Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Computer súperlangzaam.. HijackThis log..

KAPE
17 antwoorden
  • Hee.
    Mn computer is de laatste tijd echt heel langzaam (serieus.. zo langzaam is 'ie nog nooit geweest) en de virusscanner geeft aan dat spyware gevonden is e.d. Maar aangezien ik hierniet echt verstand van heb, doe ik het even zo..

    Heb hier een HijackThis log.. Wat moet ik nu doen/verwijderen?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:53:27, on 5-11-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
    c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
    C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196513338281
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/xupload/XUpload.ocx
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Google Update Service (gupdate1c93aacd8ba9d4) (gupdate1c93aacd8ba9d4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
    O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
    O23 - Service: Service Host Process (Winhost) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)


    End of file - 10663 bytes

    Alvast bedankt!
    x.
  • Deze service O23 - Service: Service Host Process (Winhost) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) moet je - zo snel mogelijk - uitschakelen. Doe dit via Start -> Uitvoeren -> SERVICES.MSC. En dan ook dat bestand svchost.exe verwijderen in de WINDOWS-map. En laat dan even horen hoe de zaken staan ?
  • en in die lijst met services.. welke is het dan? (Voordat ik iets verkeerds verwijder..)
  • Iets in de aard van "Service Host Process" of "Winhost" (als dat te vinden is in je lijstje met services ?)… maar zeker niet svchost zelf.
  • Het bestand svchost.exe in de Windows-map krijg ik niet verwijderd…
  • Download [b:87ddac5c45]Combofix[/color:87ddac5c45][/b:87ddac5c45] naar je Bureaublad.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:87ddac5c45]download Combofix opnieuw[/b:87ddac5c45].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:87ddac5c45]
    Dubbelklik op [b:87ddac5c45]Combofix.exe[/b:87ddac5c45] om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op [b:87ddac5c45]Ja[/b:87ddac5c45] te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:87ddac5c45]JA[/b:87ddac5c45] te klikken in het "Query - Recovery Console" venster.
    Klik op [b:87ddac5c45]OK[/b:87ddac5c45] en [b:87ddac5c45]Ja[/b:87ddac5c45] om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op [b:87ddac5c45]Ja[/b:87ddac5c45] om het scannen op malware te starten.
    Tijdens het runnen van de fix, [b:87ddac5c45]NIET[/b:87ddac5c45] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:87ddac5c45]
    Wanneer de fix voltooid is en na herstart, zal de log [b:87ddac5c45]Combofix.txt[/b:87ddac5c45] openen.

    Post dit logje in je volgende antwoord.
  • ComboFix 08-11-04.02 - Marieke 2008-11-05 20:02:09.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1405 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Marieke\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\IE4 Error Log.txt

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-10-05 to 2008-11-05 ))))))))))))))))))))))))))))))
    .

    2008-11-05 19:09 . 2008-11-05 19:09 <DIR> d——– c:\program files\SUPERAntiSpyware
    2008-11-05 19:09 . 2008-11-05 19:09 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
    2008-11-05 19:09 . 2008-11-05 19:09 <DIR> d——– c:\documents and settings\Marieke\Application Data\SUPERAntiSpyware.com
    2008-11-05 19:09 . 2008-11-05 19:09 <DIR> d——– c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-10-26 19:15 . 2008-10-26 19:15 244 –ah—– C:\sqmnoopt03.sqm
    2008-10-26 19:15 . 2008-10-26 19:15 232 –ah—– C:\sqmdata03.sqm
    2008-10-22 14:27 . 2008-10-22 14:27 <DIR> d——– c:\program files\PowerISO
    2008-10-21 15:13 . 2008-10-21 15:13 <DIR> d——– c:\program files\GrabIt
    2008-10-18 20:39 . 2008-10-18 20:39 <DIR> d——– c:\program files\Winamp
    2008-10-18 20:39 . 2008-10-18 20:43 <DIR> d——– c:\documents and settings\Marieke\Application Data\Winamp
    2008-10-18 20:39 . 2007-03-08 00:51 129,784 ——— c:\windows\system32\pxafs.dll
    2008-10-14 19:04 . 2008-10-14 19:04 <DIR> d——– c:\program files\FLAC

