Vraag & Antwoord

Beveiliging & privacy

Virussen!!

30 antwoorden
  • Hallo, Probleem 1: Sinds 3 dagen heb ik een virus, ik krijg steeds de melding "Je PC vertoont problemen, download nu SecurityCenter(zoiets) om je systeem nu te scannen." Als ik op annuleren druk krijg ik een site waar staat dat hij aan het scannen is, volledig nep overigens die scan en er komt te staan dat ik 3 wormen heb maarja ik vertrouw die rommel niet. Hoe kan ik hier vanaf komen, ik heb al gescand met Nod32 en Spybot maar het is nog steeds niet weg... ik krijg trouwens ook pop-ups met reclame als ik naar sites ga waar dat eerder niet zo was. Probleem 2: Als ik op Internet Explorer zit, en ik klik op een hyperlink, loopt mijn hele Internet Explorer vast. Dan moet ik de 'taak beëindigen' voordat ik weer verder kan.. Is vast en zeker een virus, hoe kom ik er vanaf? En ik moet een paar keer klikken op Internet Explorer in mn Quick Start balk voordat het eindelijk opstart, (Is met Firefox ook zo alleen start deze vaak helemaal niet op, alleen als ik de PC net aan heb..) de processen van al die ieexplore staan overigens wél bij alt-ctrl-del->Processen.
  • Download [url=http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe]Hijackthis-setup[/url] naar je [u:2d038601f2]Bureaublad[/u:2d038601f2]. Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren. Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen. Kies nu voor [b:2d038601f2]'Do a system scan and save a logfile'[/b:2d038601f2]. Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:2d038601f2]ctrl-A[/b:2d038601f2]), kopieer ([b:2d038601f2]ctrl C[/b:2d038601f2]) en plak deze tekst in je volgende bericht. Succes! 8) Pim
  • [quote:3541729b3b]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:21:44, on 24-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Steam\Steam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\FRAPS\FRAPS.EXE C:\Program Files\Xfire\xfire.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204904657484 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7821 bytes [/quote:3541729b3b] Hier ..
  • Volg [color=blue:a7ab8c64e8][url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze[/url][/color:a7ab8c64e8] instructies om [b:a7ab8c64e8]ComboFix[/b:a7ab8c64e8] te downloaden: [list:a7ab8c64e8] Voer de instructies op de BleepingComputer pagina uit, [i:a7ab8c64e8]inclusief het installeren van de XP Recovery Console[/i:a7ab8c64e8] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:a7ab8c64e8]download Combofix opnieuw.[/b:a7ab8c64e8] Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! [list:a7ab8c64e8] Dubbelklik op [b:a7ab8c64e8]Combofix.exe[/b:a7ab8c64e8] Tijdens het runnen van de fix, [b:a7ab8c64e8]NIET[/b:a7ab8c64e8] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:a7ab8c64e8]Combofix.txt[/b:a7ab8c64e8] openen. [/list:u:a7ab8c64e8] [i:a7ab8c64e8]Plaats deze log in je volgende post, samen met een vers HijackThis logje.[/i:a7ab8c64e8][/list:u:a7ab8c64e8]
  • [quote:5d456d3964]WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons[/quote:5d456d3964] Dit is het enige wat ik krijg .. En het HiJack logje [quote:5d456d3964] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:21:43, on 27-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Steam\Steam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\FRAPS\FRAPS.EXE C:\Program Files\Xfire\xfire.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [a4952d8e] rundll32.exe "C:\WINDOWS\system32\vsqhirls.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204904657484 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7614 bytes [/quote:5d456d3964]
  • En heeft iemand de oplossing al ??
  • Sorry voor de late reactie, Kan je het logje van Combofix eens posten, je hebt namelijk de verkeerde geplaatst. Je kan hem terugvinden als C:\[b:036258145b]combofix.txt[/b:036258145b]
  • [quote:6997198f3c] ComboFix 08-03-25.4 - Marc 2008-03-31 17:56:13.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.193 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Marc\Bureaublad\ComboFix.exe * Resident AV is active . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\system32\_000110_.tmp.dll C:\WINDOWS\system32\aqfvtoix.dll C:\WINDOWS\system32\awtropo.dll C:\WINDOWS\system32\bibwjjla.dll C:\WINDOWS\system32\byxvtur.dll C:\WINDOWS\system32\cefdhgvt.dll C:\WINDOWS\system32\cnwijxgm.dll C:\WINDOWS\system32\cwacxeor.dll C:\WINDOWS\system32\escqvfom.dll C:\WINDOWS\system32\euwlylsi.dll C:\WINDOWS\system32\gebxuus.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mcvmpqlx.dll C:\WINDOWS\system32\mfgwevhy.dll C:\WINDOWS\system32\qqstv.ini C:\WINDOWS\system32\qqstv.ini2 C:\WINDOWS\system32\roexcawc.ini C:\WINDOWS\system32\rvhqqeou.dll C:\WINDOWS\system32\ttutv.ini C:\WINDOWS\system32\ttutv.ini2 C:\WINDOWS\system32\vtutt.dll C:\WINDOWS\system32\vycdd.ini C:\WINDOWS\system32\vycdd.ini2 C:\WINDOWS\system32\wxqdraln.dll C:\WINDOWS\system32\xiotvfqa.ini C:\WINDOWS\system32\yhvewgfm.ini C:\WINDOWS\system32\yjeburdv.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))) . 2008-03-29 12:43 . 2008-03-30 12:44 1,583,817 ---hs---- C:\WINDOWS\system32\lbviqviu.ini 2008-03-27 11:53 . 2008-03-28 12:41 1,523,514 ---hs---- C:\WINDOWS\system32\nppplvxr.ini 2008-03-26 11:53 . 2008-03-27 11:54 1,532,248 ---hs---- C:\WINDOWS\system32\slrihqsv.ini 2008-03-25 11:54 . 2008-03-26 10:32 1,534,198 ---hs---- C:\WINDOWS\system32\pjwidpvp.ini 2008-03-24 14:21 . 2008-03-24 14:21 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-24 11:52 . 2008-03-25 11:53 1,582,341 ---hs---- C:\WINDOWS\system32\imtedrdd.ini 2008-03-23 17:40 . 2008-03-24 11:53 1,548,381 ---hs---- C:\WINDOWS\system32\rxkeqqdv.ini 2008-03-23 00:29 . 2008-03-23 00:29 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\MPEG Streamclip 2008-03-23 00:29 . 2008-03-23 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-23 00:29 . 2007-04-27 10:42 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-23 00:29 . 2008-03-23 00:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-23 00:29 . 2007-04-27 10:42 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-23 00:29 . 2008-03-23 00:29 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-23 00:28 . 2008-03-23 00:29 <DIR> d-------- C:\Program Files\QuickTime Alternative 2008-03-23 00:28 . 2008-03-23 00:28 <DIR> d-------- C:\Program Files\Media Player Classic 2008-03-22 16:01 . 2008-03-23 17:39 1,543,219 ---hs---- C:\WINDOWS\system32\jxfsqjmp.ini 2008-03-22 16:00 . 2008-03-22 16:00 86,592 --------- C:\WINDOWS\system32\pmjqsfxj.dll_old 2008-03-22 15:48 . 2008-03-23 18:46 321 --a------ C:\WINDOWS\wininit.ini 2008-03-22 15:18 . 2008-03-22 15:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-22 15:18 . 2008-03-22 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-22 13:34 . 2008-03-22 13:34 <DIR> d-------- C:\Program Files\SIW 2008-03-22 13:19 . 2008-03-22 13:19 <DIR> d-------- C:\VundoFix Backups 2008-03-22 13:06 . 2008-03-22 13:06 <DIR> d-------- C:\Program Files\Lavasoft 2008-03-22 13:06 . 2008-03-22 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-22 12:18 . 2008-03-22 15:51 1,543,699 ---hs---- C:\WINDOWS\system32\wdcncoag.ini 2008-03-21 23:30 . 2008-03-21 23:30 35,836 --a------ C:\WINDOWS\17PHolmes572.exe 2008-03-21 23:24 . 2008-03-21 23:24 <DIR> d-------- C:\WINDOWS\Sun 2008-03-16 19:42 . 2008-03-16 19:42 <DIR> d-------- C:\Documents and Settings\Marc\LimeWire Store Purchased 2008-03-16 19:42 . 2008-03-16 19:42 <DIR> d-------- C:\Documents and Settings\Marc\LimeWire Shared 2008-03-16 19:41 . 2008-03-16 19:41 <DIR> d-------- C:\Documents and Settings\Marc\Incomplete 2008-03-16 19:41 . 2008-03-29 16:05 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\LimeWirePlus 2008-03-16 19:40 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-16 19:39 . 2008-03-16 19:40 <DIR> d-------- C:\Program Files\Java 2008-03-16 19:38 . 