Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

systeem herstel werkt niet meer

None
9 antwoorden
  • Mijn systeemherstel werkt niet meer!!

    Heb ondertussen een hijackthis file gemaakt, Wie heeft er advies voor mij??

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:12:12, on 10/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll (file missing)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [PE2CKFNT SE] "C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer.exe /quiet
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
    O4 - HKCU\..\Run: [Scrowns] C:\DOCUME~1\GEBRUI~1\APPLIC~1\DOESRE~1\defaultsoftloud.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Policies\Explorer\Run: [{E890C0C4-0710-2067-1103-051222040020}] "C:\Program Files\Common Files\{E890C0C4-0710-2067-1103-051222040020}\Update.exe" te-110-12-0000073
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: 72.dll,avgrsstx.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


    End of file - 8648 bytes


    mvg nico

  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:2b03bf5129]O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll (file missing)
    O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer.exe /quiet
    O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
    O4 - HKCU\..\Run: [Scrowns] C:\DOCUME~1\GEBRUI~1\APPLIC~1\DOESRE~1\defaultsoftloud.exe
    O4 - HKCU\..\Policies\Explorer\Run: [{E890C0C4-0710-2067-1103-051222040020}] "C:\Program Files\Common Files\{E890C0C4-0710-2067-1103-051222040020}\Update.exe" te-110-12-0000073
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
    O20 - AppInit_DLLs: 72.dll,avgrsstx.dll
    [/b:2b03bf5129]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:2b03bf5129]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\WINDOWS\Snelkiezer.exe
    C:\WINDOWS\system32\BastaYa.exe
    C:\DOCUME~1\GEBRUI~1\APPLIC~1\DOESRE~1\defaultsoftloud.exe
    C:\WINDOWS\system32\dwdsrngt.exe
    ) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:2b03bf5129]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).


    Download [b:2b03bf5129] en sla het op je bureaublad op.
    Dubbelklik op [b:2b03bf5129]mbam-setup.exe[/b:2b03bf5129] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:2b03bf5129]
    [*:2b03bf5129]Update MalwareBytes' Anti-Malware
    [*:2b03bf5129]Start MalwareBytes' Anti-Malware
    [/list:u:2b03bf5129]Klik daarna op "[b:2b03bf5129]Voltooien[/b:2b03bf5129]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:2b03bf5129]
    [*:2b03bf5129]Zodra het programma gestart is, ga dan naar het tabblad "[b:2b03bf5129]Instellingen[/b:2b03bf5129]".
    [*:2b03bf5129]Vink hier aan: "[b:2b03bf5129]Sluit Internet Explorer tijdens verwijdering van malware[/b:2b03bf5129]".
    [*:2b03bf5129]Ga daarna naar het tabblad "[b:2b03bf5129]Scanner[/b:2b03bf5129]", kies hier voor "[b:2b03bf5129]Snelle Scan[/b:2b03bf5129]".
    [*:2b03bf5129]Druk vervolgens op "[b:2b03bf5129]Scannen[/b:2b03bf5129]" om de scan te starten.
    [*:2b03bf5129]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:2b03bf5129]Wanneer de scan voltooid is, klik op [b:2b03bf5129]OK[/b:2b03bf5129], daarna "[b:2b03bf5129]Bekijk Resultaten[/b:2b03bf5129]" om de resultaten te zien.
    [*:2b03bf5129]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:2b03bf5129]Verwijder geselecteerde[/b:2b03bf5129]".
    [*:2b03bf5129]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:2b03bf5129]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:2b03bf5129]Logs[/b:2b03bf5129]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.
  • ik krijg nu volgend log file,


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:13:02, on 30/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [PE2CKFNT SE] "C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

  • Zou je de andere 2 logfiles ook willen plaatsen?
  • het malware logje!

    Malwarebytes' Anti-Malware 1.33
    Database versie: 1707
    Windows 5.1.2600 Service Pack 3

    30/01/2009 11:09:27
    mbam-log-2009-01-30 (11-09-27).txt

    Scan type: Snelle Scan
    Objecten gescand: 53218
    Verstreken tijd: 4 minute(s), 12 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)


    en het del bat logje


    Deleting files
    C:\WINDOWS\Snelkiezer.exe not found
    C:\WINDOWS\system32\BastaYa.exe not found
    C:\DOCUME~1\GEBRUI~1\APPLIC~1\DOESRE~1\defaultsoftloud.exe not found
    C:\WINDOWS\system32\dwdsrngt.exe not found

    mvg,
  • Open kladblok en plak volgende vetgedrukte tekst in een leeg venster:

    [b:3a6e0a7d5e]REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"="avgrsstx.dll"[/b:3a6e0a7d5e]

    Sla dit op, op je Bureaublad als regfix.reg, met als type "alle bestanden"
    Dubbelklik op regfix.reg en sta het toevoegen aan het register toe.


    Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    [b:3a6e0a7d5e]
  • ComboFix 09-01-21.04 - Gebruiker 2009-01-30 18:15:42.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.602 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    * Resident AV is active