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-05 18:58 367,416 —-a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
    2008-11-05 18:58 367,416 —-a-w c:\windows\system32\drivers\APPFCONT.DAT
    2008-11-05 18:58 1,244 —-a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
    2008-11-05 18:58 1,244 —-a-w c:\windows\system32\drivers\APPFLTR.CFG
    2008-11-05 16:01 ——— d—–w c:\program files\Google
    2008-11-04 14:42 ——— d—–w c:\documents and settings\Marieke\Application Data\GrabIt
    2008-10-29 18:33 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-10-29 18:33 ——— d—–w c:\program files\Ulead Systems
    2008-10-29 18:32 ——— d—–w c:\documents and settings\All Users\Application Data\Ulead Systems
    2008-10-29 18:28 ——— d—–w c:\program files\Windows Live
    2008-10-29 18:26 ——— d—–w c:\program files\Virtual Creatures
    2008-10-29 18:21 ——— d—–w c:\program files\Malmberg
    2008-10-22 09:23 ——— d—–w c:\program files\Common Files\Adobe
    2008-10-16 16:49 ——— d—–w c:\program files\FTDv3.8
    2008-10-01 15:48 ——— d—–w c:\program files\Java
    2008-10-01 15:38 ——— d—–w c:\documents and settings\Marieke\Application Data\ErrorSmart
    2008-09-15 15:42 1,846,144 —-a-w c:\windows\system32\win32k.sys
    2008-09-07 09:04 ——— d—–w c:\program files\Common Files\Java
    2008-08-26 08:27 826,368 —-a-w c:\windows\system32\wininet.dll
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\OPUSTEXT.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\OPUSS___.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\OPUSPC__.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\OPUSP___.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\OPUSC___.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\OPUS____.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\INKPEN2_.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\INK2TEXT.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\INK2SPEC.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\INK2SCRI.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\INK2CHOR.FOT
    2008-08-14 13:48 2,184,704 —-a-w c:\windows\system32
    toskrnl.exe
    2008-08-14 13:48 2,062,080 —-a-w c:\windows\system32
    tkrnlpa.exe
    2008-08-13 13:43 47,360 —-a-w c:\documents and settings\Marieke\Application Data\pcouffin.sys
    2008-03-31 17:36 81,920 —-a-w c:\documents and settings\Marieke\Application Data\ezpinst.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-15_21.44.22.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-30 12:39:46 18,808 —-a-w c:\windows\$hf_mig$\KB938464\spmsg.dll
    + 2007-11-30 12:39:46 234,872 —-a-w c:\windows\$hf_mig$\KB938464\spuninst.exe
    + 2007-11-30 12:39:46 26,488 —-a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll
    + 2007-11-30 11:19:43 765,304 —-a-w c:\windows\$hf_mig$\KB938464\update\update.exe
    + 2007-11-30 12:39:47 401,272 —-a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll
    + 2007-11-30 12:39:46 234,872 -c—-w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
    + 2007-11-30 12:39:47 401,272 -c—-w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
    + 2007-07-27 06:34:54 234,872 -c—-w c:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe
    + 2007-07-27 08:41:48 382,840 -c—-w c:\windows\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll
    + 2006-10-18 20:47:20 295,936 -c—-w c:\windows\$NtUninstallKB954154_WM11$\wmpeffects.dll
    - 2007-02-28 16:05:05 2,140,672 ——w c:\windows\Driver Cache\i386
    tkrnlmp.exe
    + 2008-08-14 13:47:57 2,140,672 ——w c:\windows\Driver Cache\i386
    tkrnlmp.exe
    - 2007-02-28 16:05:16 2,061,952 ——w c:\windows\Driver Cache\i386
    tkrnlpa.exe
    + 2008-08-14 13:48:03 2,062,080 ——w c:\windows\Driver Cache\i386
    tkrnlpa.exe
    - 2007-02-28 16:05:04 2,020,352 ——w c:\windows\Driver Cache\i386
    tkrpamp.exe
    + 2008-08-14 13:47:56 2,020,352 ——w c:\windows\Driver Cache\i386
    tkrpamp.exe
    - 2007-02-28 16:05:16 2,184,704 ——w c:\windows\Driver Cache\i386
    toskrnl.exe
    + 2008-08-14 13:48:00 2,184,704 ——w c:\windows\Driver Cache\i386
    toskrnl.exe
    - 2005-10-20 18:02:28 163,328 —-a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
    + 2005-10-20 19:02:28 163,328 —-a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
    + 2008-06-23 16:43:12 124,928 -c—-w c:\windows\ie7updates\KB956390-IE7\advpack.dll
    + 2008-06-23 16:43:12 347,136 -c—-w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
    + 2008-06-23 16:43:13 214,528 -c—-w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
    + 2008-06-23 16:43:13 133,120 -c—-w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
    + 2008-06-23 16:43:13 63,488 -c—-w c:\windows\ie7updates\KB956390-IE7\icardie.dll
    + 2008-06-23 09:22:59 70,656 -c—-w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
    + 2008-06-23 16:43:13 153,088 -c—-w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
    + 2008-06-23 16:43:13 230,400 -c—-w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
    + 2008-06-21 05:23:54 161,792 -c—-w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
    + 2008-06-23 16:43:13 383,488 -c—-w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
    + 2008-06-23 16:43:13 384,512 -c—-w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
    + 2008-06-23 16:43:15 6,066,176 -c—-w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
    + 2008-06-23 16:43:15 44,544 -c—-w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
    + 2008-06-23 16:43:15 267,776 -c—-w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
    + 2008-06-23 09:20:26 13,824 -c—-w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
    + 2008-06-23 09:23:16 625,664 -c—-w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
    + 2008-06-23 16:43:16 27,648 -c—-w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
    + 2008-06-23 16:43:16 459,264 -c—-w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
    + 2008-06-23 16:43:16 52,224 -c—-w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
    + 2008-06-24 08:43:20 3,592,192 -c—-w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
    + 2008-06-23 16:43:18 477,696 -c—-w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
    + 2008-06-23 16:43:18 193,024 -c—-w c:\windows\ie7updates\KB956390-IE7\msrating.dll
    + 2008-06-23 16:43:19 671,232 -c—-w c:\windows\ie7updates\KB956390-IE7\mstime.dll
    + 2008-06-23 16:43:19 102,912 -c—-w c:\windows\ie7updates\KB956390-IE7\occache.dll
    + 2008-06-23 16:43:19 44,544 -c—-w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
    + 2007-03-06 01:58:28 216,800 -c—-w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:59:37 389,856 -c—-w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
    + 2008-06-23 16:43:19 105,984 -c—-w c:\windows\ie7updates\KB956390-IE7\url.dll
    + 2008-06-23 16:43:19 1,159,680 -c—-w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
