofix eens posten, je hebt namelijk de verkeerde geplaatst.

    Je kan hem terugvinden als C:\[b:036258145b]combofix.txt[/b:036258145b]
  • [quote:6997198f3c]
    ComboFix 08-03-25.4 - Marc 2008-03-31 17:56:13.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.193 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Marc\Bureaublad\ComboFix.exe
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\_000110_.tmp.dll
    C:\WINDOWS\system32\aqfvtoix.dll
    C:\WINDOWS\system32\awtropo.dll
    C:\WINDOWS\system32\bibwjjla.dll
    C:\WINDOWS\system32\byxvtur.dll
    C:\WINDOWS\system32\cefdhgvt.dll
    C:\WINDOWS\system32\cnwijxgm.dll
    C:\WINDOWS\system32\cwacxeor.dll
    C:\WINDOWS\system32\escqvfom.dll
    C:\WINDOWS\system32\euwlylsi.dll
    C:\WINDOWS\system32\gebxuus.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mcvmpqlx.dll
    C:\WINDOWS\system32\mfgwevhy.dll
    C:\WINDOWS\system32\qqstv.ini
    C:\WINDOWS\system32\qqstv.ini2
    C:\WINDOWS\system32\roexcawc.ini
    C:\WINDOWS\system32\rvhqqeou.dll
    C:\WINDOWS\system32\ttutv.ini
    C:\WINDOWS\system32\ttutv.ini2
    C:\WINDOWS\system32\vtutt.dll
    C:\WINDOWS\system32\vycdd.ini
    C:\WINDOWS\system32\vycdd.ini2
    C:\WINDOWS\system32\wxqdraln.dll
    C:\WINDOWS\system32\xiotvfqa.ini
    C:\WINDOWS\system32\yhvewgfm.ini
    C:\WINDOWS\system32\yjeburdv.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-31 ))))))))))))))))))))))))))))))
    .

    2008-03-29 12:43 . 2008-03-30 12:44 1,583,817 —hs—- C:\WINDOWS\system32\lbviqviu.ini
    2008-03-27 11:53 . 2008-03-28 12:41 1,523,514 —hs—- C:\WINDOWS\system32
    ppplvxr.ini
    2008-03-26 11:53 . 2008-03-27 11:54 1,532,248 —hs—- C:\WINDOWS\system32\slrihqsv.ini
    2008-03-25 11:54 . 2008-03-26 10:32 1,534,198 —hs—- C:\WINDOWS\system32\pjwidpvp.ini
    2008-03-24 14:21 . 2008-03-24 14:21 <DIR> d——– C:\Program Files\Trend Micro
    2008-03-24 11:52 . 2008-03-25 11:53 1,582,341 —hs—- C:\WINDOWS\system32\imtedrdd.ini
    2008-03-23 17:40 . 2008-03-24 11:53 1,548,381 —hs—- C:\WINDOWS\system32\rxkeqqdv.ini
    2008-03-23 00:29 . 2008-03-23 00:29 <DIR> d——– C:\Documents and Settings\Marc\Application Data\MPEG Streamclip
    2008-03-23 00:29 . 2008-03-23 00:29 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-03-23 00:29 . 2007-04-27 10:42 65,536 –a—— C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-23 00:29 . 2008-03-23 00:29 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-03-23 00:29 . 2007-04-27 10:42 49,152 –a—— C:\WINDOWS\system32\QuickTime.qts
    2008-03-23 00:29 . 2008-03-23 00:29 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-03-23 00:28 . 2008-03-23 00:29 <DIR> d——– C:\Program Files\QuickTime Alternative
    2008-03-23 00:28 . 2008-03-23 00:28 <DIR> d——– C:\Program Files\Media Player Classic
    2008-03-22 16:01 . 2008-03-23 17:39 1,543,219 —hs—- C:\WINDOWS\system32\jxfsqjmp.ini
    2008-03-22 16:00 . 2008-03-22 16:00 86,592 ——— C:\WINDOWS\system32\pmjqsfxj.dll_old
    2008-03-22 15:48 . 2008-03-23 18:46 321 –a—— C:\WINDOWS\wininit.ini
    2008-03-22 15:18 . 2008-03-22 15:18 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2008-03-22 15:18 . 2008-03-22 15:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-22 13:34 . 2008-03-22 13:34 <DIR> d——– C:\Program Files\SIW
    2008-03-22 13:19 . 2008-03-22 13:19 <DIR> d——– C:\VundoFix Backups
    2008-03-22 13:06 . 2008-03-22 13:06 <DIR> d——– C:\Program Files\Lavasoft
    2008-03-22 13:06 . 2008-03-22 13:06 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-22 12:18 . 2008-03-22 15:51 1,543,699 —hs—- C:\WINDOWS\system32\wdcncoag.ini
    2008-03-21 23:30 . 2008-03-21 23:30 35,836 –a—— C:\WINDOWS\17PHolmes572.exe
    2008-03-21 23:24 . 2008-03-21 23:24 <DIR> d——– C:\WINDOWS\Sun
    2008-03-16 19:42 . 2008-03-16 19:42 <DIR> d——– C:\Documents and Settings\Marc\LimeWire Store Purchased
    2008-03-16 19:42 . 2008-03-16 19:42 <DIR> d——– C:\Documents and Settings\Marc\LimeWire Shared
    2008-03-16 19:41 . 2008-03-16 19:41 <DIR> d——– C:\Documents and Settings\Marc\Incomplete
    2008-03-16 19:41 . 2008-03-29 16:05 <DIR> d——– C:\Documents and Settings\Marc\Application Data\LimeWirePlus
    2008-03-16 19:40 . 2008-02-22 03:33 69,632 –a—— C:\WINDOWS\system32\javacpl.cpl
    2008-03-16 19:39 . 2008-03-16 19:40 <DIR> d——– C:\Program Files\Java
    2008-03-16 19:38 . 2008-03-16 19:38 <DIR> d——– C:\Program Files\Common Files\Java
    2008-03-16 19:33 . 2008-03-16 19:41 <DIR> d——– C:\Program Files\LimeWire Plus
    2008-03-15 17:42 . 2008-03-15 17:42 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Publish Providers
    2008-03-15 17:41 . 2008-03-16 13:14 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Sony
    2008-03-15 16:19 . 2005-05-26 16:34 2,297,552 –a—— C:\WINDOWS\system32\d3dx9_26.dll
    2008-03-15 16:09 . 2008-03-15 16:09 <DIR> d——– C:\Program Files\Microsoft Games
    2008-03-14 22:28 . 2008-03-30 16:30 <DIR> d——– C:\Fraps
    2008-03-14 01:06 . 2008-03-14 01:06 41,296 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-03-13 21:20 . 2008-03-13 21:20 204,800 –a—— C:\WINDOWS\TinyBHO.dll
    2008-03-09 16:56 . 2008-03-09 16:56 <DIR> d——– C:\Program Files\Download Manager
    2008-03-09 16:55 . 2008-03-09 17:50 <DIR> d——– C:\Documents and Settings\Marc\Application Data\IGN_DLM
    2008-03-09 13:14 . 2008-03-09 14:06 <DIR> d——– C:\Program Files\Fifa Master
    2008-03-09 00:13 . 2003-03-16 01:15 90,112 –a—— C:\WINDOWS\unvise32.exe
    2008-03-08 23:58 . 2001-12-15 13:10 294,912 –a—— C:\WINDOWS\system32\Euphoria.scr
    2008-03-08 18:36 . 2008-03-08 21:26 <DIR> d——– C:\Program Files\EA Sports
    2008-03-08 17:23 . 2008-03-08 17:23 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2008-03-08 17:18 . 2008-03-08 17:18 <DIR> d——– C:\WINDOWS\system32\LogFiles
    2008-03-08 17:18 . 2008-03-08 17:19 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
    2008-03-08 17:08 . 2008-03-08 17:08 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2008-03-08 17:08 . 2008-01-10 14:15 755,027 –a—— C:\WINDOWS\system32\xvidcore.dll
    2008-03-08 17:08 . 2007-09-04 18:56 164,352 –a—— C:\WINDOWS\system32\unrar.dll
    2008-03-08 17:00 . 2008-03-08 17:00 <DIR> d——– C:\Documents and Settings\Marc\Application Data\vlc
    2008-03-08 16:59 . 2008-03-08 16:59 <DIR> d——– C:\Program Files\VideoLAN
    2008-03-08 14:51 . 2008-03-08 14:51 <DIR> d——– C:\Program Files\Vstplugins
    2008-03-08 14:51 . 2008-03-15 17:16 <DIR> d——– C:\Program Files\Sony
    2008-03-08 14:51 . 2008-03-15 17:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Sony
    2008-03-08 14:31 . 2008-03-08 14:31 <DIR> d——– C:\Program Files\MSBuild
    2008-03-08 14:25 . 2008-03-08 14:25 <DIR> d——– C:\WINDOWS\system32\XPSViewer
    2008-03-08 14:24 . 2008-03-08 14:24 <DIR> d——– C:\Program Files\Reference Assemblies
    2008-03-08 14:23 . 2008-03-08 14:23 <DIR> d——– C:\Program Files\Teach2000
    2008-03-08 14:23 . 2006-06-29 14:07 14,048 ——— C:\WINDOWS\system32\spmsg2.dll
    2008-03-08 14:10 . 2008-03-15 17:14 <DIR> d——– C:\Program Files\Sony Setup
    2008-03-08 14:10 . 2008-03-08 14:10 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Sony Setup
    2008-03-08 14:02 . 2008-03-08 14:02 <DIR> d——– C:\Program Files\VentSrv
    2008-03-08 13:59 . 2008-03-08 13:59 <DIR> d——– C:\Program Files\Ventrilo
    2008-03-08 13:59 . 2008-03-08 14:00 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Ventrilo
    2008-03-08 13:58 . 2008-03-22 13:05 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-08 13:23 . 2008-03-08 13:23 <DIR> d——– C:\Program Files\Common Files\Adobe Systems Shared
    2008-03-08 13:21 . 2008-03-08 13:26 <DIR> d——– C:\Program Files\Common Files\Adobe
    2008-03-08 13:21 . 2008-03-08 13:21 1,233,920 –a—— C:\WINDOWS\system32\msxml4.dll
    2008-03-08 13:21 . 2008-03-08 13:21 82,432 –a—— C:\WINDOWS\system32\msxml4r.dll
    2008-03-08 11:20 . 2008-03-08 11:20 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\Xfire
    2008-03-08 10:06 . 2008-03-08 10:06 <DIR> d——– C:\Program Files\DAEMON Tools Lite
    2008-03-07 22:43 . 2008-03-07 22:43 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Teletekst
    2008-03-07 22:43 . 2008-03-07 22:43 86 –a—— C:\WINDOWS\Teletekst.ini
    2008-03-07 22:42 . 2008-03-07 22:42 <DIR> d——– C:\Program Files\Teletekstbrowser
    2008-03-07 21:00 . 2008-03-07 21:00 379 –a—— C:\WINDOWS\ODBC.INI
    2008-03-07 20:59 . 2007-04-09 15:23 28,040 –a—— C:\WINDOWS\system32\mdimon.dll
    2008-03-07 20:58 . 2008-03-07 20:58 <DIR> d——– C:\Program Files\Microsoft.NET
    2008-03-07 20:58 . 2008-03-07 20:58 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2008-03-07 20:54 . 2008-03-07 20:58 <DIR> d——– C:\WINDOWS\SHELLNEW
    2008-03-07 20:19 . 2008-03-07 20:19 1,158 –a—— C:\WINDOWS\mozver.dat
    2008-03-07 20:14 . 2008-03-07 20:14 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Talkback
    2008-03-07 20:14 . 2008-03-07 20:14 0 –a—— C:\WINDOWS
    sreg.dat
    2008-03-07 20:09 . 2008-03-07 20:09 <DIR> d——– C:\Documents and Settings\Marc\Application Data\DAEMON Tools
    2008-03-07 20:09 . 2008-03-07 20:09 716,272 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-07 19:53 . 2008-03-08 15:02 <DIR> d——– C:\Documents and Settings\Marc\Application Data\teamspeak2
    2008-03-07 19:53 . 2008-03-07 19:53 34,064 –a—— C:\WINDOWS\system32\lhacm.acm
    2008-03-07 19:52 . 2008-03-07 19:53 <DIR> d——– C:\Program Files\Teamspeak2_RC2
    2008-03-07 19:48 . 2008-03-07 19:48 <DIR> d——– C:\Documents and Settings\NetworkService\Application Data\Xfire
    2008-03-07 19:46 . 2008-03-30 15:14 <DIR> d——– C:\Program Files\GameSpy Arcade
    2008-03-07 19:42 . 2008-03-07 19:42 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-03-07 19:40 . 2008-03-07 19:40 <DIR> d——– C:\Program Files\Messenger Plus! Live
    2008-03-07 19:28 . 2008-03-31 18:02 72,710,176 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-03-07 19:28 . 2008-03-31 18:02 696,176 –ahs—- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d——– C:\Program Files\ESET
    2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-29 13:05 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-03-26 13:02 1,760,768 —-a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-03-26 13:02 1,526,784 —-a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-03-14 17:12 1,496,576 —-a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-03-14 17:12 1,451,008 —-a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-03-08 21:40 219,136 —-a-w C:\WINDOWS\system32\uxtheme.dll
    2008-03-07 15:35 ——— d—–w C:\Documents and Settings\Marc\Application Data\U3
    2008-03-07 14:57 ——— d—–w C:\Program Files\NVIDIA Corporation
    2008-03-07 14:56 ——— d—–w C:\Program Files\Common Files\InstallShield
    2008-03-07 14:07 ——— d—–w C:\Program Files\Everest HE
    2008-03-07 13:30 ——— d—–w C:\Program Files\microsoft frontpage
    2007-12-14 10:32 12,632 —-a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-05 01:53 356,352 —-a-w C:\WINDOWS\system32\NVUNINST.EXE
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C27CFC97-5CB6-4B2A-8057-759206917BA3}]
    C:\WINDOWS\system32\vtsqq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9803b12-f0a0-11dc-95ff-0800200c9a66}]
    2008-03-13 21:20 204800 –a—— C:\WINDOWS\TinyBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB49808E-FB7D-426B-A993-70D7A8734654}]
    C:\WINDOWS\system32\ddcyv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    2008-03-07 19:18 262144 –a—— C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-03-07 19:18 262144]

