Deze website maakt gebruik van cookies. Waarom? Klik hier voor ons privacy- en cookiebeleid. Door op akkoord te klikken of door gebruik te blijven maken van deze website geeft u aan akkoord te zijn met het gebruik van cookies.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Graag logje bekijken

None
16 antwoorden
  • Hoi,

    Ik vertrouwde het niet na opeens veel spam te hebben gekregen en problemen met verzenden van post. En jawel, Combofix kwam met een melding. Daarna ook een Hijackthislog gemaakt, zie onder. Graag jullie deskundige blik op met name de Hijackthiglog!

    ComboFix 09-11-20.02 - gebruiker 21-11-2009 9:10.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1464 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\gebruiker\Application Data\mdbu.bin
    c:\documents and settings\gebruiker\Menu Start\Programma's\Opstarten\OpenOffice.org 3.1 .lnk
    c:\windows\system32\drivers\pciide.sys

    Besmet exemplaar van c:\windows\system32\drivers\vaxscsi.sys werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - Kitty ate it :p
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-10-21 to 2009-11-21 ))))))))))))))))))))))))))))))
    .

    2009-11-21 08:03 . 2009-11-21 08:01 399872 —-a-w- c:\windows\system32\CF14009.exe
    2009-11-14 15:01 . 2009-11-21 00:11 0 —-a-w- c:\documents and settings\gebruiker\Local Settings\Application Data\prvlcl.dat
    2009-11-13 17:58 . 2009-11-21 00:53 ——– d–h–r- c:\documents and settings\gebruiker\Onlangs geopend
    2009-11-13 17:47 . 2009-10-16 11:12 1119488 —-a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2009-11-12 21:43 . 2009-11-12 21:43 152576 —-a-w- c:\documents and settings\gebruiker\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-12 21:43 . 2009-11-12 21:43 79488 —-a-w- c:\documents and settings\gebruiker\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-11-12 12:39 . 2009-11-11 17:03 4026136 —-a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    2009-11-12 12:39 . 2009-11-11 17:03 2016536 —-a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
    2009-11-12 12:39 . 2009-11-11 17:03 1257240 —-a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
    2009-11-12 12:39 . 2009-11-11 17:03 496920 —-a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
    2009-11-12 12:39 . 2009-11-11 17:03 600344 —-a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
    2009-11-12 12:39 . 2009-11-11 17:03 3963672 —-a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2009-11-11 17:12 . 2009-11-11 17:12 ——– d—–w- c:\documents and settings\gebruiker\Local Settings\Application Data\AVG Security Toolbar
    2009-11-11 17:03 . 2009-11-11 17:10 ——– d—–w- C:\$AVG
    2009-11-11 17:03 . 2009-11-13 17:47 ——– d—–w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-11-11 17:03 . 2009-11-11 17:03 ——– d—–w- c:\documents and settings\All Users\Application Data\avg9
    2009-10-31 21:57 . 2009-10-31 21:57 ——– d—–w- c:\documents and settings\gebruiker\Application Data\Winamp
    2009-10-29 21:32 . 2007-02-27 13:31 21504 —-a-w- c:\windows\system32\drivers\motmodem.sys
    2009-10-29 21:32 . 2006-11-13 13:45 1419232 —-a-w- c:\windows\system32\wdfcoinstaller01005.dll
    2009-10-29 21:17 . 2009-10-29 21:17 ——– d—–w- c:\documents and settings\gebruiker\Local Settings\Application Data\BVRP Software
    2009-10-29 21:15 . 2009-10-29 21:33 ——– d—–w- c:\program files\Motorola Phone Tools
    2009-10-29 19:48 . 2009-10-29 19:48 ——– d—–w- c:\program files\Common Files\Motorola Shared
    2009-10-29 19:47 . 2009-10-29 19:47 ——– d—–w- c:\program files\Carambis
    2009-10-26 20:56 . 2009-10-26 20:56 25992 —-a-w- c:\windows\system32\pgdfgsvc.exe
    2009-10-26 18:30 . 2007-03-12 15:42 3495784 —-a-w- c:\windows\system32\d3dx9_33.dll
    2009-10-26 18:26 . 2009-10-26 18:26 ——– d—–w- c:\documents and settings\All Users\Application Data\HEMA Fotoservice
    2009-10-26 18:26 . 2009-10-26 18:26 ——– d—–w- c:\program files\HEMA Fotoservice