    + 2008-06-23 16:43:20 233,472 -c—-w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
    + 2008-06-23 16:43:20 826,368 -c—-w c:\windows\ie7updates\KB956390-IE7\wininet.dll
    - 2008-08-14 13:18:34 593,920 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-10-15 16:26:40 593,920 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2008-08-14 13:18:34 12,288 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-10-15 16:26:40 12,288 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2008-08-14 13:18:34 86,016 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2008-10-15 16:26:40 86,016 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2008-08-14 13:18:33 135,168 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-10-15 16:26:40 135,168 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-08-14 13:18:34 11,264 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-10-15 16:26:40 11,264 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2008-08-14 13:18:34 27,136 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-10-15 16:26:40 27,136 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2008-08-14 13:18:34 4,096 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-10-15 16:26:40 4,096 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2008-08-14 13:18:34 794,624 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-10-15 16:26:40 794,624 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2008-08-14 13:18:33 249,856 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-10-15 16:26:40 249,856 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2008-08-14 13:18:33 61,440 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2008-10-15 16:26:40 61,440 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2008-08-14 13:18:34 23,040 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-10-15 16:26:40 23,040 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2008-08-14 13:18:33 286,720 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-10-15 16:26:40 286,720 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2008-08-14 13:18:33 409,600 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-10-15 16:26:40 409,600 —-a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-10-22 09:23:34 295,606 —-a-r c:\windows\Installer\{AC76BA86-7AD7-1043-7B44-A81200000003}\SC_Reader.exe
    + 2008-11-05 18:09:30 18,944 —-a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2008-11-05 18:09:30 65,024 —-a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    - 2001-08-06 19:44:06 308,227 —-a-w c:\windows\IsUn0413.exe
    + 1998-10-09 12:36:54 327,168 —-a-w c:\windows\IsUn0413.exe
    - 2000-08-31 06:00:00 28,672 —-a-w c:\windows\Nircmd.exe
    + 2000-08-31 07:00:00 28,672 —-a-w c:\windows\Nircmd.exe
    - 2000-08-31 06:00:00 161,792 —-a-w c:\windows\swreg.exe
    + 2000-08-31 07:00:00 161,792 —-a-w c:\windows\swreg.exe
    + 2002-07-25 12:16:30 128,512 —-a-w c:\windows\system32\3DViewer.dll
    - 2008-06-23 16:43:12 124,928 —-a-w c:\windows\system32\advpack.dll
    + 2008-08-26 08:27:10 124,928 —-a-w c:\windows\system32\advpack.dll
    - 2007-07-30 18:19:20 92,504 —-a-w c:\windows\system32\cdm.dll
    + 2008-07-18 20:10:48 94,920 —-a-w c:\windows\system32\cdm.dll
    + 1998-08-04 22:00:00 28,672 —-a-w c:\windows\system32\CMCT3IT.DLL
    - 2008-06-23 16:43:12 124,928 -c—-w c:\windows\system32\dllcache\advpack.dll
    + 2008-08-26 08:27:10 124,928 -c—-w c:\windows\system32\dllcache\advpack.dll
    - 2008-06-20 10:44:38 138,368 -c–a-w c:\windows\system32\dllcache\afd.sys
    + 2008-08-14 09:51:43 138,368 -c–a-w c:\windows\system32\dllcache\afd.sys
    - 2007-07-30 18:19:20 92,504 -c–a-w c:\windows\system32\dllcache\cdm.dll
    + 2008-07-18 20:10:48 94,920 -c–a-w c:\windows\system32\dllcache\cdm.dll
    - 2008-06-23 16:43:12 347,136 -c–a-w c:\windows\system32\dllcache\dxtmsft.dll
    + 2008-08-26 08:27:10 347,136 -c–a-w c:\windows\system32\dllcache\dxtmsft.dll
    - 2008-06-23 16:43:13 214,528 -c—-w c:\windows\system32\dllcache\dxtrans.dll
    + 2008-08-26 08:27:10 214,528 -c—-w c:\windows\system32\dllcache\dxtrans.dll
    - 2008-06-23 16:43:13 133,120 -c—-w c:\windows\system32\dllcache\extmgr.dll
    + 2008-08-26 08:27:10 133,120 -c—-w c:\windows\system32\dllcache\extmgr.dll
    - 2008-06-23 16:43:13 63,488 -c—-w c:\windows\system32\dllcache\icardie.dll
    + 2008-08-26 08:27:10 63,488 -c—-w c:\windows\system32\dllcache\icardie.dll
    - 2008-06-23 09:22:59 70,656 -c—-w c:\windows\system32\dllcache\ie4uinit.exe
    + 2008-08-25 08:40:59 70,656 -c—-w c:\windows\system32\dllcache\ie4uinit.exe
    - 2008-06-23 16:43:13 153,088 -c—-w c:\windows\system32\dllcache\ieakeng.dll
    + 2008-08-26 08:27:10 153,088 -c—-w c:\windows\system32\dllcache\ieakeng.dll
    - 2008-06-23 16:43:13 230,400 -c—-w c:\windows\system32\dllcache\ieaksie.dll
    + 2008-08-26 08:27:10 230,400 -c—-w c:\windows\system32\dllcache\ieaksie.dll
    - 2008-06-21 05:23:54 161,792 -c—-w c:\windows\system32\dllcache\ieakui.dll
    + 2008-08-23 05:54:51 161,792 -c—-w c:\windows\system32\dllcache\ieakui.dll
    - 2008-06-23 16:43:13 383,488 -c—-w c:\windows\system32\dllcache\ieapfltr.dll
    + 2008-08-26 08:27:10 383,488 -c—-w c:\windows\system32\dllcache\ieapfltr.dll
    - 2008-06-23 16:43:13 384,512 -c—-w c:\windows\system32\dllcache\iedkcs32.dll
    + 2008-08-26 08:27:10 384,512 -c—-w c:\windows\system32\dllcache\iedkcs32.dll
    - 2008-06-23 16:43:15 6,066,176 -c—-w c:\windows\system32\dllcache\ieframe.dll
    + 2008-10-03 17:38:28 6,066,176 -c—-w c:\windows\system32\dllcache\ieframe.dll
    - 2008-06-23 16:43:15 44,544 -c—-w c:\windows\system32\dllcache\iernonce.dll
    + 2008-08-26 08:27:11 44,544 -c—-w c:\windows\system32\dllcache\iernonce.dll
    - 2008-06-23 16:43:15 267,776 -c—-w c:\windows\system32\dllcache\iertutil.dll
    + 2008-08-26 08:27:11 267,776 -c—-w c:\windows\system32\dllcache\iertutil.dll
    - 2008-06-23 09:20:26 13,824 -c—-w c:\windows\system32\dllcache\ieudinit.exe
    + 2008-08-25 08:38:00 13,824 -c—-w c:\windows\system32\dllcache\ieudinit.exe
    - 2008-06-23 09:23:16 625,664 -c—-w c:\windows\system32\dllcache\iexplore.exe
    + 2008-08-23 05:56:15 635,848 -c—-w c:\windows\system32\dllcache\iexplore.exe
    - 2008-06-23 16:43:16 27,648 -c—-w c:\windows\system32\dllcache\jsproxy.dll
    + 2008-08-26 08:27:11 27,648 -c—-w c:\windows\system32\dllcache\jsproxy.dll
    - 2008-06-23 16:43:16 459,264 -c—-w c:\windows\system32\dllcache\msfeeds.dll
    + 2008-08-26 08:27:11 459,264 -c—-w c:\windows\system32\dllcache\msfeeds.dll
    - 2008-06-23 16:43:16 52,224 -c—-w c:\windows\system32\dllcache\msfeedsbs.dll
    + 2008-08-26 08:27:11 52,224 -c—-w c:\windows\system32\dllcache\msfeedsbs.dll
    - 2008-06-24 08:43:20 3,592,192 -c—-w c:\windows\system32\dllcache\mshtml.dll
    + 2008-08-27 09:27:14 3,593,216 -c—-w c:\windows\system32\dllcache\mshtml.dll
    - 2008-06-23 16:43:18 477,696 -c—-w c:\windows\system32\dllcache\mshtmled.dll
    + 2008-08-26 08:27:12 477,696 -c—-w c:\windows\system32\dllcache\mshtmled.dll