2008-03-16 19:38 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-16 19:33 . 2008-03-16 19:41 <DIR> d-------- C:\Program Files\LimeWire Plus 2008-03-15 17:42 . 2008-03-15 17:42 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Publish Providers 2008-03-15 17:41 . 2008-03-16 13:14 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Sony 2008-03-15 16:19 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-03-15 16:09 . 2008-03-15 16:09 <DIR> d-------- C:\Program Files\Microsoft Games 2008-03-14 22:28 . 2008-03-30 16:30 <DIR> d-------- C:\Fraps 2008-03-14 01:06 . 2008-03-14 01:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-03-13 21:20 . 2008-03-13 21:20 204,800 --a------ C:\WINDOWS\TinyBHO.dll 2008-03-09 16:56 . 2008-03-09 16:56 <DIR> d-------- C:\Program Files\Download Manager 2008-03-09 16:55 . 2008-03-09 17:50 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\IGN_DLM 2008-03-09 13:14 . 2008-03-09 14:06 <DIR> d-------- C:\Program Files\Fifa Master 2008-03-09 00:13 . 2003-03-16 01:15 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-03-08 23:58 . 2001-12-15 13:10 294,912 --a------ C:\WINDOWS\system32\Euphoria.scr 2008-03-08 18:36 . 2008-03-08 21:26 <DIR> d-------- C:\Program Files\EA Sports 2008-03-08 17:23 . 2008-03-08 17:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-03-08 17:18 . 2008-03-08 17:18 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-03-08 17:18 . 2008-03-08 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-03-08 17:08 . 2008-03-08 17:08 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-03-08 17:08 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-03-08 17:08 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-03-08 17:00 . 2008-03-08 17:00 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\vlc 2008-03-08 16:59 . 2008-03-08 16:59 <DIR> d-------- C:\Program Files\VideoLAN 2008-03-08 14:51 . 2008-03-08 14:51 <DIR> d-------- C:\Program Files\Vstplugins 2008-03-08 14:51 . 2008-03-15 17:16 <DIR> d-------- C:\Program Files\Sony 2008-03-08 14:51 . 2008-03-15 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-03-08 14:31 . 2008-03-08 14:31 <DIR> d-------- C:\Program Files\MSBuild 2008-03-08 14:25 . 2008-03-08 14:25 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-03-08 14:24 . 2008-03-08 14:24 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-03-08 14:23 . 2008-03-08 14:23 <DIR> d-------- C:\Program Files\Teach2000 2008-03-08 14:23 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-03-08 14:10 . 2008-03-15 17:14 <DIR> d-------- C:\Program Files\Sony Setup 2008-03-08 14:10 . 2008-03-08 14:10 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Sony Setup 2008-03-08 14:02 . 2008-03-08 14:02 <DIR> d-------- C:\Program Files\VentSrv 2008-03-08 13:59 . 2008-03-08 13:59 <DIR> d-------- C:\Program Files\Ventrilo 2008-03-08 13:59 . 2008-03-08 14:00 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Ventrilo 2008-03-08 13:58 . 2008-03-22 13:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-08 13:23 . 2008-03-08 13:23 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-03-08 13:21 . 2008-03-08 13:26 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-03-08 13:21 . 2008-03-08 13:21 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll 2008-03-08 13:21 . 2008-03-08 13:21 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2008-03-08 11:20 . 2008-03-08 11:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire 2008-03-08 10:06 . 2008-03-08 10:06 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-03-07 22:43 . 2008-03-07 22:43 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Teletekst 2008-03-07 22:43 . 2008-03-07 22:43 86 --a------ C:\WINDOWS\Teletekst.ini 2008-03-07 22:42 . 2008-03-07 22:42 <DIR> d-------- C:\Program Files\Teletekstbrowser 2008-03-07 21:00 . 2008-03-07 21:00 379 --a------ C:\WINDOWS\ODBC.INI 2008-03-07 20:59 . 2007-04-09 15:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2008-03-07 20:58 . 2008-03-07 20:58 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-03-07 20:58 . 2008-03-07 20:58 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-03-07 20:54 . 2008-03-07 20:58 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-03-07 20:19 . 2008-03-07 20:19 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-07 20:14 . 2008-03-07 20:14 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Talkback 2008-03-07 20:14 . 2008-03-07 20:14 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-07 20:09 . 2008-03-07 20:09 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\DAEMON Tools 2008-03-07 20:09 . 2008-03-07 20:09 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-03-07 19:53 . 2008-03-08 15:02 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\teamspeak2 2008-03-07 19:53 . 2008-03-07 19:53 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2008-03-07 19:52 . 2008-03-07 19:53 <DIR> d-------- C:\Program Files\Teamspeak2_RC2 2008-03-07 19:48 . 2008-03-07 19:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire 2008-03-07 19:46 . 2008-03-30 15:14 <DIR> d-------- C:\Program Files\GameSpy Arcade 2008-03-07 19:42 . 2008-03-07 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-03-07 19:40 . 2008-03-07 19:40 <DIR> d-------- C:\Program Files\Messenger Plus! Live 2008-03-07 19:28 . 2008-03-31 18:02 72,710,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-07 19:28 . 2008-03-31 18:02 696,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d-------- C:\Program Files\ESET 2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-29 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-26 13:02 1,760,768 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2008-03-26 13:02 1,526,784 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2008-03-14 17:12 1,496,576 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-03-14 17:12 1,451,008 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-03-08 21:40 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-03-07 15:35 --------- d-----w C:\Documents and Settings\Marc\Application Data\U3 2008-03-07 14:57 --------- d-----w C:\Program Files\NVIDIA Corporation 2008-03-07 14:56 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-07 14:07 --------- d-----w C:\Program Files\Everest HE 2008-03-07 13:30 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C27CFC97-5CB6-4B2A-8057-759206917BA3}] C:\WINDOWS\system32\vtsqq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9803b12-f0a0-11dc-95ff-0800200c9a66}] 2008-03-13 21:20 204800 --a------ C:\WINDOWS\TinyBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB49808E-FB7D-426B-A993-70D7A8734654}] C:\WINDOWS\system32\ddcyv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-03-07 19:18 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-03-07 19:18 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-08 19:59 68856] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 12:40 1271032] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-03-07 19:01 190024] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 23:57 1103480] "Fraps"="C:\FRAPS\FRAPS.EXE" [2005-06-15 16:57 2793472] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-12-21 12:52 270336] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360] C:\Documents and Settings\Marc\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664] Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-03-14 01:06:18 2979664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvtur] byxvtur.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5247b72f-ec4b-11dc-b00f-e7b6cfba599a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-31 18:03:10 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe . ************************************************************************** . Voltooingstijd: 2008-03-31 18:07:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-31 16:07:23 [/quote:6997198f3c] Deze?
