Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

trojan horse terug

None
12 antwoorden
  • ik had een tijd geleden last van een trojan horse maar heb die met jullie hulp kunnen verwijderen. mijn computer is de laatste tijd weer erg traag en ik heb de computer dus opnieuw gescanned. hij vond weer een trojan horse.
    eerst een vraagje vooraf: kan ik avg free edition 8 gebruiken? ik las een tijd geleden namelijk dat er nogal grote fouten in dat programma zaten.

    hier is mijn hijack logje:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:14:12, on 14-2-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Packard Bell\FIJI\ABoard.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Packard Bell\FIJI\AOSD.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\Windows\V0230Mon.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\ProgramData\U3\U3Launcher\LaunchU3.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Startup: LaunchU3.exe.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


    End of file - 10683 bytes
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:4c1cfa1780]R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
    O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:4c1cfa1780]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download [b:4c1cfa1780] en sla het op je bureaublad op.
    Dubbelklik op [b:4c1cfa1780]mbam-setup.exe[/b:4c1cfa1780] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:4c1cfa1780]
    [*:4c1cfa1780]Update MalwareBytes' Anti-Malware
    [*:4c1cfa1780]Start MalwareBytes' Anti-Malware
    [/list:u:4c1cfa1780]Klik daarna op "[b:4c1cfa1780]Voltooien[/b:4c1cfa1780]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:4c1cfa1780]
    [*:4c1cfa1780]Zodra het programma gestart is, ga dan naar het tabblad "[b:4c1cfa1780]Instellingen[/b:4c1cfa1780]".
    [*:4c1cfa1780]Vink hier aan: "[b:4c1cfa1780]Sluit Internet Explorer tijdens verwijdering van malware[/b:4c1cfa1780]".
    [*:4c1cfa1780]Ga daarna naar het tabblad "[b:4c1cfa1780]Scanner[/b:4c1cfa1780]", kies hier voor "[b:4c1cfa1780]Snelle Scan[/b:4c1cfa1780]".
    [*:4c1cfa1780]Druk vervolgens op "[b:4c1cfa1780]Scannen[/b:4c1cfa1780]" om de scan te starten.
    [*:4c1cfa1780]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:4c1cfa1780]Wanneer de scan voltooid is, klik op [b:4c1cfa1780]OK[/b:4c1cfa1780], daarna "[b:4c1cfa1780]Bekijk Resultaten[/b:4c1cfa1780]" om de resultaten te zien.
    [*:4c1cfa1780]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:4c1cfa1780]Verwijder geselecteerde[/b:4c1cfa1780]".
    [*:4c1cfa1780]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:4c1cfa1780]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:4c1cfa1780]Logs[/b:4c1cfa1780]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis



    Download [b:4c1cfa1780] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:4c1cfa1780]
  • ik heb een probleem…als ik combofix wil starten, geeft ie aan dat ik AVG eerst moet afsluiten. nu heb ik me kapot gezocht, maar er staat nergens hoe je AVG kan uitzetten…enig idee hoe ik dit doe?

    heb et al gevonden
  • Zou je dan de gevraagde logs willen plaatsen?
  • de 3 logjes

    hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:34:50, on 14-2-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Packard Bell\FIJI\ABoard.exe
    C:\Program Files\Packard Bell\FIJI\AOSD.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\Windows\V0230Mon.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\ProgramData\U3\U3Launcher\LaunchU3.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Startup: LaunchU3.exe.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


    End of file - 9610 bytes


    malware:
    Malwarebytes' Anti-Malware 1.25
    Database versie: 1062
    Windows 6.0.6001 Service Pack 1

    21:38:09 2-1-2009
    mbam-log-01-02-2009 (21-38-09).txt

    Scan type: Snelle Scan
    Objecten gescand: 1
    Verstreken tijd: 4 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)


    combofix:
    ComboFix 09-02-12.03 - beheer 2009-02-14 13:23:09.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2046.1192 [GMT 1:00]
    Gestart vanuit: c:\users\beheer\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))
    .