    [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-08 19:59 68856]
    "Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 12:40 1271032]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-03-07 19:01 190024]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
    "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 23:57 1103480]
    "Fraps"="C:\FRAPS\FRAPS.EXE" [2005-06-15 16:57 2793472]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    TrayFw.exe" [2005-12-21 12:52 270336]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

    C:\Documents and Settings\Marc\Menu Start\Programma's\Opstarten\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-03-14 01:06:18 2979664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\byxvtur]
    byxvtur.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5247b72f-ec4b-11dc-b00f-e7b6cfba599a}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-31 18:03:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-03-31 18:07:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-31 16:07:23
    [/quote:6997198f3c]

    Deze?
  • Als je nog problemen hebt lijkt het me een werkje voor SmitFraudFix. Hier te downloaden: http://siri.geekstogo.com/

    Succes ;-)

    Edit: Zie btw dat je ooit al eens VundoFix hebt gedraait, heeft die toen de tijd wat gevonden? Als dat zo is kan het zijn dat je een oude Java update op je systeem hebt staan die zorgt dat die zooi weer terug komt. In dat geval eventjes de nieuwste Java update installeren van java.com ;-)
  • @Sander, dit probleem ga je echt niet met Smitfraudfix oplossen aangezien het hier om een Vundo infectie gaat, vandaar dat ik Combofix inzet. En door een out-of-date java alleen keert deze alleen niet terug hoor :wink:

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:50fbde55f7]
    Collect::
    C:\WINDOWS\system32\lbviqviu.ini
    C:\WINDOWS\system32
    ppplvxr.ini
    C:\WINDOWS\system32\slrihqsv.ini
    C:\WINDOWS\system32\imtedrdd.ini
    C:\WINDOWS\system32\rxkeqqdv.ini
    C:\WINDOWS\system32\jxfsqjmp.ini
    C:\WINDOWS\system32\wdcncoag.ini

    File::
    C:\WINDOWS\system32\pmjqsfxj.dll_old

    Folder::
    C:\VundoFix Backups

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C27CFC97-5CB6-4B2A-8057-759206917BA3}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9803b12-f0a0-11dc-95ff-0800200c9a66}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB49808E-FB7D-426B-A993-70D7A8734654}]
    [-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\byxvtur]

    [/b:50fbde55f7]
    Sla dit op op je Bureaublad als [b:50fbde55f7]CFScript.txt[/b:50fbde55f7]

    Sleep [b:50fbde55f7]CFScript.txt[/b:50fbde55f7] in [b:50fbde55f7]ComboFix.exe[/b:50fbde55f7] zoals getoond in onderstaand voorbeeld :

    [img:50fbde55f7]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:50fbde55f7]

    Dit zal [b:50fbde55f7]ComboFix[/b:50fbde55f7] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:50fbde55f7]Combofix.txt[/b:50fbde55f7] in je volgende antwoord samen met een nieuw HijackThislogje.

    ComboFix zal een gezipt bestand op je Bureaublad plaatsen, met de naam [4]-Submit_Date_Time.zip
    Na afloop van de scan wordt een venstertje met de titel "Submit files for further analysis" geopend.
    Klik op OK om de upload-pagina te openen.
    Kopieer de vetgedrukte padbeschrijving op deze pagina, en plak het in het invulvenster.
    Klik vervolgens op Send File.
  • [quote:655b8c8e02="pimvandenderen"]@Sander, dit probleem ga je echt niet met Smitfraudfix oplossen aangezien het hier om een Vundo infectie gaat, vandaar dat ik Combofix inzet. En door een out-of-date java alleen keert deze alleen niet terug hoor :wink:
    [/quote:655b8c8e02]

    Idd, je hebt gelijk. Zie nou die vtsqq.dll pas… Toch eens vroeger naar bed gaan ;-)

    Ben het met je eens dat door een oude java update alleen deze niet terug keert. Echter merk ik wel dat als gebruikers eenmaal een infectie binnen hebben gekregen, ze er een tweede keer vaak net zo makkelijk aan geraken. Zeker is het deinstalleren van eventuele oude Java updates een heel mooi begin om dit te voorkomen, vind je niet ;-)

    Wel relaxte ComboFix oplossing heb je hier btw, hulde \o/
  • [quote:8b7dd37573]
    Ben het met je eens dat door een oude java update alleen deze niet terug keert. Echter merk ik wel dat als gebruikers eenmaal een infectie binnen hebben gekregen, ze er een tweede keer vaak net zo makkelijk aan geraken. Zeker is het deinstalleren van eventuele oude Java updates een heel mooi begin om dit te voorkomen, vind je niet[/quote:8b7dd37573]

    Is zeker een mooi begin, maar toch komt merendeel van de zooi binnen via downloads, en voornamelijk via cracks, keygen etc. Ik durf er niet direct een percentage aan vast te knopen, maar dit kan wel eens boven de 80% liggen.

    Daarom altijd eerst alles schoon maken en pas als hij weer volledig malware vrij is, alles weer laten updaten :wink:
  • [quote:d2d357e7fa]
    ComboFix 08-03-25.4 - Marc 2008-04-01 11:32:14.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.63 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Marc\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Marc\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    * Resident AV is active


    FILE ::
    C:\WINDOWS\system32\pmjqsfxj.dll_old
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\VundoFix Backups
    C:\WINDOWS\system32\imtedrdd.ini
    C:\WINDOWS\system32\jxfsqjmp.ini
    C:\WINDOWS\system32\lbviqviu.ini
    C:\WINDOWS\system32
    ppplvxr.ini
    C:\WINDOWS\system32\pmjqsfxj.dll_old
    C:\WINDOWS\system32\rxkeqqdv.ini
    C:\WINDOWS\system32\slrihqsv.ini
    C:\WINDOWS\system32\wdcncoag.ini

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))
    .