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-21 08:22 . 2009-02-27 19:52 ——– d—–w- c:\program files\DNA
    2009-11-21 08:22 . 2009-02-27 19:52 ——– d—–w- c:\documents and settings\gebruiker\Application Data\DNA
    2009-11-21 08:21 . 2005-05-11 18:20 12341 —-a-w- c:\windows\system32\Tablet.dat
    2009-11-21 08:19 . 2008-04-09 16:23 12 —-a-w- c:\windows\bthservsdp.dat
    2009-11-20 23:40 . 2007-08-26 16:38 ——– d—–w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-11-18 18:16 . 2009-09-17 19:15 1 —-a-w- c:\documents and settings\gebruiker\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-11-16 17:14 . 2005-05-27 22:23 ——– d—–w- c:\program files\Soulseek
    2009-11-12 21:44 . 2005-05-14 20:18 ——– d—–w- c:\program files\Java
    2009-11-11 18:51 . 2008-04-22 15:36 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-11 18:50 . 2008-05-28 14:26 4045528 —-a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-11-11 17:03 . 2008-05-24 17:27 333192 —-a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-11-11 17:03 . 2008-05-24 17:27 360584 —-a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-11-11 17:03 . 2008-01-17 19:04 28424 —-a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-11-11 17:03 . 2008-05-24 17:27 12464 —-a-w- c:\windows\system32\avgrsstx.dll
    2009-11-11 17:03 . 2008-05-24 17:27 ——– d—–w- c:\program files\AVG
    2009-11-07 12:11 . 2007-01-11 12:46 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-11-07 12:11 . 2009-07-08 16:41 ——– d—–w- c:\program files\SpywareBlaster
    2009-10-31 21:57 . 2005-06-07 11:05 ——– d—–w- c:\program files\Winamp
    2009-10-29 22:04 . 2009-02-27 19:52 ——– d—–w- c:\documents and settings\gebruiker\Application Data\BitTorrent
    2009-10-29 21:17 . 2007-05-02 16:12 ——– d—–w- c:\program files\Avanquest update
    2009-10-29 21:15 . 2007-05-02 16:11 ——– d—–w- c:\documents and settings\All Users\Application Data\BVRP Software
    2009-10-29 21:15 . 2005-04-16 09:19 ——– d–h–w- c:\program files\InstallShield Installation Information
    2009-10-29 21:15 . 2007-05-02 16:30 92064 —-a-w- c:\documents and settings\gebruiker\mqdmmdm.sys
    2009-10-29 21:15 . 2007-05-02 16:30 79328 —-a-w- c:\documents and settings\gebruiker\mqdmserd.sys
    2009-10-29 21:15 . 2007-05-02 16:30 5936 —-a-w- c:\documents and settings\gebruiker\mqdmwhnt.sys
    2009-10-29 21:15 . 2007-05-02 16:30 9232 —-a-w- c:\documents and settings\gebruiker\mqdmmdfl.sys
    2009-10-29 21:15 . 2007-05-02 16:30 66656 —-a-w- c:\documents and settings\gebruiker\mqdmbus.sys
    2009-10-29 21:15 . 2007-05-02 16:30 6208 —-a-w- c:\documents and settings\gebruiker\mqdmcmnt.sys
    2009-10-29 21:15 . 2007-05-02 16:30 4048 —-a-w- c:\documents and settings\gebruiker\mqdmcr.sys
    2009-10-29 21:15 . 2007-05-02 16:11 25600 —-a-w- c:\documents and settings\gebruiker\usbsermptxp.sys
    2009-10-29 21:15 . 2007-05-02 16:11 22768 —-a-w- c:\documents and settings\gebruiker\usbsermpt.sys
    2009-10-29 19:49 . 2009-10-29 19:49 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2009-10-29 19:49 . 2009-10-29 19:49 0 —ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-10-25 06:05 . 2004-09-15 01:50 91632 —-a-w- c:\windows\system32\perfc013.dat
    2009-10-25 06:05 . 2004-09-15 01:50 511866 —-a-w- c:\windows\system32\perfh013.dat
    2009-10-19 15:49 . 2005-05-11 21:14 79128 —-a-w- c:\documents and settings\gebruiker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-19 15:39 . 2009-10-19 15:39 ——– d—–w- c:\program files\MSECache
    2009-10-19 14:39 . 2009-09-23 14:39 3695616 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
    2009-10-19 14:39 . 2009-09-02 14:39 2353992 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
    2009-10-14 07:51 . 2005-06-06 16:44 ——– d—–w- c:\program files\Sony
    2009-10-13 17:28 . 2009-10-13 17:28 ——– d—–w- c:\program files\Bonjour
    2009-10-13 17:28 . 2009-10-13 17:27 ——– d—–w- c:\program files\QuickTime
    2009-10-13 17:26 . 2008-03-22 16:58 ——– d—–w- c:\program files\Common Files\Apple
    2009-10-11 03:17 . 2009-06-19 14:51 411368 —-a-w- c:\windows\system32\deploytk.dll
    2009-10-02 17:39 . 2009-10-02 17:39 ——– d—–w- c:\program files\Amazon
    2009-09-14 06:48 . 2008-01-11 18:26 2034 —-a-w- c:\documents and settings\gebruiker\Application Data\SAS7_000.DAT
    2009-09-11 14:20 . 2005-03-01 20:20 136192 —-a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 13:54 . 2008-09-01 03:58 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 13:53 . 2008-05-28 14:26 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-04 21:05 . 2005-03-01 20:19 58880 —-a-w- c:\windows\system32\msasn1.dll
    2009-09-02 14:39 . 2009-09-02 16:11 15688 —-a-w- c:\windows\system32\lsdelete.exe
    2009-09-02 14:39 . 2009-09-02 14:40 64160 —-a-w- c:\windows\system32\drivers\Lbd.sys
    2009-09-02 14:39 . 2009-09-02 14:39 85352 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
    2009-09-02 14:39 . 2009-09-02 14:39 64160 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
    2009-08-29 08:00 . 2005-03-01 20:21 916480 —-a-w- c:\windows\system32\wininet.dll
    2009-08-26 08:02 . 2005-03-01 20:20 247326 —-a-w- c:\windows\system32\strmdll.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-09-03_21.55.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-11 19:54 . 2009-07-11 19:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
    + 2009-07-12 00:07 . 2009-07-12 00:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
    + 2009-07-12 00:19 . 2009-07-12 00:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
    + 2009-11-21 08:21 . 2009-11-21 08:21 16384 c:\windows\temp\Perflib_Perfdata_7a8.dat
    + 2005-05-26 02:16 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
    + 2005-04-20 15:21 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
    + 2005-03-01 20:21 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
    + 2005-06-06 16:45 . 2009-04-28 20:20 96752 c:\windows\system32\vxblock.dll
    + 2009-10-06 16:28 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
    + 2009-10-06 16:28 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
    + 2005-06-06 17:00 . 2009-04-28 20:20 66032 c:\windows\system32\pxinsa64.exe
    - 2005-06-06 16:45 . 2008-11-20 19:19 72176 c:\windows\system32\pxhpinst.exe
    + 2005-06-06 16:45 . 2009-04-28 20:20 72176 c:\windows\system32\pxhpinst.exe
    + 2005-06-06 17:00 . 2009-04-28 20:20 66544 c:\windows\system32\pxcpya64.exe
    - 2004-09-15 01:50 . 2009-08-21 02:44 71904 c:\windows\system32\perfc009.dat
    + 2004-09-15 01:50 . 2009-10-25 06:05 71904 c:\windows\system32\perfc009.dat
    - 2007-08-13 17:54 . 2009-07-03 17:00 55296 c:\windows\system32\msfeedsbs.dll
    + 2007-08-13 17:54 . 2009-08-29 08:00 55296 c:\windows\system32\msfeedsbs.dll
    - 2005-03-01 20:19 . 2009-07-03 17:00 25600 c:\windows\system32\jsproxy.dll
    + 2005-03-01 20:19 . 2009-08-29 08:00 25600 c:\windows\system32\jsproxy.dll
    + 2009-10-29 19:50 . 2006-08-11 07:42 90436 c:\windows\system32\DRVSTORE\Netmon-mod_9AD3A142CE55E6AECAA17B567997991448C3690E\Motorola-Netmon-Serial.sys
    + 2009-10-29 21:32 . 2007-02-27 13:31 21504 c:\windows\system32\DRVSTORE\motport_71D29C62AEE638CB12228E143B8BA0A030CBEC0F\motport.sys
    + 2009-10-29 21:32 . 2007-01-23 20:36 22016 c:\windows\system32\DRVSTORE\motousbnet_ABB6512ACA55A7A4E2FA3DE425ED10A6DA3518DB\Motousbnet.sys
    + 2009-10-29 21:32 . 2006-12-14 09:27 40832 c:\windows\system32\DRVSTORE\motodrv_790AECF80A9B3907D8D111D32F7F2573FDCB388A\motodrv.sys
    + 2009-10-29 19:50 . 2006-12-13 16:52 20992 c:\windows\system32\DRVSTORE\motmodem_EB300D82ECD3AD9E7DA068DFA2569A01A85B9F9C\motmodem.sys
    + 2009-10-29 21:32 . 2007-02-27 13:31 21504 c:\windows\system32\DRVSTORE\motmodem_5A78965824B665693BA32EB804F366C0662AB61B\motmodem.sys
    + 2009-10-29 21:32 . 2007-02-27 13:31 17792 c:\windows\system32\DRVSTORE\motccgp_B54E2AE72FC4F575918F765D66FD7A32A96B836E\motccgp.sys
    + 2009-10-29 19:50 . 2006-08-11 07:34 66592 c:\windows\system32\DRVSTORE\M2501uc_6ABE1D60E560C01F808EBE80F1BCA5A3D9FDEC66\M2501uc.sys
    + 2009-10-29 19:50 . 2006-08-11 07:34 90128 c:\windows\system32\DRVSTORE\M2501md_3F9C70CED7D1F0C5A3749D5A551A3DAA6C9518B6\M2501md.sys
    + 2009-10-29 19:50 . 2006-12-06 15:33 94592 c:\windows\system32\DRVSTORE\M2501HCD_B072F3C073A4376B25683AA0AD2B77942B3E843A\M2501HCD.sys
    + 2009-10-29 19:50 . 2006-08-11 07:34 90128 c:\windows\system32\DRVSTORE\M2501at_2F5F7EFE99B5F227AF0764DFDBB083834C1FFEC1\M2501md.sys
    + 2006-11-02 06:22 . 2006-11-02 06:22 32224 c:\windows\system32\drivers\wdfldr.sys
    + 2008-11-20 19:19 . 2009-04-28 20:20 44944 c:\windows\system32\drivers\pxhelp20.sys
    + 2008-12-12 09:11 . 2008-12-12 09:11 61440 c:\windows\system32\dnssd.dll
    - 2007-07-24 13:17 . 2007-07-24 13:17 61440 c:\windows\system32\dnssd.dll
    + 2008-12-12 09:18 . 2008-12-12 09:18 87336 c:\windows\system32\dns-sd.exe
    + 2009-07-29 13:07 . 2009-08-29 08:00 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2009-07-29 13:07 . 2009-07-03 17:00 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2005-04-20 15:21 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
    + 2005-03-01 20:21 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
    - 2007-10-10 23:53 . 2009-07-03 17:00 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2007-10-10 23:53 . 2009-08-29 08:00 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2009-09-04 21:05 . 2009-09-04 21:05 58880 c:\windows\system32\dllcache\msasn1.dll
    - 2005-03-01 20:19 . 2009-07-03 17:00 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2005-03-01 20:19 . 2009-08-29 08:00 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2005-03-01 20:18 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
    + 2005-03-01 20:18 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
    + 2009-06-24 17:56 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