    2009-02-14 12:47 . 2009-02-14 12:47 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-14 12:47 . 2009-02-11 10:19 38,496 –a—— c:\windows\System32\drivers\mbamswissarmy.sys
    2009-02-14 12:47 . 2009-02-11 10:19 15,504 –a—— c:\windows\System32\drivers\mbam.sys
    2009-02-12 15:06 . 2009-01-15 04:36 1,383,424 –a—— c:\windows\System32\mshtml.tlb
    2009-02-12 15:06 . 2009-01-15 07:11 827,392 –a—— c:\windows\System32\wininet.dll
    2009-02-08 14:07 . 2009-02-08 14:07 <DIR> d——– c:\windows\Watson
    2009-01-31 14:13 . 2009-01-31 14:13 10,520 –a—— c:\windows\System32\avgrsstx.dll
    2009-01-28 02:39 . 2009-01-28 02:39 <DIR> d——– c:\users\beheer\AppData\Roaming\PeerNetworking
    2009-01-15 11:25 . 2009-01-15 11:25 0 –a—— c:\windows\System32\msexcr.ini
    2009-01-14 13:03 . 2008-12-16 03:42 288,768 –a—— c:\windows\System32\drivers\srv.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-13 14:55 ——— d—–w c:\programdata\Microsoft Help
    2009-02-13 14:54 ——— d—–w c:\program files\Windows Mail
    2009-02-08 16:03 ——— d—–w c:\program files\Messenger Plus! Live
    2009-02-08 13:07 ——— d—–w c:\program files\Microsoft Games
    2009-02-08 11:31 ——— d—–w c:\program files\Steam
    2009-02-08 11:29 ——— d—–w c:\program files\Common Files\Steam
    2009-01-31 18:05 ——— d—–w c:\users\beheer\AppData\Roaming\uTorrent
    2009-01-31 17:41 ——— d—–w c:\users\beheer\AppData\Roaming\Tibia
    2009-01-31 13:13 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2009-01-31 13:10 ——— d—–w c:\programdata\avg8
    2009-01-24 22:13 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-23 23:33 ——— d—–w c:\users\beheer\AppData\Roaming\Packard Bell
    2009-01-17 13:53 ——— d—–w c:\program files\DVD Decrypter
    2009-01-11 12:47 ——— d—–w c:\program files\GameSpy Arcade
    2009-01-11 12:46 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-11 12:46 ——— d—–w c:\program files\Infogrames
    2009-01-09 13:24 ——— d—–w c:\programdata\Electronic Arts
    2009-01-08 19:23 ——— d—–w c:\users\beheer\AppData\Roaming\U3
    2009-01-07 10:05 ——— d—–w c:\programdata\U3
    2009-01-04 17:34 421,888 —-a-w c:\windows\NEXON_EU_DownloaderUpdater.exe
    2009-01-03 20:22 ——— d—–w c:\program files\NEXON
    2009-01-02 20:39 ——— d—–w c:\users\beheer\AppData\Roaming\Red Kawa
    2009-01-02 20:38 ——— d—–w c:\program files\Red Kawa
    2009-01-02 20:38 ——— d—–w c:\program files\AviSynth 2.5
    2009-01-02 16:12 ——— d—–w c:\users\beheer\AppData\Roaming\Apple Computer
    2009-01-01 15:07 ——— d—–w c:\program files\DAEMON Tools Lite
    2009-01-01 13:06 ——— d—a-w c:\programdata\TEMP
    2008-12-26 15:18 ——— d—–w c:\program files\Common Files\INCA Shared
    2008-12-26 14:48 ——— d—–w c:\program files\Triggersoft
    2008-12-26 14:45 ——— d—–w c:\users\beheer\AppData\Roaming\DAEMON Tools Pro
    2008-12-26 14:45 ——— d—–w c:\users\beheer\AppData\Roaming\DAEMON Tools Lite
    2008-12-26 14:45 ——— d—–w c:\users\beheer\AppData\Roaming\DAEMON Tools
    2008-12-24 09:02 ——— d—–w c:\programdata\DAEMON Tools Lite
    2008-12-22 10:32 ——— d—–w c:\program files\Common Files\Adobe
    2008-12-03 16:38 410,984 —-a-w c:\windows\System32\deploytk.dll
    2008-11-03 11:35 22,328 —-a-w c:\users\beheer\AppData\Roaming\PnkBstrK.sys
    2008-06-10 11:37 174 –sha-w c:\program files\desktop.ini
    2007-09-19 06:57 65,536 –sha-w c:\windows\oem\mp\boot\bootstat.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-13_23.20.32,61 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-19 09:50:50 2,144,256 —-a-w c:\windows\AppPatch\AcGenral.dll
    + 2008-11-01 03:44:34 2,154,496 —-a-w c:\windows\AppPatch\AcGenral.dll
    - 2008-04-19 09:50:50 537,600 —-a-w c:\windows\AppPatch\AcLayers.dll
    + 2008-11-01 03:44:34 541,696 —-a-w c:\windows\AppPatch\AcLayers.dll
    - 2006-11-02 09:46:02 237,568 —-a-w c:\windows\AppPatch\AcRedir.dll
    + 2008-01-19 07:33:41 237,568 —-a-w c:\windows\AppPatch\AcRedir.dll
    - 2008-04-19 09:50:51 2,560 —-a-w c:\windows\AppPatch\AcRes.dll
    + 2008-03-08 01:58:43 2,560 —-a-w c:\windows\AppPatch\AcRes.dll
    - 2008-04-19 09:50:50 449,536 —-a-w c:\windows\AppPatch\AcSpecfc.dll
    + 2008-11-01 03:44:34 460,288 —-a-w c:\windows\AppPatch\AcSpecfc.dll
    - 2008-04-19 09:50:50 173,056 —-a-w c:\windows\AppPatch\AcXtrnal.dll
    + 2008-11-01 03:44:34 173,056 —-a-w c:\windows\AppPatch\AcXtrnal.dll
    - 2006-11-02 09:46:02 40,960 —-a-w c:\windows\AppPatch\apihex86.dll
    + 2008-01-19 07:33:43 40,960 —-a-w c:\windows\AppPatch\apihex86.dll
    - 2008-04-19 09:47:55 52,736 —-a-w c:\windows\AppPatch\iebrshim.dll
    + 2008-11-01 03:44:36 52,736 —-a-w c:\windows\AppPatch\iebrshim.dll
    + 2008-11-22 13:01:34 53,248 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2008-11-22 13:01:34 12,800 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2008-11-22 13:01:34 473,600 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2008-11-22 13:01:27 2,676,224 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-11-22 13:01:28 2,846,720 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-11-22 13:01:29 563,712 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-11-22 13:01:29 567,296 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-11-22 13:01:30 576,000 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-11-22 13:01:30 577,024 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-11-22 13:01:31 577,536 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-11-22 13:01:32 577,536 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-11-22 13:01:32 578,560 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-11-22 13:01:35 578,560 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-11-22 13:01:35 145,920 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2008-11-22 13:01:36 159,232 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2008-11-22 13:01:36 364,544 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2008-11-22 13:01:37 178,176 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2008-11-22 13:01:34 223,232 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2008-05-07 20:44:43 248,632 —-a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    + 2008-08-16 08:31:02 250,928 —-a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    - 2008-05-07 20:44:43 781,104 —-a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    + 2008-07-10 12:07:03 783,744 —-a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    - 2006-11-02 12:35:32 143,360 —-a-w c:\windows\assembly\GAC_32\BDATunePIA\6.0.6000.0__31bf3856ad364e35\BDATunePIA.dll
    + 2008-01-19 07:38:12 144,384 —-a-w c:\windows\assembly\GAC_32\BDATunePIA\6.0.6000.0__31bf3856ad364e35\BDATunePIA.dll
    - 2006-10-20 01:13:56 69,120 —-a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2008-01-05 11:26:08 69,120 —-a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2006-10-20 01:14:03 72,192 —-a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2008-01-05 11:26:17 72,192 —-a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2006-11-02 12:35:34 77,824 —-a-w c:\windows\assembly\GAC_32\mcstoredb\6.0.6000.0__31bf3856ad364e35\mcstoredb.dll
    + 2008-01-19 07:38:31 78,336 —-a-w c:\windows\assembly\GAC_32\mcstoredb\6.0.6000.0__31bf3856ad364e35\mcstoredb.dll
    - 2006-11-02 12:35:33 136,192 —-a-w c:\windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
    + 2008-08-05 09:51:47 140,288 —-a-w c:\windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
    - 2006-11-02 12:35:33 105,472 —-a-w c:\windows\assembly\GAC_32\Mcx2Dvcs\6.0.6000.0__31bf3856ad364e35\Mcx2Dvcs.dll
    + 2008-01-19 07:38:32 106,496 —-a-w c:\windows\assembly\GAC_32\Mcx2Dvcs\6.0.6000.0__31bf3856ad364e35\Mcx2Dvcs.dll
    - 2006-11-02 12:35:24 507,904 —-a-w c:\windows\assembly\GAC_32\Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Microsoft.Ink.dll
    + 2008-01-19 07:38:34 507,904 —-a-w c:\windows\assembly\GAC_32\Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Microsoft.Ink.dll
    - 2008-05-07 20:45:20 118,112 —-a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
    + 2008-07-10 12:07:09 120,408 —-a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
    - 2006-11-02 12:36:03 151,552 —-a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2008-01-05 11:21:39 151,552 —-a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    - 2006-10-20 01:14:15 4,366,336 —-a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2008-01-05 11:26:32 4,444,160 —-a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2006-11-02 09:47:03 39,936 —-a-w c:\windows\assembly\GAC_32
    apcrypt\6.0.0.0__31bf3856ad364e35\NAPCRYPT.DLL
    + 2008-01-19 07:38:44 46,080 —-a-w c:\windows\assembly\GAC_32
    apcrypt\6.0.0.0__31bf3856ad364e35\NAPCRYPT.DLL
    - 2006-11-02 09:47:03 98,816 —-a-w c:\windows\assembly\GAC_32
    aphlpr\6.0.0.0__31bf3856ad364e35\NAPHLPR.DLL
    + 2008-01-19 07:38:45 103,936 —-a-w c:\windows\assembly\GAC_32
    aphlpr\6.0.0.0__31bf3856ad364e35\NAPHLPR.DLL
    - 2006-11-02 12:36:01 3,915,264 —-a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2008-01-05 11:21:53 4,174,336 —-a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2006-10-20 01:14:47 482,304 —-a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2008-01-05 11:26:54 483,840 —-a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2006-10-20 01:14:47 2,894,336 —-a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2008-01-05 11:26:54 3,036,160 —-a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2006-10-20 01:14:51 258,048 —-a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2008-01-05 11:26:55 258,048 —-a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2006-11-02 06:34:22 114,176 —-a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2008-01-19 03:22:55 113,664 —-a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2006-11-02 12:36:01 344,064 —-a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2008-01-05 11:21:55 346,624 —-a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