    2008-03-31 20:59 . 2008-03-31 21:06 2,198 –a—— C:\WINDOWS\system32\tmp.reg
    2008-03-31 19:59 . 2008-03-31 20:36 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Hamachi
    2008-03-31 19:58 . 2008-03-31 19:59 <DIR> d——– C:\Program Files\Hamachi
    2008-03-31 19:58 . 2008-03-31 19:58 25,280 –a—— C:\WINDOWS\system32\drivers\hamachi.sys
    2008-03-25 11:54 . 2008-03-26 10:32 1,534,198 —hs—- C:\WINDOWS\system32\pjwidpvp.ini
    2008-03-24 14:21 . 2008-03-24 14:21 <DIR> d——– C:\Program Files\Trend Micro
    2008-03-23 00:29 . 2008-03-23 00:29 <DIR> d——– C:\Documents and Settings\Marc\Application Data\MPEG Streamclip
    2008-03-23 00:29 . 2008-03-23 00:29 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-03-23 00:29 . 2007-04-27 10:42 65,536 –a—— C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-23 00:29 . 2007-04-27 10:42 49,152 –a—— C:\WINDOWS\system32\QuickTime.qts
    2008-03-23 00:28 . 2008-03-23 00:29 <DIR> d——– C:\Program Files\QuickTime Alternative
    2008-03-23 00:28 . 2008-03-23 00:28 <DIR> d——– C:\Program Files\Media Player Classic
    2008-03-22 15:48 . 2008-03-23 18:46 321 –a—— C:\WINDOWS\wininit.ini
    2008-03-22 15:18 . 2008-03-22 15:18 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2008-03-22 15:18 . 2008-03-22 15:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-22 13:34 . 2008-03-22 13:34 <DIR> d——– C:\Program Files\SIW
    2008-03-22 13:06 . 2008-03-22 13:06 <DIR> d——– C:\Program Files\Lavasoft
    2008-03-22 13:06 . 2008-03-22 13:06 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-21 23:30 . 2008-03-21 23:30 35,836 –a—— C:\WINDOWS\17PHolmes572.exe
    2008-03-21 23:24 . 2008-03-21 23:24 <DIR> d——– C:\WINDOWS\Sun
    2008-03-16 19:42 . 2008-03-16 19:42 <DIR> d——– C:\Documents and Settings\Marc\LimeWire Store Purchased
    2008-03-16 19:42 . 2008-03-16 19:42 <DIR> d——– C:\Documents and Settings\Marc\LimeWire Shared
    2008-03-16 19:41 . 2008-03-16 19:41 <DIR> d——– C:\Documents and Settings\Marc\Incomplete
    2008-03-16 19:41 . 2008-03-29 16:05 <DIR> d——– C:\Documents and Settings\Marc\Application Data\LimeWirePlus
    2008-03-16 19:40 . 2008-02-22 03:33 69,632 –a—— C:\WINDOWS\system32\javacpl.cpl
    2008-03-16 19:39 . 2008-03-16 19:40 <DIR> d——– C:\Program Files\Java
    2008-03-16 19:38 . 2008-03-16 19:38 <DIR> d——– C:\Program Files\Common Files\Java
    2008-03-16 19:33 . 2008-03-16 19:41 <DIR> d——– C:\Program Files\LimeWire Plus
    2008-03-15 17:42 . 2008-03-15 17:42 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Publish Providers
    2008-03-15 17:41 . 2008-03-16 13:14 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Sony
    2008-03-15 16:19 . 2005-05-26 16:34 2,297,552 –a—— C:\WINDOWS\system32\d3dx9_26.dll
    2008-03-15 16:09 . 2008-03-15 16:09 <DIR> d——– C:\Program Files\Microsoft Games
    2008-03-14 22:28 . 2008-03-30 16:30 <DIR> d——– C:\Fraps
    2008-03-14 01:06 . 2008-03-14 01:06 41,296 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-03-13 21:20 . 2008-03-13 21:20 204,800 –a—— C:\WINDOWS\TinyBHO.dll
    2008-03-09 16:56 . 2008-03-09 16:56 <DIR> d——– C:\Program Files\Download Manager
    2008-03-09 16:55 . 2008-03-09 17:50 <DIR> d——– C:\Documents and Settings\Marc\Application Data\IGN_DLM
    2008-03-09 13:14 . 2008-03-09 14:06 <DIR> d——– C:\Program Files\Fifa Master
    2008-03-09 00:13 . 2003-03-16 01:15 90,112 –a—— C:\WINDOWS\unvise32.exe
    2008-03-08 23:58 . 2001-12-15 13:10 294,912 –a—— C:\WINDOWS\system32\Euphoria.scr
    2008-03-08 18:36 . 2008-03-08 21:26 <DIR> d——– C:\Program Files\EA Sports
    2008-03-08 17:23 . 2008-03-08 17:23 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2008-03-08 17:18 . 2008-03-08 17:18 <DIR> d——– C:\WINDOWS\system32\LogFiles
    2008-03-08 17:18 . 2008-03-08 17:19 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
    2008-03-08 17:08 . 2008-03-08 17:08 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2008-03-08 17:08 . 2008-01-10 14:15 755,027 –a—— C:\WINDOWS\system32\xvidcore.dll
    2008-03-08 17:08 . 2007-09-04 18:56 164,352 –a—— C:\WINDOWS\system32\unrar.dll
    2008-03-08 17:00 . 2008-03-08 17:00 <DIR> d——– C:\Documents and Settings\Marc\Application Data\vlc
    2008-03-08 16:59 . 2008-03-08 16:59 <DIR> d——– C:\Program Files\VideoLAN
    2008-03-08 14:51 . 2008-03-08 14:51 <DIR> d——– C:\Program Files\Vstplugins
    2008-03-08 14:51 . 2008-03-15 17:16 <DIR> d——– C:\Program Files\Sony
    2008-03-08 14:51 . 2008-03-15 17:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Sony
    2008-03-08 14:31 . 2008-03-08 14:31 <DIR> d——– C:\Program Files\MSBuild
    2008-03-08 14:25 . 2008-03-08 14:25 <DIR> d——– C:\WINDOWS\system32\XPSViewer
    2008-03-08 14:24 . 2008-03-08 14:24 <DIR> d——– C:\Program Files\Reference Assemblies
    2008-03-08 14:23 . 2008-03-08 14:23 <DIR> d——– C:\Program Files\Teach2000
    2008-03-08 14:23 . 2006-06-29 14:07 14,048 ——— C:\WINDOWS\system32\spmsg2.dll
    2008-03-08 14:10 . 2008-03-15 17:14 <DIR> d——– C:\Program Files\Sony Setup
    2008-03-08 14:10 . 2008-03-08 14:10 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Sony Setup
    2008-03-08 14:02 . 2008-03-08 14:02 <DIR> d——– C:\Program Files\VentSrv
    2008-03-08 13:59 . 2008-03-08 13:59 <DIR> d——– C:\Program Files\Ventrilo
    2008-03-08 13:59 . 2008-03-08 14:00 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Ventrilo
    2008-03-08 13:58 . 2008-03-22 13:05 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-08 13:23 . 2008-03-08 13:23 <DIR> d——– C:\Program Files\Common Files\Adobe Systems Shared
    2008-03-08 13:21 . 2008-03-08 13:26 <DIR> d——– C:\Program Files\Common Files\Adobe
    2008-03-08 13:21 . 2008-03-08 13:21 1,233,920 –a—— C:\WINDOWS\system32\msxml4.dll
    2008-03-08 13:21 . 2008-03-08 13:21 82,432 –a—— C:\WINDOWS\system32\msxml4r.dll
    2008-03-08 11:20 . 2008-03-08 11:20 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\Xfire
    2008-03-08 10:06 . 2008-03-08 10:06 <DIR> d——– C:\Program Files\DAEMON Tools Lite
    2008-03-07 22:43 . 2008-03-07 22:43 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Teletekst
    2008-03-07 22:43 . 2008-03-07 22:43 86 –a—— C:\WINDOWS\Teletekst.ini
    2008-03-07 22:42 . 2008-03-07 22:42 <DIR> d——– C:\Program Files\Teletekstbrowser
    2008-03-07 21:00 . 2008-03-07 21:00 379 –a—— C:\WINDOWS\ODBC.INI
    2008-03-07 20:59 . 2007-04-09 15:23 28,040 –a—— C:\WINDOWS\system32\mdimon.dll
    2008-03-07 20:58 . 2008-03-07 20:58 <DIR> d——– C:\Program Files\Microsoft.NET
    2008-03-07 20:58 . 2008-03-07 20:58 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2008-03-07 20:54 . 2008-03-07 20:58 <DIR> d——– C:\WINDOWS\SHELLNEW
    2008-03-07 20:19 . 2008-03-07 20:19 1,158 –a—— C:\WINDOWS\mozver.dat
    2008-03-07 20:14 . 2008-03-07 20:14 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Talkback
    2008-03-07 20:14 . 2008-03-07 20:14 0 –a—— C:\WINDOWS
    sreg.dat
    2008-03-07 20:09 . 2008-03-07 20:09 <DIR> d——– C:\Documents and Settings\Marc\Application Data\DAEMON Tools
    2008-03-07 20:09 . 2008-03-07 20:09 716,272 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-07 19:53 . 2008-03-08 15:02 <DIR> d——– C:\Documents and Settings\Marc\Application Data\teamspeak2
    2008-03-07 19:53 . 2008-03-07 19:53 34,064 –a—— C:\WINDOWS\system32\lhacm.acm
    2008-03-07 19:52 . 2008-03-07 19:53 <DIR> d——– C:\Program Files\Teamspeak2_RC2
    2008-03-07 19:48 . 2008-03-07 19:48 <DIR> d——– C:\Documents and Settings\NetworkService\Application Data\Xfire
    2008-03-07 19:46 . 2008-03-31 21:12 <DIR> d——– C:\Program Files\GameSpy Arcade
    2008-03-07 19:42 . 2008-03-07 19:42 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-03-07 19:40 . 2008-03-07 19:40 <DIR> d——– C:\Program Files\Messenger Plus! Live
    2008-03-07 19:28 . 2008-03-31 21:45 72,710,176 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-03-07 19:28 . 2008-03-31 21:45 700,880 –ahs—- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d——– C:\Program Files\ESET
    2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2008-03-07 19:18 . 2008-03-07 19:18 <DIR> d——– C:\Program Files\ZoneAlarmSB
    2008-03-07 19:17 . 2008-03-07 19:17 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-07 19:17 . 2007-11-14 17:05 75,248 –a—— C:\WINDOWS\zllsputility.exe
    2008-03-07 19:17 . 2008-03-07 19:18 4,212 —h—– C:\WINDOWS\system32\zllictbl.dat
    2008-03-07 19:16 . 2008-03-07 19:16 <DIR> d——– C:\Program Files\Zone Labs
    2008-03-07 19:13 . 2008-03-26 10:34 <DIR> d——– C:\Program Files\Xfire
    2008-03-07 19:13 . 2008-03-31 17:49 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Xfire