    + 2008-05-27 22:49 . 2008-05-27 22:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2007-04-13 18:58 . 2007-04-13 18:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2008-05-27 22:49 . 2008-05-27 22:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2007-04-13 18:57 . 2007-04-13 18:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2007-04-13 18:57 . 2007-04-13 18:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2008-05-27 22:49 . 2008-05-27 22:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2007-04-13 19:30 . 2007-04-13 19:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2008-05-27 23:30 . 2008-05-27 23:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2009-11-11 07:35 . 2009-11-11 07:35 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    - 2005-05-11 18:54 . 2009-08-12 20:51 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2005-05-11 18:54 . 2009-11-11 07:36 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2005-05-11 18:54 . 2009-11-11 07:36 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2005-05-11 18:54 . 2009-08-12 20:51 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2005-05-11 18:54 . 2009-11-11 07:36 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2005-05-11 18:54 . 2009-08-12 20:51 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2005-05-11 18:54 . 2009-11-11 07:36 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2005-05-11 18:54 . 2009-08-12 20:51 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2005-05-11 18:54 . 2009-11-11 07:36 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2005-05-11 18:54 . 2009-08-12 20:51 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2005-05-11 18:54 . 2009-11-11 07:36 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2005-05-11 18:54 . 2009-08-12 20:51 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2009-10-13 17:28 . 2009-10-13 17:28 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
    + 2009-04-03 16:01 . 2009-04-03 16:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNVP.DLL
    + 2009-04-03 15:57 . 2009-04-03 15:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12EXE.EXE
    + 2009-04-02 12:35 . 2009-04-02 12:35 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBPROXY.DLL
    + 2009-04-02 12:35 . 2009-04-02 12:35 68496 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBCOM.EXE
    + 2006-10-26 19:13 . 2006-10-26 19:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNVP.DLL
    + 2007-03-21 16:58 . 2007-03-21 16:58 24416 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12EXE.EXE
    + 2006-10-26 19:07 . 2006-10-26 19:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL
    + 2007-03-21 17:00 . 2007-03-21 17:00 72096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE
    + 2009-10-15 10:50 . 2009-07-03 17:00 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
    + 2009-10-15 10:50 . 2009-07-03 17:00 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
    + 2009-10-15 10:50 . 2009-07-03 17:00 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
    + 2009-10-15 10:45 . 2009-10-15 10:45 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_dcbfbb2c\System.Drawing.Design.dll
    + 2009-10-15 10:45 . 2009-10-15 10:45 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2b2e6e1a\CustomMarshalers.dll
    + 2009-10-15 10:59 . 2009-10-15 10:59 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
    + 2009-10-15 17:40 . 2009-10-15 17:40 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
    + 2009-10-15 17:40 . 2009-10-15 17:40 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
    + 2009-10-15 10:57 . 2009-10-15 10:57 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
    + 2009-10-15 10:56 . 2009-10-15 10:56 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
    + 2009-10-15 17:04 . 2009-10-15 17:04 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2009-09-17 19:11 . 2009-09-17 19:11 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.13.0__ce2cb7e279207b9e\cli_basetypes.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2009-09-17 19:12 . 2009-09-17 19:12 64000 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.16.0__ce2cb7e279207b9e\cli_cppuhelper.dll
    + 2009-10-15 10:45 . 2008-04-14 17:02 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll
    + 2009-10-15 10:43 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll
    + 2009-10-15 10:43 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB975467\spmsg.dll
    + 2009-10-15 10:45 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll
    + 2009-10-15 10:45 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB975025\spmsg.dll
    + 2009-10-15 10:45 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll
    + 2009-10-15 10:45 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB974571\spmsg.dll
    + 2009-09-04 21:02 . 2009-09-04 21:02 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll
    + 2009-10-15 10:50 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB974455-IE8\update\spcustom.dll
    + 2009-10-15 10:50 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB974455-IE8\spmsg.dll
    + 2009-10-15 09:01 . 2009-08-29 07:52 12800 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\xpshims.dll
    + 2009-10-15 09:01 . 2009-08-29 07:52 55296 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\msfeedsbs.dll
    + 2009-10-15 09:01 . 2009-08-29 07:52 25600 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\jsproxy.dll
    + 2009-10-15 10:45 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll
    + 2009-10-15 10:45 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB974112\spmsg.dll
    + 2009-10-15 10:44 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB973525\update\spcustom.dll
    + 2009-10-15 10:44 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB973525\spmsg.dll
    + 2009-09-10 07:00 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB971961-IE8\update\spcustom.dll
    + 2009-09-10 07:00 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB971961-IE8\spmsg.dll
    + 2009-10-15 10:44 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB971486\update\spcustom.dll
    + 2009-10-15 10:44 . 2009-05-26 11:41 18808 c:\windows\$hf_mig$\KB971486\spmsg.dll
    + 2009-10-15 10:46 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll
    + 2009-10-15 10:46 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB969059\spmsg.dll
    + 2009-09-10 07:00 . 2008-07-08 13:07 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
    + 2009-09-10 07:00 . 2008-07-08 13:07 18808 c:\windows\$hf_mig$\KB956844\spmsg.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2006-07-28 06:10 . 2006-07-28 06:10 6144 c:\windows\system32\mot_ci.dll
    + 2009-10-29 21:32 . 2006-12-06 16:33 6400 c:\windows\system32\DRVSTORE\motousbnet_ABB6512ACA55A7A4E2FA3DE425ED10A6DA3518DB\motswch.sys
    + 2009-10-29 21:32 . 2007-01-23 20:36 6016 c:\windows\system32\DRVSTORE\motousbnet_ABB6512ACA55A7A4E2FA3DE425ED10A6DA3518DB\motfilt.sys
    + 2009-10-29 21:32 . 2006-07-28 07:10 6144 c:\windows\system32\DRVSTORE\motodrv_790AECF80A9B3907D8D111D32F7F2573FDCB388A\mot_ci.dll
    + 2009-10-29 21:32 . 2006-12-06 16:33 6400 c:\windows\system32\DRVSTORE\motccgp_B54E2AE72FC4F575918F765D66FD7A32A96B836E\motswch.sys
    + 2009-10-29 21:32 . 2007-01-23 18:03 7680 c:\windows\system32\DRVSTORE\motccgp_B54E2AE72FC4F575918F765D66FD7A32A96B836E\motccgpfl.sys
    + 2009-10-29 19:50 . 2006-08-11 07:34 5808 c:\windows\system32\DRVSTORE\M2501uc_6ABE1D60E560C01F808EBE80F1BCA5A3D9FDEC66\M2501wn.sys
    + 2009-10-29 19:50 . 2006-08-11 07:34 9360 c:\windows\system32\DRVSTORE\M2501md_3F9C70CED7D1F0C5A3749D5A551A3DAA6C9518B6\M2501mf.sys
    + 2009-10-29 19:50 . 2006-08-11 07:34 6144 c:\windows\system32\DRVSTORE\M2501md_3F9C70CED7D1F0C5A3749D5A551A3DAA6C9518B6\M2501cn.sys
    + 2009-10-29 19:50 . 2006-08-11 07:34 6144 c:\windows\system32\DRVSTORE\M2501at_2F5F7EFE99B5F227AF0764DFDBB083834C1FFEC1\M2501cn.sys
    + 2005-05-11 18:54 . 2009-11-11 07:36 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2005-05-11 18:54 . 2009-08-12 20:51 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2009-09-17 19:11 . 2009-09-17 19:11 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\2.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
    + 2009-09-17 19:11 . 2009-09-17 19:11 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\16.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
    + 2009-09-17 19:12 . 2009-09-17 19:12 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\2.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
    + 2009-09-17 19:11 . 2009-09-17 19:11 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\13.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2009-09-17 19:11 . 2009-09-17 19:11 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.16.0__ce2cb7e279207b9e\cli_ure.dll
    + 2009-09-17 19:12 . 2009-09-17 19:12 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\16.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2009-07-12 00:12 . 2009-07-12 00:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    + 2009-07-12 00:09 . 2009-07-12 00:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
    + 2009-07-12 00:08 . 2009-07-12 00:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
    + 2005-03-01 20:21 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
    + 2005-03-01 20:21 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
    + 2005-03-01 20:21 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
    + 2005-03-01 20:21 . 2009-04-01 21:02 604160 c:\windows\system32\wmspdmod.dll
    + 2005-06-06 16:45 . 2009-04-28 20:20 436720 c:\windows\system32\pxwave.dll
    + 2005-06-06 16:45 . 2009-04-28 20:20 219632 c:\windows\system32\pxmas.dll
    + 2005-06-06 16:45 . 2009-04-28 20:20 551408 c:\windows\system32\pxdrv.dll
    + 2007-06-18 08:24 . 2009-04-28 20:20 129520 c:\windows\system32\pxafs.dll
    + 2005-06-06 16:45 . 2009-04-28 20:20 670192 c:\windows\system32\px.dll
    + 2004-09-15 01:50 . 2009-10-25 06:05 444028 c:\windows\system32\perfh009.dat
    - 2004-09-15 01:50 . 2009-08-21 02:44 444028 c:\windows\system32\perfh009.dat
    - 2005-03-01 20:20 . 2009-07-03 17:00 206848 c:\windows\system32\occache.dll
    + 2005-03-01 20:20 . 2009-08-29 08:00 206848 c:\windows\system32\occache.dll
    + 2005-05-26 02:19 . 2009-08-06 17:23 215920 c:\windows\system32\muweb.dll
    + 2005-08-16 07:40 . 2009-08-06 17:23 274288 c:\windows\system32\mucltui.dll
    + 2007-08-13 17:54 . 2009-08-29 08:00 594432 c:\windows\system32\msfeeds.dll
    - 2007-08-13 17:54 . 2009-07-03 17:00 594432 c:\windows\system32\msfeeds.dll
    - 2005-03-01 20:19 . 2009-03-08 02:33 726528 c:\windows\system32\jscript.dll
    + 2005-03-01 20:19 . 2009-06-22 06:48 726528 c:\windows\system32\jscript.dll
    + 2009-11-12 21:44 . 2009-10-11 03:17 149280 c:\windows\system32\javaws.exe
    - 2009-08-04 21:58 . 2009-07-25 03:23 149280 c:\windows\system32\javaws.exe
    + 2009-11-12 21:44 . 2009-10-11 03:17 145184 c:\windows\system32\javaw.exe
    - 2009-08-04 21:58 . 2009-07-25 03:23 145184 c:\windows\system32\javaw.exe
    + 2009-11-12 21:44 . 2009-10-11 03:17 145184 c:\windows\system32\java.exe
    - 2009-08-04 21:58 . 2009-07-25 03:23 145184 c:\windows\system32\java.exe
    + 2005-03-01 20:18 . 2009-08-29 08:00 184320 c:\windows\system32\iepeers.dll
    - 2005-03-01 20:18 . 2009-07-03 17:00 184320 c:\windows\system32\iepeers.dll
    + 2005-03-01 20:18 . 2009-08-29 08:00 387584 c:\windows\system32\iedkcs32.dll
    + 2005-03-01 20:18 . 2009-08-28 10:37 173056 c:\windows\system32\ie4uinit.exe