    - 2006-10-20 01:14:53 260,096 —-a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2008-01-05 11:26:59 261,120 —-a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2008-04-19 09:55:23 5,156,864 —-a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2008-01-05 11:26:59 5,431,296 —-a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2006-10-20 01:13:37 10,752 —-a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2008-01-05 11:25:52 10,752 —-a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2007-09-19 06:59:14 315,392 —-a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_nl_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
    + 2008-01-06 06:56:43 315,392 —-a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_nl_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
    - 2006-10-20 01:13:41 503,808 —-a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2008-01-05 11:25:59 507,904 —-a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2006-11-02 12:36:03 159,744 —-a-w c:\windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
    + 2008-01-05 11:21:39 159,744 —-a-w c:\windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
    - 2006-10-20 01:13:56 13,312 —-a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2008-01-05 11:26:08 13,312 —-a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2006-10-20 01:13:57 5,120 —-a-w c:\windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
    + 2008-01-05 11:26:11 5,120 —-a-w c:\windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
    - 2008-04-19 09:44:40 864,256 —-a-w c:\windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll
    + 2008-01-19 07:38:16 827,392 —-a-w c:\windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll
    - 2006-11-02 12:35:28 139,264 —-a-w c:\windows\assembly\GAC_MSIL\ehepgdat\6.0.6000.0__31bf3856ad364e35\ehepgdat.dll
    + 2008-01-19 07:38:16 139,264 —-a-w c:\windows\assembly\GAC_MSIL\ehepgdat\6.0.6000.0__31bf3856ad364e35\ehepgdat.dll
    - 2008-04-19 09:44:35 135,168 —-a-w c:\windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe
    + 2008-01-19 07:38:17 131,072 —-a-w c:\windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe
    - 2008-04-19 09:44:40 77,824 —-a-w c:\windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll
    + 2006-11-02 12:35:28 77,824 —-a-w c:\windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll
    - 2006-11-02 12:35:32 401,408 —-a-w c:\windows\assembly\GAC_MSIL\ehiProxy\6.0.6000.0__31bf3856ad364e35\ehiProxy.dll
    + 2008-01-19 07:38:18 401,408 —-a-w c:\windows\assembly\GAC_MSIL\ehiProxy\6.0.6000.0__31bf3856ad364e35\ehiProxy.dll
    - 2006-11-02 12:35:30 19,456 —-a-w c:\windows\assembly\GAC_MSIL\ehiReplay\6.0.6000.0__31bf3856ad364e35\ehiReplay.dll
    + 2008-01-19 07:38:18 19,456 —-a-w c:\windows\assembly\GAC_MSIL\ehiReplay\6.0.6000.0__31bf3856ad364e35\ehiReplay.dll
    - 2006-11-02 12:35:32 307,200 —-a-w c:\windows\assembly\GAC_MSIL\ehiVidCtl\6.0.6000.0__31bf3856ad364e35\ehiVidCtl.dll
    + 2008-01-19 07:38:19 307,200 —-a-w c:\windows\assembly\GAC_MSIL\ehiVidCtl\6.0.6000.0__31bf3856ad364e35\ehiVidCtl.dll
    - 2006-11-02 12:35:34 143,360 —-a-w c:\windows\assembly\GAC_MSIL\ehiwmp\6.0.6000.0__31bf3856ad364e35\ehiwmp.dll
    + 2008-01-19 07:38:19 143,360 —-a-w c:\windows\assembly\GAC_MSIL\ehiwmp\6.0.6000.0__31bf3856ad364e35\ehiwmp.dll
    - 2006-11-02 12:35:29 520,192 —-a-w c:\windows\assembly\GAC_MSIL\ehRecObj\6.0.6000.0__31bf3856ad364e35\ehRecObj.dll
    + 2008-01-19 07:38:19 520,192 —-a-w c:\windows\assembly\GAC_MSIL\ehRecObj\6.0.6000.0__31bf3856ad364e35\ehRecObj.dll
    - 2008-04-19 09:44:35 4,370,432 —-a-w c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
    + 2008-08-05 09:51:30 4,046,848 —-a-w c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
    - 2007-09-19 06:59:06 9,216 —-a-w c:\windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_nl_31bf3856ad364e35\EventViewer.resources.dll
    + 2008-01-19 11:11:47 9,216 —-a-w c:\windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_nl_31bf3856ad364e35\EventViewer.resources.dll
    - 2006-11-02 09:46:54 364,544 —-a-w c:\windows\assembly\GAC_MSIL\EventViewer\6.0.0.0__31bf3856ad364e35\EventViewer.dll
    + 2008-01-19 07:38:21 364,544 —-a-w c:\windows\assembly\GAC_MSIL\EventViewer\6.0.0.0__31bf3856ad364e35\EventViewer.dll
    - 2006-10-20 01:14:02 8,192 —-a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2008-01-05 11:26:12 8,192 —-a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2006-10-20 01:14:02 36,864 —-a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2008-01-05 11:26:12 77,824 —-a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2006-10-20 01:14:02 5,632 —-a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2008-01-05 11:26:13 6,656 —-a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2006-11-02 12:35:29 200,704 —-a-w c:\windows\assembly\GAC_MSIL\mcstore\6.0.6000.0__31bf3856ad364e35\mcstore.dll
    + 2008-01-19 07:38:31 176,128 —-a-w c:\windows\assembly\GAC_MSIL\mcstore\6.0.6000.0__31bf3856ad364e35\mcstore.dll
    - 2007-09-19 06:59:30 53,248 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
    + 2008-01-06 06:56:45 53,248 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
    - 2006-10-20 01:14:03 413,696 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2008-01-05 11:26:17 348,160 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2006-10-20 01:14:03 36,864 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2008-01-05 11:26:17 36,864 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2007-09-19 06:59:30 135,168 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
    + 2008-01-06 06:56:45 139,264 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
    - 2006-10-20 01:14:03 647,168 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2008-01-05 11:26:17 655,360 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2007-09-19 06:59:14 10,240 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.resources\2.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
    + 2008-01-06 06:56:48 10,240 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.resources\2.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
    - 2006-10-20 01:14:04 73,728 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2008-01-05 11:26:17 77,824 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2007-09-19 06:59:07 45,056 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.JScript.resources.dll
    + 2008-01-06 06:56:48 45,056 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.JScript.resources.dll
    - 2006-10-20 01:14:04 749,568 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2008-01-05 11:26:19 749,568 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2006-11-02 09:47:01 245,760 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
    + 2008-01-19 07:38:35 188,416 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
    - 2008-04-19 09:44:35 1,196,032 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
    + 2008-01-19 07:38:36 1,241,088 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
    - 2006-11-02 12:35:33 167,936 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
    + 2008-01-19 07:38:36 167,936 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
    - 2008-04-19 09:44:35 2,342,912 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
    + 2008-08-05 09:51:56 1,957,888 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
    - 2008-04-19 09:44:35 217,088 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
    + 2008-01-19 07:38:35 204,800 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
    - 2008-05-07 20:45:20 609,104 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
    + 2008-07-10 12:07:09 611,392 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
    - 2007-09-19 06:59:35 28,672 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\3.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
    + 2008-01-06 06:56:58 28,672 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\3.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
    - 2006-11-02 12:36:03 352,256 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2008-01-05 11:21:39 397,312 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    - 2007-09-19 06:59:11 9,216 —-a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
    + 2008-01-06 06:56:43 9,216 —-a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
    - 2006-10-20 01:14:05 110,592 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2008-01-05 11:26:19 110,592 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2007-09-19 06:59:31 9,216 —-a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
    + 2008-01-06 06:56:43 9,216 —-a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
    - 2006-10-20 01:14:05 372,736 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2008-01-05 11:26:23 372,736 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2007-09-19 06:59:13 57,344 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
    + 2008-01-06 06:56:52 57,344 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
    - 2006-10-20 01:14:05 28,672 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2008-01-05 11:26:23 28,672 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2006-10-20 01:14:05 667,648 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2008-01-05 11:26:23 671,744 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2006-10-20 01:14:05 12,800 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2008-01-05 11:26:24 12,800 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2006-10-20 01:14:05 32,768 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2008-01-05 11:26:23 32,768 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2007-09-19 06:59:30 1,392,640 —-a-w c:\windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_nl_31bf3856ad364e35\MIGUIControls.resources.dll