    .
    - VERMINDERDE FUNCTIONALITEIT MODUS -
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\INSTALL.LOG
    c:\program files\popcorn Terms.html
    c:\program files\windows
    c:\program files\windows\$hf_mig$\KB834707\SP2QFE\browseui.dll
    c:\program files\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll
    c:\program files\windows\$hf_mig$\KB834707\SP2QFE\shdocvw.dll
    c:\program files\windows\$hf_mig$\KB834707\SP2QFE\urlmon.dll
    c:\program files\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
    c:\program files\windows\$hf_mig$\KB834707\spmsg.dll
    c:\program files\windows\$hf_mig$\KB834707\spuninst.exe
    c:\program files\windows\$hf_mig$\KB834707\update\branches.inf
    c:\program files\windows\$hf_mig$\KB834707\update\eula.txt
    c:\program files\windows\$hf_mig$\KB834707\update\KB834707.CAT
    c:\program files\windows\$hf_mig$\KB834707\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB834707\update\update.exe
    c:\program files\windows\$hf_mig$\KB834707\update\update.ver
    c:\program files\windows\$hf_mig$\KB834707\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB834707\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB867282\SP2QFE\browseui.dll
    c:\program files\windows\$hf_mig$\KB867282\SP2QFE\cdfview.dll
    c:\program files\windows\$hf_mig$\KB867282\SP2QFE\iepeers.dll
    c:\program files\windows\$hf_mig$\KB867282\SP2QFE\inseng.dll
    c:\program files\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
    c:\program files\windows\$hf_mig$\KB867282\SP2QFE\shdocvw.dll
    c:\program files\windows\$hf_mig$\KB867282\SP2QFE\shlwapi.dll
    c:\program files\windows\$hf_mig$\KB867282\SP2QFE\urlmon.dll
    c:\program files\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
    c:\program files\windows\$hf_mig$\KB867282\spmsg.dll
    c:\program files\windows\$hf_mig$\KB867282\spuninst.exe
    c:\program files\windows\$hf_mig$\KB867282\update\branches.inf
    c:\program files\windows\$hf_mig$\KB867282\update\eula.txt
    c:\program files\windows\$hf_mig$\KB867282\update\KB867282.CAT
    c:\program files\windows\$hf_mig$\KB867282\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB867282\update\update.exe
    c:\program files\windows\$hf_mig$\KB867282\update\update.ver
    c:\program files\windows\$hf_mig$\KB867282\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB867282\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
    c:\program files\windows\$hf_mig$\KB873333\SP2QFE\olecli32.dll
    c:\program files\windows\$hf_mig$\KB873333\SP2QFE\olecnv32.dll
    c:\program files\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
    c:\program files\windows\$hf_mig$\KB873333\spmsg.dll
    c:\program files\windows\$hf_mig$\KB873333\spuninst.exe
    c:\program files\windows\$hf_mig$\KB873333\update\branches.inf
    c:\program files\windows\$hf_mig$\KB873333\update\eula.txt
    c:\program files\windows\$hf_mig$\KB873333\update\KB873333.CAT
    c:\program files\windows\$hf_mig$\KB873333\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB873333\update\update.exe
    c:\program files\windows\$hf_mig$\KB873333\update\update.ver
    c:\program files\windows\$hf_mig$\KB873333\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB873333\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB873339\SP2QFE\hypertrm.dll
    c:\program files\windows\$hf_mig$\KB873339\spmsg.dll
    c:\program files\windows\$hf_mig$\KB873339\spuninst.exe
    c:\program files\windows\$hf_mig$\KB873339\update\branches.inf
    c:\program files\windows\$hf_mig$\KB873339\update\eula.txt
    c:\program files\windows\$hf_mig$\KB873339\update\KB873339.CAT
    c:\program files\windows\$hf_mig$\KB873339\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB873339\update\update.exe
    c:\program files\windows\$hf_mig$\KB873339\update\update.ver
    c:\program files\windows\$hf_mig$\KB873339\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB873339\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\browseui.dll
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\cdfview.dll
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\iedw.exe
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\iepeers.dll
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\inseng.dll
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\mshtmled.dll
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\msrating.dll
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\pngfilt.dll
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\shdocvw.dll
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\shlwapi.dll
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\urlmon.dll
    c:\program files\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
    c:\program files\windows\$hf_mig$\KB883939\spmsg.dll
    c:\program files\windows\$hf_mig$\KB883939\spuninst.exe
    c:\program files\windows\$hf_mig$\KB883939\update\branches.inf
    c:\program files\windows\$hf_mig$\KB883939\update\eula.txt
    c:\program files\windows\$hf_mig$\KB883939\update\KB883939.CAT
    c:\program files\windows\$hf_mig$\KB883939\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB883939\update\update.exe
    c:\program files\windows\$hf_mig$\KB883939\update\update.ver
    c:\program files\windows\$hf_mig$\KB883939\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB883939\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB883939\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys
    c:\program files\windows\$hf_mig$\KB885250\spmsg.dll
    c:\program files\windows\$hf_mig$\KB885250\spuninst.exe
    c:\program files\windows\$hf_mig$\KB885250\update\branches.inf
    c:\program files\windows\$hf_mig$\KB885250\update\eula.txt
    c:\program files\windows\$hf_mig$\KB885250\update\KB885250.CAT
    c:\program files\windows\$hf_mig$\KB885250\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB885250\update\update.exe
    c:\program files\windows\$hf_mig$\KB885250\update\update.ver
    c:\program files\windows\$hf_mig$\KB885250\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB885250\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB885835\SP2QFE\lsasrv.dll
    c:\program files\windows\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
    c:\program files\windows\$hf_mig$\KB885835\SP2QFE\rdbss.sys
    c:\program files\windows\$hf_mig$\KB885835\spmsg.dll
    c:\program files\windows\$hf_mig$\KB885835\spuninst.exe
    c:\program files\windows\$hf_mig$\KB885835\update\branches.inf
    c:\program files\windows\$hf_mig$\KB885835\update\eula.txt
    c:\program files\windows\$hf_mig$\KB885835\update\KB885835.CAT
    c:\program files\windows\$hf_mig$\KB885835\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB885835\update\update.exe
    c:\program files\windows\$hf_mig$\KB885835\update\update.ver
    c:\program files\windows\$hf_mig$\KB885835\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB885835\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB885836\SP2QFE\mswrd6.wpc
    c:\program files\windows\$hf_mig$\KB885836\spmsg.dll
    c:\program files\windows\$hf_mig$\KB885836\spuninst.exe
    c:\program files\windows\$hf_mig$\KB885836\update\branches.inf
    c:\program files\windows\$hf_mig$\KB885836\update\eula.txt
    c:\program files\windows\$hf_mig$\KB885836\update\KB885836.CAT
    c:\program files\windows\$hf_mig$\KB885836\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB885836\update\update.exe
    c:\program files\windows\$hf_mig$\KB885836\update\update.ver
    c:\program files\windows\$hf_mig$\KB885836\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB885836\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB886185\SP2QFE\ipnat.sys
    c:\program files\windows\$hf_mig$\KB886185\spmsg.dll
    c:\program files\windows\$hf_mig$\KB886185\spuninst.exe
    c:\program files\windows\$hf_mig$\KB886185\update\branches.inf
    c:\program files\windows\$hf_mig$\KB886185\update\eula.txt
    c:\program files\windows\$hf_mig$\KB886185\update\KB886185.CAT
    c:\program files\windows\$hf_mig$\KB886185\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB886185\update\update.exe
    c:\program files\windows\$hf_mig$\KB886185\update\update.ver
    c:\program files\windows\$hf_mig$\KB886185\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB886185\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
    c:\program files\windows\$hf_mig$\KB887472\spmsg.dll
    c:\program files\windows\$hf_mig$\KB887472\spuninst.exe
    c:\program files\windows\$hf_mig$\KB887472\update\branches.inf
    c:\program files\windows\$hf_mig$\KB887472\update\eula.txt
    c:\program files\windows\$hf_mig$\KB887472\update\KB887472.CAT
    c:\program files\windows\$hf_mig$\KB887472\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB887472\update\update.exe
    c:\program files\windows\$hf_mig$\KB887472\update\update.ver
    c:\program files\windows\$hf_mig$\KB887472\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB887472\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB887742\SP2QFE\http.sys
    c:\program files\windows\$hf_mig$\KB887742\spmsg.dll
    c:\program files\windows\$hf_mig$\KB887742\spuninst.exe
    c:\program files\windows\$hf_mig$\KB887742\update\branches.inf
    c:\program files\windows\$hf_mig$\KB887742\update\eula.txt
    c:\program files\windows\$hf_mig$\KB887742\update\KB887742.CAT
    c:\program files\windows\$hf_mig$\KB887742\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB887742\update\update.exe
    c:\program files\windows\$hf_mig$\KB887742\update\update.ver
    c:\program files\windows\$hf_mig$\KB887742\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB887742\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB888113\SP2QFE\hlink.dll
    c:\program files\windows\$hf_mig$\KB888113\spmsg.dll
    c:\program files\windows\$hf_mig$\KB888113\spuninst.exe
    c:\program files\windows\$hf_mig$\KB888113\update\branches.inf
    c:\program files\windows\$hf_mig$\KB888113\update\eula.txt
    c:\program files\windows\$hf_mig$\KB888113\update\KB888113.CAT
    c:\program files\windows\$hf_mig$\KB888113\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB888113\update\update.exe
    c:\program files\windows\$hf_mig$\KB888113\update\update.ver
    c:\program files\windows\$hf_mig$\KB888113\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB888113\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB888302\SP2QFE\srvsvc.dll
    c:\program files\windows\$hf_mig$\KB888302\spmsg.dll
    c:\program files\windows\$hf_mig$\KB888302\spuninst.exe
    c:\program files\windows\$hf_mig$\KB888302\update\branches.inf
    c:\program files\windows\$hf_mig$\KB888302\update\eula.txt
    c:\program files\windows\$hf_mig$\KB888302\update\KB888302.CAT
    c:\program files\windows\$hf_mig$\KB888302\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB888302\update\update.exe
    c:\program files\windows\$hf_mig$\KB888302\update\update.ver
    c:\program files\windows\$hf_mig$\KB888302\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB888302\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB890046\SP2QFE\agentdpv.dll
    c:\program files\windows\$hf_mig$\KB890046\SP2QFE\spru0413.dll
    c:\program files\windows\$hf_mig$\KB890046\spmsg.dll
    c:\program files\windows\$hf_mig$\KB890046\spuninst.exe
    c:\program files\windows\$hf_mig$\KB890046\update\branches.inf
    c:\program files\windows\$hf_mig$\KB890046\update\eula.txt
    c:\program files\windows\$hf_mig$\KB890046\update\KB890046.CAT
    c:\program files\windows\$hf_mig$\KB890046\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB890046\update\update.exe
    c:\program files\windows\$hf_mig$\KB890046\update\update.ver
    c:\program files\windows\$hf_mig$\KB890046\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB890046\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB890046\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB890047\SP2QFE\shell32.dll
    c:\program files\windows\$hf_mig$\KB890047\spmsg.dll
    c:\program files\windows\$hf_mig$\KB890047\spuninst.exe
    c:\program files\windows\$hf_mig$\KB890047\update\branches.inf
    c:\program files\windows\$hf_mig$\KB890047\update\eula.txt
    c:\program files\windows\$hf_mig$\KB890047\update\KB890047.CAT
    c:\program files\windows\$hf_mig$\KB890047\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB890047\update\update.exe
    c:\program files\windows\$hf_mig$\KB890047\update\update.ver
    c:\program files\windows\$hf_mig$\KB890047\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB890047\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB890175\SP2QFE\hhctrl.ocx
    c:\program files\windows\$hf_mig$\KB890175\spmsg.dll
    c:\program files\windows\$hf_mig$\KB890175\spuninst.exe
    c:\program files\windows\$hf_mig$\KB890175\update\branches.inf
    c:\program files\windows\$hf_mig$\KB890175\update\eula.txt
    c:\program files\windows\$hf_mig$\KB890175\update\KB890175.CAT
    c:\program files\windows\$hf_mig$\KB890175\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB890175\update\update.exe
    c:\program files\windows\$hf_mig$\KB890175\update\update.ver
    c:\program files\windows\$hf_mig$\KB890175\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB890175\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB890859\SP2QFE\authz.dll
    c:\program files\windows\$hf_mig$\KB890859\SP2QFE
    tkrnlmp.exe
    c:\program files\windows\$hf_mig$\KB890859\SP2QFE
    tkrnlpa.exe
    c:\program files\windows\$hf_mig$\KB890859\SP2QFE
    tkrpamp.exe
    c:\program files\windows\$hf_mig$\KB890859\SP2QFE
    toskrnl.exe
    c:\program files\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    c:\program files\windows\$hf_mig$\KB890859\SP2QFE\win32k.sys
    c:\program files\windows\$hf_mig$\KB890859\SP2QFE\winsrv.dll
    c:\program files\windows\$hf_mig$\KB890859\spmsg.dll
    c:\program files\windows\$hf_mig$\KB890859\spuninst.exe
    c:\program files\windows\$hf_mig$\KB890859\update\branches.inf
    c:\program files\windows\$hf_mig$\KB890859\update\eula.txt
    c:\program files\windows\$hf_mig$\KB890859\update\KB890859.CAT
    c:\program files\windows\$hf_mig$\KB890859\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB890859\update\update.exe
    c:\program files\windows\$hf_mig$\KB890859\update\update.ver