    - 2005-03-01 20:18 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
    + 2004-09-14 18:59 . 2009-11-11 16:20 315560 c:\windows\system32\FNTCACHE.DAT
    + 2006-11-02 06:22 . 2006-11-02 06:22 492000 c:\windows\system32\drivers\wdf01000.sys
    + 2005-03-01 20:21 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
    + 2005-03-01 20:21 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
    + 2005-03-01 20:21 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
    + 2005-03-01 20:21 . 2009-04-01 21:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
    + 2005-03-01 20:21 . 2009-08-29 08:00 916480 c:\windows\system32\dllcache\wininet.dll
    + 2009-09-10 05:58 . 2009-06-21 21:49 153088 c:\windows\system32\dllcache\triedit.dll
    + 2005-03-01 20:20 . 2009-08-26 08:02 247326 c:\windows\system32\dllcache\strmdll.dll
    - 2005-03-01 20:20 . 2008-10-03 10:05 247326 c:\windows\system32\dllcache\strmdll.dll
    + 2005-03-01 20:20 . 2009-08-29 08:00 206848 c:\windows\system32\dllcache\occache.dll
    - 2005-03-01 20:20 . 2009-07-03 17:00 206848 c:\windows\system32\dllcache\occache.dll
    - 2009-06-25 08:27 . 2009-06-25 08:27 136192 c:\windows\system32\dllcache\msv1_0.dll
    + 2009-06-25 08:27 . 2009-09-11 14:20 136192 c:\windows\system32\dllcache\msv1_0.dll
    + 2007-10-10 23:53 . 2009-08-29 08:00 594432 c:\windows\system32\dllcache\msfeeds.dll
    - 2007-10-10 23:53 . 2009-07-03 17:00 594432 c:\windows\system32\dllcache\msfeeds.dll
    - 2008-05-09 10:56 . 2009-03-08 02:33 726528 c:\windows\system32\dllcache\jscript.dll
    + 2008-05-09 10:56 . 2009-06-22 06:48 726528 c:\windows\system32\dllcache\jscript.dll
    + 2009-07-29 13:07 . 2009-08-29 08:00 246272 c:\windows\system32\dllcache\ieproxy.dll
    - 2009-07-29 13:07 . 2009-07-03 17:00 246272 c:\windows\system32\dllcache\ieproxy.dll
    - 2005-03-01 20:18 . 2009-07-03 17:00 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2005-03-01 20:18 . 2009-08-29 08:00 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2005-03-01 20:18 . 2009-08-29 08:00 387584 c:\windows\system32\dllcache\iedkcs32.dll
    - 2005-03-01 20:18 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
    + 2005-03-01 20:18 . 2009-08-28 10:37 173056 c:\windows\system32\dllcache\ie4uinit.exe
    + 2009-08-07 21:51 . 2009-08-07 21:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2008-05-27 22:49 . 2008-05-27 22:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2007-04-13 18:58 . 2007-04-13 18:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2007-04-13 18:56 . 2007-04-13 18:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2008-05-27 22:48 . 2008-05-27 22:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2007-04-13 19:30 . 2007-04-13 19:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2008-05-27 23:30 . 2008-05-27 23:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2009-10-13 17:26 . 2009-10-13 17:26 694272 c:\windows\Installer\9a0ead.msi
    + 2009-10-29 21:32 . 2009-10-29 21:32 118784 c:\windows\Installer\2fbbdea.msi
    + 2009-11-11 17:02 . 2009-11-11 17:02 424448 c:\windows\Installer\2606e9.msi
    + 2009-10-19 15:40 . 2009-10-19 15:40 355328 c:\windows\Installer\1ff9377.msi
    - 2005-05-11 18:54 . 2009-08-12 20:51 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2005-05-11 18:54 . 2009-11-11 07:36 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2005-05-11 18:54 . 2009-11-11 07:36 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2005-05-11 18:54 . 2009-08-12 20:51 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2005-05-11 18:54 . 2009-08-12 20:51 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2005-05-11 18:54 . 2009-11-11 07:36 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2005-05-11 18:54 . 2009-11-11 07:36 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2005-05-11 18:54 . 2009-08-12 20:51 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2005-05-11 18:54 . 2009-11-11 07:36 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2005-05-11 18:54 . 2009-08-12 20:51 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2005-05-11 18:54 . 2009-08-12 20:51 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2005-05-11 18:54 . 2009-11-11 07:36 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2007-04-19 11:53 . 2007-04-19 11:53 109408 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
    + 2006-10-26 18:49 . 2006-10-26 18:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CVR.DLL
    + 2007-05-10 07:04 . 2007-05-10 07:04 846248 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OICE.EXE
    + 2006-10-26 18:12 . 2006-10-26 18:12 396592 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MOC.EXE
    + 2009-11-04 08:52 . 2008-07-08 13:07 401272 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
    + 2009-11-04 08:52 . 2008-07-08 13:07 234872 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
    + 2009-10-15 10:50 . 2009-07-03 17:00 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll
    + 2009-10-15 10:50 . 2009-05-26 11:41 401272 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
    + 2009-10-15 10:50 . 2008-07-08 13:07 234872 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
    + 2009-10-15 10:50 . 2009-07-03 17:00 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll
    + 2009-10-15 10:50 . 2009-07-03 17:00 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
    + 2009-10-15 10:50 . 2009-07-03 17:00 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
    + 2009-10-15 10:50 . 2009-07-03 17:00 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
    + 2009-10-15 10:50 . 2009-07-03 17:00 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
    + 2009-10-15 10:50 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
    + 2009-09-10 07:00 . 2008-07-08 13:07 401272 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
    + 2009-09-10 07:00 . 2008-07-08 13:07 234872 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
    + 2009-09-10 07:00 . 2009-03-08 02:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
    + 2009-10-15 10:45 . 2009-10-15 10:45 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d838b12c\System.Drawing.dll
    + 2009-10-15 10:45 . 2009-10-15 10:45 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3ac0a2b6\System.Drawing.Design.dll
    + 2009-10-15 10:45 . 2009-10-15 10:45 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6128b847\CustomMarshalers.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
    + 2009-10-15 10:59 . 2009-10-15 10:59 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
    + 2009-10-15 10:59 . 2009-10-15 10:59 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
    + 2009-10-15 10:59 . 2009-10-15 10:59 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
    + 2009-10-15 17:38 . 2009-10-15 17:38 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
    + 2009-10-15 17:38 . 2009-10-15 17:38 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
    + 2009-10-15 17:04 . 2009-10-15 17:04 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
    + 2009-10-15 17:04 . 2009-10-15 17:04 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
    + 2009-10-15 10:58 . 2009-10-15 10:58 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
    + 2009-10-15 18:03 . 2009-10-15 18:03 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
    + 2009-10-15 17:40 . 2009-10-15 17:40 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
    + 2009-10-15 17:38 . 2009-10-15 17:38 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
    + 2009-10-15 17:40 . 2009-10-15 17:40 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
    + 2009-10-15 17:39 . 2009-10-15 17:39 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
    + 2009-10-15 10:58 . 2009-10-15 10:58 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
    + 2009-10-15 10:58 . 2009-10-15 10:58 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
    + 2009-10-15 10:58 . 2009-10-15 10:58 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
    + 2009-10-15 10:58 . 2009-10-15 10:58 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
    + 2009-10-15 17:39 . 2009-10-15 17:39 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 766976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\f12731a5f0438e6222946ee230855465\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 434176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\ebfa04377cf6af693e8c85f92d0dea93\Microsoft.MapPoint.Data.CompactMapFile.ni.dll
    + 2009-10-15 17:38 . 2009-10-15 17:38 438272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\c50a335c1846d477d449a651cfda95a0\Microsoft.MapPoint.MapControl3D.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 344064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\c1196985ae26d4f39b1cddd0082bcd41\Microsoft.MapPoint.Utility.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 411648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\a12ad0659422b0b89cd038d385c10766\Microsoft.MapPoint.Network.ni.dll
    + 2009-10-15 17:38 . 2009-10-15 17:38 340992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\3efd7406004839433904161b59a78636\Microsoft.MapPoint.UtilityPartialTrust.ni.dll
    + 2009-10-15 17:38 . 2009-10-15 17:38 472064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\383dc3d16d1210666f600d93e6225d36\Microsoft.MapPoint.Rendering3D.Utility.ni.dll
    + 2009-10-15 17:38 . 2009-10-15 17:38 840192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\1e11979aa5e16c23699260ab5464691d\Microsoft.MapPoint.Geometry.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
    + 2009-10-15 17:39 . 2009-10-15 17:39 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
    + 2009-10-15 17:04 . 2009-10-15 17:04 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2009-09-17 19:11 . 2009-09-17 19:11 114688 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.2.0__ce2cb7e279207b9e\cli_uretypes.dll
    + 2009-09-17 19:12 . 2009-09-17 19:12 839680 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.2.0__ce2cb7e279207b9e\cli_oootypes.dll
    + 2009-10-15 10:52 . 2009-10-15 10:52 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2009-08-21 02:44 . 2009-08-21 02:44 507904 c:\windows\assembly\
  • Het kon er blijkbaar niet op, hier alsnog de hijackthislog.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:37:43, on 21-11-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\gebruiker\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    uncleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124110007421
    O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
    O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15109/CTPID.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