    + 2008-01-19 11:11:54 1,503,232 —-a-w c:\windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_nl_31bf3856ad364e35\MIGUIControls.resources.dll
    - 2006-11-02 09:47:03 3,100,672 —-a-w c:\windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
    + 2008-01-19 07:38:41 3,371,008 —-a-w c:\windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
    - 2006-11-02 09:47:03 413,696 —-a-w c:\windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
    + 2008-01-19 07:38:41 417,792 —-a-w c:\windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
    - 2007-09-19 06:59:30 4,608 —-a-w c:\windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_nl_31bf3856ad364e35\MMCFxCommon.Resources.dll
    + 2008-01-19 11:11:54 4,608 —-a-w c:\windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_nl_31bf3856ad364e35\MMCFxCommon.Resources.dll
    - 2007-09-19 06:59:14 303,104 —-a-w c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
    + 2008-01-06 06:56:52 303,104 —-a-w c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
    - 2007-09-19 06:59:07 40,960 —-a-w c:\windows\assembly\GAC_MSIL
    apinit.resources\6.0.0.0_nl_31bf3856ad364e35
    apinit.Resources.dll
    + 2008-01-19 11:11:55 40,960 —-a-w c:\windows\assembly\GAC_MSIL
    apinit.resources\6.0.0.0_nl_31bf3856ad364e35
    apinit.Resources.dll
    - 2006-11-02 09:47:03 65,536 —-a-w c:\windows\assembly\GAC_MSIL
    apinit\6.0.0.0__31bf3856ad364e35\NAPINIT.DLL
    + 2008-01-19 07:38:45 65,536 —-a-w c:\windows\assembly\GAC_MSIL
    apinit\6.0.0.0__31bf3856ad364e35\NAPINIT.DLL
    - 2007-09-19 06:59:11 245,760 —-a-w c:\windows\assembly\GAC_MSIL
    apsnap.resources\6.0.0.0_nl_31bf3856ad364e35
    apsnap.resources.dll
    + 2008-01-19 11:11:55 245,760 —-a-w c:\windows\assembly\GAC_MSIL
    apsnap.resources\6.0.0.0_nl_31bf3856ad364e35
    apsnap.resources.dll
    - 2006-11-02 09:47:04 458,752 —-a-w c:\windows\assembly\GAC_MSIL
    apsnap\6.0.0.0__31bf3856ad364e35\NAPSNAP.DLL
    + 2008-01-19 07:38:45 458,752 —-a-w c:\windows\assembly\GAC_MSIL
    apsnap\6.0.0.0__31bf3856ad364e35\NAPSNAP.DLL
    - 2006-11-02 12:36:00 593,920 —-a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
    + 2008-01-05 11:21:52 602,112 —-a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
    - 2006-11-02 12:36:00 32,768 —-a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
    + 2008-01-05 11:21:52 32,768 —-a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
    - 2006-11-02 12:36:01 36,864 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
    + 2008-01-05 11:21:53 36,864 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
    - 2006-11-02 12:36:01 184,320 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2008-01-05 11:21:53 184,320 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    - 2006-11-02 12:36:01 126,976 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    + 2008-01-05 11:21:53 131,072 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    - 2006-11-02 12:36:01 376,832 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2008-01-05 11:21:53 376,832 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    - 2006-11-02 12:36:01 151,552 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2008-01-05 11:21:54 151,552 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    - 2006-11-02 12:36:01 4,972,544 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2008-01-05 11:21:53 5,210,112 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    - 2006-11-02 12:36:00 897,024 —-a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2008-01-05 11:21:55 897,024 —-a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
    - 2006-11-02 12:36:00 528,384 —-a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2008-01-05 11:21:55 528,384 —-a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
    - 2006-11-02 12:36:03 61,440 —-a-w c:\windows\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a\ServiceModelReg.exe
    + 2008-01-05 11:21:39 61,440 —-a-w c:\windows\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a\ServiceModelReg.exe
    - 2006-11-02 12:36:03 94,208 —-a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    + 2008-01-05 11:21:39 102,400 —-a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    - 2006-11-02 12:36:02 122,880 —-a-w c:\windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
    + 2008-01-05 11:21:39 122,880 —-a-w c:\windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
    - 2007-09-19 06:59:11 10,752 —-a-w c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_nl_b03f5f7f11d50a3a\sysglobl.resources.dll
    + 2008-01-06 06:56:55 10,752 —-a-w c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_nl_b03f5f7f11d50a3a\sysglobl.resources.dll
    - 2006-10-20 01:14:46 110,592 —-a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2008-01-05 11:26:54 110,592 —-a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2007-09-19 06:59:06 28,672 —-a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Configuration.Install.resources.dll
    + 2008-01-06 06:56:55 28,672 —-a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Configuration.Install.resources.dll
    - 2006-10-20 01:14:46 81,920 —-a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2008-01-05 11:26:54 81,920 —-a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2007-09-19 06:59:05 49,152 —-a-w c:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Configuration.resources.dll
    + 2008-01-06 06:56:55 49,152 —-a-w c:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Configuration.resources.dll
    - 2006-10-20 01:14:46 413,696 —-a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2008-01-05 11:26:54 425,984 —-a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2007-09-19 06:59:30 110,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_nl_b77a5c561934e089\System.Data.OracleClient.resources.dll
    + 2008-01-06 06:56:55 110,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_nl_b77a5c561934e089\System.Data.OracleClient.resources.dll
    - 2007-09-19 06:59:05 331,776 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_nl_b77a5c561934e089\System.Data.resources.dll
    + 2008-01-06 06:56:55 344,064 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_nl_b77a5c561934e089\System.Data.resources.dll
    - 2007-09-19 06:59:11 36,864 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_nl_b77a5c561934e089\system.data.sqlxml.resources.dll
    + 2008-01-06 06:56:55 36,864 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_nl_b77a5c561934e089\system.data.sqlxml.resources.dll
    - 2006-10-20 01:14:48 716,800 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2008-01-05 11:26:55 741,376 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2007-09-19 06:59:07 380,928 —-a-w c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Deployment.resources.dll
    + 2008-01-06 06:56:55 385,024 —-a-w c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Deployment.resources.dll
    - 2006-10-20 01:14:49 888,832 —-a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2008-01-05 11:26:55 933,888 —-a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2007-09-19 06:59:00 540,672 —-a-w c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Design.resources.dll
    + 2008-01-06 06:56:55 540,672 —-a-w c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Design.resources.dll
    - 2006-10-20 01:14:49 5,050,368 —-a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2008-01-05 11:26:55 5,070,848 —-a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2007-09-19 06:59:13 28,672 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
    + 2008-01-06 06:56:55 28,672 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
    - 2006-10-20 01:14:50 188,416 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2008-01-05 11:26:55 188,416 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2007-09-19 06:59:16 40,960 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.DirectoryServices.resources.dll
    + 2008-01-06 06:56:55 40,960 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.DirectoryServices.resources.dll
    - 2006-10-20 01:14:50 397,312 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2008-01-05 11:26:55 401,408 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2007-09-19 06:59:15 6,144 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Drawing.Design.resources.dll
    + 2008-01-06 06:56:55 6,144 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Drawing.Design.resources.dll
    - 2006-10-20 01:14:51 81,920 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2008-01-05 11:26:55 81,920 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2007-09-19 06:59:06 24,576 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Drawing.resources.dll
    + 2008-01-06 06:56:55 24,576 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Drawing.resources.dll
    - 2006-10-20 01:14:51 704,512 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2008-01-05 11:26:55 630,784 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2007-09-19 06:59:04 32,768 —-a-w c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.EnterpriseServices.resources.dll
    + 2008-01-06 06:56:55 32,768 —-a-w c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.EnterpriseServices.resources.dll
    - 2007-09-19 06:59:35 61,440 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.resources\3.0.0.0_nl_b77a5c561934e089\System.IdentityModel.Resources.dll