    c:\program files\windows\$hf_mig$\KB890859\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB890859\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB890859\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB890923\SP2QFE\browseui.dll
    c:\program files\windows\$hf_mig$\KB890923\SP2QFE\cdfview.dll
    c:\program files\windows\$hf_mig$\KB890923\SP2QFE\iepeers.dll
    c:\program files\windows\$hf_mig$\KB890923\SP2QFE\inseng.dll
    c:\program files\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
    c:\program files\windows\$hf_mig$\KB890923\SP2QFE\msrating.dll
    c:\program files\windows\$hf_mig$\KB890923\SP2QFE\shdocvw.dll
    c:\program files\windows\$hf_mig$\KB890923\SP2QFE\shlwapi.dll
    c:\program files\windows\$hf_mig$\KB890923\SP2QFE\urlmon.dll
    c:\program files\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
    c:\program files\windows\$hf_mig$\KB890923\spmsg.dll
    c:\program files\windows\$hf_mig$\KB890923\spuninst.exe
    c:\program files\windows\$hf_mig$\KB890923\update\branches.inf
    c:\program files\windows\$hf_mig$\KB890923\update\eula.txt
    c:\program files\windows\$hf_mig$\KB890923\update\KB890923.CAT
    c:\program files\windows\$hf_mig$\KB890923\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB890923\update\update.exe
    c:\program files\windows\$hf_mig$\KB890923\update\update.ver
    c:\program files\windows\$hf_mig$\KB890923\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB890923\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB890923\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB891781\SP2QFE\dhtmled.ocx
    c:\program files\windows\$hf_mig$\KB891781\spmsg.dll
    c:\program files\windows\$hf_mig$\KB891781\spuninst.exe
    c:\program files\windows\$hf_mig$\KB891781\update\branches.inf
    c:\program files\windows\$hf_mig$\KB891781\update\eula.txt
    c:\program files\windows\$hf_mig$\KB891781\update\KB891781.CAT
    c:\program files\windows\$hf_mig$\KB891781\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB891781\update\update.exe
    c:\program files\windows\$hf_mig$\KB891781\update\update.ver
    c:\program files\windows\$hf_mig$\KB891781\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB891781\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
    c:\program files\windows\$hf_mig$\KB893066\spmsg.dll
    c:\program files\windows\$hf_mig$\KB893066\spuninst.exe
    c:\program files\windows\$hf_mig$\KB893066\update\branches.inf
    c:\program files\windows\$hf_mig$\KB893066\update\eula.txt
    c:\program files\windows\$hf_mig$\KB893066\update\KB893066.CAT
    c:\program files\windows\$hf_mig$\KB893066\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB893066\update\update.exe
    c:\program files\windows\$hf_mig$\KB893066\update\update.ver
    c:\program files\windows\$hf_mig$\KB893066\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB893066\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB893066\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB893086\SP2QFE\shell32.dll
    c:\program files\windows\$hf_mig$\KB893086\spmsg.dll
    c:\program files\windows\$hf_mig$\KB893086\spuninst.exe
    c:\program files\windows\$hf_mig$\KB893086\update\branches.inf
    c:\program files\windows\$hf_mig$\KB893086\update\eula.txt
    c:\program files\windows\$hf_mig$\KB893086\update\KB893086.CAT
    c:\program files\windows\$hf_mig$\KB893086\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB893086\update\update.exe
    c:\program files\windows\$hf_mig$\KB893086\update\update.ver
    c:\program files\windows\$hf_mig$\KB893086\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB893086\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB893086\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB893756\SP2QFE\remotesp.tsp
    c:\program files\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
    c:\program files\windows\$hf_mig$\KB893756\spmsg.dll
    c:\program files\windows\$hf_mig$\KB893756\spuninst.exe
    c:\program files\windows\$hf_mig$\KB893756\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB893756\update\branches.inf
    c:\program files\windows\$hf_mig$\KB893756\update\eula.txt
    c:\program files\windows\$hf_mig$\KB893756\update\KB893756.CAT
    c:\program files\windows\$hf_mig$\KB893756\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB893756\update\update.exe
    c:\program files\windows\$hf_mig$\KB893756\update\update.ver
    c:\program files\windows\$hf_mig$\KB893756\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB893756\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB893756\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
    c:\program files\windows\$hf_mig$\KB894391\SP2QFE\olecli32.dll
    c:\program files\windows\$hf_mig$\KB894391\SP2QFE\olecnv32.dll
    c:\program files\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
    c:\program files\windows\$hf_mig$\KB894391\spmsg.dll
    c:\program files\windows\$hf_mig$\KB894391\spuninst.exe
    c:\program files\windows\$hf_mig$\KB894391\update\branches.inf
    c:\program files\windows\$hf_mig$\KB894391\update\eula.txt
    c:\program files\windows\$hf_mig$\KB894391\update\KB894391.CAT
    c:\program files\windows\$hf_mig$\KB894391\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB894391\update\update.exe
    c:\program files\windows\$hf_mig$\KB894391\update\update.ver
    c:\program files\windows\$hf_mig$\KB894391\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB894391\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB894391\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB896358\SP2QFE\hh.exe
    c:\program files\windows\$hf_mig$\KB896358\SP2QFE\hhctrl.ocx
    c:\program files\windows\$hf_mig$\KB896358\SP2QFE\hhsetup.dll
    c:\program files\windows\$hf_mig$\KB896358\SP2QFE\itircl.dll
    c:\program files\windows\$hf_mig$\KB896358\SP2QFE\itss.dll
    c:\program files\windows\$hf_mig$\KB896358\spmsg.dll
    c:\program files\windows\$hf_mig$\KB896358\spuninst.exe
    c:\program files\windows\$hf_mig$\KB896358\update\branches.inf
    c:\program files\windows\$hf_mig$\KB896358\update\eula.txt
    c:\program files\windows\$hf_mig$\KB896358\update\KB896358.CAT
    c:\program files\windows\$hf_mig$\KB896358\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB896358\update\update.exe
    c:\program files\windows\$hf_mig$\KB896358\update\update.ver
    c:\program files\windows\$hf_mig$\KB896358\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB896358\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB896358\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB896422\SP2QFE\srv.sys
    c:\program files\windows\$hf_mig$\KB896422\spmsg.dll
    c:\program files\windows\$hf_mig$\KB896422\spuninst.exe
    c:\program files\windows\$hf_mig$\KB896422\update\branches.inf
    c:\program files\windows\$hf_mig$\KB896422\update\eula.txt
    c:\program files\windows\$hf_mig$\KB896422\update\KB896422.CAT
    c:\program files\windows\$hf_mig$\KB896422\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB896422\update\update.exe
    c:\program files\windows\$hf_mig$\KB896422\update\update.ver
    c:\program files\windows\$hf_mig$\KB896422\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB896422\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB896422\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    c:\program files\windows\$hf_mig$\KB896423\spmsg.dll
    c:\program files\windows\$hf_mig$\KB896423\spuninst.exe
    c:\program files\windows\$hf_mig$\KB896423\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB896423\update\branches.inf
    c:\program files\windows\$hf_mig$\KB896423\update\eula.txt
    c:\program files\windows\$hf_mig$\KB896423\update\KB896423.CAT
    c:\program files\windows\$hf_mig$\KB896423\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB896423\update\update.exe
    c:\program files\windows\$hf_mig$\KB896423\update\update.ver
    c:\program files\windows\$hf_mig$\KB896423\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB896423\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB896423\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB896424\SP2QFE\gdi32.dll
    c:\program files\windows\$hf_mig$\KB896424\SP2QFE\win32k.sys
    c:\program files\windows\$hf_mig$\KB896424\spmsg.dll
    c:\program files\windows\$hf_mig$\KB896424\spuninst.exe
    c:\program files\windows\$hf_mig$\KB896424\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB896424\update\branches.inf
    c:\program files\windows\$hf_mig$\KB896424\update\eula.txt
    c:\program files\windows\$hf_mig$\KB896424\update\KB896424.CAT
    c:\program files\windows\$hf_mig$\KB896424\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB896424\update\update.exe
    c:\program files\windows\$hf_mig$\KB896424\update\update.ver
    c:\program files\windows\$hf_mig$\KB896424\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB896424\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB896424\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB896428\SP2QFE\telnet.exe
    c:\program files\windows\$hf_mig$\KB896428\spmsg.dll
    c:\program files\windows\$hf_mig$\KB896428\spuninst.exe
    c:\program files\windows\$hf_mig$\KB896428\update\branches.inf
    c:\program files\windows\$hf_mig$\KB896428\update\eula.txt
    c:\program files\windows\$hf_mig$\KB896428\update\KB896428.CAT
    c:\program files\windows\$hf_mig$\KB896428\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB896428\update\update.exe
    c:\program files\windows\$hf_mig$\KB896428\update\update.ver
    c:\program files\windows\$hf_mig$\KB896428\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB896428\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB896428\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\browseui.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\cdfview.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\danim.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\dxtrans.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\extmgr.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\iedw.exe
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\iepeers.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\inseng.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\mshtmled.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\msrating.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\mstime.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\pngfilt.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\shdocvw.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\shlwapi.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\urlmon.dll
    c:\program files\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
    c:\program files\windows\$hf_mig$\KB896688\spmsg.dll
    c:\program files\windows\$hf_mig$\KB896688\spuninst.exe
    c:\program files\windows\$hf_mig$\KB896688\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB896688\update\branches.inf
    c:\program files\windows\$hf_mig$\KB896688\update\eula.txt
    c:\program files\windows\$hf_mig$\KB896688\update\KB896688.CAT
    c:\program files\windows\$hf_mig$\KB896688\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB896688\update\update.exe
    c:\program files\windows\$hf_mig$\KB896688\update\update.ver
    c:\program files\windows\$hf_mig$\KB896688\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB896688\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB896688\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\browseui.dll
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\cdfview.dll
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\iedw.exe
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\iepeers.dll
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\inseng.dll
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\mshtmled.dll
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\msrating.dll
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\pngfilt.dll
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\shdocvw.dll
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\shlwapi.dll
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\urlmon.dll
    c:\program files\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
    c:\program files\windows\$hf_mig$\KB896727\spmsg.dll
    c:\program files\windows\$hf_mig$\KB896727\spuninst.exe
    c:\program files\windows\$hf_mig$\KB896727\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB896727\update\branches.inf
    c:\program files\windows\$hf_mig$\KB896727\update\eula.txt
    c:\program files\windows\$hf_mig$\KB896727\update\KB896727.CAT
    c:\program files\windows\$hf_mig$\KB896727\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB896727\update\update.exe
    c:\program files\windows\$hf_mig$\KB896727\update\update.ver
    c:\program files\windows\$hf_mig$\KB896727\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB896727\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB896727\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB898461\spmsg.dll
    c:\program files\windows\$hf_mig$\KB898461\spuninst.exe
    c:\program files\windows\$hf_mig$\KB898461\spupdsvc.exe
    c:\program files\windows\$hf_mig$\KB898461\update\branches.inf
    c:\program files\windows\$hf_mig$\KB898461\update\eula.txt
    c:\program files\windows\$hf_mig$\KB898461\update\KB898461.CAT
    c:\program files\windows\$hf_mig$\KB898461\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB898461\update\update.exe
    c:\program files\windows\$hf_mig$\KB898461\update\update.ver
    c:\program files\windows\$hf_mig$\KB898461\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB898461\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB898461\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB899587\SP2QFE\kerberos.dll
    c:\program files\windows\$hf_mig$\KB899587\spmsg.dll
    c:\program files\windows\$hf_mig$\KB899587\spuninst.exe
    c:\program files\windows\$hf_mig$\KB899587\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB899587\update\branches.inf
    c:\program files\windows\$hf_mig$\KB899587\update\eula.txt
    c:\program files\windows\$hf_mig$\KB899587\update\KB899587.CAT
    c:\program files\windows\$hf_mig$\KB899587\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB899587\update\update.exe