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-29 13:05 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-03-26 13:02 1,760,768 —-a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-03-26 13:02 1,526,784 —-a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-03-14 17:12 1,496,576 —-a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-03-14 17:12 1,451,008 —-a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-03-08 21:40 219,136 —-a-w C:\WINDOWS\system32\uxtheme.dll
    2008-03-07 15:35 ——— d—–w C:\Documents and Settings\Marc\Application Data\U3
    2008-03-07 14:57 ——— d—–w C:\Program Files\NVIDIA Corporation
    2008-03-07 14:56 ——— d—–w C:\Program Files\Common Files\InstallShield
    2008-03-07 14:07 ——— d—–w C:\Program Files\Everest HE
    2008-03-07 13:30 ——— d—–w C:\Program Files\microsoft frontpage
    2008-02-20 10:11 33,800 —-a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
    2008-02-20 10:02 29,704 —-a-w C:\WINDOWS\system32\drivers\easdrv.sys
    2008-02-20 10:01 39,944 —-a-w C:\WINDOWS\system32\drivers\eamon.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-31_18.07.01.84 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2000-08-31 07:00:00 136,704 —-a-w C:\WINDOWS\system32\swsc.exe
    + 2000-08-31 06:00:00 136,704 —-a-w C:\WINDOWS\system32\swsc.exe
    - 2000-08-31 07:00:00 212,480 —-a-w C:\WINDOWS\system32\swxcacls.exe
    + 2000-08-31 06:00:00 212,480 —-a-w C:\WINDOWS\system32\swxcacls.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{274E36B1-41E6-46CD-8BA5-2FB9501EFCC3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{664D1A44-9177-4C9B-AFFB-D586AD02BB7C}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C111475-A56D-46D4-8EE9-4A436D0FC0E7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC26FD75-2AB2-4C55-A2AC-A59384D3E06F}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B883D1E7-854D-4DBE-AC3F-28AD6AADC493}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c24d83ce-f279-4fe2-8ed9-36c37ed6eaf3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd568163-0d8a-41e9-8aae-df381c24c1c9}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    2008-03-07 19:18 262144 –a—— C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-08 19:59 68856]
    "Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 12:40 1271032]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-03-07 19:01 190024]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
    "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 23:57 1103480]
    "Fraps"="C:\FRAPS\FRAPS.EXE" [2005-06-15 16:57 2793472]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    TrayFw.exe" [2005-12-21 12:52 270336]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

    C:\Documents and Settings\Marc\Menu Start\Programma's\Opstarten\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-03-14 01:06:18 2979664]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5247b72f-ec4b-11dc-b00f-e7b6cfba599a}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-01 11:36:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-04-01 11:39:43
    ComboFix-quarantined-files.txt 2008-04-01 09:39:38
    ComboFix2.txt 2008-03-31 16:07:29
    [/quote:d2d357e7fa]
    Explorer.exe heeft zich trouwens wel afgesloten tijdens die scan van Combofix.

    HiJack logje:

    [quote:d2d357e7fa]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:43:34, on 1-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    TrayFw.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\FRAPS\FRAPS.EXE
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Documents and Settings\Marc\Bureaublad\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {274E36B1-41E6-46CD-8BA5-2FB9501EFCC3} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {664D1A44-9177-4C9B-AFFB-D586AD02BB7C} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7C111475-A56D-46D4-8EE9-4A436D0FC0E7} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {AC26FD75-2AB2-4C55-A2AC-A59384D3E06F} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {B883D1E7-854D-4DBE-AC3F-28AD6AADC493} - (no file)
    O2 - BHO: (no name) - {c24d83ce-f279-4fe2-8ed9-36c37ed6eaf3} - (no file)
    O2 - BHO: (no name) - {cd568163-0d8a-41e9-8aae-df381c24c1c9} - (no file)
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
    O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    TrayFw.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204904657484
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 9232 bytes
    [/quote:d2d357e7fa]
  • Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit.
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident TeaTimer en klik OK
    - Herstart de computer
    - Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.

    Deze file mag je nog verwijderen:
    C:\WINDOWS\system32\pjwidpvp.ini

    Start Hijackthis, kies voor [i:e602cdfa56]'Do a system scan only'[/i:e602cdfa56] en vink onderstaande regels aan:
    [b:e602cdfa56]
    O2 - BHO: (no name) - {274E36B1-41E6-46CD-8BA5-2FB9501EFCC3} - (no file)
    O2 - BHO: (no name) - {664D1A44-9177-4C9B-AFFB-D586AD02BB7C} - (no file)
    O2 - BHO: (no name) - {7C111475-A56D-46D4-8EE9-4A436D0FC0E7} - (no file)
    O2 - BHO: (no name) - {AC26FD75-2AB2-4C55-A2AC-A59384D3E06F} - (no file)
    O2 - BHO: (no name) - {B883D1E7-854D-4DBE-AC3F-28AD6AADC493} - (no file)
    O2 - BHO: (no name) - {c24d83ce-f279-4fe2-8ed9-36c37ed6eaf3} - (no file)
    O2 - BHO: (no name) - {cd568163-0d8a-41e9-8aae-df381c24c1c9} - (no file)
    O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
    [/b:e602cdfa56]
    Sluit nu [u:e602cdfa56]alle[/u:e602cdfa56] openstaande vensters, behalve Hijackthis en klik op [b:e602cdfa56]Fix Checked[/b:e602cdfa56].

    Nog problemen?

    Pim
  • Ok ik heb je instructies opgevolgd, het was helemaal weg nadat ik dit gedaan had maar nu kan ik opeens Internet Explorer niet meer opstarten, en Firefox nadat ik een paar keer geklikt op het icoon heb en nadat ik die processen weer heb afgesloten.
    Trouwens ik kon die pjwidpvp.ini niet vinden in mijn system32 map dus kon ik het ook niet verwijderen, misschien dat dit het probleem is?
    Ik heb voor de zekerheid nog maar even een HiJack logje gemaakt.

    [quote:c2031e8b28]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:15:19, on 2-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    TrayFw.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\FRAPS\FRAPS.EXE
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Webteh\BSplayer\bsplayer.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\GameSpy Arcade\Aphex.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    TrayFw.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204904657484
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 8312 bytes
    [/quote:c2031e8b28]
  • Overigens heb ik geen pop-ups meer maar het enige probleem nu is dat ieexplore niet opstart.
  • Heb je toevallig Internet Explorer 7? In dat geval zou je eens kunnen proberen om deze te draaien zonder invoegtoepassingen;
    Start -> Bureau Accesoires -> Systeembeheer -> Internet Explorer (zonder invoegtoepassingen).

    Ben benieuwd wat hij dan doet 8)
  • Kan je ook eens Combofix opnieuw laten lopen en de log posten?
  • [quote:f1db73a284]ComboFix 08-03-25.4 - Marc 2008-04-06 18:10:09.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.129 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Marc\Bureaublad\ComboFix.exe
    * Resident AV is active

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))
    .