    End of file - 11053 bytes
  • Hallo Diana, het gebruik van Combofix zonder daartoe opdracht te hebben gekregen, is volkomen af te raden.
    Daarvoor is het een te specialistisch tool!

    In wezen is de Combofixscan ook niet volledig succesvol geweest, want je hebt niet voldaan aan bepaalde voorwaarden daarvoor.

    Maar hoe het ook zij, hoe staat het nu met je problemen- je HJT-log ziet er overigens goed uit.
  • [quote:84a9bc9e97="Abraham54"]Hallo Diana, het gebruik van Combofix zonder daartoe opdracht te hebben gekregen, is volkomen af te raden.
    Daarvoor is het een te specialistisch tool!

    In wezen is de Combofixscan ook niet volledig succesvol geweest, want je hebt niet voldaan aan bepaalde voorwaarden daarvoor.

    Maar hoe het ook zij, hoe staat het nu met je problemen- je HJT-log ziet er overigens goed uit.[/quote:84a9bc9e97]

    Je bedoelt de voorwaarde van het uitschakelen van het antivirusprogramma. Dat lukt niet bij AVG, die laat zich niet uitschakelen.
    Maar het lijkt wel geholpen te hebben, e-mails die eerder niet verzonden werden zijn nu wel verzonden.
    De spam blijft overigens.

    bedankt voor het nakijken!
    diana
  • Waar heb jij je email ondergebracht?
  • [quote:921815af14="Abraham54"]Waar heb jij je email ondergebracht?[/quote:921815af14]

    Outlook Express. Overigens is het al vanaf 12.00 rustig met de spam, geen viagra e.d. meer ontvangen daarna.

    Het lijkt erop dat alles weer in orde is.
  • Wat ik bedoelde met mijn vraag, waar jij je emailadres hebt.

    Dus bij je provider, of hotmail of googlemail?
  • [quote:116ba40f60="Abraham54"]Wat ik bedoelde met mijn vraag, waar jij je emailadres hebt.

    Dus bij je provider, of hotmail of googlemail?[/quote:116ba40f60]

    Bij provider en googlemail. Bij googlemail heb ik onlangs het wachtwoord gewijzigd omdat dat aangeraden werd. Misschien was dat niet op tijd. Bedoel je dat?
    Is het verstandig om de Combofixlog te plaatsen op een gespecialiseerd forum? Of hebben jullie daar ook voldoende verstand van?
  • Even dit, een goed wachtwoord bestaat uit minimaal acht tekens, opgebouwd met Hoofd- en kleine letters, cijfers en tekens!

    Ook het wachtwoord wat je bij je provider gebruikt eventueel ook aanpassen!

    Wat Combofix betreft, welnu daar gaan we: [b:414c74bee5]Laat Combofix jouw Windows gaat scannen[/b:414c74bee5] (KLIK).

    [b:414c74bee5]Hoe Combofix goed te gebruiken[/b:414c74bee5] (KLIK)

    [b:414c74bee5]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:[/b:414c74bee5]

    [b:414c74bee5]- er mogen geen webbrowsers openstaan
    - antivirus moet geheel gedeaktiveerd zijn
    - actieve mal- en spywarescanners moeten gedeaktiveerd zijn.[/b:414c74bee5]

    Niet in het actieve Combofixvnster klikken – dit zal Combofix doen bevriezen!

    Combofix sluit de internet verbinding – probeer deze tussentijds niet te herstellen!

    [b:414c74bee5]Vistagebruikers starten Combofix op met Administratorrechten!

    En vergeten niet Windows Defender tijdelijk uit te schakelen: zie daarvoor http://windowshelp.microsoft.com/Windows/nl-NL/help/31d797aa-091d-4d67-a556-dbfaf21bf0dc1043.mspx
    [/b:414c74bee5]


    [b:414c74bee5]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:414c74bee5] (KLIK)
  • [quote:12fdd72848="Abraham54"]Even dit, een goed wachtwoord bestaat uit minimaal acht tekens, opgebouwd met Hoofd- en kleine letters, cijfers en tekens!

    Ook het wachtwoord wat je bij je provider gebruikt eventueel ook aanpassen!

    Wat Combofix betreft, welnu daar gaan we: [b:12fdd72848]Laat Combofix jouw Windows gaat scannen[/b:12fdd72848] (KLIK).

    [b:12fdd72848]Hoe Combofix goed te gebruiken[/b:12fdd72848] (KLIK)

    [b:12fdd72848]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:[/b:12fdd72848]

    [b:12fdd72848]- er mogen geen webbrowsers openstaan
    - antivirus moet geheel gedeaktiveerd zijn
    - actieve mal- en spywarescanners moeten gedeaktiveerd zijn.[/b:12fdd72848]

    Niet in het actieve Combofixvnster klikken – dit zal Combofix doen bevriezen!

    Combofix sluit de internet verbinding – probeer deze tussentijds niet te herstellen!

    [b:12fdd72848]Vistagebruikers starten Combofix op met Administratorrechten!

    En vergeten niet Windows Defender tijdelijk uit te schakelen: zie daarvoor http://windowshelp.microsoft.com/Windows/nl-NL/help/31d797aa-091d-4d67-a556-dbfaf21bf0dc1043.mspx
    [/b:12fdd72848]


    [b:12fdd72848]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:12fdd72848] (KLIK)[/quote:12fdd72848]
    Merci, hele goeie tip over uitschakelen AVG.

    Hieronder de derde log die ik met Combofix gedaan heb. In log 2 zaten iets meer besmettingen, dus het gaat vooruit. Adaware vond bij een volledige scan ook nog wat, maar ik kan de log daarvan niet vinden.

    ComboFix 09-11-20.05 - gebruiker 21-11-2009 22:35.5.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1460 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\System32\Drivers\d347prt.sys . . . is geïnfecteerd!!

    c:\windows\system32\DRIVERS\vobid.sys . . . is geïnfecteerd!!

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-10-21 to 2009-11-21 ))))))))))))))))))))))))))))))
    .

    2009-11-21 21:30 . 2004-08-04 12:00 13952 -c–a-w- c:\windows\system32\dllcache\cbidf2k.sys
    2009-11-21 21:30 . 2004-08-04 12:00 13952 —-a-w- c:\windows\system32\drivers\cbidf2k.sys
    2009-11-21 21:30 . 2008-04-13 18:40 96512 -c–a-w- c:\windows\system32\dllcache\atapi.sys
    2009-11-21 21:30 . 2008-04-13 18:40 96512 —-a-w- c:\windows\system32\drivers\atapi.sys
    2009-11-21 09:45 . 2009-11-21 17:50 ——– d–h–r- c:\documents and settings\gebruiker\Onlangs geopend
    2009-11-21 08:49 . 2009-11-21 08:49 93360 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2009-11-21 08:49 . 2009-11-21 08:49 93360 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\SBREDrv.sys
    2009-11-21 08:49 . 2009-11-21 08:49 554280 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\sbap.dll
    2009-11-21 08:49 . 2009-11-21 08:49 537576 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll
    2009-11-21 08:49 . 2009-11-21 08:49 212480 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\VipreBridge.dll
    2009-11-21 08:49 . 2009-11-21 08:49 283944 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Vipre.dll
    2009-11-21 08:49 . 2009-11-21 08:49 1223976 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\SBTE.dll
    2009-11-21 08:49 . 2009-11-21 08:49 242984 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\SBRE.dll
    2009-11-21 08:48 . 2009-11-21 08:48 ——– dc-h–w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
    2009-11-21 08:48 . 2009-10-03 08:15 2924848 -c–a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
    2009-11-21 08:03 . 2009-11-21 08:01 399872 —-a-w- c:\windows\system32\CF14009.exe
    2009-11-14 15:01 . 2009-11-21 21:11 0 —-a-w- c:\documents and settings\gebruiker\Local Settings\Application Data\prvlcl.dat
    2009-11-13 17:47 . 2009-10-16 11:12 1119488 —-a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2009-11-12 21:43 . 2009-11-12 21:43 152576 —-a-w- c:\documents and settings\gebruiker\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-12 21:43 . 2009-11-12 21:43 79488 —-a-w- c:\documents and settings\gebruiker\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-11-11 17:12 . 2009-11-11 17:12 ——– d—–w- c:\documents and settings\gebruiker\Local Settings\Application Data\AVG Security Toolbar
    2009-11-11 17:03 . 2009-11-11 17:10 ——– d—–w- C:\$AVG
    2009-11-11 17:03 . 2009-11-13 17:47 ——– d—–w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-11-11 17:03 . 2009-11-11 17:03 ——– d—–w- c:\documents and settings\All Users\Application Data\avg9
    2009-10-31 21:57 . 2009-10-31 21:57 ——– d—–w- c:\documents and settings\gebruiker\Application Data\Winamp
    2009-10-29 21:32 . 2007-02-27 13:31 21504 —-a-w- c:\windows\system32\drivers\motmodem.sys
    2009-10-29 21:32 . 2006-11-13 13:45 1419232 —-a-w- c:\windows\system32\wdfcoinstaller01005.dll
    2009-10-29 19:48 . 2009-10-29 19:48 ——– d—–w- c:\program files\Common Files\Motorola Shared
    2009-10-29 19:47 . 2009-10-29 19:47 ——– d—–w- c:\program files\Carambis
    2009-10-26 20:56 . 2009-11-21 09:49 25992 —-a-w- c:\windows\system32\pgdfgsvc.exe
    2009-10-26 18:30 . 2007-03-12 15:42 3495784 —-a-w- c:\windows\system32\d3dx9_33.dll
    2009-10-26 18:26 . 2009-10-26 18:26 ——– d—–w- c:\documents and settings\All Users\Application Data\HEMA Fotoservice
    2009-10-26 18:26 . 2009-10-26 18:26 ——– d—–w- c:\program files\HEMA Fotoservice