    c:\program files\windows\$hf_mig$\KB899587\update\update.ver
    c:\program files\windows\$hf_mig$\KB899587\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB899587\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB899587\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB899588\SP2QFE\umpnpmgr.dll
    c:\program files\windows\$hf_mig$\KB899588\spmsg.dll
    c:\program files\windows\$hf_mig$\KB899588\spuninst.exe
    c:\program files\windows\$hf_mig$\KB899588\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB899588\update\branches.inf
    c:\program files\windows\$hf_mig$\KB899588\update\eula.txt
    c:\program files\windows\$hf_mig$\KB899588\update\KB899588.CAT
    c:\program files\windows\$hf_mig$\KB899588\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB899588\update\update.exe
    c:\program files\windows\$hf_mig$\KB899588\update\update.ver
    c:\program files\windows\$hf_mig$\KB899588\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB899588\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB899588\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
    c:\program files\windows\$hf_mig$\KB899591\spmsg.dll
    c:\program files\windows\$hf_mig$\KB899591\spuninst.exe
    c:\program files\windows\$hf_mig$\KB899591\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB899591\update\branches.inf
    c:\program files\windows\$hf_mig$\KB899591\update\eula.txt
    c:\program files\windows\$hf_mig$\KB899591\update\KB899591.CAT
    c:\program files\windows\$hf_mig$\KB899591\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB899591\update\update.exe
    c:\program files\windows\$hf_mig$\KB899591\update\update.ver
    c:\program files\windows\$hf_mig$\KB899591\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB899591\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB899591\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
    c:\program files\windows\$hf_mig$\KB900725\SP2QFE\shell32.dll
    c:\program files\windows\$hf_mig$\KB900725\SP2QFE\shlwapi.dll
    c:\program files\windows\$hf_mig$\KB900725\SP2QFE\spru0413.dll
    c:\program files\windows\$hf_mig$\KB900725\SP2QFE\winsrv.dll
    c:\program files\windows\$hf_mig$\KB900725\spmsg.dll
    c:\program files\windows\$hf_mig$\KB900725\spuninst.exe
    c:\program files\windows\$hf_mig$\KB900725\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB900725\update\branches.inf
    c:\program files\windows\$hf_mig$\KB900725\update\eula.txt
    c:\program files\windows\$hf_mig$\KB900725\update\KB900725.CAT
    c:\program files\windows\$hf_mig$\KB900725\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB900725\update\update.exe
    c:\program files\windows\$hf_mig$\KB900725\update\update.ver
    c:\program files\windows\$hf_mig$\KB900725\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB900725\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB900725\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB901017\SP2QFE\cdosys.dll
    c:\program files\windows\$hf_mig$\KB901017\spmsg.dll
    c:\program files\windows\$hf_mig$\KB901017\spuninst.exe
    c:\program files\windows\$hf_mig$\KB901017\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB901017\update\branches.inf
    c:\program files\windows\$hf_mig$\KB901017\update\eula.txt
    c:\program files\windows\$hf_mig$\KB901017\update\KB901017.CAT
    c:\program files\windows\$hf_mig$\KB901017\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB901017\update\update.exe
    c:\program files\windows\$hf_mig$\KB901017\update\update.ver
    c:\program files\windows\$hf_mig$\KB901017\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB901017\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB901017\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB901214\SP2QFE\icm32.dll
    c:\program files\windows\$hf_mig$\KB901214\SP2QFE\mscms.dll
    c:\program files\windows\$hf_mig$\KB901214\spmsg.dll
    c:\program files\windows\$hf_mig$\KB901214\spuninst.exe
    c:\program files\windows\$hf_mig$\KB901214\update\branches.inf
    c:\program files\windows\$hf_mig$\KB901214\update\eula.txt
    c:\program files\windows\$hf_mig$\KB901214\update\KB901214.CAT
    c:\program files\windows\$hf_mig$\KB901214\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB901214\update\update.exe
    c:\program files\windows\$hf_mig$\KB901214\update\update.ver
    c:\program files\windows\$hf_mig$\KB901214\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB901214\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB901214\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\catsrv.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\catsrvut.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\colbact.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\comadmin.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\comrepl.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\comsvcs.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\comuid.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\es.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\migregdb.exe
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\msdtctm.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\mtxclu.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\mtxoci.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\olecli32.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\olecnv32.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\txflog.dll
    c:\program files\windows\$hf_mig$\KB902400\SP2QFE\xolehlp.dll
    c:\program files\windows\$hf_mig$\KB902400\spmsg.dll
    c:\program files\windows\$hf_mig$\KB902400\spuninst.exe
    c:\program files\windows\$hf_mig$\KB902400\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB902400\update\branches.inf
    c:\program files\windows\$hf_mig$\KB902400\update\eula.txt
    c:\program files\windows\$hf_mig$\KB902400\update\KB902400.CAT
    c:\program files\windows\$hf_mig$\KB902400\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB902400\update\update.exe
    c:\program files\windows\$hf_mig$\KB902400\update\update.ver
    c:\program files\windows\$hf_mig$\KB902400\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB902400\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB902400\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB904706\SP2QFE\quartz.dll
    c:\program files\windows\$hf_mig$\KB904706\spmsg.dll
    c:\program files\windows\$hf_mig$\KB904706\spuninst.exe
    c:\program files\windows\$hf_mig$\KB904706\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB904706\update\branches.inf
    c:\program files\windows\$hf_mig$\KB904706\update\eula.txt
    c:\program files\windows\$hf_mig$\KB904706\update\KB904706.CAT
    c:\program files\windows\$hf_mig$\KB904706\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB904706\update\update.exe
    c:\program files\windows\$hf_mig$\KB904706\update\update.ver
    c:\program files\windows\$hf_mig$\KB904706\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB904706\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB904706\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB905414\SP2QFE
    etman.dll
    c:\program files\windows\$hf_mig$\KB905414\spmsg.dll
    c:\program files\windows\$hf_mig$\KB905414\spuninst.exe
    c:\program files\windows\$hf_mig$\KB905414\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB905414\update\branches.inf
    c:\program files\windows\$hf_mig$\KB905414\update\eula.txt
    c:\program files\windows\$hf_mig$\KB905414\update\KB905414.CAT
    c:\program files\windows\$hf_mig$\KB905414\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB905414\update\update.exe
    c:\program files\windows\$hf_mig$\KB905414\update\update.ver
    c:\program files\windows\$hf_mig$\KB905414\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB905414\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB905414\update\updspapi.dll
    c:\program files\windows\$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll
    c:\program files\windows\$hf_mig$\KB905749\spmsg.dll
    c:\program files\windows\$hf_mig$\KB905749\spuninst.exe
    c:\program files\windows\$hf_mig$\KB905749\update\arpidfix.exe
    c:\program files\windows\$hf_mig$\KB905749\update\branches.inf
    c:\program files\windows\$hf_mig$\KB905749\update\eula.txt
    c:\program files\windows\$hf_mig$\KB905749\update\KB905749.CAT
    c:\program files\windows\$hf_mig$\KB905749\update\spcustom.dll
    c:\program files\windows\$hf_mig$\KB905749\update\update.exe
    c:\program files\windows\$hf_mig$\KB905749\update\update.ver
    c:\program files\windows\$hf_mig$\KB905749\update\update_SP2QFE.inf
    c:\program files\windows\$hf_mig$\KB905749\update\updatebr.inf
    c:\program files\windows\$hf_mig$\KB905749\update\updspapi.dll
    c:\program files\windows\$MSI31Uninstall_KB893803$\msi.dll
    c:\program files\windows\$MSI31Uninstall_KB893803$\msiexec.exe
    c:\program files\windows\$MSI31Uninstall_KB893803$\msihnd.dll
    c:\program files\windows\$MSI31Uninstall_KB893803$\msimsg.dll
    c:\program files\windows\$MSI31Uninstall_KB893803$\msisip.dll
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00012
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00013
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00014
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00015
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00016
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00017
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00018
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00019
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00020
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00021
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00022
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00023
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00024
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00025
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00026
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00027
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00028
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00029
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00030
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00031
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00032
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00033
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00034
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00035
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00036
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00037
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00038
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00039
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00040
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00041
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00042
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00043
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00044
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00045
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00046
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00047
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00050
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00051
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00052
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00053
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00054
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00055
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00056
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00057
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00058
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00059
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00060
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00061
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00062
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00063
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00064
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00065
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00066
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00067
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00068
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00069
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00070
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00071
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00072
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00073
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00074
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00075
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00076
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00077
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00078
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00079
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00080
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00081
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00082
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00083
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00084
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00085
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00086
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00087
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00088
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00089
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00090
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00091
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00092
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00093
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00094
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00095
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00096
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00097
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00098
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00099
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00100
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00101
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00102