  • Als je nog problemen hebt lijkt het me een werkje voor SmitFraudFix. Hier te downloaden: http://siri.geekstogo.com/ Succes ;-) Edit: Zie btw dat je ooit al eens VundoFix hebt gedraait, heeft die toen de tijd wat gevonden? Als dat zo is kan het zijn dat je een oude Java update op je systeem hebt staan die zorgt dat die zooi weer terug komt. In dat geval eventjes de nieuwste Java update installeren van java.com ;-)
  • @Sander, dit probleem ga je echt niet met Smitfraudfix oplossen aangezien het hier om een Vundo infectie gaat, vandaar dat ik Combofix inzet. En door een out-of-date java alleen keert deze alleen niet terug hoor :wink: Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:50fbde55f7] Collect:: C:\WINDOWS\system32\lbviqviu.ini C:\WINDOWS\system32\nppplvxr.ini C:\WINDOWS\system32\slrihqsv.ini C:\WINDOWS\system32\imtedrdd.ini C:\WINDOWS\system32\rxkeqqdv.ini C:\WINDOWS\system32\jxfsqjmp.ini C:\WINDOWS\system32\wdcncoag.ini File:: C:\WINDOWS\system32\pmjqsfxj.dll_old Folder:: C:\VundoFix Backups Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C27CFC97-5CB6-4B2A-8057-759206917BA3}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9803b12-f0a0-11dc-95ff-0800200c9a66}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB49808E-FB7D-426B-A993-70D7A8734654}] [-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvtur] [/b:50fbde55f7] Sla dit op op je Bureaublad als [b:50fbde55f7]CFScript.txt[/b:50fbde55f7] Sleep [b:50fbde55f7]CFScript.txt[/b:50fbde55f7] in [b:50fbde55f7]ComboFix.exe[/b:50fbde55f7] zoals getoond in onderstaand voorbeeld : [img:50fbde55f7]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:50fbde55f7] Dit zal [b:50fbde55f7]ComboFix[/b:50fbde55f7] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:50fbde55f7]Combofix.txt[/b:50fbde55f7] in je volgende antwoord samen met een nieuw HijackThislogje. ComboFix zal een gezipt bestand op je Bureaublad plaatsen, met de naam [4]-Submit_Date_Time.zip Na afloop van de scan wordt een venstertje met de titel "Submit files for further analysis" geopend. Klik op OK om de upload-pagina te openen. Kopieer de vetgedrukte padbeschrijving op deze pagina, en plak het in het invulvenster. Klik vervolgens op Send File.
  • [quote:655b8c8e02="pimvandenderen"]@Sander, dit probleem ga je echt niet met Smitfraudfix oplossen aangezien het hier om een Vundo infectie gaat, vandaar dat ik Combofix inzet. En door een out-of-date java alleen keert deze alleen niet terug hoor :wink: [/quote:655b8c8e02] Idd, je hebt gelijk. Zie nou die vtsqq.dll pas... Toch eens vroeger naar bed gaan ;-) Ben het met je eens dat door een oude java update alleen deze niet terug keert. Echter merk ik wel dat als gebruikers eenmaal een infectie binnen hebben gekregen, ze er een tweede keer vaak net zo makkelijk aan geraken. Zeker is het deinstalleren van eventuele oude Java updates een heel mooi begin om dit te voorkomen, vind je niet ;-) Wel relaxte ComboFix oplossing heb je hier btw, hulde \o/
  • [quote:8b7dd37573] Ben het met je eens dat door een oude java update alleen deze niet terug keert. Echter merk ik wel dat als gebruikers eenmaal een infectie binnen hebben gekregen, ze er een tweede keer vaak net zo makkelijk aan geraken. Zeker is het deinstalleren van eventuele oude Java updates een heel mooi begin om dit te voorkomen, vind je niet[/quote:8b7dd37573] Is zeker een mooi begin, maar toch komt merendeel van de zooi binnen via downloads, en voornamelijk via cracks, keygen etc. Ik durf er niet direct een percentage aan vast te knopen, maar dit kan wel eens boven de 80% liggen. Daarom altijd eerst alles schoon maken en pas als hij weer volledig malware vrij is, alles weer laten updaten :wink:
  • [quote:d2d357e7fa] ComboFix 08-03-25.4 - Marc 2008-04-01 11:32:14.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.63 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Marc\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Marc\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active FILE :: C:\WINDOWS\system32\pmjqsfxj.dll_old . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\WINDOWS\system32\imtedrdd.ini C:\WINDOWS\system32\jxfsqjmp.ini C:\WINDOWS\system32\lbviqviu.ini C:\WINDOWS\system32\nppplvxr.ini C:\WINDOWS\system32\pmjqsfxj.dll_old C:\WINDOWS\system32\rxkeqqdv.ini C:\WINDOWS\system32\slrihqsv.ini C:\WINDOWS\system32\wdcncoag.ini . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))) . 2008-03-31 20:59 . 2008-03-31 21:06 2,198 --a------ C:\WINDOWS\system32\tmp.reg 2008-03-31 19:59 . 2008-03-31 20:36 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Hamachi 2008-03-31 19:58 . 2008-03-31 19:59 <DIR> d-------- C:\Program Files\Hamachi 2008-03-31 19:58 . 2008-03-31 19:58 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-03-25 11:54 . 2008-03-26 10:32 1,534,198 ---hs---- C:\WINDOWS\system32\pjwidpvp.ini 2008-03-24 14:21 . 2008-03-24 14:21 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-23 00:29 . 2008-03-23 00:29 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\MPEG Streamclip 2008-03-23 00:29 . 2008-03-23 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-23 00:29 . 2007-04-27 10:42 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-23 00:29 . 2007-04-27 10:42 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-23 00:28 . 2008-03-23 00:29 <DIR> d-------- C:\Program Files\QuickTime Alternative 2008-03-23 00:28 . 2008-03-23 00:28 <DIR> d-------- C:\Program Files\Media Player Classic 2008-03-22 15:48 . 2008-03-23 18:46 321 --a------ C:\WINDOWS\wininit.ini 2008-03-22 15:18 . 2008-03-22 15:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-22 15:18 . 2008-03-22 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-22 13:34 . 2008-03-22 13:34 <DIR> d-------- C:\Program Files\SIW 2008-03-22 13:06 . 2008-03-22 13:06 <DIR> d-------- C:\Program Files\Lavasoft 2008-03-22 13:06 . 2008-03-22 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-21 23:30 . 2008-03-21 23:30 35,836 --a------ C:\WINDOWS\17PHolmes572.exe 2008-03-21 23:24 . 2008-03-21 23:24 <DIR> d-------- C:\WINDOWS\Sun 2008-03-16 19:42 . 2008-03-16 19:42 <DIR> d-------- C:\Documents and Settings\Marc\LimeWire Store Purchased 2008-03-16 19:42 . 2008-03-16 19:42 <DIR> d-------- C:\Documents and Settings\Marc\LimeWire Shared 2008-03-16 19:41 . 2008-03-16 19:41 <DIR> d-------- C:\Documents and Settings\Marc\Incomplete 2008-03-16 19:41 . 2008-03-29 16:05 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\LimeWirePlus 2008-03-16 19:40 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-16 19:39 . 2008-03-16 19:40 <DIR> d-------- C:\Program Files\Java 2008-03-16 19:38 . 2008-03-16 19:38 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-16 19:33 . 2008-03-16 19:41 <DIR> d-------- C:\Program Files\LimeWire Plus 2008-03-15 17:42 . 2008-03-15 17:42 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Publish Providers 2008-03-15 17:41 . 2008-03-16 13:14 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Sony 2008-03-15 16:19 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-03-15 16:09 . 2008-03-15 16:09 <DIR> d-------- C:\Program Files\Microsoft Games 2008-03-14 22:28 . 2008-03-30 16:30 <DIR> d-------- C:\Fraps 2008-03-14 01:06 . 2008-03-14 01:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-03-13 21:20 . 2008-03-13 21:20 204,800 --a------ C:\WINDOWS\TinyBHO.dll 2008-03-09 16:56 . 2008-03-09 16:56 <DIR> d-------- C:\Program Files\Download Manager 2008-03-09 16:55 . 2008-03-09 17:50 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\IGN_DLM 2008-03-09 13:14 . 2008-03-09 14:06 <DIR> d-------- C:\Program Files\Fifa Master 2008-03-09 00:13 . 2003-03-16 01:15 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-03-08 23:58 . 2001-12-15 13:10 294,912 --a------ C:\WINDOWS\system32\Euphoria.scr 2008-03-08 18:36 . 2008-03-08 21:26 <DIR> d-------- C:\Program Files\EA Sports 2008-03-08 17:23 . 2008-03-08 17:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-03-08 17:18 . 2008-03-08 17:18 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-03-08 17:18 . 2008-03-08 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-03-08 17:08 . 2008-03-08 17:08 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-03-08 17:08 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-03-08 17:08 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-03-08 17:00 . 2008-03-08 17:00 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\vlc 2008-03-08 16:59 . 2008-03-08 16:59 <DIR> d-------- C:\Program Files\VideoLAN 2008-03-08 14:51 . 2008-03-08 14:51 <DIR> d-------- C:\Program Files\Vstplugins 2008-03-08 14:51 . 2008-03-15 17:16 <DIR> d-------- C:\Program Files\Sony 2008-03-08 14:51 . 2008-03-15 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-03-08 14:31 . 2008-03-08 14:31 <DIR> d-------- C:\Program Files\MSBuild 2008-03-08 14:25 . 2008-03-08 14:25 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-03-08 14:24 . 2008-03-08 14:24 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-03-08 14:23 . 2008-03-08 14:23 <DIR> d-------- C:\Program Files\Teach2000 2008-03-08 14:23 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-03-08 14:10 . 2008-03-15 17:14 <DIR> d-------- C:\Program Files\Sony Setup 2008-03-08 14:10 . 2008-03-08 14:10 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Sony Setup 2008-03-08 14:02 . 2008-03-08 14:02 <DIR> d-------- C:\Program Files\VentSrv 2008-03-08 13:59 . 2008-03-08 13:59 <DIR> d-------- C:\Program Files\Ventrilo 2008-03-08 13:59 . 2008-03-08 14:00 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Ventrilo 2008-03-08 13:58 . 2008-03-22 13:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-08 13:23 . 