    + 2008-01-06 06:56:58 61,440 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.resources\3.0.0.0_nl_b77a5c561934e089\System.IdentityModel.Resources.dll
    - 2007-09-19 06:59:35 53,248 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors.resources\3.0.0.0_nl_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
    + 2008-01-06 06:56:58 53,248 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors.resources\3.0.0.0_nl_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
    - 2006-11-02 12:36:02 126,976 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2008-01-05 11:21:38 126,976 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    - 2006-11-02 12:36:02 413,696 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2008-01-05 11:21:37 430,080 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2007-09-19 06:59:35 11,264 —-a-w c:\windows\assembly\GAC_MSIL\System.IO.Log.resources\3.0.0.0_nl_b03f5f7f11d50a3a\System.IO.Log.Resources.dll
    + 2008-01-06 06:56:58 11,264 —-a-w c:\windows\assembly\GAC_MSIL\System.IO.Log.resources\3.0.0.0_nl_b03f5f7f11d50a3a\System.IO.Log.Resources.dll
    - 2006-11-02 12:36:02 131,072 —-a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2008-01-05 11:21:38 131,072 —-a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    - 2007-09-19 06:59:14 13,312 —-a-w c:\windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Management.resources.dll
    + 2008-01-06 06:56:55 13,824 —-a-w c:\windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Management.resources.dll
    - 2006-10-20 01:14:52 368,640 —-a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2008-01-05 11:26:58 372,736 —-a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2007-09-19 06:59:05 77,824 —-a-w c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Messaging.resources.dll
    + 2008-01-06 06:56:55 77,824 —-a-w c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Messaging.resources.dll
    - 2006-10-20 01:14:52 258,048 —-a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2008-01-05 11:26:58 258,048 —-a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2007-09-19 06:59:30 204,800 —-a-w c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_nl_b77a5c561934e089\system.resources.dll
    + 2008-01-06 06:56:55 208,896 —-a-w c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_nl_b77a5c561934e089\system.resources.dll
    - 2007-09-19 06:59:11 32,768 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_nl_b77a5c561934e089\System.Runtime.Remoting.resources.dll
    + 2008-01-06 06:56:55 32,768 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_nl_b77a5c561934e089\System.Runtime.Remoting.resources.dll
    - 2006-10-20 01:14:53 299,008 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2008-01-05 11:26:58 299,008 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2007-09-19 06:59:10 11,264 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
    + 2008-01-06 06:56:55 11,264 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
    - 2006-10-20 01:14:53 131,072 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2008-01-05 11:26:58 131,072 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2007-09-19 06:59:35 86,016 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_nl_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
    + 2008-01-06 06:56:58 90,112 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_nl_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
    - 2006-11-02 12:36:03 888,832 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2008-01-05 11:21:38 929,792 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2007-09-19 06:59:10 28,672 —-a-w c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Security.resources.dll
    + 2008-01-06 06:56:55 28,672 —-a-w c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Security.resources.dll
    - 2006-10-20 01:14:53 258,048 —-a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2008-01-05 11:26:58 258,048 —-a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2007-09-19 06:59:35 36,864 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install.resources\3.0.0.0_nl_b77a5c561934e089\System.ServiceModel.Install.Resources.dll
    + 2008-01-06 06:56:58 36,864 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install.resources\3.0.0.0_nl_b77a5c561934e089\System.ServiceModel.Install.Resources.dll
    - 2006-11-02 12:36:02 159,744 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
    + 2008-01-05 11:21:40 159,744 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
    - 2007-09-19 06:59:35 438,272 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_nl_b77a5c561934e089\System.ServiceModel.Resources.dll
    + 2008-01-06 06:56:58 458,752 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_nl_b77a5c561934e089\System.ServiceModel.Resources.dll
    - 2006-11-02 12:36:03 16,384 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    + 2008-01-05 11:21:40 32,768 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    - 2006-11-02 12:36:03 5,672,960 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2008-01-05 11:21:38 5,971,968 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    - 2007-09-19 06:59:11 40,960 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
    + 2008-01-06 06:56:55 40,960 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
    - 2006-10-20 01:14:53 114,688 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2008-01-05 11:26:58 114,688 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2006-11-02 12:36:01 688,128 —-a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
    + 2008-01-05 11:21:55 688,128 —-a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2007-09-19 06:59:05 16,384 —-a-w c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_nl_b77a5c561934e089\System.Transactions.resources.dll
    + 2008-01-06 06:56:55 16,384 —-a-w c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_nl_b77a5c561934e089\System.Transactions.resources.dll
    - 2007-09-19 06:59:14 40,960 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
    + 2008-01-06 06:56:55 40,960 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
    - 2006-10-20 01:14:54 835,584 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2008-01-05 11:26:59 884,736 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2006-10-20 01:14:55 86,016 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2008-01-05 11:26:59 90,112 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2008-04-19 09:55:24 622,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Web.resources.dll
    + 2008-01-06 06:56:55 622,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Web.resources.dll
    - 2007-09-19 06:59:15 77,824 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Web.Services.resources.dll
    + 2008-01-06 06:56:55 81,920 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Web.Services.resources.dll
    - 2006-10-20 01:14:55 823,296 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2008-01-05 11:27:00 839,680 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2007-09-19 06:59:31 446,464 —-a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll
    + 2008-01-06 06:56:55 446,464 —-a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll
    - 2006-10-20 01:14:56 5,414,912 —-a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2008-01-05 11:27:02 5,013,504 —-a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2007-09-19 06:59:35 187,208 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities.resources\3.0.0.0_nl_31bf3856ad364e35\System.Workflow.Activities.resources.dll
    + 2008-01-06 06:57:03 193,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities.resources\3.0.0.0_nl_31bf3856ad364e35\System.Workflow.Activities.resources.dll
    - 2006-11-02 12:36:00 1,108,784 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
    + 2008-01-05 11:22:14 1,152,040 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
    - 2007-09-19 06:59:35 314,192 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel.resources\3.0.0.0_nl_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
    + 2008-01-06 06:57:03 316,480 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel.resources\3.0.0.0_nl_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
    - 2006-11-02 12:36:00 1,641,272 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
    + 2008-01-05 11:22:15 1,635,376 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
    - 2007-09-19 06:59:35 43,840 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_nl_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
    + 2008-01-06 06:57:03 46,136 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_nl_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
    - 2006-11-02 12:36:00 588,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
    + 2008-01-05 11:22:15 578,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
    - 2007-09-19 06:59:05 163,840 —-a-w c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_nl_b77a5c561934e089\System.xml.resources.dll
    + 2008-01-06 06:56:55 163,840 —-a-w c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_nl_b77a5c561934e089\System.xml.resources.dll
    - 2006-10-20 01:14:58 2,039,808 —-a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2008-01-05 11:27:03 2,068,480 —-a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2006-10-20 01:14:51 3,035,136 —-a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2008-01-05 11:26:55 3,076,096 —-a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2006-11-02 09:47:22 163,840 —-a-w c:\windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll
    + 2008-01-19 07:39:26 163,840 —-a-w c:\windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll
    - 2006-11-02 12:36:01 163,840 —-a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    + 2008-0
