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00103
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00104
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00105
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00106
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00107
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00108
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00109
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00110
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00111
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00112
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00113
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00114
    c:\program files\windows\$MSI31Uninstall_KB893803$\reg00115
    c:\program files\windows\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe
    c:\program files\windows\$MSI31Uninstall_KB893803$\spuninst\spuninst.inf
    c:\program files\windows\$MSI31Uninstall_KB893803$\spuninst\spuninst.txt
    c:\program files\windows\$MSI31Uninstall_KB893803$\spuninst\updspapi.dll
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\msi.dll
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00003
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00004
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00005
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00006
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00007
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00008
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00009
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00010
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00011
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00012
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00013
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00014
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00015
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00016
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00017
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00018
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00019
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00020
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00021
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00022
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00023
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00024
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00025
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00026
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00027
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00028
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00029
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00030
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00031
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00032
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00033
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00034
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00035
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00036
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00037
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00038
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00039
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00040
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00041
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00042
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00043
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00044
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00045
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00046
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00047
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00048
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00051
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00052
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00053
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00054
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00055
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00056
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00057
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00058
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00059
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00060
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00061
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00062
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00063
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00064
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00065
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00066
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00067
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00068
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00069
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00070
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00071
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00072
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00073
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00074
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00075
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00076
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00077
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00078
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00079
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00080
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00081
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00082
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00083
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00084
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00085
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00086
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00087
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00088
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00089
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00090
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00091
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00092
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00093
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00094
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00095
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00096
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00097
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00098
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00099
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00100
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00101
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00102
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00103
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00104
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00105
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00106
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00107
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00108
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00109
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00110
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00111
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00112
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00113
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00114
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00115
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\reg00116
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.inf
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.txt
    c:\program files\windows\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
    c:\program files\windows\_default.pif
    c:\program files\windows\[u:13375e418e]0[/u:13375e418e].log
    c:\program files\windows\180ax.log
    c:\program files\windows\ActiveSkin.INI
    c:\program files\windows\affbun.txt
    c:\program files\windows\AppPatch\AcGenral.dll
    c:\program files\windows\AppPatch\AcLayers.dll
    c:\program files\windows\AppPatch\AcLua.dll
    c:\program files\windows\AppPatch\AcSpecfc.dll
    c:\program files\windows\AppPatch\AcXtrnal.dll
    c:\program files\windows\AppPatch\apph_sp.sdb
    c:\program files\windows\AppPatch\apphelp.sdb
    c:\program files\windows\AppPatch\drvmain.sdb
    c:\program files\windows\AppPatch\msimain.sdb
    c:\program files\windows\AppPatch\sysmain.sdb
    c:\program files\windows\assembly\Desktop.ini
    c:\program files\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
    c:\program files\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
    c:\program files\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    c:\program files\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
    c:\program files\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
    c:\program files\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
    c:\program files\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    c:\program files\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    c:\program files\windows\assembly\GAC\Microsoft.JScript.resources\7.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.JScript.resources\7.0.5000.0_nl_b03f5f7f11d50a3a\Microsoft.Jscript.resources.dll
    c:\program files\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    c:\program files\windows\assembly\GAC\Microsoft.VisualBasic.resources\7.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.VisualBasic.resources\7.0.5000.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
    c:\program files\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    c:\program files\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    c:\program files\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
    c:\program files\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    c:\program files\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    c:\program files\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    c:\program files\windows\assembly\GAC\mscorcfg.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\mscorcfg.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\mscorcfg.resources.dll
    c:\program files\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
    c:\program files\windows\assembly\GAC\mscorlib.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\mscorlib.resources\1.0.5000.0_nl_b77a5c561934e089\Mscorlib.resources.dll
    c:\program files\windows\assembly\GAC\Regcode.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Regcode.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\RegCode.resources.dll
    c:\program files\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
    c:\program files\windows\assembly\GAC\System.Configuration.Install.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Configuration.Install.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\System.Configuration.Install.resources.dll
    c:\program files\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    c:\program files\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
    c:\program files\windows\assembly\GAC\System.Data.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Data.resources\1.0.5000.0_nl_b77a5c561934e089\System.Data.resources.dll
    c:\program files\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
    c:\program files\windows\assembly\GAC\System.Design.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Design.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\System.Design.resources.dll
    c:\program files\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
    c:\program files\windows\assembly\GAC\System.DirectoryServices.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.DirectoryServices.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\System.DirectoryServices.resources.dll
    c:\program files\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    c:\program files\windows\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\System.Drawing.design.resources.dll
    c:\program files\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    c:\program files\windows\assembly\GAC\System.Drawing.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Drawing.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\System.Drawing.resources.dll
    c:\program files\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
    c:\program files\windows\assembly\GAC\System.EnterpriseServices.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.EnterpriseServices.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\System.EnterpriseServices.resources.dll
    c:\program files\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    c:\program files\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
    c:\program files\windows\assembly\GAC\system.management.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\system.management.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\System.Management.resources.dll
    c:\program files\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
    c:\program files\windows\assembly\GAC\System.Messaging.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Messaging.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\System.Messaging.resources.dll
    c:\program files\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
    c:\program files\windows\assembly\GAC\System.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.resources\1.0.5000.0_nl_b77a5c561934e089\System.resources.dll
    c:\program files\windows\assembly\GAC\System.Runtime.Remoting.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Runtime.Remoting.resources\1.0.5000.0_nl_b77a5c561934e089\System.runtime.remoting.resources.dll
    c:\program files\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
    c:\program files\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
    c:\program files\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
    c:\program files\windows\assembly\GAC\System.Runt