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-21 21:34 . 2005-05-11 18:20 12341 —-a-w- c:\windows\system32\Tablet.dat
    2009-11-21 21:32 . 2008-04-09 16:23 12 —-a-w- c:\windows\bthservsdp.dat
    2009-11-21 19:24 . 2007-05-02 16:11 ——– d—–w- c:\documents and settings\All Users\Application Data\BVRP Software
    2009-11-21 19:24 . 2005-04-16 09:19 ——– d–h–w- c:\program files\InstallShield Installation Information
    2009-11-21 19:22 . 2005-06-06 16:44 ——– d—–w- c:\program files\Sony
    2009-11-21 18:51 . 2009-02-27 19:52 ——– d—–w- c:\documents and settings\gebruiker\Application Data\DNA
    2009-11-21 18:49 . 2009-02-27 19:52 ——– d—–w- c:\program files\DNA
    2009-11-21 18:12 . 2005-05-27 22:23 ——– d—–w- c:\program files\Soulseek
    2009-11-21 09:47 . 2006-04-28 15:58 ——– d—–w- c:\program files\XnView
    2009-11-21 08:49 . 2009-09-02 14:39 862040 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
    2009-11-21 08:49 . 2009-09-02 16:11 15880 —-a-w- c:\windows\system32\lsdelete.exe
    2009-11-21 08:49 . 2009-09-02 14:39 390288 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
    2009-11-21 08:49 . 2009-09-02 14:39 206944 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
    2009-11-21 08:49 . 2009-09-02 14:39 15880 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
    2009-11-21 08:49 . 2009-09-02 14:39 370744 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
    2009-11-21 08:49 . 2009-09-02 14:39 163728 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
    2009-11-21 08:49 . 2009-09-02 14:39 194104 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Savapibridge.dll
    2009-11-21 08:49 . 2009-09-02 14:39 5908024 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
    2009-11-21 08:49 . 2009-09-02 14:39 327000 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
    2009-11-21 08:49 . 2009-09-02 14:39 87496 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
    2009-11-21 08:49 . 2009-09-02 14:39 933120 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
    2009-11-21 08:48 . 2009-09-23 14:39 641632 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
    2009-11-21 08:48 . 2009-09-02 14:39 816272 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
    2009-11-21 08:48 . 2009-09-02 14:39 822904 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
    2009-11-21 08:48 . 2009-09-02 14:39 1638640 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
    2009-11-21 08:48 . 2009-09-02 14:39 788880 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
    2009-11-21 08:48 . 2009-09-02 14:39 1184912 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
    2009-11-20 23:40 . 2007-08-26 16:38 ——– d—–w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-11-18 18:16 . 2009-09-17 19:15 1 —-a-w- c:\documents and settings\gebruiker\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-11-12 21:44 . 2005-05-14 20:18 ——– d—–w- c:\program files\Java
    2009-11-11 18:51 . 2008-04-22 15:36 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-11 18:50 . 2008-05-28 14:26 4045528 —-a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-11-11 17:03 . 2008-05-24 17:27 333192 —-a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-11-11 17:03 . 2008-05-24 17:27 360584 —-a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-11-11 17:03 . 2008-01-17 19:04 28424 —-a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-11-11 17:03 . 2008-05-24 17:27 12464 —-a-w- c:\windows\system32\avgrsstx.dll
    2009-11-11 17:03 . 2008-05-24 17:27 ——– d—–w- c:\program files\AVG
    2009-11-07 12:11 . 2007-01-11 12:46 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-11-07 12:11 . 2009-07-08 16:41 ——– d—–w- c:\program files\SpywareBlaster
    2009-10-31 21:57 . 2005-06-07 11:05 ——– d—–w- c:\program files\Winamp
    2009-10-29 22:04 . 2009-02-27 19:52 ——– d—–w- c:\documents and settings\gebruiker\Application Data\BitTorrent
    2009-10-29 21:17 . 2007-05-02 16:12 ——– d—–w- c:\program files\Avanquest update
    2009-10-29 21:15 . 2007-05-02 16:30 92064 —-a-w- c:\documents and settings\gebruiker\mqdmmdm.sys
    2009-10-29 21:15 . 2007-05-02 16:30 79328 —-a-w- c:\documents and settings\gebruiker\mqdmserd.sys
    2009-10-29 21:15 . 2007-05-02 16:30 5936 —-a-w- c:\documents and settings\gebruiker\mqdmwhnt.sys
    2009-10-29 21:15 . 2007-05-02 16:30 9232 —-a-w- c:\documents and settings\gebruiker\mqdmmdfl.sys
    2009-10-29 21:15 . 2007-05-02 16:30 66656 —-a-w- c:\documents and settings\gebruiker\mqdmbus.sys
    2009-10-29 21:15 . 2007-05-02 16:30 6208 —-a-w- c:\documents and settings\gebruiker\mqdmcmnt.sys
    2009-10-29 21:15 . 2007-05-02 16:30 4048 —-a-w- c:\documents and settings\gebruiker\mqdmcr.sys
    2009-10-29 21:15 . 2007-05-02 16:11 25600 —-a-w- c:\documents and settings\gebruiker\usbsermptxp.sys
    2009-10-29 21:15 . 2007-05-02 16:11 22768 —-a-w- c:\documents and settings\gebruiker\usbsermpt.sys
    2009-10-29 19:49 . 2009-10-29 19:49 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2009-10-29 19:49 . 2009-10-29 19:49 0 —ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-10-25 06:05 . 2004-09-15 01:50 91632 —-a-w- c:\windows\system32\perfc013.dat
    2009-10-25 06:05 . 2004-09-15 01:50 511866 —-a-w- c:\windows\system32\perfh013.dat
    2009-10-19 15:49 . 2005-05-11 21:14 79128 —-a-w- c:\documents and settings\gebruiker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-19 15:39 . 2009-10-19 15:39 ——– d—–w- c:\program files\MSECache
    2009-10-13 17:28 . 2009-10-13 17:28 ——– d—–w- c:\program files\Bonjour
    2009-10-13 17:28 . 2009-10-13 17:27 ——– d—–w- c:\program files\QuickTime
    2009-10-13 17:26 . 2008-03-22 16:58 ——– d—–w- c:\program files\Common Files\Apple
    2009-10-11 03:17 . 2009-06-19 14:51 411368 —-a-w- c:\windows\system32\deploytk.dll
    2009-10-02 17:39 . 2009-10-02 17:39 ——– d—–w- c:\program files\Amazon
    2009-09-23 14:39 . 2009-09-23 14:39 17632 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\WSCUpdate.dll
    2009-09-23 14:39 . 2009-09-23 14:39 68640 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\lbd.sys
    2009-09-23 14:39 . 2009-09-23 14:39 303976 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\AAWDriverTool.exe
    2009-09-23 14:39 . 2009-09-02 14:39 640760 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
    2009-09-23 12:55 . 2009-09-02 14:40 64288 —-a-w- c:\windows\system32\drivers\Lbd.sys
    2009-09-14 06:48 . 2008-01-11 18:26 2034 —-a-w- c:\documents and settings\gebruiker\Application Data\SAS7_000.DAT
    2009-09-11 14:20 . 2005-03-01 20:20 136192 —-a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 13:54 . 2008-09-01 03:58 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 13:53 . 2008-05-28 14:26 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-04 21:05 . 2005-03-01 20:19 58880 —-a-w- c:\windows\system32\msasn1.dll
    2009-09-02 14:39 . 2009-09-02 14:39 85352 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
    2009-09-02 14:39 . 2009-09-02 14:39 64160 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
    2009-08-29 08:00 . 2005-03-01 20:21 916480 ——w- c:\windows\system32\wininet.dll
    2009-08-26 08:02 . 2005-03-01 20:20 247326 —-a-w- c:\windows\system32\strmdll.dll
    .

    ((((((((((((((((((((((((((((( SnapShot_2009-11-21_19.17.04 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-11-21 21:34 . 2009-11-21 21:34 16384 c:\windows\temp\Perflib_Perfdata_538.dat
    + 2004-09-14 17:14 . 2009-11-21 19:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2004-09-14 17:14 . 2009-11-21 08:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2004-09-14 17:14 . 2009-11-21 19:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2004-09-14 17:14 . 2009-11-21 08:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-09-02 16:11 . 2009-11-21 19:31 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    - 2009-09-02 16:11 . 2009-11-21 08:51 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2009-11-21 19:31 . 2009-11-21 19:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-11-21 08:51 . 2009-11-21 08:51 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-10-16 11:12 1119488 —-a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-21 788880]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-12-19 65024]
    "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-11-11 17:03 12464 —-a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^TabUserW.exe.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\TabUserW.exe.lnk
    backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^gebruiker^Menu Start^Programma's^Opstarten^Last.fm Helper.lnk]
    path=c:\documents and settings\gebruiker\Menu Start\Programma's\Opstarten\Last.fm Helper.lnk
    backup=c:\windows\pss\Last.fm Helper.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Soulseek\\slsk.exe"=
    "c:\\Program Files\\DropUpload\\DropUpLoad.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Zapr\\Zapr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    R0 fasttrak;fasttrak;c:\windows\system32\drivers\fasttrak.sys [11-11-2004 16:52 70656]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2-9-2009 15:40 64288]
    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11-11-2004 16:53 77312]
    R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [1-8-2003 13:47 29239]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24-5-2008 18:27 333192]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24-5-2008 18:27 360584]
    R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [6-7-2004 16:06 188416]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11-11-2009 18:03 285392]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24-9-2009 12:17 1184912]
    R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [3-8-2004 10:10 62976]
    S2 Nmpdrv_N;Nmpdrv_N USB Controller Service; [x]
    S3 EMCR;EMCR;c:\windows\system32\drivers\emcr7sk.sys [11-11-2004 16:52 68224]
    S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [31-10-2008 16:11 23096]
    S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [31-10-2008 16:11 3768]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [30-5-2008 16:07 337800]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21-9-2008 16:00 642560]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-11-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 08:48]