2008-03-08 13:23 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-03-08 13:21 . 2008-03-08 13:26 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-03-08 13:21 . 2008-03-08 13:21 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll 2008-03-08 13:21 . 2008-03-08 13:21 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2008-03-08 11:20 . 2008-03-08 11:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire 2008-03-08 10:06 . 2008-03-08 10:06 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-03-07 22:43 . 2008-03-07 22:43 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Teletekst 2008-03-07 22:43 . 2008-03-07 22:43 86 --a------ C:\WINDOWS\Teletekst.ini 2008-03-07 22:42 . 2008-03-07 22:42 <DIR> d-------- C:\Program Files\Teletekstbrowser 2008-03-07 21:00 . 2008-03-07 21:00 379 --a------ C:\WINDOWS\ODBC.INI 2008-03-07 20:59 . 2007-04-09 15:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2008-03-07 20:58 . 2008-03-07 20:58 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-03-07 20:58 . 2008-03-07 20:58 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-03-07 20:54 . 2008-03-07 20:58 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-03-07 20:19 . 2008-03-07 20:19 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-07 20:14 . 2008-03-07 20:14 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Talkback 2008-03-07 20:14 . 2008-03-07 20:14 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-07 20:09 . 2008-03-07 20:09 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\DAEMON Tools 2008-03-07 20:09 . 2008-03-07 20:09 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-03-07 19:53 . 2008-03-08 15:02 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\teamspeak2 2008-03-07 19:53 . 2008-03-07 19:53 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2008-03-07 19:52 . 2008-03-07 19:53 <DIR> d-------- C:\Program Files\Teamspeak2_RC2 2008-03-07 19:48 . 2008-03-07 19:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire 2008-03-07 19:46 . 2008-03-31 21:12 <DIR> d-------- C:\Program Files\GameSpy Arcade 2008-03-07 19:42 . 2008-03-07 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-03-07 19:40 . 2008-03-07 19:40 <DIR> d-------- C:\Program Files\Messenger Plus! Live 2008-03-07 19:28 . 2008-03-31 21:45 72,710,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-07 19:28 . 2008-03-31 21:45 700,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d-------- C:\Program Files\ESET 2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-03-07 19:18 . 2008-03-07 19:18 <DIR> d-------- C:\Program Files\ZoneAlarmSB 2008-03-07 19:17 . 2008-03-07 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-03-07 19:17 . 2007-11-14 17:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-03-07 19:17 . 2008-03-07 19:18 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-03-07 19:16 . 2008-03-07 19:16 <DIR> d-------- C:\Program Files\Zone Labs 2008-03-07 19:13 . 2008-03-26 10:34 <DIR> d-------- C:\Program Files\Xfire 2008-03-07 19:13 . 2008-03-31 17:49 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Xfire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-29 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-26 13:02 1,760,768 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2008-03-26 13:02 1,526,784 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2008-03-14 17:12 1,496,576 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-03-14 17:12 1,451,008 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-03-08 21:40 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-03-07 15:35 --------- d-----w C:\Documents and Settings\Marc\Application Data\U3 2008-03-07 14:57 --------- d-----w C:\Program Files\NVIDIA Corporation 2008-03-07 14:56 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-07 14:07 --------- d-----w C:\Program Files\Everest HE 2008-03-07 13:30 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-20 10:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-02-20 10:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-02-20 10:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys . ((((((((((((((((((((((((((((( snapshot@2008-03-31_18.07.01.84 ))))))))))))))))))))))))))))))))))))))))) . - 2000-08-31 07:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe + 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe - 2000-08-31 07:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe + 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{274E36B1-41E6-46CD-8BA5-2FB9501EFCC3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{664D1A44-9177-4C9B-AFFB-D586AD02BB7C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C111475-A56D-46D4-8EE9-4A436D0FC0E7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC26FD75-2AB2-4C55-A2AC-A59384D3E06F}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B883D1E7-854D-4DBE-AC3F-28AD6AADC493}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c24d83ce-f279-4fe2-8ed9-36c37ed6eaf3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd568163-0d8a-41e9-8aae-df381c24c1c9}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-03-07 19:18 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-08 19:59 68856] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 12:40 1271032] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-03-07 19:01 190024] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 23:57 1103480] "Fraps"="C:\FRAPS\FRAPS.EXE" [2005-06-15 16:57 2793472] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-12-21 12:52 270336] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360] C:\Documents and Settings\Marc\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664] Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-03-14 01:06:18 2979664] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5247b72f-ec4b-11dc-b00f-e7b6cfba599a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-01 11:36:56 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-04-01 11:39:43 ComboFix-quarantined-files.txt 2008-04-01 09:39:38 ComboFix2.txt 2008-03-31 16:07:29 [/quote:d2d357e7fa] Explorer.exe heeft zich trouwens wel afgesloten tijdens die scan van Combofix. HiJack logje: [quote:d2d357e7fa] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:43:34, on 1-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Steam\Steam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\FRAPS\FRAPS.EXE C:\Program Files\Xfire\xfire.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Marc\Bureaublad\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {274E36B1-41E6-46CD-8BA5-2FB9501EFCC3} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {664D1A44-9177-4C9B-AFFB-D586AD02BB7C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7C111475-A56D-46D4-8EE9-4A436D0FC0E7} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {AC26FD75-2AB2-4C55-A2AC-A59384D3E06F} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {B883D1E7-854D-4DBE-AC3F-28AD6AADC493} - (no file) O2 - BHO: (no name) - {c24d83ce-f279-4fe2-8ed9-36c37ed6eaf3} - (no file) O2 - BHO: (no name) - {cd568163-0d8a-41e9-8aae-df381c24c1c9} - (no file) O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file) O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204904657484 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9232 bytes [/quote:d2d357e7fa]
  • Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit. - Start Spybot - Ga naar Mode > selecteer Advanced Mode - Ga naar Tools en klik op het Resident-icoon in de lijst - Haal het vinkje weg bij Resident TeaTimer en klik OK - Herstart de computer - Download vervolgens [url=http://downloads.subratam.org/ResetTeaTimer.bat]ResetTeaTimer.bat[/url] naar je Bureaublad. Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen. Deze file mag je nog verwijderen: C:\WINDOWS\system32\pjwidpvp.ini Start Hijackthis, kies voor [i:e602cdfa56]'Do a system scan only'[/i:e602cdfa56] en vink onderstaande regels aan: [b:e602cdfa56] O2 - BHO: (no name) - {274E36B1-41E6-46CD-8BA5-2FB9501EFCC3} - (no file) O2 - BHO: (no name) - {664D1A44-9177-4C9B-AFFB-D586AD02BB7C} - (no file) O2 - BHO: (no name) - {7C111475-A56D-46D4-8EE9-4A436D0FC0E7} - (no file) O2 - BHO: (no name) - {AC26FD75-2AB2-4C55-A2AC-A59384D3E06F} - (no file) O2 - BHO: (no name) - {B883D1E7-854D-4DBE-AC3F-28AD6AADC493} - (no file) O2 - BHO: (no name) - {c24d83ce-f279-4fe2-8ed9-36c37ed6eaf3} - (no file) O2 - BHO: (no name) - {cd568163-0d8a-41e9-8aae-df381c24c1c9} - (no file) O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file) [/b:e602cdfa56] Sluit nu [u:e602cdfa56]alle[/u:e602cdfa56] openstaande vensters, behalve Hijackthis en klik op [b:e602cdfa56]Fix Checked[/b:e602cdfa56]. Nog problemen? Pim
  • Ok ik heb je instructies opgevolgd, het was helemaal weg nadat ik dit gedaan had maar nu kan ik opeens Internet Explorer niet meer opstarten, en Firefox nadat ik een paar keer geklikt op het icoon heb en nadat ik die processen weer heb afgesloten. Trouwens ik kon die pjwidpvp.ini niet vinden in mijn system32 map dus kon ik het ook niet verwijderen, misschien dat dit het probleem is? Ik heb voor de zekerheid nog maar even een HiJack logje gemaakt. [quote:c2031e8b28] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:15:19, on 2-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\FRAPS\FRAPS.EXE C:\Program Files\Xfire\xfire.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Webteh\BSplayer\bsplayer.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\GameSpy Arcade\Aphex.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204904657484 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8312 bytes [/quote:c2031e8b28]
  • Overigens heb ik geen pop-ups meer maar het enige probleem nu is dat ieexplore niet opstart.