  • Zou je de log [b:15f72fccc8]volledig[/b:15f72fccc8] willen plaatsen?
  • hmmm dat is erg vreemd. ik heb de complete log van combofix toch echt gekopieerd, maar blijkbaar ging daar wat mis.
    ik doe de log van combofix in een volgend bericht..ik heb nu namelijk 100% zeker de complete log geplaatst, maar ik ga waarschijnlijk over een maximum aantal tekens heen. de combofix log werd namelijk alweer niet helemaal getoond

    de 3 logjes

    hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:34:50, on 14-2-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Packard Bell\FIJI\ABoard.exe
    C:\Program Files\Packard Bell\FIJI\AOSD.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\Windows\V0230Mon.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\ProgramData\U3\U3Launcher\LaunchU3.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Startup: LaunchU3.exe.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


    End of file - 9610 bytes


    malware:
    Malwarebytes' Anti-Malware 1.25
    Database versie: 1062
    Windows 6.0.6001 Service Pack 1

    21:38:09 2-1-2009
    mbam-log-01-02-2009 (21-38-09).txt

    Scan type: Snelle Scan
    Objecten gescand: 1
    Verstreken tijd: 4 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)
  • om de 1 of andere reden kan ik niet mijn complete log plaatsen van combofix……..
  • Plaats dan 2 berichten achter elkaar.
  • het is een bestand van 1,23 MB….ik moet dan dus echt 10 berichte plaatse ofzo :P…moet u anders een specifiek onderdeel zien?
    als ik bij andere berichten kijk, dan valt me op dat de combofix logjes van hun echt veel kleiner zijn.
    ook kan ik niet vinden tot hoever het logje geplaatst is in mijn vorige bericht. ik heb al de zoekfunctie geprobeerd, maar dat haalt ook niks uit.
  • Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.


    Kijk vervolgens of het logje kleiner wordt.
  • me logje is nu mooi klein :)

    combofix logje
    ComboFix 09-02-12.03 - beheer 2009-02-14 17:53:07.3 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2046.1236 [GMT 1:00]
    Gestart vanuit: c:\users\beheer\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))
    .