    2008-04-06 11:21 . 2008-04-06 12:54 <DIR> d——– C:\Westwood
    2008-04-05 09:54 . 2004-08-04 01:03 221,184 –a—— C:\WINDOWS\system32\wmpns.dll
    2008-04-05 09:52 . 2008-04-05 09:52 <DIR> d——– C:\WINDOWS\Driver Cache
    2008-04-03 17:36 . 2007-07-30 19:19 271,224 –a—— C:\WINDOWS\system32\mucltui.dll
    2008-04-03 17:36 . 2007-07-30 19:19 207,736 –a—— C:\WINDOWS\system32\muweb.dll
    2008-04-03 17:36 . 2007-07-30 19:18 30,072 –a—— C:\WINDOWS\system32\mucltui.dll.mui
    2008-03-31 20:59 . 2008-03-31 21:06 2,198 –a—— C:\WINDOWS\system32\tmp.reg
    2008-03-31 19:59 . 2008-04-03 21:33 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Hamachi
    2008-03-31 19:58 . 2008-03-31 19:59 <DIR> d——– C:\Program Files\Hamachi
    2008-03-31 19:58 . 2008-03-31 19:58 25,280 –a—— C:\WINDOWS\system32\drivers\hamachi.sys
    2008-03-25 11:54 . 2008-03-26 10:32 1,534,198 —hs—- C:\WINDOWS\system32\pjwidpvp.ini
    2008-03-24 14:21 . 2008-03-24 14:21 <DIR> d——– C:\Program Files\Trend Micro
    2008-03-23 00:29 . 2008-03-23 00:29 <DIR> d——– C:\Documents and Settings\Marc\Application Data\MPEG Streamclip
    2008-03-23 00:29 . 2008-03-23 00:29 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-03-23 00:29 . 2007-04-27 10:42 65,536 –a—— C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-23 00:29 . 2007-04-27 10:42 49,152 –a—— C:\WINDOWS\system32\QuickTime.qts
    2008-03-23 00:28 . 2008-03-23 00:29 <DIR> d——– C:\Program Files\QuickTime Alternative
    2008-03-23 00:28 . 2008-03-23 00:28 <DIR> d——– C:\Program Files\Media Player Classic
    2008-03-22 15:48 . 2008-03-23 18:46 321 –a—— C:\WINDOWS\wininit.ini
    2008-03-22 15:18 . 2008-03-22 15:18 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2008-03-22 15:18 . 2008-03-22 15:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-22 13:34 . 2008-03-22 13:34 <DIR> d——– C:\Program Files\SIW
    2008-03-22 13:06 . 2008-03-22 13:06 <DIR> d——– C:\Program Files\Lavasoft
    2008-03-22 13:06 . 2008-03-22 13:06 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-21 23:30 . 2008-03-21 23:30 35,836 –a—— C:\WINDOWS\17PHolmes572.exe
    2008-03-21 23:24 . 2008-03-21 23:24 <DIR> d——– C:\WINDOWS\Sun
    2008-03-16 19:42 . 2008-03-16 19:42 <DIR> d——– C:\Documents and Settings\Marc\LimeWire Store Purchased
    2008-03-16 19:42 . 2008-03-16 19:42 <DIR> d——– C:\Documents and Settings\Marc\LimeWire Shared
    2008-03-16 19:41 . 2008-03-16 19:41 <DIR> d——– C:\Documents and Settings\Marc\Incomplete
    2008-03-16 19:41 . 2008-04-02 19:24 <DIR> d——– C:\Documents and Settings\Marc\Application Data\LimeWirePlus
    2008-03-16 19:40 . 2008-02-22 03:33 69,632 –a—— C:\WINDOWS\system32\javacpl.cpl
    2008-03-16 19:39 . 2008-03-16 19:40 <DIR> d——– C:\Program Files\Java
    2008-03-16 19:38 . 2008-03-16 19:38 <DIR> d——– C:\Program Files\Common Files\Java
    2008-03-16 19:33 . 2008-03-16 19:41 <DIR> d——– C:\Program Files\LimeWire Plus
    2008-03-15 17:42 . 2008-03-15 17:42 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Publish Providers
    2008-03-15 17:41 . 2008-03-16 13:14 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Sony
    2008-03-15 16:19 . 2005-05-26 16:34 2,297,552 –a—— C:\WINDOWS\system32\d3dx9_26.dll
    2008-03-15 16:09 . 2008-03-15 16:09 <DIR> d——– C:\Program Files\Microsoft Games
    2008-03-14 22:28 . 2008-04-06 13:20 <DIR> d——– C:\Fraps
    2008-03-14 01:06 . 2008-03-14 01:06 41,296 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-03-13 21:20 . 2008-03-13 21:20 204,800 –a—— C:\WINDOWS\TinyBHO.dll
    2008-03-09 16:56 . 2008-03-09 16:56 <DIR> d——– C:\Program Files\Download Manager
    2008-03-09 16:55 . 2008-03-09 17:50 <DIR> d——– C:\Documents and Settings\Marc\Application Data\IGN_DLM
    2008-03-09 13:14 . 2008-03-09 14:06 <DIR> d——– C:\Program Files\Fifa Master
    2008-03-09 00:13 . 2003-03-16 01:15 90,112 –a—— C:\WINDOWS\unvise32.exe
    2008-03-08 23:58 . 2001-12-15 13:10 294,912 –a—— C:\WINDOWS\system32\Euphoria.scr
    2008-03-08 18:36 . 2008-03-08 21:26 <DIR> d——– C:\Program Files\EA Sports
    2008-03-08 17:23 . 2008-03-08 17:23 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2008-03-08 17:18 . 2008-03-08 17:18 <DIR> d——– C:\WINDOWS\system32\LogFiles
    2008-03-08 17:18 . 2008-03-08 17:19 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
    2008-03-08 17:08 . 2008-03-08 17:08 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2008-03-08 17:08 . 2008-01-10 14:15 755,027 –a—— C:\WINDOWS\system32\xvidcore.dll
    2008-03-08 17:08 . 2007-09-04 18:56 164,352 –a—— C:\WINDOWS\system32\unrar.dll
    2008-03-08 17:00 . 2008-03-08 17:00 <DIR> d——– C:\Documents and Settings\Marc\Application Data\vlc
    2008-03-08 16:59 . 2008-03-08 16:59 <DIR> d——– C:\Program Files\VideoLAN
    2008-03-08 14:51 . 2008-03-08 14:51 <DIR> d——– C:\Program Files\Vstplugins
    2008-03-08 14:51 . 2008-03-15 17:16 <DIR> d——– C:\Program Files\Sony
    2008-03-08 14:51 . 2008-03-15 17:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Sony
    2008-03-08 14:31 . 2008-03-08 14:31 <DIR> d——– C:\Program Files\MSBuild
    2008-03-08 14:25 . 2008-03-08 14:25 <DIR> d——– C:\WINDOWS\system32\XPSViewer
    2008-03-08 14:24 . 2008-03-08 14:24 <DIR> d——– C:\Program Files\Reference Assemblies
    2008-03-08 14:23 . 2008-03-08 14:23 <DIR> d——– C:\Program Files\Teach2000
    2008-03-08 14:23 . 2006-06-29 14:07 14,048 ——— C:\WINDOWS\system32\spmsg2.dll
    2008-03-08 14:10 . 2008-03-15 17:14 <DIR> d——– C:\Program Files\Sony Setup
    2008-03-08 14:10 . 2008-03-08 14:10 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Sony Setup
    2008-03-08 14:02 . 2008-03-08 14:02 <DIR> d——– C:\Program Files\VentSrv
    2008-03-08 13:59 . 2008-03-08 13:59 <DIR> d——– C:\Program Files\Ventrilo
    2008-03-08 13:59 . 2008-03-08 14:00 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Ventrilo
    2008-03-08 13:58 . 2008-03-22 13:05 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-08 13:23 . 2008-03-08 13:23 <DIR> d——– C:\Program Files\Common Files\Adobe Systems Shared
    2008-03-08 13:21 . 2008-03-08 13:26 <DIR> d——– C:\Program Files\Common Files\Adobe
    2008-03-08 13:21 . 2008-03-08 13:21 1,233,920 –a—— C:\WINDOWS\system32\msxml4.dll
    2008-03-08 13:21 . 2008-03-08 13:21 82,432 –a—— C:\WINDOWS\system32\msxml4r.dll
    2008-03-08 11:20 . 2008-03-08 11:20 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\Xfire
    2008-03-08 10:06 . 2008-03-08 10:06 <DIR> d——– C:\Program Files\DAEMON Tools Lite
    2008-03-07 22:43 . 2008-03-07 22:43 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Teletekst
    2008-03-07 22:43 . 2008-03-07 22:43 86 –a—— C:\WINDOWS\Teletekst.ini
    2008-03-07 22:42 . 2008-03-07 22:42 <DIR> d——– C:\Program Files\Teletekstbrowser
    2008-03-07 21:00 . 2008-03-07 21:00 379 –a—— C:\WINDOWS\ODBC.INI
    2008-03-07 20:59 . 2007-04-09 15:23 28,040 –a—— C:\WINDOWS\system32\mdimon.dll
    2008-03-07 20:58 . 2008-03-07 20:58 <DIR> d——– C:\Program Files\Microsoft.NET
    2008-03-07 20:58 . 2008-03-07 20:58 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2008-03-07 20:54 . 2008-03-07 20:58 <DIR> d——– C:\WINDOWS\SHELLNEW
    2008-03-07 20:19 . 2008-03-07 20:19 1,158 –a—— C:\WINDOWS\mozver.dat
    2008-03-07 20:14 . 2008-03-07 20:14 <DIR> d——– C:\Documents and Settings\Marc\Application Data\Talkback
    2008-03-07 20:14 . 2008-03-07 20:14 0 –a—— C:\WINDOWS
    sreg.dat
    2008-03-07 20:09 . 2008-03-07 20:09 <DIR> d——– C:\Documents and Settings\Marc\Application Data\DAEMON Tools
    2008-03-07 20:09 . 2008-03-07 20:09 716,272 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-07 19:53 . 2008-03-08 15:02 <DIR> d——– C:\Documents and Settings\Marc\Application Data\teamspeak2
    2008-03-07 19:53 . 2008-03-07 19:53 34,064 –a—— C:\WINDOWS\system32\lhacm.acm
    2008-03-07 19:52 . 2008-03-07 19:53 <DIR> d——– C:\Program Files\Teamspeak2_RC2
    2008-03-07 19:48 . 2008-03-07 19:48 <DIR> d——– C:\Documents and Settings\NetworkService\Application Data\Xfire
    2008-03-07 19:46 . 2008-04-06 12:00 <DIR> d——– C:\Program Files\GameSpy Arcade
    2008-03-07 19:42 . 2008-03-07 19:42 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-03-07 19:40 . 2008-04-04 20:49 <DIR> d——– C:\Program Files\Messenger Plus! Live
    2008-03-07 19:28 . 2008-04-06 18:16 78,825,504 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-03-07 19:28 . 2008-04-06 00:48 922,388 –ahs—- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d——– C:\Program Files\ESET
    2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2008-03-07 19:18 . 2008-03-07 19:18 <DIR> d——– C:\Program Files\ZoneAlarmSB