  • Heb je toevallig Internet Explorer 7? In dat geval zou je eens kunnen proberen om deze te draaien zonder invoegtoepassingen; Start -> Bureau Accesoires -> Systeembeheer -> Internet Explorer (zonder invoegtoepassingen). Ben benieuwd wat hij dan doet 8)
  • Kan je ook eens Combofix opnieuw laten lopen en de log posten?
  • [quote:f1db73a284]ComboFix 08-03-25.4 - Marc 2008-04-06 18:10:09.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.129 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Marc\Bureaublad\ComboFix.exe * Resident AV is active . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))) . 2008-04-06 11:21 . 2008-04-06 12:54 <DIR> d-------- C:\Westwood 2008-04-05 09:54 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-04-05 09:52 . 2008-04-05 09:52 <DIR> d-------- C:\WINDOWS\Driver Cache 2008-04-03 17:36 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-04-03 17:36 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-04-03 17:36 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-31 20:59 . 2008-03-31 21:06 2,198 --a------ C:\WINDOWS\system32\tmp.reg 2008-03-31 19:59 . 2008-04-03 21:33 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Hamachi 2008-03-31 19:58 . 2008-03-31 19:59 <DIR> d-------- C:\Program Files\Hamachi 2008-03-31 19:58 . 2008-03-31 19:58 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-03-25 11:54 . 2008-03-26 10:32 1,534,198 ---hs---- C:\WINDOWS\system32\pjwidpvp.ini 2008-03-24 14:21 . 2008-03-24 14:21 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-23 00:29 . 2008-03-23 00:29 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\MPEG Streamclip 2008-03-23 00:29 . 2008-03-23 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-23 00:29 . 2007-04-27 10:42 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-23 00:29 . 2007-04-27 10:42 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-23 00:28 . 2008-03-23 00:29 <DIR> d-------- C:\Program Files\QuickTime Alternative 2008-03-23 00:28 . 2008-03-23 00:28 <DIR> d-------- C:\Program Files\Media Player Classic 2008-03-22 15:48 . 2008-03-23 18:46 321 --a------ C:\WINDOWS\wininit.ini 2008-03-22 15:18 . 2008-03-22 15:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-22 15:18 . 2008-03-22 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-22 13:34 . 2008-03-22 13:34 <DIR> d-------- C:\Program Files\SIW 2008-03-22 13:06 . 2008-03-22 13:06 <DIR> d-------- C:\Program Files\Lavasoft 2008-03-22 13:06 . 2008-03-22 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-21 23:30 . 2008-03-21 23:30 35,836 --a------ C:\WINDOWS\17PHolmes572.exe 2008-03-21 23:24 . 2008-03-21 23:24 <DIR> d-------- C:\WINDOWS\Sun 2008-03-16 19:42 . 2008-03-16 19:42 <DIR> d-------- C:\Documents and Settings\Marc\LimeWire Store Purchased 2008-03-16 19:42 . 2008-03-16 19:42 <DIR> d-------- C:\Documents and Settings\Marc\LimeWire Shared 2008-03-16 19:41 . 2008-03-16 19:41 <DIR> d-------- C:\Documents and Settings\Marc\Incomplete 2008-03-16 19:41 . 2008-04-02 19:24 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\LimeWirePlus 2008-03-16 19:40 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-16 19:39 . 2008-03-16 19:40 <DIR> d-------- C:\Program Files\Java 2008-03-16 19:38 . 2008-03-16 19:38 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-16 19:33 . 2008-03-16 19:41 <DIR> d-------- C:\Program Files\LimeWire Plus 2008-03-15 17:42 . 2008-03-15 17:42 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Publish Providers 2008-03-15 17:41 . 2008-03-16 13:14 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Sony 2008-03-15 16:19 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-03-15 16:09 . 2008-03-15 16:09 <DIR> d-------- C:\Program Files\Microsoft Games 2008-03-14 22:28 . 2008-04-06 13:20 <DIR> d-------- C:\Fraps 2008-03-14 01:06 . 2008-03-14 01:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-03-13 21:20 . 2008-03-13 21:20 204,800 --a------ C:\WINDOWS\TinyBHO.dll 2008-03-09 16:56 . 2008-03-09 16:56 <DIR> d-------- C:\Program Files\Download Manager 2008-03-09 16:55 . 2008-03-09 17:50 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\IGN_DLM 2008-03-09 13:14 . 2008-03-09 14:06 <DIR> d-------- C:\Program Files\Fifa Master 2008-03-09 00:13 . 2003-03-16 01:15 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-03-08 23:58 . 2001-12-15 13:10 294,912 --a------ C:\WINDOWS\system32\Euphoria.scr 2008-03-08 18:36 . 2008-03-08 21:26 <DIR> d-------- C:\Program Files\EA Sports 2008-03-08 17:23 . 2008-03-08 17:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-03-08 17:18 . 2008-03-08 17:18 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-03-08 17:18 . 2008-03-08 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-03-08 17:08 . 2008-03-08 17:08 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-03-08 17:08 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-03-08 17:08 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-03-08 17:00 . 2008-03-08 17:00 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\vlc 2008-03-08 16:59 . 2008-03-08 16:59 <DIR> d-------- C:\Program Files\VideoLAN 2008-03-08 14:51 . 2008-03-08 14:51 <DIR> d-------- C:\Program Files\Vstplugins 2008-03-08 14:51 . 2008-03-15 17:16 <DIR> d-------- C:\Program Files\Sony 2008-03-08 14:51 . 2008-03-15 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-03-08 14:31 . 2008-03-08 14:31 <DIR> d-------- C:\Program Files\MSBuild 2008-03-08 14:25 . 2008-03-08 14:25 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-03-08 14:24 . 2008-03-08 14:24 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-03-08 14:23 . 2008-03-08 14:23 <DIR> d-------- C:\Program Files\Teach2000 2008-03-08 14:23 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-03-08 14:10 . 2008-03-15 17:14 <DIR> d-------- C:\Program Files\Sony Setup 2008-03-08 14:10 . 2008-03-08 14:10 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Sony Setup 2008-03-08 14:02 . 2008-03-08 14:02 <DIR> d-------- C:\Program Files\VentSrv 2008-03-08 13:59 . 2008-03-08 13:59 <DIR> d-------- C:\Program Files\Ventrilo 2008-03-08 13:59 . 2008-03-08 14:00 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Ventrilo 2008-03-08 13:58 . 2008-03-22 13:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-08 13:23 . 2008-03-08 13:23 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-03-08 13:21 . 2008-03-08 13:26 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-03-08 13:21 . 2008-03-08 13:21 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll 2008-03-08 13:21 . 2008-03-08 13:21 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2008-03-08 11:20 . 2008-03-08 11:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire 2008-03-08 10:06 . 2008-03-08 10:06 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-03-07 22:43 . 2008-03-07 22:43 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Teletekst 2008-03-07 22:43 . 2008-03-07 22:43 86 --a------ C:\WINDOWS\Teletekst.ini 2008-03-07 22:42 . 2008-03-07 22:42 <DIR> d-------- C:\Program Files\Teletekstbrowser 2008-03-07 21:00 . 2008-03-07 21:00 379 --a------ C:\WINDOWS\ODBC.INI 2008-03-07 20:59 . 2007-04-09 15:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2008-03-07 20:58 . 2008-03-07 20:58 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-03-07 20:58 . 2008-03-07 20:58 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-03-07 20:54 . 2008-03-07 20:58 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-03-07 20:19 . 2008-03-07 20:19 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-07 20:14 . 2008-03-07 20:14 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\Talkback 2008-03-07 20:14 . 2008-03-07 20:14 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-07 20:09 . 2008-03-07 20:09 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\DAEMON Tools 2008-03-07 20:09 . 2008-03-07 20:09 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-03-07 19:53 . 2008-03-08 15:02 <DIR> d-------- C:\Documents and Settings\Marc\Application Data\teamspeak2 2008-03-07 19:53 . 2008-03-07 19:53 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2008-03-07 19:52 . 2008-03-07 19:53 <DIR> d-------- C:\Program Files\Teamspeak2_RC2 2008-03-07 19:48 . 2008-03-07 19:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire 2008-03-07 19:46 . 2008-04-06 12:00 <DIR> d-------- C:\Program Files\GameSpy Arcade 2008-03-07 19:42 . 2008-03-07 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-03-07 19:40 . 2008-04-04 20:49 <DIR> d-------- C:\Program Files\Messenger Plus! Live 2008-03-07 19:28 . 2008-04-06 18:16 78,825,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-07 19:28 . 2008-04-06 00:48 922,388 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d-------- C:\Program Files\ESET 2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-03-07 19:18 . 2008-03-07 19:18 <DIR> d-------- C:\Program Files\ZoneAlarmSB . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-02 13:53 1,167,811 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-03-29 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-26 13:02 1,760,768 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2008-03-26 13:02 1,526,784 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2008-03-14 17:12 1,496,576 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-03-14 17:12 1,451,008 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-03-08 21:40 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-03-07 15:35 --------- d-----w C:\Documents and Settings\Marc\Application Data\U3 2008-03-07 14:57 --------- d-----w C:\Program Files\NVIDIA Corporation 2008-03-07 14:56 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-07 14:07 --------- d-----w C:\Program Files\Everest HE 2008-03-07 13:30 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-20 10:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-02-20 10:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-02-20 10:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys . ((((((((((((((((((((((((((((( snapshot@2008-03-31_18.07.01.84 ))))))))))))))))))))))))))))))))))))))))) . + 2004-11-17 17:42:19 352,768 ----a-w C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll + 2004-10-14 08:35:36 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll + 2004-10-14 08:36:26 171,520 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe + 2004-10-14 08:36:24 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll + 2004-10-14 08:35:38 663,552 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe + 2004-10-28 01:30:16 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll + 2004-10-28 01:15:16 448,128 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys + 2004-10-28 01:14:56 174,592 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys + 2004-10-14 09:35:36 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB885835\spmsg.dll + 2004-10-14 09:36:26 171,520 ----a-w C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe + 2004-10-14 09:36:24 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\spcustom.dll + 2004-10-14 09:35:38 663,552 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe + 2004-10-14 09:35:36 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB885836\spmsg.dll + 2004-10-14 09:36:26 171,520 ----a-w C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe + 2004-10-14 09:36:24 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\spcustom.dll + 2004-10-14 09:35:38 663,552 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe + 2004-10-13 16:21:24 1,694,208 ----a-w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe + 2004-10-14 09:35:36 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll + 2004-10-14 09:36:26 171,520 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe + 2004-10-14 09:36:24 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll + 2004-10-14 09:35:38 663,552 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe + 2004-12-07 19:33:24 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll + 2004-11-30 12:47:18 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spmsg.dll + 2004-11-30 18:22:46 171,520 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe + 2004-11-30 18:22:46 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\spcustom.dll + 2004-11-30 12:47:18 663,552 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe + 2005-04-22 05:20:50 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\agentdpv.dll + 2005-05-17 00:44:58 18,944 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\spru0413.dll + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll + 2005-03-02 18:21:08 62,464 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll + 2005-03-02 18:14:50 2,140,160 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe + 2005-03-02 18:14:49 2,061,312 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe + 2005-03-02 18:14:55 2,019,840 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe + 2005-03-02 18:15:00 2,183,936 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe + 2005-03-02 18:21:08 578,560 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll + 2005-03-02 18:14:44 1,836,416 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys + 2005-03-02 18:21:08 291,840 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll + 2005-02-24 17:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll + 2005-02-24 17:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe + 2005-02-24 17:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll + 2005-02-24 17:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe + 2005-02-24 17:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll + 2004-11-30 12:47:18 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spmsg.dll + 2004-11-30 18:22:46 171,520 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe + 2004-11-30 18:22:46 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\spcustom.dll + 2004-11-30 12:47:18 663,552 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe + 2005-07-08 16:31:04 249,344 ----a-w C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe + 2005-07-07 17:27:08 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll + 2005-04-28 19:38:16 1,286,144 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll + 2005-04-28 19:38:15 74,752 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecli32.dll + 2005-04-28 19:38:15 37,376 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecnv32.dll + 2005-04-28 19:38:15 396,288 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll + 2005-05-26 23:26:50 10,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe + 2005-05-27 02:11:38 41,472 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll + 2005-05-27 02:11:38 155,136 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll + 2005-05-27 02:11:38 137,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll + 2005-06-11 00:17:13 57,856 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe + 2005-06-29 14:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll + 2005-05-11 02:34:09 79,360 ----a-w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll + 2005-06-15 17:49:54 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe + 2005-06-29 14:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll + 2005-06-10 04:06:01 139,528 ----a-w C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe + 2005-06-29 14:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll + 2006-02-15 00:30:07 142,464 ----a-w C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB900485\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll + 2005-09-01 02:54:25 19,968 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll + 2005-09-23 03:27:39 8,499,712 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll + 2005-09-02 23:55:55 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll + 2005-09-27 00:47:55 23,040 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\spru0413.dll + 2005-09-01 02:54:25 292,352 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe + 2005-09-26 15:36:24 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll + 2005-09-10 01:54:10 2,068,480 ----a-w C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe + 2005-09-09 14:26:26 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll + 2005-06-29 01:54:27 254,976 ----a-w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\icm32.dll + 2005-06-29 01:54:27 73,728 ----a-w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\mscms.dll + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll + 2005-07-26 04:36:41 225,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll + 2005-07-26 04:36:41 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll + 2005-07-26 04:36:41 110,080 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll + 2005-07-26 04:36:42 498,688 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll + 2005-07-26 04:36:42 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll + 2005-07-26 04:36:42 195,072 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll + 2005-07-26 04:36:42 97,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll + 2005-07-26 04:36:43 1,267,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll + 2005-07-26 04:36:44 540,160 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll + 2005-07-26 04:36:44 243,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll + 2005-07-25 23:42:35 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe + 2005-07-26 04:36:44 425,472 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll + 2005-07-26 04:36:45 945,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll + 2005-07-26 04:36:45 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll + 2005-07-26 04:36:45 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll + 2005-07-26 04:36:45 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll + 2005-07-26 04:36:46 1,285,632 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll + 2005-07-26 04:36:46 74,752 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll + 2005-07-26 04:36:46 37,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll + 2005-07-26 04:36:47 398,336 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll + 2005-07-26 04:36:47 101,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll + 2005-07-26 04:36:47 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe + 2005-07-25 17:21:18 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll + 2005-08-22 18:27:32 197,632 ----a-w C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll + 2005-02-25 03:35:56 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB905414\spmsg.dll + 2005-02-25 03:35:56 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe + 2005-08-19 23:50:31 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe + 2005-02-25 03:35:56 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\spcustom.dll + 2005-02-25 03:35:57 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe + 2005-02-25 03:35:58 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\updspapi.dll + 2005-08-23 03:42:12 124,416 ----a-w C:\WINDOWS\$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll + 2005-02-24 18:35:58 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll + 2005-02-24 18:35:58 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe + 2005-08-22 16:01:30 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe + 2005-02-24 18:35:58 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll + 2005-02-24 18:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe + 2005-02-24 18:36:00 390,368 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll + 2005-10-17 21:28:16 80,896 ----a-w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\fontsub.dll + 2005-10-17 21:28:17 117,760 ----a-w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\t2embed.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB908519\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\updspapi.dll + 2006-03-17 04:50:59 8,501,760 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll + 2006-03-22 01:51:58 24,576 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\spru0413.dll + 2006-03-17 01:05:35 28,672 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll + 2006-06-22 10:47:03 180,736 ----a-w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll + 2006-03-23 05:54:16 143,360 ----a-w C:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB911562\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll + 2006-01-04 04:19:36 68,096 ----a-w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll + 2006-03-01 19:43:03 426,496 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll + 2006-03-01 19:43:03 956,416 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll + 2006-03-01 19:43:03 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll + 2006-03-01 19:43:03 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll + 2006-03-01 19:43:03 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll + 2006-03-01 19:43:03 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\xolehlp.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB913580\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\updspapi.dll + 2006-05-19 14:34:09 112,128 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll + 2006-05-19 14:34:09 147,456 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dnsapi.dll + 2006-05-19 14:34:09 95,232 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\iphlpapi.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB914388\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\updspapi.dll + 2006-05-05 10:16:39 454,400 ----a-w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys + 2006-05-05 10:22:52 174,592 ----a-w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB914389\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\updspapi.dll + 2006-03-17 01:08:10 262,656 ----a-w C:\WINDOWS\$hf_mig$\KB916595\SP2QFE\http.sys + 2005-10-12 23:26:03 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB916595\spmsg.dll + 2005-10-12 23:26:03 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe + 2005-10-12 23:26:03 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\spcustom.dll + 2005-10-12 23:26:05 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe + 2005-10-12 23:26:11 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\updspapi.dll + 2006-05-18 05:51:55 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll + 2005-10-12 23:26:03 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB917344\spmsg.dll + 2005-10-12 23:26:03 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe + 2005-10-12 23:26:03 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\spcustom.dll + 2005-10-12 23:26:05 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe + 2005-10-12 23:26:11 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\updspapi.dll + 2006-11-27 15:18:57 539,136 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll + 2006-11-27 15:18:57 433,664 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll + 2006-06-01 19:46:13 163,840 ----a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgdw400.dll + 2006-06-01 19:46:13 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgpl400.