  • Zou je de volledige inhoud van het bestand willen plaatsen?
    Laten we trouwens het andere topic ook hier doen, want het heeft weinig nut om jou in 2 verschillende topics instructies te geven.
  • combofix heeft wel aan dat het een oudere versie is!!!
    Maar ik heb hem laten verder werken met minder functionaliteiten!


    ComboFix 09-01-21.04 - Gebruiker 2009-01-31 12:48:19.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.532 [GMT 1:00]
    Gestart vanuit: G:\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Resident AV is active

    .
    - VERMINDERDE FUNCTIONALITEIT MODUS -
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-28 to 2009-01-31 ))))))))))))))))))))))))))))))
    .

    2009-01-10 16:37 . 2009-01-10 16:37 410,984 –a—— c:\windows\system32\deploytk.dll
    2009-01-05 12:56 . 2009-01-05 12:56 <DIR> d—-c— c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-01-05 12:56 . 2009-01-05 12:56 <DIR> d—-c— c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-01-05 12:56 . 2009-01-05 12:56 <DIR> d—-c— c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-05 12:56 . 2009-01-05 12:56 <DIR> d—-c— c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-05 12:56 . 2009-01-05 12:56 <DIR> d—-c— c:\program files\CCleaner
    2009-01-05 12:56 . 2009-01-30 11:14 <DIR> dr-h-c— c:\documents and settings\Gebruiker\Onlangs geopend
    2009-01-05 11:00 . 2009-01-30 11:00 <DIR> d—-c— c:\program files\Malwarebytes' Anti-Malware
    2009-01-05 11:00 . 2009-01-05 11:00 <DIR> d—-c— c:\documents and settings\Gebruiker\Application Data\Malwarebytes
    2009-01-05 11:00 . 2009-01-05 11:00 <DIR> d—-c— c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-05 11:00 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-05 11:00 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-04 18:53 . 2009-01-05 12:55 <DIR> d—-c— c:\program files\SpywareBlaster
    2009-01-04 18:52 . 2009-01-10 16:38 <DIR> d—-c— c:\program files\SpywareGuard
    2008-12-20 12:03 . 2008-12-21 12:01 <DIR> d–h-c— C:\$AVG8.VAULT$
    2008-12-19 19:14 . 2009-01-31 08:05 <DIR> d——– c:\windows\system32\drivers\Avg
    2008-12-19 19:14 . 2008-12-20 10:15 <DIR> d—-c— c:\documents and settings\Gebruiker\Application Data\AVGTOOLBAR
    2008-12-19 19:14 . 2008-12-19 19:14 97,928 –a—— c:\windows\system32\drivers\avgldx86.sys
    2008-12-19 19:14 . 2008-12-19 19:14 76,040 –a—— c:\windows\system32\drivers\avgtdix.sys
    2008-12-19 19:14 . 2008-12-19 19:14 10,520 –a—— c:\windows\system32\avgrsstx.dll
    2008-12-19 19:07 . 2008-12-19 19:14 <DIR> d—-c— c:\documents and settings\All Users\Application Data\Avg8
    2008-12-18 17:55 . 2008-12-18 17:55 <DIR> d—-c— c:\program files\AVG