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-02 13:53 1,167,811 —-a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-03-29 13:05 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-03-26 13:02 1,760,768 —-a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-03-26 13:02 1,526,784 —-a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-03-14 17:12 1,496,576 —-a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-03-14 17:12 1,451,008 —-a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-03-08 21:40 219,136 —-a-w C:\WINDOWS\system32\uxtheme.dll
    2008-03-07 15:35 ——— d—–w C:\Documents and Settings\Marc\Application Data\U3
    2008-03-07 14:57 ——— d—–w C:\Program Files\NVIDIA Corporation
    2008-03-07 14:56 ——— d—–w C:\Program Files\Common Files\InstallShield
    2008-03-07 14:07 ——— d—–w C:\Program Files\Everest HE
    2008-03-07 13:30 ——— d—–w C:\Program Files\microsoft frontpage
    2008-02-20 10:11 33,800 —-a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
    2008-02-20 10:02 29,704 —-a-w C:\WINDOWS\system32\drivers\easdrv.sys
    2008-02-20 10:01 39,944 —-a-w C:\WINDOWS\system32\drivers\eamon.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-31_18.07.01.84 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2004-11-17 17:42:19 352,768 —-a-w C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll
    + 2004-10-14 08:35:36 8,704 —-a-w C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll
    + 2004-10-14 08:36:26 171,520 —-a-w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
    + 2004-10-14 08:36:24 21,504 —-a-w C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll
    + 2004-10-14 08:35:38 663,552 —-a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
    + 2004-10-28 01:30:16 727,040 —-a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll
    + 2004-10-28 01:15:16 448,128 —-a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
    + 2004-10-28 01:14:56 174,592 —-a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys
    + 2004-10-14 09:35:36 8,704 —-a-w C:\WINDOWS\$hf_mig$\KB885835\spmsg.dll
    + 2004-10-14 09:36:26 171,520 —-a-w C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe
    + 2004-10-14 09:36:24 21,504 —-a-w C:\WINDOWS\$hf_mig$\KB885835\update\spcustom.dll
    + 2004-10-14 09:35:38 663,552 —-a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
    + 2004-10-14 09:35:36 8,704 —-a-w C:\WINDOWS\$hf_mig$\KB885836\spmsg.dll
    + 2004-10-14 09:36:26 171,520 —-a-w C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe
    + 2004-10-14 09:36:24 21,504 —-a-w C:\WINDOWS\$hf_mig$\KB885836\update\spcustom.dll
    + 2004-10-14 09:35:38 663,552 —-a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
    + 2004-10-13 16:21:24 1,694,208 —-a-w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
    + 2004-10-14 09:35:36 8,704 —-a-w C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll
    + 2004-10-14 09:36:26 171,520 —-a-w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
    + 2004-10-14 09:36:24 21,504 —-a-w C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll
    + 2004-10-14 09:35:38 663,552 —-a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
    + 2004-12-07 19:33:24 96,768 —-a-w C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll
    + 2004-11-30 12:47:18 8,704 —-a-w C:\WINDOWS\$hf_mig$\KB888302\spmsg.dll
    + 2004-11-30 18:22:46 171,520 —-a-w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe
    + 2004-11-30 18:22:46 21,504 —-a-w C:\WINDOWS\$hf_mig$\KB888302\update\spcustom.dll
    + 2004-11-30 12:47:18 663,552 —-a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
    + 2005-04-22 05:20:50 57,344 —-a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\agentdpv.dll
    + 2005-05-17 00:44:58 18,944 —-a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\spru0413.dll
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll
    + 2005-03-02 18:21:08 62,464 —-a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll
    + 2005-03-02 18:14:50 2,140,160 —-a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE
    tkrnlmp.exe
    + 2005-03-02 18:14:49 2,061,312 —-a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE
    tkrnlpa.exe
    + 2005-03-02 18:14:55 2,019,840 —-a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE
    tkrpamp.exe
    + 2005-03-02 18:15:00 2,183,936 —-a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE
    toskrnl.exe
    + 2005-03-02 18:21:08 578,560 —-a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
    + 2005-03-02 18:14:44 1,836,416 —-a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys
    + 2005-03-02 18:21:08 291,840 —-a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll
    + 2005-02-24 17:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
    + 2005-02-24 17:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
    + 2005-02-24 17:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
    + 2005-02-24 17:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
    + 2005-02-24 17:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
    + 2004-11-30 12:47:18 8,704 —-a-w C:\WINDOWS\$hf_mig$\KB891781\spmsg.dll
    + 2004-11-30 18:22:46 171,520 —-a-w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe
    + 2004-11-30 18:22:46 21,504 —-a-w C:\WINDOWS\$hf_mig$\KB891781\update\spcustom.dll
    + 2004-11-30 12:47:18 663,552 —-a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
    + 2005-07-08 16:31:04 249,344 —-a-w C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe
    + 2005-07-07 17:27:08 30,720 —-a-w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll
    + 2005-04-28 19:38:16 1,286,144 —-a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll
    + 2005-04-28 19:38:15 74,752 —-a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecli32.dll
    + 2005-04-28 19:38:15 37,376 —-a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecnv32.dll
    + 2005-04-28 19:38:15 396,288 —-a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
    + 2005-05-26 23:26:50 10,752 —-a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe
    + 2005-05-27 02:11:38 41,472 —-a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll
    + 2005-05-27 02:11:38 155,136 —-a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll
    + 2005-05-27 02:11:38 137,216 —-a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll
    + 2005-06-11 00:17:13 57,856 —-a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
    + 2005-06-29 14:54:32 30,720 —-a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
    + 2005-05-11 02:34:09 79,360 —-a-w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll
    + 2005-06-15 17:49:54 297,984 —-a-w C:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe
    + 2005-06-29 14:54:32 30,720 —-a-w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll
    + 2005-06-10 04:06:01 139,528 —-a-w C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
    + 2005-06-29 14:54:32 30,720 —-a-w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
    + 2006-02-15 00:30:07 142,464 —-a-w C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB900485\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll
    + 2005-09-01 02:54:25 19,968 —-a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
    + 2005-09-23 03:27:39 8,499,712 —-a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll
    + 2005-09-02 23:55:55 474,624 —-a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll
    + 2005-09-27 00:47:55 23,040 —-a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\spru0413.dll
    + 2005-09-01 02:54:25 292,352 —-a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe
    + 2005-09-26 15:36:24 30,720 —-a-w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll
    + 2005-09-10 01:54:10 2,068,480 —-a-w C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe
    + 2005-09-09 14:26:26 30,720 —-a-w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll
    + 2005-06-29 01:54:27 254,976 —-a-w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\icm32.dll
    + 2005-06-29 01:54:27 73,728 —-a-w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\mscms.dll
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll
    + 2005-07-26 04:36:41 225,792 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll
    + 2005-07-26 04:36:41 625,152 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll
    + 2005-07-26 04:36:41 110,080 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
    + 2005-07-26 04:36:42 498,688 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
    + 2005-07-26 04:36:42 60,416 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll
    + 2005-07-26 04:36:42 195,072 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll
    + 2005-07-26 04:36:42 97,792 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll
    + 2005-07-26 04:36:43 1,267,200 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll
    + 2005-07-26 04:36:44 540,160 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll
    + 2005-07-26 04:36:44 243,200 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
    + 2005-07-25 23:42:35 8,704 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe
    + 2005-07-26 04:36:44 425,472 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll
    + 2005-07-26 04:36:45 945,152 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll
    + 2005-07-26 04:36:45 161,280 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll
    + 2005-07-26 04:36:45 66,560 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll
    + 2005-07-26 04:36:45 91,136 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll
    + 2005-07-26 04:36:46 1,285,632 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll
    + 2005-07-26 04:36:46 74,752 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll
    + 2005-07-26 04:36:46 37,376 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll
    + 2005-07-26 04:36:47 398,336 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    + 2005-07-26 04:36:47 101,376 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll
    + 2005-07-26 04:36:47 11,776 —-a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe
    + 2005-07-25 17:21:18 30,720 —-a-w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll
    + 2005-08-22 18:27:32 197,632 —-a-w C:\WINDOWS\$hf_mig$\KB905414\SP2QFE
    etman.dll
    + 2005-02-25 03:35:56 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB905414\spmsg.dll
    + 2005-02-25 03:35:56 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe
    + 2005-08-19 23:50:31 30,720 —-a-w C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe
    + 2005-02-25 03:35:56 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB905414\update\spcustom.dll
    + 2005-02-25 03:35:57 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
    + 2005-02-25 03:35:58 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB905414\update\updspapi.dll
    + 2005-08-23 03:42:12 124,416 —-a-w C:\WINDOWS\$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll
    + 2005-02-24 18:35:58 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll
    + 2005-02-24 18:35:58 213,216 —-a-w C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe
    + 2005-08-22 16:01:30 30,720 —-a-w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe
    + 2005-02-24 18:35:58 22,240 —-a-w C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll
    + 2005-02-24 18:35:58 727,776 —-a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
    + 2005-02-24 18:36:00 390,368 —-a-w C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll
    + 2005-10-17 21:28:16 80,896 —-a-w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\fontsub.dll
    + 2005-10-17 21:28:17 117,760 —-a-w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\t2embed.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB908519\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB908519\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB908519\update\updspapi.dll
    + 2006-03-17 04:50:59 8,501,760 —-a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll
    + 2006-03-22 01:51:58 24,576 —-a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\spru0413.dll
    + 2006-03-17 01:05:35 28,672 —-a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll
    + 2006-06-22 10:47:03 180,736 —-a-w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
    + 2006-03-23 05:54:16 143,360 —-a-w C:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB911562\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll
    + 2006-01-04 04:19:36 68,096 —-a-w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll
    + 2006-03-01 19:43:03 426,496 —-a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll
    + 2006-03-01 19:43:03 956,416 —-a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll
    + 2006-03-01 19:43:03 161,280 —-a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll
    + 2006-03-01 19:43:03 66,560 —-a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll
    + 2006-03-01 19:43:03 91,136 —-a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll
    + 2006-03-01 19:43:03 11,776 —-a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\xolehlp.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB913580\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB913580\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB913580\update\updspapi.dll
    + 2006-05-19 14:34:09 112,128 —-a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll
    + 2006-05-19 14:34:09 147,456 —-a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dnsapi.dll
    + 2006-05-19 14:34:09 95,232 —-a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\iphlpapi.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB914388\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB914388\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB914388\update\updspapi.dll
    + 2006-05-05 10:16:39 454,400 —-a-w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
    + 2006-05-05 10:22:52 174,592 —-a-w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB914389\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB914389\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB914389\update\updspapi.dll
    + 2006-03-17 01:08:10 262,656 —-a-w C:\WINDOWS\$hf_mig$\KB916595\SP2QFE\http.sys
    + 2005-10-12 23:26:03 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB916595\spmsg.dll
    + 2005-10-12 23:26:03 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe
    + 2005-10-12 23:26:03 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB916595\update\spcustom.dll
    + 2005-10-12 23:26:05 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