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB918439\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\updspapi.dll + 2006-07-13 11:43:08 202,496 ----a-w C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB919007\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\updspapi.dll + 2006-10-12 13:56:47 42,496 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll + 2006-10-12 13:56:47 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll + 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe + 2006-10-16 11:19:21 266,240 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\spru0413.dll + 2005-10-12 23:26:03 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll + 2005-10-12 23:26:03 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe + 2005-10-12 23:26:03 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll + 2005-10-12 23:26:05 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe + 2005-10-12 23:26:11 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll + 2006-07-21 08:31:26 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll + 2005-10-12 23:26:03 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll + 2005-10-12 23:26:03 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe + 2005-10-12 23:26:03 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll + 2005-10-12 23:26:05 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe + 2005-10-12 23:26:11 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll + 2006-06-26 17:47:47 147,456 ----a-w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\dnsapi.dll + 2006-06-26 17:47:47 7,680 ----a-w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB920683\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\updspapi.dll + 2006-06-22 05:23:06 69,120 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll + 2006-06-22 05:23:07 1,440,768 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll + 2006-06-14 08:50:19 172,416 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\kmixer.sys + 2006-06-14 08:50:19 6,272 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys + 2006-06-14 09:17:04 82,944 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB920872\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\updspapi.dll + 2006-08-16 12:15:04 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\6to4svc.dll + 2006-08-16 10:13:39 225,664 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\tcpip6.sys + 2005-10-12 23:26:03 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB922819\spmsg.dll + 2005-10-12 23:26:03 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe + 2005-10-12 23:26:03 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\spcustom.dll + 2005-10-12 23:26:05 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe + 2005-10-12 23:26:11 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\updspapi.dll + 2006-08-14 12:00:42 332,928 ----a-w C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys + 2005-10-12 23:26:03 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spmsg.dll + 2005-10-12 23:26:03 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe + 2005-10-12 23:26:03 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\spcustom.dll + 2005-10-12 23:26:05 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe + 2005-10-12 23:26:11 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\updspapi.dll + 2006-10-13 12:43:46 64,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll + 2006-10-13 12:43:46 144,384 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll + 2006-10-13 10:39:12 163,456 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys + 2006-10-13 12:43:46 65,536 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll + 2005-10-12 23:26:03 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll + 2005-10-12 23:26:03 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe + 2005-10-12 23:26:03 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll + 2005-10-12 23:26:05 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe + 2005-10-12 23:26:11 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll + 2006-08-17 12:43:48 731,648 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll + 2006-08-17 12:43:48 337,408 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll + 2006-08-17 12:43:48 132,096 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\updspapi.dll + 2006-09-04 06:15:30 1,497,088 ----a-w C:\WINDOWS\$hf_mig$\KB924496\SP2QFE\shdocvw.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB924496\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB924496\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\updspapi.dll + 2006-10-04 14:07:10 73,216 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\magnify.exe + 2006-10-04 14:07:09 54,784 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\narrator.exe + 2006-10-04 14:07:11 216,064 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\osk.exe + 2006-10-04 14:11:57 36,352 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\umandlg.dll + 2006-10-04 14:07:10 50,176 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\utilman.exe + 2005-10-12 23:26:03 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spmsg.dll + 2005-10-12 23:26:03 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spuninst.exe + 2005-10-12 23:26:03 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\spcustom.dll + 2005-10-12 23:26:05 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe + 2005-10-12 23:26:11 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\updspapi.dll + 2007-03-08 15:51:45 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll + 2007-03-08 15:51:45 40,960 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll + 2007-03-08 15:51:45 579,584 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll + 2007-03-08 15:49:42 1,844,096 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys + 2006-01-19 19:29:39 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll + 2006-01-19 19:29:39 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe + 2006-01-19 19:29:39 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll + 2006-01-19 19:29:39 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe + 2006-01-19 19:29:40 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll + 2006-10-20 01:41:24 714,752 ----a-w C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB926255\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\updspapi.dll + 2006-10-16 17:16:18 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll + 2005-10-12 23:26:03 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll + 2005-10-12 23:26:03 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe + 2005-10-12 23:26:03 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll + 2005-10-12 23:26:05 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe + 2005-10-12 23:26:11 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll + 2006-12-26 13:21:02 536,576 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll + 2006-12-26 13:21:02 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll + 2006-12-26 13:21:02 200,704 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll + 2006-12-26 13:21:02 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll + 2006-01-19 19:29:39 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll + 2006-01-19 19:29:39 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe + 2006-01-19 19:29:39 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll + 2006-01-19 19:29:39 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe + 2006-01-19 19:29:40 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll + 2006-12-19 18:50:02 334,336 ----a-w C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB927802\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll + 2006-12-19 21:48:54 8,505,856 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll + 2006-12-19 21:48:54 135,680 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll + 2006-12-19 16:30:11 266,240 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\spru0413.dll + 2006-01-19 19:29:39 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll + 2006-01-19 19:29:39 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe + 2006-01-19 19:29:39 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll + 2006-01-19 19:29:39 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe + 2006-01-19 19:29:40 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB928843\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\updspapi.dll + 2007-05-16 15:31:04 86,528 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll + 2007-05-16 15:31:05 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll + 2007-05-16 15:31:06 1,314,816 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll + 2007-05-16 15:31:07 510,976 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll + 2007-05-16 15:31:07 85,504 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll + 2006-01-19 19:29:39 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll + 2006-01-19 19:29:39 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe + 2006-01-19 19:29:39 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll + 2006-01-19 19:29:39 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe + 2006-01-19 19:29:40 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll + 2007-03-17 13:47:19 293,376 ----a-w C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll + 2007-02-09 11:23:36 574,976 ----a-w C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll + 2007-02-05 20:21:39 185,344 ----a-w C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll + 2006-01-19 19:29:39 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll + 2006-01-19 19:29:39 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe + 2006-01-19 19:29:39 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll + 2006-01-19 19:29:39 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe + 2006-01-19 19:29:40 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll + 2007-02-28 16:09:25 2,142,208 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe + 2007-02-28 16:09:32 2,063,744 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe + 2007-02-28 16:09:24 2,021,888 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe + 2007-02-28 16:09:29 2,186,496 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll + 2007-03-09 14:00:49 