    - 2008-06-23 16:43:18 193,024 -c—-w c:\windows\system32\dllcache\msrating.dll
    + 2008-08-26 08:27:12 193,024 -c—-w c:\windows\system32\dllcache\msrating.dll
    - 2008-06-23 16:43:19 671,232 -c—-w c:\windows\system32\dllcache\mstime.dll
    + 2008-08-26 08:27:12 671,232 -c—-w c:\windows\system32\dllcache\mstime.dll
    - 2006-08-17 12:30:16 332,288 -c–a-w c:\windows\system32\dllcache
    etapi32.dll
    + 2008-10-15 17:01:37 332,800 -c–a-w c:\windows\system32\dllcache
    etapi32.dll
    - 2007-02-28 16:05:05 2,140,672 -c—-w c:\windows\system32\dllcache
    tkrnlmp.exe
    + 2008-08-14 13:47:57 2,140,672 -c—-w c:\windows\system32\dllcache
    tkrnlmp.exe
    - 2007-02-28 16:05:16 2,061,952 -c—-w c:\windows\system32\dllcache
    tkrnlpa.exe
    + 2008-08-14 13:48:03 2,062,080 -c—-w c:\windows\system32\dllcache
    tkrnlpa.exe
    - 2007-02-28 16:05:04 2,020,352 -c—-w c:\windows\system32\dllcache
    tkrpamp.exe
    + 2008-08-14 13:47:56 2,020,352 -c—-w c:\windows\system32\dllcache
    tkrpamp.exe
    - 2007-02-28 16:05:16 2,184,704 -c—-w c:\windows\system32\dllcache
    toskrnl.exe
    + 2008-08-14 13:48:00 2,184,704 -c—-w c:\windows\system32\dllcache
    toskrnl.exe
    - 2008-06-23 16:43:19 102,912 -c—-w c:\windows\system32\dllcache\occache.dll
    + 2008-08-26 08:27:12 102,912 -c—-w c:\windows\system32\dllcache\occache.dll
    - 2008-06-23 16:43:19 44,544 -c–a-w c:\windows\system32\dllcache\pngfilt.dll
    + 2008-08-26 08:27:12 44,544 -c–a-w c:\windows\system32\dllcache\pngfilt.dll
    - 2006-08-14 10:34:41 332,928 -c–a-w c:\windows\system32\dllcache\srv.sys
    + 2008-08-28 10:04:17 333,056 -c–a-w c:\windows\system32\dllcache\srv.sys
    - 2008-06-23 16:43:19 105,984 -c—-w c:\windows\system32\dllcache\url.dll
    + 2008-08-26 08:27:12 105,984 -c—-w c:\windows\system32\dllcache\url.dll
    - 2008-06-23 16:43:19 1,159,680 -c—-w c:\windows\system32\dllcache\urlmon.dll
    + 2008-08-26 08:27:13 1,159,680 -c—-w c:\windows\system32\dllcache\urlmon.dll
    - 2008-06-23 16:43:20 233,472 -c—-w c:\windows\system32\dllcache\webcheck.dll
    + 2008-08-26 08:27:13 233,472 -c—-w c:\windows\system32\dllcache\webcheck.dll
    - 2008-03-20 08:10:47 1,845,376 -c–a-w c:\windows\system32\dllcache\win32k.sys
    + 2008-09-15 15:42:10 1,846,144 -c–a-w c:\windows\system32\dllcache\win32k.sys
    - 2008-06-23 16:43:20 826,368 -c—-w c:\windows\system32\dllcache\wininet.dll
    + 2008-08-26 08:27:13 826,368 -c—-w c:\windows\system32\dllcache\wininet.dll
    - 2007-07-30 18:19:36 549,720 -c–a-w c:\windows\system32\dllcache\wuapi.dll
    + 2008-07-18 20:09:44 563,912 -c–a-w c:\windows\system32\dllcache\wuapi.dll
    - 2007-07-30 18:19:16 53,080 -c–a-w c:\windows\system32\dllcache\wuauclt.exe
    + 2008-07-18 20:10:42 53,448 -c–a-w c:\windows\system32\dllcache\wuauclt.exe
    - 2007-07-30 18:19:42 1,712,984 -c–a-w c:\windows\system32\dllcache\wuaueng.dll
    + 2008-07-18 20:09:42 1,811,656 -c–a-w c:\windows\system32\dllcache\wuaueng.dll
    - 2007-07-30 18:19:32 325,976 -c–a-w c:\windows\system32\dllcache\wucltui.dll
    + 2008-07-18 20:09:46 325,832 -c–a-w c:\windows\system32\dllcache\wucltui.dll
    - 2007-07-30 18:18:40 33,624 -c–a-w c:\windows\system32\dllcache\wups.dll
    + 2008-07-18 20:10:20 36,552 -c–a-w c:\windows\system32\dllcache\wups.dll
    - 2007-07-30 18:19:28 203,096 -c–a-w c:\windows\system32\dllcache\wuweb.dll
    + 2008-07-18 20:09:44 205,000 -c–a-w c:\windows\system32\dllcache\wuweb.dll
    - 2008-06-20 10:44:38 138,368 —-a-w c:\windows\system32\drivers\afd.sys
    + 2008-08-14 09:51:43 138,368 —-a-w c:\windows\system32\drivers\afd.sys
    - 2005-08-19 01:00:00 46,080 —-a-w c:\windows\system32\drivers\pxhelp20.sys
    + 2007-03-07 23:51:00 43,528 ——w c:\windows\system32\drivers\pxhelp20.sys
    + 2008-07-07 07:40:49 56,108 —-a-w c:\windows\system32\drivers\scdemu.sys
    - 2006-08-14 10:34:41 332,928 —-a-w c:\windows\system32\drivers\srv.sys
    + 2008-08-28 10:04:17 333,056 —-a-w c:\windows\system32\drivers\srv.sys
    - 2008-06-23 16:43:12 347,136 —-a-w c:\windows\system32\dxtmsft.dll
    + 2008-08-26 08:27:10 347,136 —-a-w c:\windows\system32\dxtmsft.dll
    - 2008-06-23 16:43:13 214,528 —-a-w c:\windows\system32\dxtrans.dll
    + 2008-08-26 08:27:10 214,528 —-a-w c:\windows\system32\dxtrans.dll
    - 2008-06-23 16:43:13 133,120 ——w c:\windows\system32\extmgr.dll
    + 2008-08-26 08:27:10 133,120 ——w c:\windows\system32\extmgr.dll
    - 2008-05-02 09:26:23 294,864 —-a-w c:\windows\system32\FNTCACHE.DAT
    + 2008-10-15 20:46:11 304,416 —-a-w c:\windows\system32\FNTCACHE.DAT
    - 2008-06-23 16:43:13 63,488 —-a-w c:\windows\system32\icardie.dll
    + 2008-08-26 08:27:10 63,488 —-a-w c:\windows\system32\icardie.dll
    - 2008-06-23 09:22:59 70,656 ——w c:\windows\system32\ie4uinit.exe
    + 2008-08-25 08:40:59 70,656 ——w c:\windows\system32\ie4uinit.exe
    - 2008-06-23 16:43:13 153,088 ——w c:\windows\system32\ieakeng.dll
    + 2008-08-26 08:27:10 153,088 ——w c:\windows\system32\ieakeng.dll
    - 2008-06-23 16:43:13 230,400 ——w c:\windows\system32\ieaksie.dll
    + 2008-08-26 08:27:10 230,400 ——w c:\windows\system32\ieaksie.dll
    - 2008-06-21 05:23:54 161,792 ——w c:\windows\system32\ieakui.dll
    + 2008-08-23 05:54:51 161,792 ——w c:\windows\system32\ieakui.dll
    - 2008-06-23 16:43:13 383,488 —-a-w c:\windows\system32\ieapfltr.dll
    + 2008-08-26 08:27:10 383,488 —-a-w c:\windows\system32\ieapfltr.dll
    - 2008-06-23 16:43:13 384,512 ——w c:\windows\system32\iedkcs32.dll
    + 2008-08-26 08:27:10 384,512 ——w c:\windows\system32\iedkcs32.dll
    - 2008-06-23 16:43:15 6,066,176 —-a-w c:\windows\system32\ieframe.dll
    + 2008-10-03 17:38:28 6,066,176 —-a-w c:\windows\system32\ieframe.dll
    - 2008-06-23 16:43:15 44,544 ——w c:\windows\system32\iernonce.dll
    + 2008-08-26 08:27:11 44,544 ——w c:\windows\system32\iernonce.dll
    - 2008-06-23 16:43:15 267,776 —-a-w c:\windows\system32\iertutil.dll
    + 2008-08-26 08:27:11 267,776 —-a-w c:\windows\system32\iertutil.dll
    - 2008-06-23 09:20:26 13,824 —-a-w c:\windows\system32\ieudinit.exe
    + 2008-08-25 08:38:00 13,824 —-a-w c:\windows\system32\ieudinit.exe
    - 2007-09-24 21:30:28 135,168 —-a-w c:\windows\system32\java.exe
    + 2008-09-07 09:04:39 135,168 —-a-w c:\windows\system32\java.exe
    - 2007-09-24 21:30:30 135,168 —-a-w c:\windows\system32\javaw.exe
    + 2008-09-07 09:04:39 135,168 —-a-w c:\windows\system32\javaw.exe
    - 2007-09-24 22:31:42 139,264 —-a-w c:\windows\system32\javaws.exe
    + 2008-09-07 09:04:39 139,264 —-a-w c:\windows\system32\javaws.exe
    - 2008-06-23 16:43:16 27,648 ——w c:\windows\system32\jsproxy.dll
    + 2008-08-26 08:27:11 27,648 ——w c:\windows\system32\jsproxy.dll
    + 2008-10-05 03:16:26 235,936 —-a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
    + 2008-10-30 19:01:10 88,590 —-a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
    + 1998-08-04 22:00:00 63,488 —-a-w c:\windows\system32\MSCC2IT.DLL