    + 2005-10-12 23:26:11 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB916595\update\updspapi.dll
    + 2006-05-18 05:51:55 450,560 —-a-w C:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
    + 2005-10-12 23:26:03 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB917344\spmsg.dll
    + 2005-10-12 23:26:03 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe
    + 2005-10-12 23:26:03 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB917344\update\spcustom.dll
    + 2005-10-12 23:26:05 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
    + 2005-10-12 23:26:11 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB917344\update\updspapi.dll
    + 2006-11-27 15:18:57 539,136 —-a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
    + 2006-11-27 15:18:57 433,664 —-a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
    + 2006-06-01 19:46:13 163,840 —-a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgdw400.dll
    + 2006-06-01 19:46:13 27,648 —-a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgpl400.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB918439\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB918439\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB918439\update\updspapi.dll
    + 2006-07-13 11:43:08 202,496 —-a-w C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB919007\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB919007\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB919007\update\updspapi.dll
    + 2006-10-12 13:56:47 42,496 —-a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll
    + 2006-10-12 13:56:47 57,344 —-a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll
    + 2006-10-12 11:54:07 256,512 —-a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe
    + 2006-10-16 11:19:21 266,240 —-a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\spru0413.dll
    + 2005-10-12 23:26:03 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll
    + 2005-10-12 23:26:03 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe
    + 2005-10-12 23:26:03 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll
    + 2005-10-12 23:26:05 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
    + 2005-10-12 23:26:11 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll
    + 2006-07-21 08:31:26 72,704 —-a-w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll
    + 2005-10-12 23:26:03 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll
    + 2005-10-12 23:26:03 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe
    + 2005-10-12 23:26:03 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll
    + 2005-10-12 23:26:05 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
    + 2005-10-12 23:26:11 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll
    + 2006-06-26 17:47:47 147,456 —-a-w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\dnsapi.dll
    + 2006-06-26 17:47:47 7,680 —-a-w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB920683\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB920683\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB920683\update\updspapi.dll
    + 2006-06-22 05:23:06 69,120 —-a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll
    + 2006-06-22 05:23:07 1,440,768 —-a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll
    + 2006-06-14 08:50:19 172,416 —-a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\kmixer.sys
    + 2006-06-14 08:50:19 6,272 —-a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
    + 2006-06-14 09:17:04 82,944 —-a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB920872\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB920872\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB920872\update\updspapi.dll
    + 2006-08-16 12:15:04 100,352 —-a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\6to4svc.dll
    + 2006-08-16 10:13:39 225,664 —-a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\tcpip6.sys
    + 2005-10-12 23:26:03 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB922819\spmsg.dll
    + 2005-10-12 23:26:03 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe
    + 2005-10-12 23:26:03 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB922819\update\spcustom.dll
    + 2005-10-12 23:26:05 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
    + 2005-10-12 23:26:11 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB922819\update\updspapi.dll
    + 2006-08-14 12:00:42 332,928 —-a-w C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys
    + 2005-10-12 23:26:03 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB923414\spmsg.dll
    + 2005-10-12 23:26:03 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe
    + 2005-10-12 23:26:03 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB923414\update\spcustom.dll
    + 2005-10-12 23:26:05 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
    + 2005-10-12 23:26:11 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB923414\update\updspapi.dll
    + 2006-10-13 12:43:46 64,000 —-a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE
    wapi32.dll
    + 2006-10-13 12:43:46 144,384 —-a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE
    wprovau.dll
    + 2006-10-13 10:39:12 163,456 —-a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE
    wrdr.sys
    + 2006-10-13 12:43:46 65,536 —-a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE
    wwks.dll
    + 2005-10-12 23:26:03 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll
    + 2005-10-12 23:26:03 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe
    + 2005-10-12 23:26:03 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll
    + 2005-10-12 23:26:05 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
    + 2005-10-12 23:26:11 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll
    + 2006-08-17 12:43:48 731,648 —-a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll
    + 2006-08-17 12:43:48 337,408 —-a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE
    etapi32.dll
    + 2006-08-17 12:43:48 132,096 —-a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB924270\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB924270\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB924270\update\updspapi.dll
    + 2006-09-04 06:15:30 1,497,088 —-a-w C:\WINDOWS\$hf_mig$\KB924496\SP2QFE\shdocvw.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB924496\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB924496\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB924496\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB924496\update\updspapi.dll
    + 2006-10-04 14:07:10 73,216 —-a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\magnify.exe
    + 2006-10-04 14:07:09 54,784 —-a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE
    arrator.exe
    + 2006-10-04 14:07:11 216,064 —-a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\osk.exe
    + 2006-10-04 14:11:57 36,352 —-a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\umandlg.dll
    + 2006-10-04 14:07:10 50,176 —-a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\utilman.exe
    + 2005-10-12 23:26:03 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB925720\spmsg.dll
    + 2005-10-12 23:26:03 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB925720\spuninst.exe
    + 2005-10-12 23:26:03 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB925720\update\spcustom.dll
    + 2005-10-12 23:26:05 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
    + 2005-10-12 23:26:11 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB925720\update\updspapi.dll
    + 2007-03-08 15:51:45 282,112 —-a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll
    + 2007-03-08 15:51:45 40,960 —-a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll
    + 2007-03-08 15:51:45 579,584 —-a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
    + 2007-03-08 15:49:42 1,844,096 —-a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
    + 2006-01-19 19:29:39 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll
    + 2006-01-19 19:29:39 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe
    + 2006-01-19 19:29:39 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll
    + 2006-01-19 19:29:39 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
    + 2006-01-19 19:29:40 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll
    + 2006-10-20 01:41:24 714,752 —-a-w C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB926255\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB926255\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB926255\update\updspapi.dll
    + 2006-10-16 17:16:18 124,928 —-a-w C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll
    + 2005-10-12 23:26:03 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll
    + 2005-10-12 23:26:03 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe
    + 2005-10-12 23:26:03 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll
    + 2005-10-12 23:26:05 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
    + 2005-10-12 23:26:11 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll
    + 2006-12-26 13:21:02 536,576 —-a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
    + 2006-12-26 13:21:02 180,224 —-a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
    + 2006-12-26 13:21:02 200,704 —-a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
    + 2006-12-26 13:21:02 102,400 —-a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
    + 2006-01-19 19:29:39 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
    + 2006-01-19 19:29:39 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
    + 2006-01-19 19:29:39 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
    + 2006-01-19 19:29:39 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
    + 2006-01-19 19:29:40 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
    + 2006-12-19 18:50:02 334,336 —-a-w C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB927802\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll
    + 2006-12-19 21:48:54 8,505,856 —-a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
    + 2006-12-19 21:48:54 135,680 —-a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
    + 2006-12-19 16:30:11 266,240 —-a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\spru0413.dll
    + 2006-01-19 19:29:39 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
    + 2006-01-19 19:29:39 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
    + 2006-01-19 19:29:39 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
    + 2006-01-19 19:29:39 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
    + 2006-01-19 19:29:40 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB928843\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB928843\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB928843\update\updspapi.dll
    + 2007-05-16 15:31:04 86,528 —-a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll
    + 2007-05-16 15:31:05 683,520 —-a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
    + 2007-05-16 15:31:06 1,314,816 —-a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll
    + 2007-05-16 15:31:07 510,976 —-a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll
    + 2007-05-16 15:31:07 85,504 —-a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll
    + 2006-01-19 19:29:39 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll
    + 2006-01-19 19:29:39 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe
    + 2006-01-19 19:29:39 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll
    + 2006-01-19 19:29:39 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
    + 2006-01-19 19:29:40 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll
    + 2007-03-17 13:47:19 293,376 —-a-w C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
    + 2007-02-09 11:23:36 574,976 —-a-w C:\WINDOWS\$hf_mig$\KB930916\SP2QFE
    tfs.sys
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll
    + 2007-02-05 20:21:39 185,344 —-a-w C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
    + 2006-01-19 19:29:39 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
    + 2006-01-19 19:29:39 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
    + 2006-01-19 19:29:39 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
    + 2006-01-19 19:29:39 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
    + 2006-01-19 19:29:40 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
    + 2007-02-28 16:09:25 2,142,208 —-a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE
    tkrnlmp.exe
    + 2007-02-28 16:09:32 2,063,744 —-a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE
    tkrnlpa.exe
    + 2007-02-28 16:09:24 2,021,888 —-a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE
    tkrpamp.exe
    + 2007-02-28 16:09:29 2,186,496 —-a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE
    toskrnl.exe
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll
    + 2007-03-09 14:00:49 57,344 —-a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\agentdpv.dll
    + 2007-03-09 11:51:35 266,240 —-a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\spru0413.dll
    + 2006-01-19 19:29:39 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB932168\spmsg.dll
    + 2006-01-19 19:29:39 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe
    + 2006-01-19 19:29:39 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB932168\update\spcustom.dll
    + 2006-01-19 19:29:39 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
    + 2006-01-19 19:29:40 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB932168\update\updspapi.dll
    + 2007-04-16 16:11:48 1,027,072 —-a-w C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
    + 2007-04-25 20:33:41 144,896 —-a-w C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
    + 2006-01-19 19:29:39 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
    + 2006-01-19 19:29:39 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
    + 2006-01-19 19:29:39 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
    + 2006-01-19 19:29:39 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
    + 2006-01-19 19:29:40 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
    + 2007-06-26 06:08:06 1,104,896 —-a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
    + 2007-07-06 09:52:38 72,960 —-a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys
    + 2007-07-06 13:10:33 138,240 —-a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll
    + 2007-07-06 13:10:33 47,104 —-a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
    + 2007-07-06 13:10:33 16,896 —-a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll