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\agentdpv.dll + 2007-03-09 11:51:35 266,240 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\spru0413.dll + 2006-01-19 19:29:39 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spmsg.dll + 2006-01-19 19:29:39 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe + 2006-01-19 19:29:39 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\spcustom.dll + 2006-01-19 19:29:39 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe + 2006-01-19 19:29:40 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\updspapi.dll + 2007-04-16 16:11:48 1,027,072 ----a-w C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll + 2007-04-25 20:33:41 144,896 ----a-w C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll + 2006-01-19 19:29:39 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll + 2006-01-19 19:29:39 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe + 2006-01-19 19:29:39 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll + 2006-01-19 19:29:39 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe + 2006-01-19 19:29:40 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll + 2007-06-26 06:08:06 1,104,896 ----a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll + 2007-07-06 09:52:38 72,960 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys + 2007-07-06 13:10:33 138,240 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll + 2007-07-06 13:10:33 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll + 2007-07-06 13:10:33 16,896 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll + 2007-07-06 13:10:33 660,992 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll + 2007-07-06 13:10:33 177,152 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll + 2007-07-06 13:10:33 95,744 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll + 2007-07-06 13:10:33 48,640 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll + 2007-07-06 13:10:33 504,832 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll + 2007-06-26 14:47:22 851,968 ----a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll + 2007-06-13 13:12:27 1,036,800 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll + 2007-06-19 13:42:30 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll + 2006-01-19 19:29:39 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB938829\spmsg.dll + 2006-01-19 19:29:39 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB938829\spuninst.exe + 2006-01-19 19:29:39 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\spcustom.dll + 2006-01-19 19:29:39 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe + 2006-01-19 19:29:40 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\updspapi.dll + 2007-08-21 06:26:15 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll + 2007-10-29 22:41:52 1,291,776 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll + 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll + 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll + 2007-11-14 07:26:25 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll + 2007-12-04 18:31:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll + 2007-11-07 09:51:06 732,160 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll + 2007-12-07 00:47:37 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll + 2007-12-07 00:47:37 151,552 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll + 2007-12-07 00:47:37 1,057,280 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll + 2007-12-07 00:47:37 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll + 2007-12-07 00:47:37 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll + 2007-12-07 00:47:37 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll + 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe + 2007-12-07 00:47:37 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll + 2007-12-07 00:47:37 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll + 2007-12-07 00:47:37 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll + 2007-12-07 00:47:37 3,087,360 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll + 2007-12-07 00:47:38 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll + 2007-12-07 00:47:38 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll + 2007-12-07 00:47:38 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll + 2007-12-07 00:47:38 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll + 2007-12-07 00:47:38 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll + 2007-12-07 00:47:38 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll + 2007-12-06 23:40:38 369,664 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\spru0413.dll + 2007-12-07 00:47:38 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll + 2007-12-07 00:47:38 669,184 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll + 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll + 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll + 2006-02-15 00:22:26 142,464 ------w C:\WINDOWS\Driver Cache\i386\aec.sys + 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys + 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys + 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys + 2007-02-28 16:05:05 2,140,672 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe + 2007-02-28 16:05:16 2,061,952 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe + 2007-02-28 16:05:04 2,020,352 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe + 2007-02-28 16:05:16 2,184,704 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe + 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys + 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys - 2004-08-03 23:03:30 1,035,776 ----a-w C:\WINDOWS\explorer.exe + 2007-06-13 13:24:02 1,036,800 ----a-w C:\WINDOWS\explorer.exe - 2004-08-03 23:03:30 10,752 ----a-w C:\WINDOWS\hh.exe + 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe - 2006-11-02 21:52:44 316,416 ----a-w C:\WINDOWS\inf\unregmp2.exe + 2007-06-27 13:57:10 317,952 ----a-w C:\WINDOWS\inf\unregmp2.exe - 2004-08-03 23:03:06 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll + 2006-10-12 14:05:20 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll - 2004-08-03 23:03:06 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll + 2007-03-09 13:48:20 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll - 2004-08-03 23:03:28 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe + 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe - 2004-08-03 23:03:06 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll + 2006-08-16 11:59:42 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll - 2004-08-03 23:03:06 56,832 ----a-w C:\WINDOWS\system32\authz.dll + 2005-03-02 18:19:18 56,832 ----a-w C:\WINDOWS\system32\authz.dll - 2004-08-03 23:03:06 1,017,344 ----a-w C:\WINDOWS\system32\browseui.dll + 2007-12-07 01:08:24 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll - 2004-08-03 23:03:06 229,888 ----a-w C:\WINDOWS\system32\catsrv.dll + 2005-07-26 04:42:47 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll - 2004-08-03 23:03:06 628,224 ----a-w C:\WINDOWS\system32\catsrvut.dll + 2005-07-26 04:42:47 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll - 2004-08-03 23:03:06 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll + 2007-12-07 01:08:24 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll - 2004-08-03 23:03:06 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll + 2005-09-10 01:55:37 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll - 2004-08-03 23:03:08 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll + 2006-06-22 05:17:18 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll - 2004-08-03 23:03:08 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll + 2005-07-26 04:42:47 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll - 2004-08-03 23:03:08 501,248 ----a-w C:\WINDOWS\system32\clbcatq.dll + 2005-07-26 04:42:47 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll - 2004-08-03 23:03:08 62,464 ----a-w C:\WINDOWS\system32\colbact.dll + 2005-07-26 04:42:47 60,416 ----a-w C:\WINDOWS\system32\colbact.dll - 2004-08-03 23:03:08 195,584 ----a-w C:\WINDOWS\system32\Com\comadmin.dll + 2005-07-26 04:42:47 195,072 ----a-w C:\WINDOWS\system32\Com\comadmin.dll - 2004-08-03 23:03:08 611,328 ----a-w C:\WINDOWS\system32\comctl32.dll + 2006-08-25 15:51:55 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll - 2001-09-07 12:00:00 82,432 ----a-w C:\WINDOWS\system32\comrepl.dll + 2005-07-26 04:42:47 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll - 2004-08-03 23:03:08 1,251,840 ----a-w C:\WINDOWS\system32\comsvcs.dll + 2005-07-26 04:42:48 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll - 2004-08-03 23:03:08 540,160 ----a-w C:\WINDOWS\system32\comuid.dll + 2005-07-26 04:42:48 540,160 ----a-w C:\WINDOWS\system32\comuid.dll - 2004-08-03 23:03:08 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll + 2007-12-07 01:08:24 1,057,280 ----a-w C:\WINDOWS\system32\danim.dll - 2004-08-03 23:03:08 111,104 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll + 2006-05-19 13:50:39 111,616 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll - 2004-08-03 23:03:06 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll + 2006-08-16 11:59:42 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll - 2004-08-03 23:03:06 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll + 2006-10-12 14:05:20 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll - 2004-08-03 23:03:06 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll + 2007-03-09 13:48:20 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll - 2004-08-03 23:03:28 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe + 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe - 2004-08-03 23:03:06 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll + 2005-03-02 18:19:18 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll - 2004-08-03 23:03:06 1,017,344 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll + 2007-12-07 01:08:24 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll - 2004-08-03 23:03:06 229,888 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll + 2005-07-26 04:42:47 225,792 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll - 2004-08-03 23:03:06 628,224 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll + 2005-07-26 04:42:47 625,152 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll - 2004-08-03 23:03:06 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll + 2007-12-07 01:08:24 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll - 2004-08-03 23:03:06 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll + 2005-09-10 01:55:37 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll - 2004-08-03 23:03:08 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll + 2006-06-22 05:17:18 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll - 2004-08-03 23:03:08 110,080 -c--a-w C:\WINDOWS\system32\dllc
  • Een stuk is weggevallen door de forum software. Kan je het combofix logje eens posten, het stuk onder snapshot mag je weglaten.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.