    + 1998-08-04 22:00:00 150,528 —-a-w c:\windows\system32\MSCMCIT.DLL
    - 2008-06-23 16:43:16 459,264 —-a-w c:\windows\system32\msfeeds.dll
    + 2008-08-26 08:27:11 459,264 —-a-w c:\windows\system32\msfeeds.dll
    - 2008-06-23 16:43:16 52,224 —-a-w c:\windows\system32\msfeedsbs.dll
    + 2008-08-26 08:27:11 52,224 —-a-w c:\windows\system32\msfeedsbs.dll
    - 2008-06-24 08:43:20 3,592,192 —-a-w c:\windows\system32\mshtml.dll
    + 2008-08-27 09:27:14 3,593,216 —-a-w c:\windows\system32\mshtml.dll
    - 2008-06-23 16:43:18 477,696 —-a-w c:\windows\system32\mshtmled.dll
    + 2008-08-26 08:27:12 477,696 —-a-w c:\windows\system32\mshtmled.dll
    - 2008-06-23 16:43:18 193,024 ——w c:\windows\system32\msrating.dll
    + 2008-08-26 08:27:12 193,024 ——w c:\windows\system32\msrating.dll
    - 2008-06-23 16:43:19 671,232 ——w c:\windows\system32\mstime.dll
    + 2008-08-26 08:27:12 671,232 ——w c:\windows\system32\mstime.dll
    - 2006-03-02 12:00:00 1,392,671 —-a-w c:\windows\system32\msvbvm60.dll
    + 2004-02-22 22:00:00 1,386,496 —-a-w c:\windows\system32\msvbvm60.dll
    - 2007-07-30 18:19:10 271,224 —-a-w c:\windows\system32\mucltui.dll
    + 2008-07-18 20:07:34 270,880 —-a-w c:\windows\system32\mucltui.dll
    - 2007-07-30 18:18:34 207,736 —-a-w c:\windows\system32\muweb.dll
    + 2008-07-18 20:07:32 210,976 —-a-w c:\windows\system32\muweb.dll
    - 2006-08-17 12:30:16 332,288 —-a-w c:\windows\system32
    etapi32.dll
    + 2008-10-15 17:01:37 332,800 —-a-w c:\windows\system32
    etapi32.dll
    - 2008-06-23 16:43:19 102,912 ——w c:\windows\system32\occache.dll
    + 2008-08-26 08:27:12 102,912 ——w c:\windows\system32\occache.dll
    - 2008-04-11 15:26:48 72,094 —-a-w c:\windows\system32\perfc009.dat
    + 2008-10-26 10:01:30 72,094 —-a-w c:\windows\system32\perfc009.dat
    - 2008-04-11 15:26:48 92,108 —-a-w c:\windows\system32\perfc013.dat
    + 2008-10-26 10:01:30 92,108 —-a-w c:\windows\system32\perfc013.dat
    - 2008-04-11 15:26:48 444,088 —-a-w c:\windows\system32\perfh009.dat
    + 2008-10-26 10:01:30 444,088 —-a-w c:\windows\system32\perfh009.dat
    - 2008-04-11 15:26:48 512,070 —-a-w c:\windows\system32\perfh013.dat
    + 2008-10-26 10:01:30 512,070 —-a-w c:\windows\system32\perfh013.dat
    + 2008-08-23 10:59:14 278,528 —-a-w c:\windows\system32\pncrt.dll
    + 2008-08-23 10:59:15 6,656 —-a-w c:\windows\system32\pndx5016.dll
    + 2008-08-23 10:59:15 5,632 —-a-w c:\windows\system32\pndx5032.dll
    - 2008-06-23 16:43:19 44,544 —-a-w c:\windows\system32\pngfilt.dll
    + 2008-08-26 08:27:12 44,544 —-a-w c:\windows\system32\pngfilt.dll
    - 2005-09-29 13:04:20 409,600 —-a-w c:\windows\system32\Px.dll
    + 2007-03-07 23:51:00 547,576 ——w c:\windows\system32\Px.dll
    + 2007-03-07 23:51:00 64,760 ——w c:\windows\system32\pxcpya64.exe
    - 2005-09-27 23:01:00 438,272 —-a-w c:\windows\system32\pxdrv.dll
    + 2007-03-07 23:51:00 510,712 ——w c:\windows\system32\pxdrv.dll
    + 2007-03-07 23:51:00 72,440 ——w c:\windows\system32\pxhpinst.exe
    + 2007-03-07 23:51:00 64,760 ——w c:\windows\system32\pxinsa64.exe
    - 2005-09-29 13:02:48 172,032 —-a-w c:\windows\system32\PxMas.dll
    + 2007-03-07 23:51:00 187,128 ——w c:\windows\system32\PxMas.dll
    - 2005-09-29 13:09:18 1,200,128 —-a-w c:\windows\system32\PxSFS.DLL
    + 2007-03-07 23:51:00 1,628,920 ——w c:\windows\system32\PxSFS.DLL
    - 2005-09-29 13:02:02 339,968 —-a-w c:\windows\system32\PxWave.dll
    + 2007-03-07 23:51:00 379,640 ——w c:\windows\system32\PxWave.dll
    + 2002-07-25 12:33:06 960,000 —-a-w c:\windows\system32\qd3d.dll
    + 2002-07-11 02:39:02 368,640 —-a-w c:\windows\system32\QuickTime\QTPluginInstaller.exe
    + 2002-07-25 13:33:36 69,632 —-a-w c:\windows\system32\QuickTime\QTUninst.dll
    + 2002-08-02 07:20:28 49,664 —-a-w c:\windows\system32\QuickTime\QuickTimeUpdateHelper.exe
    + 2002-07-11 01:20:14 685,056 —-a-w c:\windows\system32\rave.dll
    + 2008-08-23 10:59:22 185,944 —-a-w c:\windows\system32\rmoc3260.dll
    + 2008-07-18 20:10:20 36,552 —-a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
    + 2008-07-18 20:10:40 45,768 —-a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
    - 2007-11-30 12:39:46 18,808 ——w c:\windows\system32\spmsg.dll
    + 2007-11-30 11:19:43 18,808 ——w c:\windows\system32\spmsg.dll
    - 2008-06-23 16:43:19 105,984 —-a-w c:\windows\system32\url.dll
    + 2008-08-26 08:27:12 105,984 —-a-w c:\windows\system32\url.dll
    - 2008-06-23 16:43:19 1,159,680 —-a-w c:\windows\system32\urlmon.dll
    + 2008-08-26 08:27:13 1,159,680 —-a-w c:\windows\system32\urlmon.dll
    + 2000-10-01 22:00:00 122,128 —-a-w c:\windows\system32\VB6IT.DLL
    - 2001-02-01 13:24:56 101,888 —-a-w c:\windows\system32\VB6STKIT.DLL
    + 1999-03-25 22:00:00 101,888 ——w c:\windows\system32\VB6STKIT.DLL
    - 2005-08-11 23:00:00 28,672 —-a-w c:\windows\system32\VXBLOCK.dll
    + 2007-03-07 23:51:00 39,672 ——w c:\windows\system32\VXBLOCK.dll
    - 2008-06-23 16:43:20 233,472 —-a-w c:\windows\system32\webcheck.dll
    + 2008-08-26 08:27:13 233,472 —-a-w c:\windows\system32\webcheck.dll
    + 1998-08-04 22:00:00 15,872 —-a-w c:\windows\system32\WINSKIT.DLL
    - 2006-10-18 20:47:20 295,936 ——w c:\windows\system32\wmpeffects.dll
    + 2008-06-24 16:12:58 295,936 ——w c:\windows\system32\wmpeffects.dll
    - 2007-07-30 18:19:36 549,720 —-a-w c:\windows\system32\wuapi.dll
    + 2008-07-18 20:09:44 563,912 —-a-w c:\windows\system32\wuapi.dll
    - 2007-07-30 18:19:16 53,080 —-a-w c:\windows\system32\wuauclt.exe
    + 2008-07-18 20:10:42 53,448 —-a-w c:\windows\system32\wuauclt.exe
    - 2007-07-30 18:19:42 1,712,984 —-a-w c:\windows\system32\wuaueng.dll
    + 2008-07-18 20:09:42 1,811,656 —-a-w c:\windows\system32\wuaueng.dll
    - 2007-07-30 18:19:32 325,976 —-a-w c:\windows\system32\wucltui.dll
    + 2008-07-18 20:09:46 325,832 —-a-w c:\windows\system32\wucltui.dll
    - 2007-07-30 18:18:40 33,624 —-a-w c:\windows\system32\wups.dll
    + 2008-07-18 20:10:20 36,552 —-a-w c:\windows\system32\wups.dll
    - 2007-07-30 18:19:12 43,352 —-a-w c:\windows\system32\wups2.dll
    + 2008-07-18 20:10:40 45,768 —-a-w c:\windows\system32\wups2.dll
    - 2007-07-30 18:19:28 203,096 —-a-w c:\windows\system32\wuweb.dll
    + 2008-07-18 20:09:44 205,000 —-a-w c:\windows\system32\wuweb.dll
    + 2000-01-05 13:19:18 86,016 —-a-w c:\windows\unvise32qt.exe
    + 2008-04-15 18:01:43 1,724,416 —-a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
    .
    – Snapshot teruggezet naar huidige datum –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HTpatch"="c:\windows\htpatch.exe" [2002-12-19 28672]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-22 77824]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-23 185896]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-09-07 77824]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
    "C-Media Mixer"="Mixer.exe" [2002-07-13 c:\windows\mixer.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