    + 2007-07-06 13:10:33 660,992 —-a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll
    + 2007-07-06 13:10:33 177,152 —-a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll
    + 2007-07-06 13:10:33 95,744 —-a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll
    + 2007-07-06 13:10:33 48,640 —-a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
    + 2007-07-06 13:10:33 504,832 —-a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll
    + 2007-06-26 14:47:22 851,968 —-a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
    + 2007-06-13 13:12:27 1,036,800 —-a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    + 2005-10-12 23:20:05 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
    + 2005-10-12 23:20:07 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
    + 2005-10-12 23:20:05 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
    + 2005-10-12 23:20:10 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
    + 2005-10-12 23:20:16 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
    + 2007-06-19 13:42:30 282,112 —-a-w C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll
    + 2006-01-19 19:29:39 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB938829\spmsg.dll
    + 2006-01-19 19:29:39 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB938829\spuninst.exe
    + 2006-01-19 19:29:39 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB938829\update\spcustom.dll
    + 2006-01-19 19:29:39 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
    + 2006-01-19 19:29:40 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB938829\update\updspapi.dll
    + 2007-08-21 06:26:15 683,520 —-a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
    + 2007-03-06 01:58:22 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
    + 2007-03-06 01:58:28 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
    + 2007-03-06 01:58:21 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
    + 2007-03-06 01:58:46 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
    + 2007-03-06 01:59:37 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
    + 2007-10-29 22:41:52 1,291,776 —-a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
    + 2007-03-06 01:58:22 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
    + 2007-03-06 01:58:28 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
    + 2007-03-06 01:58:21 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
    + 2007-03-06 01:58:46 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
    + 2007-03-06 01:59:37 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
    + 2007-10-30 16:53:32 360,832 —-a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    + 2007-03-06 01:58:22 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
    + 2007-03-06 01:58:28 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
    + 2007-03-06 01:58:21 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
    + 2007-03-06 01:58:46 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
    + 2007-03-06 01:59:37 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
    + 2007-11-13 11:02:46 60,416 —-a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
    + 2007-03-06 01:58:22 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
    + 2007-03-06 01:58:28 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
    + 2007-03-06 01:58:21 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
    + 2007-03-06 01:58:46 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
    + 2007-03-06 01:59:37 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
    + 2007-11-14 07:26:25 450,560 —-a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
    + 2007-03-06 01:58:22 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
    + 2007-03-06 01:58:28 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
    + 2007-03-06 01:58:21 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
    + 2007-03-06 01:58:46 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
    + 2007-03-06 01:59:37 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
    + 2007-12-04 18:31:10 551,936 —-a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
    + 2007-03-06 01:58:22 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
    + 2007-03-06 01:58:28 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
    + 2007-03-06 01:58:21 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
    + 2007-03-06 01:58:46 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
    + 2007-03-06 01:59:37 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
    + 2007-11-07 09:51:06 732,160 —-a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
    + 2007-03-06 01:58:22 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
    + 2007-03-06 01:58:28 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
    + 2007-03-06 01:58:21 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
    + 2007-03-06 01:58:46 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
    + 2007-03-06 01:59:37 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
    + 2007-12-07 00:47:37 1,024,000 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
    + 2007-12-07 00:47:37 151,552 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
    + 2007-12-07 00:47:37 1,057,280 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
    + 2007-12-07 00:47:37 357,888 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
    + 2007-12-07 00:47:37 205,824 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
    + 2007-12-07 00:47:37 55,808 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
    + 2007-12-06 10:05:52 18,432 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
    + 2007-12-07 00:47:37 251,904 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
    + 2007-12-07 00:47:37 96,768 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
    + 2007-12-07 00:47:37 16,384 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
    + 2007-12-07 00:47:37 3,087,360 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
    + 2007-12-07 00:47:38 449,024 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
    + 2007-12-07 00:47:38 146,432 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
    + 2007-12-07 00:47:38 532,480 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
    + 2007-12-07 00:47:38 39,424 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
    + 2007-12-07 00:47:38 1,499,136 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
    + 2007-12-07 00:47:38 474,624 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
    + 2007-12-06 23:40:38 369,664 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\spru0413.dll
    + 2007-12-07 00:47:38 619,520 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
    + 2007-12-07 00:47:38 669,184 —-a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
    + 2007-03-06 01:58:22 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
    + 2007-03-06 01:58:28 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
    + 2007-03-06 01:58:21 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
    + 2007-03-06 01:58:46 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
    + 2007-03-06 01:59:37 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
    + 2007-11-13 08:47:45 20,480 —-a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
    + 2007-03-06 01:58:22 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
    + 2007-03-06 01:58:28 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
    + 2007-03-06 01:58:21 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
    + 2007-03-06 01:58:46 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
    + 2007-03-06 01:59:37 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
    + 2007-12-18 09:38:59 179,712 —-a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
    + 2007-03-06 01:58:22 15,584 —-a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
    + 2007-03-06 01:58:28 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
    + 2007-03-06 01:58:21 22,752 —-a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
    + 2007-03-06 01:58:46 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
    + 2007-03-06 01:59:37 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
    + 2006-02-15 00:22:26 142,464 ——w C:\WINDOWS\Driver Cache\i386\aec.sys
    + 2006-03-17 00:33:10 262,784 ——w C:\WINDOWS\Driver Cache\i386\http.sys
    + 2006-06-14 08:47:45 172,416 ——w C:\WINDOWS\Driver Cache\i386\kmixer.sys
    + 2006-05-05 09:41:45 453,120 ——w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
    + 2007-02-28 16:05:05 2,140,672 ——w C:\WINDOWS\Driver Cache\i386
    tkrnlmp.exe
    + 2007-02-28 16:05:16 2,061,952 ——w C:\WINDOWS\Driver Cache\i386
    tkrnlpa.exe
    + 2007-02-28 16:05:04 2,020,352 ——w C:\WINDOWS\Driver Cache\i386
    tkrpamp.exe
    + 2007-02-28 16:05:16 2,184,704 ——w C:\WINDOWS\Driver Cache\i386
    toskrnl.exe
    + 2006-06-14 08:47:46 6,400 ——w C:\WINDOWS\Driver Cache\i386\splitter.sys
    + 2006-06-14 09:00:45 82,944 ——w C:\WINDOWS\Driver Cache\i386\wdmaud.sys
    - 2004-08-03 23:03:30 1,035,776 —-a-w C:\WINDOWS\explorer.exe
    + 2007-06-13 13:24:02 1,036,800 —-a-w C:\WINDOWS\explorer.exe
    - 2004-08-03 23:03:30 10,752 —-a-w C:\WINDOWS\hh.exe
    + 2005-05-26 23:22:01 10,752 —-a-w C:\WINDOWS\hh.exe
    - 2006-11-02 21:52:44 316,416 —-a-w C:\WINDOWS\inf\unregmp2.exe
    + 2007-06-27 13:57:10 317,952 —-a-w C:\WINDOWS\inf\unregmp2.exe
    - 2004-08-03 23:03:06 41,984 —-a-w C:\WINDOWS\msagent\agentdp2.dll
    + 2006-10-12 14:05:20 42,496 —-a-w C:\WINDOWS\msagent\agentdp2.dll
    - 2004-08-03 23:03:06 58,880 —-a-w C:\WINDOWS\msagent\agentdpv.dll
    + 2007-03-09 13:48:20 57,344 —-a-w C:\WINDOWS\msagent\agentdpv.dll
    - 2004-08-03 23:03:28 256,512 —-a-w C:\WINDOWS\msagent\agentsvr.exe
    + 2006-10-12 11:09:53 256,512 —-a-w C:\WINDOWS\msagent\agentsvr.exe
    - 2004-08-03 23:03:06 100,352 —-a-w C:\WINDOWS\system32\6to4svc.dll
    + 2006-08-16 11:59:42 100,352 —-a-w C:\WINDOWS\system32\6to4svc.dll
    - 2004-08-03 23:03:06 56,832 —-a-w C:\WINDOWS\system32\authz.dll
    + 2005-03-02 18:19:18 56,832 —-a-w C:\WINDOWS\system32\authz.dll
    - 2004-08-03 23:03:06 1,017,344 —-a-w C:\WINDOWS\system32\browseui.dll
    + 2007-12-07 01:08:24 1,023,488 —-a-w C:\WINDOWS\system32\browseui.dll
    - 2004-08-03 23:03:06 229,888 —-a-w C:\WINDOWS\system32\catsrv.dll
    + 2005-07-26 04:42:47 225,792 —-a-w C:\WINDOWS\system32\catsrv.dll
    - 2004-08-03 23:03:06 628,224 —-a-w C:\WINDOWS\system32\catsrvut.dll
    + 2005-07-26 04:42:47 625,152 —-a-w C:\WINDOWS\system32\catsrvut.dll
    - 2004-08-03 23:03:06 151,040 —-a-w C:\WINDOWS\system32\cdfview.dll
    + 2007-12-07 01:08:24 151,552 —-a-w C:\WINDOWS\system32\cdfview.dll
    - 2004-08-03 23:03:06 2,067,968 —-a-w C:\WINDOWS\system32\cdosys.dll
    + 2005-09-10 01:55:37 2,067,968 —-a-w C:\WINDOWS\system32\cdosys.dll
    - 2004-08-03 23:03:08 69,120 —-a-w C:\WINDOWS\system32\ciodm.dll
    + 2006-06-22 05:17:18 69,120 —-a-w C:\WINDOWS\system32\ciodm.dll
    - 2004-08-03 23:03:08 110,080 —-a-w C:\WINDOWS\system32\clbcatex.dll
    + 2005-07-26 04:42:47 110,080 —-a-w C:\WINDOWS\system32\clbcatex.dll
    - 2004-08-03 23:03:08 501,248 —-a-w C:\WINDOWS\system32\clbcatq.dll
    + 2005-07-26 04:42:47 498,688 —-a-w C:\WINDOWS\system32\clbcatq.dll
    - 2004-08-03 23:03:08 62,464 —-a-w C:\WINDOWS\system32\colbact.dll
    + 2005-07-26 04:42:47 60,416 —-a-w C:\WINDOWS\system32\colbact.dll
    - 2004-08-03 23:03:08 195,584 —-a-w C:\WINDOWS\system32\Com\comadmin.dll
    + 2005-07-26 04:42:47 195,072 —-a-w C:\WINDOWS\system32\Com\comadmin.dll
    - 2004-08-03 23:03:08 611,328 —-a-w C:\WINDOWS\system32\comctl32.dll
    + 2006-08-25 15:51:55 617,472 —-a-w C:\WINDOWS\system32\comctl32.dll
    - 2001-09-07 12:00:00 82,432 —-a-w C:\WINDOWS\system32\comrepl.dll
    + 2005-07-26 04:42:47 97,792 —-a-w C:\WINDOWS\system32\comrepl.dll
    - 2004-08-03 23:03:08 1,251,840 —-a-w C:\WINDOWS\system32\comsvcs.dll
    + 2005-07-26 04:42:48 1,267,200 —-a-w C:\WINDOWS\system32\comsvcs.dll
    - 2004-08-03 23:03:08 540,160 —-a-w C:\WINDOWS\system32\comuid.dll
    + 2005-07-26 04:42:48 540,160 —-a-w C:\WINDOWS\system32\comuid.dll
    - 2004-08-03 23:03:08 1,056,768 —-a-w C:\WINDOWS\system32\danim.dll
    + 2007-12-07 01:08:24 1,057,280 —-a-w C:\WINDOWS\system32\danim.dll
    - 2004-08-03 23:03:08 111,104 —-a-w C:\WINDOWS\system32\dhcpcsvc.dll
    + 2006-05-19 13:50:39 111,616 —-a-w C:\WINDOWS\system32\dhcpcsvc.dll
    - 2004-08-03 23:03:06 100,352 -c–a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
    + 2006-08-16 11:59:42 100,352 -c–a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
    - 2004-08-03 23:03:06 41,984 -c–a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
    + 2006-10-12 14:05:20 42,496 -c–a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
    - 2004-08-03 23:03:06 58,880 -c–a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
    + 2007-03-09 13:48:20 57,344 -c–a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
    - 2004-08-03 23:03:28 256,512 -c–a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
    + 2006-10-12 11:09:53 256,512 -c–a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
    - 2004-08-03 23:03:06 56,832 -c–a-w C:\WINDOWS\system32\dllcache\authz.dll
    + 2005-03-02 18:19:18 56,832 -c–a-w C:\WINDOWS\system32\dllcache\authz.dll
    - 2004-08-03 23:03:06 1,017,344 -c–a-w C:\WINDOWS\system32\dllcache\browseui.dll
    + 2007-12-07 01:08:24 1,023,488 -c–a-w C:\WINDOWS\system32\dllcache\browseui.dll
    - 2004-08-03 23:03:06 229,888 -c–a-w C:\WINDOWS\system32\dllcache\catsrv.dll
    + 2005-07-26 04:42:47 225,792 -c–a-w C:\WINDOWS\system32\dllcache\catsrv.dll
    - 2004-08-03 23:03:06 628,224 -c–a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
    + 2005-07-26 04:42:47 625,152 -c–a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
    - 2004-08-03 23:03:06 151,040 -c–a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2007-12-07 01:08:24 151,552 -c–a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    - 2004-08-03 23:03:06 2,067,968 -c–a-w C:\WINDOWS\system32\dllcache\cdosys.dll
    + 2005-09-10 01:55:37 2,067,968 -c–a-w C:\WINDOWS\system32\dllcache\cdosys.dll
    - 2004-08-03 23:03:08 69,120 -c–a-w C:\WINDOWS\system32\dllcache\ciodm.dll
    + 2006-06-22 05:17:18 69,120 -c–a-w C:\WINDOWS\system32\dllcache\ciodm.dll
    - 2004-08-03 23:03:08 110,080 -c–a-w C:\WINDOWS\system32\dllc
  • Een stuk is weggevallen door de forum software.
    Kan je het combofix logje eens posten, het stuk onder snapshot mag je weglaten.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.