    2009-02-14 12:47 . 2009-02-14 12:47 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-14 12:47 . 2009-02-11 10:19 38,496 –a—— c:\windows\System32\drivers\mbamswissarmy.sys
    2009-02-14 12:47 . 2009-02-11 10:19 15,504 –a—— c:\windows\System32\drivers\mbam.sys
    2009-02-12 15:06 . 2009-01-15 04:36 1,383,424 –a—— c:\windows\System32\mshtml.tlb
    2009-02-12 15:06 . 2009-01-15 07:11 827,392 –a—— c:\windows\System32\wininet.dll
    2009-02-08 14:07 . 2009-02-08 14:07 <DIR> d——– c:\windows\Watson
    2009-01-31 14:13 . 2009-01-31 14:13 10,520 –a—— c:\windows\System32\avgrsstx.dll
    2009-01-28 02:39 . 2009-01-28 02:39 <DIR> d——– c:\users\beheer\AppData\Roaming\PeerNetworking
    2009-01-15 11:25 . 2009-01-15 11:25 0 –a—— c:\windows\System32\msexcr.ini
    2009-01-14 13:03 . 2008-12-16 03:42 288,768 –a—— c:\windows\System32\drivers\srv.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-13 14:55 ——— d—–w c:\programdata\Microsoft Help
    2009-02-13 14:54 ——— d—–w c:\program files\Windows Mail
    2009-02-08 16:03 ——— d—–w c:\program files\Messenger Plus! Live
    2009-02-08 13:07 ——— d—–w c:\program files\Microsoft Games
    2009-02-08 11:31 ——— d—–w c:\program files\Steam
    2009-02-08 11:29 ——— d—–w c:\program files\Common Files\Steam
    2009-01-31 18:05 ——— d—–w c:\users\beheer\AppData\Roaming\uTorrent
    2009-01-31 17:41 ——— d—–w c:\users\beheer\AppData\Roaming\Tibia
    2009-01-31 13:13 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2009-01-31 13:10 ——— d—–w c:\programdata\avg8
    2009-01-24 22:13 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-23 23:33 ——— d—–w c:\users\beheer\AppData\Roaming\Packard Bell
    2009-01-17 13:53 ——— d—–w c:\program files\DVD Decrypter
    2009-01-11 12:47 ——— d—–w c:\program files\GameSpy Arcade
    2009-01-11 12:46 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-11 12:46 ——— d—–w c:\program files\Infogrames
    2009-01-09 13:24 ——— d—–w c:\programdata\Electronic Arts
    2009-01-08 19:23 ——— d—–w c:\users\beheer\AppData\Roaming\U3
    2009-01-07 10:05 ——— d—–w c:\programdata\U3
    2009-01-04 17:34 421,888 —-a-w c:\windows\NEXON_EU_DownloaderUpdater.exe
    2009-01-03 20:22 ——— d—–w c:\program files\NEXON
    2009-01-02 20:39 ——— d—–w c:\users\beheer\AppData\Roaming\Red Kawa
    2009-01-02 20:38 ——— d—–w c:\program files\Red Kawa
    2009-01-02 20:38 ——— d—–w c:\program files\AviSynth 2.5
    2009-01-02 16:12 ——— d—–w c:\users\beheer\AppData\Roaming\Apple Computer
    2009-01-01 15:07 ——— d—–w c:\program files\DAEMON Tools Lite
    2009-01-01 13:06 ——— d—a-w c:\programdata\TEMP
    2008-12-26 15:18 ——— d—–w c:\program files\Common Files\INCA Shared
    2008-12-26 14:48 ——— d—–w c:\program files\Triggersoft
    2008-12-26 14:45 ——— d—–w c:\users\beheer\AppData\Roaming\DAEMON Tools Pro
    2008-12-26 14:45 ——— d—–w c:\users\beheer\AppData\Roaming\DAEMON Tools Lite
    2008-12-26 14:45 ——— d—–w c:\users\beheer\AppData\Roaming\DAEMON Tools
    2008-12-24 09:02 ——— d—–w c:\programdata\DAEMON Tools Lite
    2008-12-22 10:32 ——— d—–w c:\program files\Common Files\Adobe
    2008-12-03 16:38 410,984 —-a-w c:\windows\System32\deploytk.dll
    2008-11-03 11:35 22,328 —-a-w c:\users\beheer\AppData\Roaming\PnkBstrK.sys
    2008-06-10 11:37 174 –sha-w c:\program files\desktop.ini
    2007-09-19 06:57 65,536 –sha-w c:\windows\oem\mp\boot\bootstat.dat
    .

    ((((((((((((((((((((((((((((( SnapShot_2009-02-14_13.26.50,04 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-14 11:56:31 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-02-14 12:33:17 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-02-14 11:56:31 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-02-14 12:33:17 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-02-14 12:26:26 262,144 –sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-02-14 12:35:34 262,144 –sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-02-14 12:35:34 262,144 —ha-w c:\windows\ServiceProfiles\LocalService
    tuser.dat.LOG1
    - 2009-02-14 11:57:22 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-02-14 12:35:29 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-02-14 12:35:29 262,144 —ha-w c:\windows\ServiceProfiles\NetworkService
    tuser.dat.LOG1
    - 2009-02-07 15:06:08 104,742 —-a-w c:\windows\System32\perfc009.dat
    + 2009-02-14 14:07:04 104,742 —-a-w c:\windows\System32\perfc009.dat
    - 2009-02-07 15:06:08 131,268 —-a-w c:\windows\System32\perfc013.dat
    + 2009-02-14 14:07:04 131,268 —-a-w c:\windows\System32\perfc013.dat
    - 2009-02-07 15:06:08 595,308 —-a-w c:\windows\System32\perfh009.dat
    + 2009-02-14 14:07:04 595,308 —-a-w c:\windows\System32\perfh009.dat
    - 2009-02-07 15:06:08 676,772 —-a-w c:\windows\System32\perfh013.dat
    + 2009-02-14 14:07:04 676,772 —-a-w c:\windows\System32\perfh013.dat
    - 2009-02-14 11:58:19 11,236 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3522226232-1942944502-194646757-1002_UserData.bin
    + 2009-02-14 12:35:36 11,252 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3522226232-1942944502-194646757-1002_UserData.bin
    - 2009-02-14 11:58:19 106,688 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-02-14 12:35:36 106,688 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-02-14 11:58:16 50,160 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-02-14 12:35:34 50,176 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
    "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
    "ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-18 79416]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
    "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
    "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-08-16 24576]
    "V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-06 32768]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
    "AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