    2009-11-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-16 06:39]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
    DPF: {1D185838-009D-47C8-824B-B65B4854430E} - hxxp://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} - hxxp://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\0a42b5n7.Standaardgebruiker\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=nl&t=3|http://www.google.com/search?hl=nl&client=ig&q=weather+Amsterdam
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592
    pCIDetect13.dll
    FF - plugin: c:\program files\Google\Picasa3
    pPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    p-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pbittorrent.dll
    FF - plugin: c:\program files\Virtual Earth 3D
    pVE3D.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-21 22:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A231240]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf76bbf28
    \Driver\ACPI -> ACPI.sys @ 0xf7587cb8
    \Driver\atapi -> 0x8a231240
    \Driver\iaStor -> IASTOR.SYS @ 0xbaf122f0
    IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
    \Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
    NDIS: Broadcom NetXtreme Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xf7a20bb0
    PacketIndicateHandler -> NDIS.sys @ 0xf7a2da21
    SendHandler -> NDIS.sys @ 0xf7a0b87b
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(716)
    c:\windows\system32\Ati2evxx.dll
    .
    Voltooingstijd: 2009-11-21 22:47
    ComboFix-quarantined-files.txt 2009-11-21 21:47
    ComboFix2.txt 2009-11-21 19:20
    ComboFix3.txt 2009-11-21 08:30
    ComboFix4.txt 2009-09-08 16:02
    ComboFix5.txt 2009-11-21 21:29

    Pre-Run: 14.442.385.408 bytes beschikbaar
    Post-Run: 14.408.286.208 bytes beschikbaar

    - - End Of File - - BCCCB007F1351859679A31EDF40968F0
  • Halo Diana, een snelle vraag ivm het vervolg - beschik jij over een XP-Home installatie CD?
  • [quote:7bb7e5ff4b="Abraham54"]Halo Diana, een snelle vraag ivm het vervolg - beschik jij over een XP-Home installatie CD?[/quote:7bb7e5ff4b]

    Nee, er zit iets op mijn computer van de fabrikant om opnieuw de computer te kunnen installeren. Drukken op f10 geloof ik.

    Maar dit is al een veel betere log:
    ComboFix 09-11-21.01 - gebruiker 22-11-2009 6:00.7.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1329 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-10-22 to 2009-11-22 ))))))))))))))))))))))))))))))
    .

    2009-11-21 21:58 . 2009-11-21 21:58 ——– d–h–r- c:\documents and settings\gebruiker\Onlangs geopend
    2009-11-21 21:30 . 2004-08-04 12:00 13952 -c–a-w- c:\windows\system32\dllcache\cbidf2k.sys
    2009-11-21 21:30 . 2004-08-04 12:00 13952 —-a-w- c:\windows\system32\drivers\cbidf2k.sys
    2009-11-21 21:30 . 2008-04-13 18:40 96512 -c–a-w- c:\windows\system32\dllcache\atapi.sys
    2009-11-21 21:30 . 2008-04-13 18:40 96512 ——w- c:\windows\system32\drivers\atapi.sys
    2009-11-21 08:49 . 2009-11-21 08:49 93360 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2009-11-21 08:49 . 2009-11-21 08:49 93360 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\SBREDrv.sys
    2009-11-21 08:49 . 2009-11-21 08:49 554280 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\sbap.dll
    2009-11-21 08:49 . 2009-11-21 08:49 537576 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll
    2009-11-21 08:49 . 2009-11-21 08:49 212480 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\VipreBridge.dll
    2009-11-21 08:49 . 2009-11-21 08:49 283944 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Vipre.dll
    2009-11-21 08:49 . 2009-11-21 08:49 1223976 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\SBTE.dll
    2009-11-21 08:49 . 2009-11-21 08:49 242984 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\SBRE.dll
    2009-11-21 08:48 . 2009-11-21 08:48 ——– dc-h–w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
    2009-11-21 08:48 . 2009-10-03 08:15 2924848 -c–a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
    2009-11-21 08:03 . 2009-11-21 08:01 399872 —-a-w- c:\windows\system32\CF14009.exe
    2009-11-14 15:01 . 2009-11-21 22:11 0 —-a-w- c:\documents and settings\gebruiker\Local Settings\Application Data\prvlcl.dat
    2009-11-13 17:47 . 2009-10-16 11:12 1119488 —-a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2009-11-12 21:43 . 2009-11-12 21:43 152576 —-a-w- c:\documents and settings\gebruiker\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-12 21:43 . 2009-11-12 21:43 79488 —-a-w- c:\documents and settings\gebruiker\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-11-11 17:12 . 2009-11-11 17:12 ——– d—–w- c:\documents and settings\gebruiker\Local Settings\Application Data\AVG Security Toolbar
    2009-11-11 17:03 . 2009-11-11 17:10 ——– d—–w- C:\$AVG
    2009-11-11 17:03 . 2009-11-13 17:47 ——– d—–w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-11-11 17:03 . 2009-11-11 17:03 ——– d—–w- c:\documents and settings\All Users\Application Data\avg9
    2009-10-31 21:57 . 2009-10-31 21:57 ——– d—–w- c:\documents and settings\gebruiker\Application Data\Winamp
    2009-10-29 21:32 . 2007-02-27 13:31 21504 —-a-w- c:\windows\system32\drivers\motmodem.sys
    2009-10-29 21:32 . 2006-11-13 13:45 1419232 —-a-w- c:\windows\system32\wdfcoinstaller01005.dll
    2009-10-29 19:48 . 2009-10-29 19:48 ——– d—–w- c:\program files\Common Files\Motorola Shared
    2009-10-26 20:56 . 2009-11-21 09:49 25992 —-a-w- c:\windows\system32\pgdfgsvc.exe
    2009-10-26 18:30 . 2007-03-12 15:42 3495784 —-a-w- c:\windows\system32\d3dx9_33.dll
    2009-10-26 18:26 . 2009-10-26 18:26 ——– d—–w- c:\documents and settings\All Users\Application Data\HEMA Fotoservice
    2009-10-26 18:26 . 2009-10-26 18:26 ——– d—–w- c:\program files\HEMA Fotoservice