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-30 16:32 ——— dc—-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-30 15:03 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-10 15:37 ——— d—–w c:\program files\Java
    2009-01-05 11:56 ——— dc—-w c:\program files\Iomega
    2008-12-19 18:12 ——— d—–w c:\program files\Network Associates
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:33 826,368 —-a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 —-a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 —-a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 —-a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 —-a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 —-a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 —-a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 —-a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 —-a-w c:\windows\system32\wups.dll
    2008-10-03 10:05 247,326 —-a-w c:\windows\system32\strmdll.dll
    2007-06-18 16:28 87,608 -c–a-w c:\documents and settings\Gebruiker\Application Data\inst.exe
    2007-06-18 16:28 47,360 -c–a-w c:\documents and settings\Gebruiker\Application Data\pcouffin.sys
    2007-02-18 17:06 87,608 -c–a-w c:\documents and settings\Gebruiker\Application Data\ezpinst.exe
    2007-02-10 20:42 337 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb1942.dat
    2007-02-07 18:25 20,480 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb4827.dat
    2006-12-01 16:08 49 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb41.dat
    2006-11-25 13:25 9,216 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb8467.dat
    2006-11-25 13:25 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb6334.dat
    2006-11-25 13:24 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb5436.dat
    2006-03-24 19:05 26,922 -c–a-w c:\program files\moviepass Terms.html
    2005-11-17 10:26 0 -c–a-w c:\program files\AUTOEXEC.BAT
    2005-02-04 13:41 867 -c–a-w c:\program files\asdf.txt
    2005-01-31 18:57 5,042 -c–a-r c:\program files\CLDMA.LOG
    2004-05-25 22:24 0 -c–a-w c:\program files\CONFIG.SYS
    2001-05-24 11:59 162,304 -c–a-w c:\program files\UNWISE.EXE
    1999-12-07 18:00 1,384,448 -c–a-w c:\program files\msvbvm60.dll
    2005-11-24 17:54 56 -csha-r c:\windows\system32\69A2D02CB7.sys
    2005-11-24 17:54 1,682 -csha-w c:\windows\system32\KGyGaAvL.sys
    2008-09-02 15:17 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090220080903\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-30_18.44.26,09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-30 18:58:10 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_120.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2006-01-25 7094272]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-04-12 1383936]
    "PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-05 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-19 1261336]
    "nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32
    wiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\
    SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    Photo Express Calendar Checker SE.lnk - c:\program files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2005-12-10 55296]
    Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-11-23 245760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PIM1"= PCLEPIM1.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ersd.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Pinnacle\\PCTV Stereo\\TeleText\\WebServer.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\StubInstaller.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-19 97928]
    R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2005-11-23 556416]
    R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2005-11-23 6400]
    R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-19 875288]
    R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-19 231704]
    R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-19 76040]
    R4 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [1997-03-12 25792]
    R4 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2007-01-14 8864]
    R4 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2007-01-14 8864]
    R4 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2007-01-14 8864]
    R4 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [2007-01-14 8012]
    S0 esff;esff;c:\windows\system32\drivers\esff.sys –> c:\windows\system32\drivers\esff.sys [?]
    S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys –> c:\windows\system32\drivers\ctredrv.sys [?]
    S1 ersd;ersd;\??\c:\windows\system32\drivers\ersd.sys –> c:\windows\system32\drivers\ersd.sys [?]
    S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [2006-08-12 25300]
    S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [2006-08-12 25300]
    S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [2006-08-12 49365]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba902ec2-5b7a-11da-96c1-806d6172696f}]
    \Shell\AutoRun\command - d:\bin\assetup.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-31 c:\windows\Tasks\A46F885A91840682.job
    - c:\docume~1\gebrui~1\applic~1\doesre~1\bind soap safe.exe []