    c:\documents and settings\Marieke\Menu Start\Programma's\Opstarten\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avldr]
    2007-02-15 20:02 50736 c:\windows\system32\avldr.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    R1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2007-05-11 71736]
    R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2007-05-11 51256]
    R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2007-05-11 22072]
    R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2007-07-11 191672]
    R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33 132920]
    R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
    R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\Drivers\SMSFLT.SYS [2007-05-11 37304]
    R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2007-05-11 30648]
    R2 cpoint;Panda CPoint Driver;c:\windows\system32\Drivers\cpoint.sys [2007-06-08 24760]
    R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2007-07-12 178872]
    R2 Vcs;Vcs support;c:\windows\system32\Drivers\Vcs.sys [2001-01-18 6852]
    R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [ ]
    R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS
    etimflt.sys [2007-04-24 142128]
    R3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [ ]
    R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [ ]
    S2 Winhost;Service Host Process;c:\windows\svchost.exe [ ]
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-11-05 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

    2008-10-21 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
    - c:\program files\ErrorSmart\ErrorSmart.exe []

    2008-10-21 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
    - c:\program files\ErrorSmart []
    .
    .
    ——- Bijkomende Scan ——-
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.nl/ig?hl=nl
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com
    esults.aspx?q={searchTerms}&src={referrer:source?}
    R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
    O8 -: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 -: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O16 -: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    c:\windows\Downloaded Program Files\MSIWDev.inf
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-05 20:04:37
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-11-05 20:09:17
    ComboFix-quarantined-files.txt 2008-11-05 19:09:14
    ComboFix2.txt 2008-08-15 19:44:52