    c:\users\beheer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    LaunchU3.exe.lnk - c:\users\beheer\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2009-01-07 22486]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{2D53509A-3ED5-4CC3-9F34-6A268EE77BC5}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
    "{D970F797-5F19-4867-BEAB-05231C597985}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
    "{47021227-DEE2-46B1-8404-F8BA768AE001}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{F10CE4DA-0307-4046-939D-8725A708CFEF}c:\\users\\beheer\\desktop\\utorrent.exe"= UDP:c:\users\beheer\desktop\utorrent.exe:utorrent.exe
    "UDP Query User{0109AE69-AB1F-43E2-B426-EDE9EDC5B7A3}c:\\users\\beheer\\desktop\\utorrent.exe"= TCP:c:\users\beheer\desktop\utorrent.exe:utorrent.exe
    "TCP Query User{7B621949-9CC8-45E8-90F5-A991AB24CBB0}c:\\team17\\worms2\\frontend.exe"= UDP:c:\team17\worms2\frontend.exe:Worms 2 Frontend
    "UDP Query User{937C11A0-490D-40E3-A0B1-3BBD9FE006CA}c:\\team17\\worms2\\frontend.exe"= TCP:c:\team17\worms2\frontend.exe:Worms 2 Frontend
    "TCP Query User{0F215929-FA5A-4CCF-A64C-8C95BF29CC4B}c:\\program files\\steam\\steamapps\\common\\quake ii demo\\quake2.exe"= UDP:c:\program files\steam\steamapps\common\quake ii demo\quake2.exe:quake2
    "UDP Query User{65BB292A-0895-4205-97D6-9BDD4FF7FC6B}c:\\program files\\steam\\steamapps\\common\\quake ii demo\\quake2.exe"= TCP:c:\program files\steam\steamapps\common\quake ii demo\quake2.exe:quake2
    "{083CA4CC-315A-40FB-8D8F-D4B4EDB2E280}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{90EA6059-5A76-4C84-84D3-A963C3204430}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{C78C6D22-7C31-45B6-BD16-BBD89C3355AA}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{EAC5E012-18A5-4AA9-BBBC-2D8F7E7535C4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{F31901A9-9B74-4D45-81B2-60B0DA612B16}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{EC77B39B-DA17-4696-B66A-26B7636006B6}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft
    "UDP Query User{8C0C4558-B60B-4895-8D69-7734FE8B6627}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft
    "TCP Query User{7B03B8D5-2255-4845-9BDC-09B8FCAC4C32}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
    "UDP Query User{A43BFCB2-A8EA-4AFD-B8B2-431EBCE8C508}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
    "{E1260816-32EC-47FA-B16B-C9D6534DC11B}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{898E47C1-2562-41B2-87A6-94D6DF73252C}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{B60D594B-779D-46D2-82F8-C716424D5825}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{B02722A2-AA23-4C5D-B608-A63929431E7B}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{91B1DCB6-65E1-4502-B88E-DCB5845D53F6}"= UDP:c:\program files\SightSpeed\SightSpeed.exe:SightSpeed
    "{935901A1-7767-4F52-936D-D2E32077E7D5}"= TCP:c:\program files\SightSpeed\SightSpeed.exe:SightSpeed
    "TCP Query User{BD6B22E4-13ED-419C-988A-A75B3DC712EE}c:\\program files\\steam\\steamapps\\benniejuckers\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\benniejuckers\counter-strike source\hl2.exe:hl2
    "UDP Query User{8621F41B-D3F1-438F-9729-785047B2B4C2}c:\\program files\\steam\\steamapps\\benniejuckers\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\benniejuckers\counter-strike source\hl2.exe:hl2
    "{A9C500EB-34DB-457D-BC45-528AF807FDA9}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
    "TCP Query User{116E958E-D0E8-45B1-ACEA-A2B964DEF4B2}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
    "UDP Query User{7AB2CBB8-4162-42E6-B31A-A06CCD1FA6B2}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
    "{DFC2A072-2AE3-4524-8DAE-9C409835E4DE}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
    "{07B237DC-B47C-41B6-AB37-BF8F77F237C0}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
    "TCP Query User{080C9DAB-80D4-43A7-BBEC-13B65A368C27}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{EB5F40FB-4863-4BDB-A1B6-1FFF51EEF5F0}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "TCP Query User{50319A0A-7DA1-4796-B93C-365A63D6CA90}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{9825299B-2E9B-4A98-8562-56A9E6DE4BCE}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{5EA1AA3F-D656-4B07-AF77-58617CA01063}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{971E0735-BE36-4440-A937-555579F3AF12}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "TCP Query User{13D08E48-23D0-4E5C-AC66-60AC8014C769}c:\\users\\beheer\\desktop\\utorrent(2).exe"= UDP:c:\users\beheer\desktop\utorrent(2).exe:utorrent(2).exe
    "UDP Query User{323C161E-BE44-4AF9-A99D-5440E96EA29B}c:\\users\\beheer\\desktop\\utorrent(2).exe"= TCP:c:\users\beheer\desktop\utorrent(2).exe:utorrent(2).exe
    "TCP Query User{69C45C40-FDC6-49D6-8448-FDE102715397}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "UDP Query User{D326E9CB-1CA5-40AC-A1C4-286AC6489285}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "TCP Query User{2AE1B003-74C2-4AFA-AC15-97EA24D8F93F}c:\\program files\\ubisoft\\demo\\ghost recon advanced warfighter demo\\graw_demo.exe"= UDP:c:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe:GRAW_demo
    "UDP Query User{99A0EBEC-8764-40FF-990D-6A65D4CBC2D8}c:\\program files\\ubisoft\\demo\\ghost recon advanced warfighter demo\\graw_demo.exe"= TCP:c:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe:GRAW_demo
    "TCP Query User{79E5A2CD-4298-4BBD-8081-860A3CE662A1}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
    "UDP Query User{E0A841C0-14C8-40C4-8481-C432A76C4B7E}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
    "{A299A4BD-0C07-48E1-9C19-0A59C180EF47}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{C03EEFD2-03BF-448C-9BE6-F44778EC099F}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{AD521E78-BE10-45DF-8A57-B9EEFEF68851}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{9B3AF09D-907B-4BD0-A31C-3ADCAB8E911E}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{839199EF-8EB3-4A06-9149-BD880FD84F6D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{9DEC24EF-2EAC-4042-A7B7-08123C79C4D9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{970CD10E-E24C-43E7-A948-2A4637F550AF}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{DEBA4046-7390-4DC3-8386-720F169AC81E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{3321CBC2-1D91-4AB3-B7EC-4C24E406B6D2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{3F5D81E7-3CE7-4E82-A752-3D91C595CE81}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{C76A53DC-D556-41C4-9A18-84C0F2119F6C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{B7C31A96-CE7A-4669-9BB4-6557F64F5ABC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{A0DB3443-7596-4362-8070-A844D30E5161}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{BBA67C94-DBF0-4B28-B4A1-86999F71873C}c:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
    "UDP Query User{279D769E-427C-47B0-955A-A31F656B74AC}c:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
    "TCP Query User{73463C0F-9215-46D4-A294-F7E682CD72F3}c:\
    exon\
    exon_eu_downloader\
    exon_eu_downloader_engine.exe"= UDP:c:
    exon
    exon_eu_downloader
    exon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
    "UDP Query User{E34159B0-400C-4C42-B482-CC4FA71BA128}c:\
    exon\
    exon_eu_downloader\
    exon_eu_downloader_engine.exe"= TCP:c:
    exon
    exon_eu_downloader
    exon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
    "{6209C124-C8BA-433E-9DA7-6A3E9352B435}"= UDP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
    "{780B5518-83DD-4146-B844-A35B1838D1EE}"= TCP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
    "{3F0089AF-F826-4BAD-9CCB-A148AFC51091}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
    "{F6B6F843-1B87-427A-ACC5-DD4DF8DB21E0}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-07-17 325128]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-05-11 809296]
    S2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2008-10-17 10240]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [2008-08-07 13352]
    S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [2008-08-06 81832]
    S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [2008-08-06 13864]
    S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [2008-08-06 107304]
    S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [2008-08-06 99112]
    S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [2008-08-06 21928]
    S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [2008-08-06 97320]
    S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [2008-08-06 97704]
    S3 V0230Vfx;V0230Vfx;c:\windows\System32\drivers\V0230Vfx.sys [2008-07-05 6272]
    S3 V0230VID;Live! Cam Video IM Pro;c:\windows\System32\drivers\V0230VID.sys [2008-07-05 500480]

    — Andere Services/Drivers In Geheugen —

    *Deregistered* - sptd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0536c5f9-8412-11dd-b5cf-001c2532cb35}]
    \shell\AutoRun\command - J:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{307d437d-dc95-11dd-bbc5-001c2532cb35}]
    \shell\AutoRun\command - K:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6620ce7f-0f9e-11dd-83de-001c2532cb35}]
    \shell\AutoRun\command - J:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc1802fa-f524-11dd-928d-001c2532cb35}]
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Info.exe protect.ed 480 480
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-14 c:\windows\Tasks\Recovery DVD Creator.job
    - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\users\beheer\AppData\Roaming\Mozilla\Firefox\Profiles\msm2wx0d.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Marktplaats.nl
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/webhp?hl=nl&tab=iw
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-14 17:55:27
    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2009-02-14 17:57:15
    ComboFix-quarantined-files.txt 2009-02-14 16:57:13
    ComboFix2.txt 2009-02-14 12:28:30
    ComboFix3.txt 2008-05-13 21:20:55

    Pre-Run: 250.340.020.224 bytes beschikbaar
    Post-Run: 250,320,887,808 bytes beschikbaar

    261 — E O F — 2009-02-13 21:42:58













Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.