    2006-10-22 c:\windows\Tasks\XoftSpy.job
    - c:\program files\XoftSpy\XoftSpy.exe []
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://google.be/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: recordgroup.be \www.home
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-31 12:48:43
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-1935655697-1450960922-839522115-1004\Software\Zepter Software\RegLib*c087c35c\CloneDVDmobile/1]
    "1"=dword:45684247
    "2"=dword:456887a7

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,96,90,77,5c,45,
    16,a8,4f,e2,63,26,f1,3f,c8,ff,68,a2,f1,54,d9,4a,5c,ce,8e,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,71,56,b3,d6,49,
    f8,b9,f9,6a,9c,d6,61,af,45,84,18,3c,b5,d3,19,a7,d1,06,b2,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,75,34,11,c3,66,
    39,5c,51,ff,7c,85,e0,43,d4,0e,fe,95,1a,5c,40,3e,49,83,6e,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,6e,4e,97,2a,cd,
    ea,a0,59,86,8c,21,01,be,91,eb,e7,c2,e7,e4,2a,3c,3c,e0,77,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,e5,4e,76,bb,ee,
    93,40,fc,f5,1d,4d,73,a8,13,5c,05,55,b0,cb,c5,3c,eb,fb,aa,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,7d,4a,8b,83,ad,
    1d,f3,2a,df,20,58,62,78,6b,cf,c8,a1,0c,eb,73,e5,d0,3f,98,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,29,8f,9e,31,f0,
    92,13,96,fb,a7,78,e6,12,2f,9a,ea,4b,c7,5a,b6,98,bc,40,96,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,1d,20,e3,c0,b8,
    d1,65,53,01,3a,48,fc,e8,04,4a,f1,69,c9,fc,90,2e,1a,36,7d,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,48,12,ea,d5,cc,
    ff,13,d3,f6,0f,4e,58,98,5b,89,c9,c2,66,ce,3a,03,89,dc,aa,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9e,2e,e6,b1,3e,
    6b,c1,86,3d,ce,ea,26,2d,45,aa,78,72,2d,0c,b8,11,b2,da,23,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,63,d4,a8,5f,b0,
    af,bd,63,2a,b7,cc,b5,b9,7f,41,e7,2a,3c,52,1d,d8,66,7d,7a,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,53,a5,42,a3,3a,
    72,d1,03,6c,43,2d,1e,aa,22,2f,9c,4a,71,40,f6,51,86,fc,f0,6c,43,2d,1e,aa,22,\
    .
    Voltooingstijd: 2009-01-31 12:51:28
    ComboFix-quarantined-files.txt 2009-01-31 11:51:25
    ComboFix2.txt 2009-01-30 17:46:17

    Pre-Run: 21.232.504.832 bytes beschikbaar
    Post-Run: 21,221,875,712 bytes beschikbaar

    233 — E O F — 2009-01-14 17:02:55


    mvg,

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.