    Pre-Run: 2,504,605,696 bytes beschikbaar
    Post-Run: 2,900,815,872 bytes beschikbaar

    494 — E O F — 2008-10-24 11:16:25
  • Open een kladblokbestand.

    Kopieer en plak daarin de onderstaande vetgedrukte tekst.

    [b:612ec959fb]File::
    C:\sqmnoopt03.sqm
    C:\sqmdata03.sqm
    c:\windows\svchost.exe
    c:\windows\Tasks\ErrorSmart Scheduled Scan.job
    Folder::
    c:\documents and settings\Marieke\Application Data\ErrorSmart[/b:612ec959fb]

    Sla dit bestand op je bureaublad op als CFScript.txt.

    Sleep CFScript.txt in ComboFix.exe
    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
    Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

    En laat dan eens weten hoe het met de snelheid (of traagheid ?) gesteld is ?
  • ComboFix 08-11-04.02 - Marieke 2008-11-05 22:56:11.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1285 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Marieke\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Marieke\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    C:\sqmdata03.sqm
    C:\sqmnoopt03.sqm
    c:\windows\svchost.exe
    c:\windows\Tasks\ErrorSmart Scheduled Scan.job
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Marieke\Application Data\ErrorSmart
    c:\documents and settings\Marieke\Application Data\ErrorSmart\Log\2008 Oct 21 - 03_36_04 PM_703.log
    C:\sqmdata03.sqm
    C:\sqmnoopt03.sqm
    c:\windows\Tasks\ErrorSmart Scheduled Scan.job

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-10-05 to 2008-11-05 ))))))))))))))))))))))))))))))
    .

    2008-11-05 19:09 . 2008-11-05 19:09 <DIR> d——– c:\program files\SUPERAntiSpyware
    2008-11-05 19:09 . 2008-11-05 19:09 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
    2008-11-05 19:09 . 2008-11-05 19:09 <DIR> d——– c:\documents and settings\Marieke\Application Data\SUPERAntiSpyware.com
    2008-11-05 19:09 . 2008-11-05 19:09 <DIR> d——– c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-10-22 14:27 . 2008-10-22 14:27 <DIR> d——– c:\program files\PowerISO
    2008-10-21 15:13 . 2008-10-21 15:13 <DIR> d——– c:\program files\GrabIt
    2008-10-18 20:39 . 2008-10-18 20:39 <DIR> d——– c:\program files\Winamp
    2008-10-18 20:39 . 2008-10-18 20:43 <DIR> d——– c:\documents and settings\Marieke\Application Data\Winamp
    2008-10-18 20:39 . 2007-03-08 00:51 129,784 ——— c:\windows\system32\pxafs.dll
    2008-10-14 19:04 . 2008-10-14 19:04 <DIR> d——– c:\program files\FLAC

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-05 18:58 367,416 —-a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
    2008-11-05 18:58 367,416 —-a-w c:\windows\system32\drivers\APPFCONT.DAT
    2008-11-05 18:58 1,244 —-a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
    2008-11-05 18:58 1,244 —-a-w c:\windows\system32\drivers\APPFLTR.CFG
    2008-11-05 16:01 ——— d—–w c:\program files\Google
    2008-11-04 14:42 ——— d—–w c:\documents and settings\Marieke\Application Data\GrabIt
    2008-10-29 18:33 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-10-29 18:33 ——— d—–w c:\program files\Ulead Systems
    2008-10-29 18:32 ——— d—–w c:\documents and settings\All Users\Application Data\Ulead Systems
    2008-10-29 18:28 ——— d—–w c:\program files\Windows Live
    2008-10-29 18:26 ——— d—–w c:\program files\Virtual Creatures
    2008-10-29 18:21 ——— d—–w c:\program files\Malmberg
    2008-10-22 09:23 ——— d—–w c:\program files\Common Files\Adobe
    2008-10-16 16:49 ——— d—–w c:\program files\FTDv3.8
    2008-10-01 15:48 ——— d—–w c:\program files\Java
    2008-09-15 15:42 1,846,144 —-a-w c:\windows\system32\win32k.sys
    2008-09-07 09:04 ——— d—–w c:\program files\Common Files\Java
    2008-08-26 08:27 826,368 —-a-w c:\windows\system32\wininet.dll
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\OPUSTEXT.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\OPUSS___.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\OPUSPC__.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\OPUSP___.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\OPUSC___.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\OPUS____.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\INKPEN2_.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\INK2TEXT.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\INK2SPEC.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\INK2SCRI.FOT
    2008-08-19 13:21 1,409 —-a-w c:\windows\Fonts\INK2CHOR.FOT
    2008-08-14 13:48 2,184,704 —-a-w c:\windows\system32
    toskrnl.exe
    2008-08-14 13:48 2,062,080 —-a-w c:\windows\system32
    tkrnlpa.exe
    2008-08-13 13:43 47,360 —-a-w c:\documents and settings\Marieke\Application Data\pcouffin.sys
    2008-03-31 17:36 81,920 —-a-w c:\documents and settings\Marieke\Application Data\ezpinst.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HTpatch"="c:\windows\htpatch.exe" [2002-12-19 28672]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-22 77824]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-23 185896]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-09-07 77824]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
    "C-Media Mixer"="Mixer.exe" [2002-07-13 c:\windows\mixer.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

    c:\documents and settings\Marieke\Menu Start\Programma's\Opstarten\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avldr]
    2007-02-15 20:02 50736 c:\windows\system32\avldr.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    R1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2007-05-11 71736]
    R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2007-05-11 51256]
    R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2007-05-11 22072]
    R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2007-07-11 191672]
    R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33 132920]
    R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
    R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\Drivers\SMSFLT.SYS [2007-05-11 37304]
    R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2007-05-11 30648]
    R2 cpoint;Panda CPoint Driver;c:\windows\system32\Drivers\cpoint.sys [2007-06-08 24760]
    R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2007-07-12 178872]
    R2 Vcs;Vcs support;c:\windows\system32\Drivers\Vcs.sys [2001-01-18 6852]
    R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [ ]
    R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS
    etimflt.sys [2007-04-24 142128]
    R3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [ ]
    R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [ ]
    S2 Winhost;Service Host Process;c:\windows\svchost.exe [ ]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - WINIO
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-11-05 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-05 22:57:37
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-11-05 22:59:40
    ComboFix-quarantined-files.txt 2008-11-05 21:59:05
    ComboFix2.txt 2008-11-05 19:09:19
    ComboFix3.txt 2008-08-15 19:44:52

    Pre-Run: 2.863.616.000 bytes beschikbaar
    Post-Run: 2,871,169,024 bytes beschikbaar

    167 — E O F — 2008-10-24 11:16:25

    ____
    Mn computer is al veel sneller.. :D (Behalve sommige sites.. maarja.. dat zal ook wel gewoon niet sneller gaan :) )

    x.
  • Download KillAFile hier : http://users.telenet.be/marcvn/tools/KillAFile.exe

    Dubbelklik op KillAFile.exe en installeer dit op je bureaublad.
    Er wordt een map gemaakt KillAFile.
    Open deze map en dubbelklik op kill.bat

    Kies in het menu voor “Delete a file on reboot”.

    Geef het volledige pad en de bestandsnaam in van het bestand dat moet worden verwijderd.

    dit dus : c:\windows\svchost.exe

    Indien het bestand bestaat krijg je een melding om alle open vensters te sluiten en zodat de computer kan rebooten. Druk op een toets om verder te gaan en dan zal de computer herstarten.
  • Het bestand bestaat niet… :wink:
  • Vreemd … maar dan gaan we het daar bij houden en aan de “grote schoonmaak” beginnen : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten. En je JAVA kan een update gebruiken.

    Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u
    Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

    Download CCleaner hier : http://www.majorgeeks.com/download4191.html

    Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

    Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

    [b:de0e535742]Je Java software is verouderd.[/b:de0e535742]
    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

    Download [b:de0e535742]Java Runtime Environment (JRE) 6u10 [/b:de0e535742].
  • Scroll omlaag naar : "[i:de0e535742]Java SE Runtime Environment (JRE) 6 Update 10 - The J2SE Runtime Environment (JRE) allows end-users to run Java applications[/i:de0e535742]".
  • Klik op de "[b:de0e535742]Download[/b:de0e535742]" knop aan de rechterkant.
  • Vink aan: "[b:de0e535742][i:de0e535742]Accept[/b:de0e535742] License Agreement[/i:de0e535742]".
  • De pagina zal herladen.
  • Klik op de link om [i:de0e535742]Windows [b:de0e535742]Offline[/b:de0e535742] Installation[/i:de0e535742] te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  • Ga dan naar [b:de0e535742]Start[/b:de0e535742] > [b:de0e535742]Configuratiescherm[/b:de0e535742] > [b:de0e535742]Software[/b:de0e535742] en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE of Java™ 6 update 1 t.e.m.6) in de naam.
  • Klik dan op [b:de0e535742]Verwijderen[/b:de0e535742] of op de [b:de0e535742]Wijzig/Verwijder[/b:de0e535742] knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, [b:de0e535742]herstart[/b:de0e535742] je pc.
  • Dubbelklik vervolgens op [b:de0e535742]jre-6u10-windows-i586-p.exe[/b:de0e535742] op je Bureaublad om de nieuwste versie van Java te installeren.

  • That’s it !
  • Dat Java vernieuwen had ik al vaker geprobeerd..
    Maar ik krijg steeds de foutmelding [i:61c8a32245]Error 26011. Unpacking rt failed.[/i:61c8a32245]
  • Probeer eens om JAVA hier te downloaden : http://java.sun.com/javase/downloads/?intcmp=1281
  • Dan krijg ik precies hetzelfde bericht..
  • Volgens het JAVA-forum zou dit enkel gebeuren als de downloads corrupt zijn, wat een beetje vreemd is als je het van de officiële site download … maar het kan natuurlijk.

    Nog een andere downloadlocatie : http://www.java.com/en/

    Try again !
  • And again.. Hetzelfde bericht

    Edit: Gelukt! Er stond nog een virusscanner aan.. :D
  • Beantwoord deze vraag

    Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.