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-22 05:02 . 2009-02-27 19:52 ——– d—–w- c:\documents and settings\gebruiker\Application Data\DNA
    2009-11-22 04:57 . 2007-01-11 12:46 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-11-22 04:57 . 2009-07-08 16:41 ——– d—–w- c:\program files\SpywareBlaster
    2009-11-22 04:57 . 2006-02-26 14:33 ——– d—–w- c:\program files\Hitman Pro
    2009-11-22 04:52 . 2005-05-11 18:20 12341 —-a-w- c:\windows\system32\Tablet.dat
    2009-11-22 04:52 . 2009-02-27 19:52 ——– d—–w- c:\program files\DNA
    2009-11-22 04:50 . 2008-04-09 16:23 12 —-a-w- c:\windows\bthservsdp.dat
    2009-11-22 04:24 . 2005-04-16 09:19 ——– d–h–w- c:\program files\InstallShield Installation Information
    2009-11-21 22:14 . 2008-09-01 03:27 ——– d—–w- c:\program files\Spybot - Search & Destroy
    2009-11-21 22:00 . 2005-04-20 15:20 ——– d—–w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-11-21 19:24 . 2007-05-02 16:11 ——– d—–w- c:\documents and settings\All Users\Application Data\BVRP Software
    2009-11-21 19:22 . 2005-06-06 16:44 ——– d—–w- c:\program files\Sony
    2009-11-21 18:12 . 2005-05-27 22:23 ——– d—–w- c:\program files\Soulseek
    2009-11-21 09:47 . 2006-04-28 15:58 ——– d—–w- c:\program files\XnView
    2009-11-21 08:49 . 2009-09-02 14:39 862040 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
    2009-11-21 08:49 . 2009-09-02 16:11 15880 —-a-w- c:\windows\system32\lsdelete.exe
    2009-11-21 08:49 . 2009-09-02 14:39 390288 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
    2009-11-21 08:49 . 2009-09-02 14:39 206944 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
    2009-11-21 08:49 . 2009-09-02 14:39 15880 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
    2009-11-21 08:49 . 2009-09-02 14:39 370744 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
    2009-11-21 08:49 . 2009-09-02 14:39 163728 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
    2009-11-21 08:49 . 2009-09-02 14:39 194104 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Savapibridge.dll
    2009-11-21 08:49 . 2009-09-02 14:39 5908024 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
    2009-11-21 08:49 . 2009-09-02 14:39 327000 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
    2009-11-21 08:49 . 2009-09-02 14:39 87496 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
    2009-11-21 08:49 . 2009-09-02 14:39 933120 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
    2009-11-21 08:48 . 2009-09-23 14:39 641632 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
    2009-11-21 08:48 . 2009-09-02 14:39 816272 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
    2009-11-21 08:48 . 2009-09-02 14:39 822904 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
    2009-11-21 08:48 . 2009-09-02 14:39 1638640 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
    2009-11-21 08:48 . 2009-09-02 14:39 788880 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
    2009-11-21 08:48 . 2009-09-02 14:39 1184912 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
    2009-11-20 23:40 . 2007-08-26 16:38 ——– d—–w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-11-18 18:16 . 2009-09-17 19:15 1 —-a-w- c:\documents and settings\gebruiker\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-11-12 21:44 . 2005-05-14 20:18 ——– d—–w- c:\program files\Java
    2009-11-11 18:51 . 2008-04-22 15:36 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-11 18:50 . 2008-05-28 14:26 4045528 —-a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-11-11 17:03 . 2008-05-24 17:27 333192 —-a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-11-11 17:03 . 2008-05-24 17:27 360584 —-a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-11-11 17:03 . 2008-01-17 19:04 28424 —-a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-11-11 17:03 . 2008-05-24 17:27 12464 —-a-w- c:\windows\system32\avgrsstx.dll
    2009-11-11 17:03 . 2008-05-24 17:27 ——– d—–w- c:\program files\AVG
    2009-10-31 21:57 . 2005-06-07 11:05 ——– d—–w- c:\program files\Winamp
    2009-10-29 22:04 . 2009-02-27 19:52 ——– d—–w- c:\documents and settings\gebruiker\Application Data\BitTorrent
    2009-10-29 21:17 . 2007-05-02 16:12 ——– d—–w- c:\program files\Avanquest update
    2009-10-29 21:15 . 2007-05-02 16:30 92064 —-a-w- c:\documents and settings\gebruiker\mqdmmdm.sys
    2009-10-29 21:15 . 2007-05-02 16:30 79328 —-a-w- c:\documents and settings\gebruiker\mqdmserd.sys
    2009-10-29 21:15 . 2007-05-02 16:30 5936 —-a-w- c:\documents and settings\gebruiker\mqdmwhnt.sys
    2009-10-29 21:15 . 2007-05-02 16:30 9232 —-a-w- c:\documents and settings\gebruiker\mqdmmdfl.sys
    2009-10-29 21:15 . 2007-05-02 16:30 66656 —-a-w- c:\documents and settings\gebruiker\mqdmbus.sys
    2009-10-29 21:15 . 2007-05-02 16:30 6208 —-a-w- c:\documents and settings\gebruiker\mqdmcmnt.sys
    2009-10-29 21:15 . 2007-05-02 16:30 4048 —-a-w- c:\documents and settings\gebruiker\mqdmcr.sys
    2009-10-29 21:15 . 2007-05-02 16:11 25600 —-a-w- c:\documents and settings\gebruiker\usbsermptxp.sys
    2009-10-29 21:15 . 2007-05-02 16:11 22768 —-a-w- c:\documents and settings\gebruiker\usbsermpt.sys
    2009-10-29 19:49 . 2009-10-29 19:49 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2009-10-29 19:49 . 2009-10-29 19:49 0 —ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-10-25 06:05 . 2004-09-15 01:50 91632 —-a-w- c:\windows\system32\perfc013.dat
    2009-10-25 06:05 . 2004-09-15 01:50 511866 —-a-w- c:\windows\system32\perfh013.dat
    2009-10-19 15:49 . 2005-05-11 21:14 79128 —-a-w- c:\documents and settings\gebruiker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-19 15:39 . 2009-10-19 15:39 ——– d—–w- c:\program files\MSECache
    2009-10-13 17:28 . 2009-10-13 17:28 ——– d—–w- c:\program files\Bonjour
    2009-10-13 17:28 . 2009-10-13 17:27 ——– d—–w- c:\program files\QuickTime
    2009-10-13 17:26 . 2008-03-22 16:58 ——– d—–w- c:\program files\Common Files\Apple
    2009-10-11 03:17 . 2009-06-19 14:51 411368 —-a-w- c:\windows\system32\deploytk.dll
    2009-10-02 17:39 . 2009-10-02 17:39 ——– d—–w- c:\program files\Amazon
    2009-09-23 14:39 . 2009-09-23 14:39 17632 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\WSCUpdate.dll
    2009-09-23 14:39 . 2009-09-23 14:39 68640 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\lbd.sys
    2009-09-23 14:39 . 2009-09-23 14:39 303976 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\AAWDriverTool.exe
    2009-09-23 14:39 . 2009-09-02 14:39 640760 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
    2009-09-23 12:55 . 2009-09-02 14:40 64288 —-a-w- c:\windows\system32\drivers\Lbd.sys
    2009-09-14 06:48 . 2008-01-11 18:26 2034 —-a-w- c:\documents and settings\gebruiker\Application Data\SAS7_000.DAT
    2009-09-11 14:20 . 2005-03-01 20:20 136192 —-a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 13:54 . 2008-09-01 03:58 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 13:53 . 2008-05-28 14:26 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-04 21:05 . 2005-03-01 20:19 58880 —-a-w- c:\windows\system32\msasn1.dll
    2009-09-02 14:39 . 2009-09-02 14:39 85352 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
    2009-09-02 14:39 . 2009-09-02 14:39 64160 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
    2009-08-29 08:00 . 2005-03-01 20:21 916480 ——w- c:\windows\system32\wininet.dll
    2009-08-26 08:02 . 2005-03-01 20:20 247326 —-a-w- c:\windows\system32\strmdll.dll
    .

    ((((((((((((((((((((((((((((( SnapShot_2009-11-21_19.17.04 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-11-22 04:52 . 2009-11-22 04:52 16384 c:\windows\temp\Perflib_Perfdata_210.dat
    - 2004-09-14 17:14 . 2009-11-21 08:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2004-09-14 17:14 . 2009-11-21 19:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2004-09-14 17:14 . 2009-11-21 19:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2004-09-14 17:14 . 2009-11-21 08:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-09-02 16:11 . 2009-11-21 19:31 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    - 2009-09-02 16:11 . 2009-11-21 08:51 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2005-08-03 08:33 . 2008-03-20 17:06 1480232 c:\windows\system32\LegitCheckControl.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-10-16 11:12 1119488 —-a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-21 788880]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-12-19 65024]
    "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-11-11 17:03 12464 —-a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^TabUserW.exe.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\TabUserW.exe.lnk
    backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^gebruiker^Menu Start^Programma's^Opstarten^Last.fm Helper.lnk]
    path=c:\documents and settings\gebruiker\Menu Start\Programma's\Opstarten\Last.fm Helper.lnk
    backup=c:\windows\pss\Last.fm Helper.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Soulseek\\slsk.exe"=
    "c:\\Program Files\\DropUpload\\DropUpLoad.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Zapr\\Zapr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    R0 fasttrak;fasttrak;c:\windows\system32\drivers\fasttrak.sys [11-11-2004 16:52 70656]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2-9-2009 15:40 64288]
    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11-11-2004 16:53 77312]
    R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [1-8-2003 13:47 29239]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24-5-2008 18:27 333192]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24-5-2008 18:27 360584]
    R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [6-7-2004 16:06 188416]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11-11-2009 18:03 285392]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24-9-2009 12:17 1184912]
    R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [3-8-2004 10:10 62976]
    S2 Nmpdrv_N;Nmpdrv_N USB Controller Service; [x]
    S3 EMCR;EMCR;c:\windows\system32\drivers\emcr7sk.sys [11-11-2004 16:52 68224]
    S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [31-10-2008 16:11 23096]
    S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [31-10-2008 16:11 3768]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [30-5-2008 16:07 337800]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [21-9-2008 16:06 223128]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21-9-2008 16:00 642560]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-11-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 08:48]

    2009-11-22 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-16 06:39]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
    DPF: {1D185838-009D-47C8-824B-B65B4854430E} - hxxp://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} - hxxp://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\0a42b5n7.Standaardgebruiker\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=nl&t=3|http://www.google.com/search?hl=nl&client=ig&q=weather+Amsterdam
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592
    pCIDetect13.dll
    FF - plugin: c:\program files\Google\Picasa3
    pPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    p-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pbittorrent.dll
    FF - plugin: c:\program files\Virtual Earth 3D
    pVE3D.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-22 06:07
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(696)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3312)
    c:\windows\system32\tabhook.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2009-11-22 06:10
    ComboFix-quarantined-files.txt 2009-11-22 05:10
    ComboFix2.txt 2009-11-22 04:40
    ComboFix3.txt 2009-11-21 21:47
    ComboFix4.txt 2009-11-21 19:20
    ComboFix5.txt 2009-11-22 04:58

    Pre-Run: 14.828.433.408 bytes beschikbaar
    Post-Run: 14.791.208.960 bytes beschikbaar

    - - End Of File - - 2A63DC9947A199AA4231ACD25E3016F5
  • Hallo Diana, ik voeg naar die CD, omdat in je vorige Cobofix log de MBR een rootkit zou bevatten, maar volgenns de laatste Combofixscan is de MBR schoon!
    Ik heb daar overigens geen verklaring voor.

    Hoe gaat het nu met jouw Windows!
  • [quote:86407a93ab="Abraham54"]Hallo Diana, ik voeg naar die CD, omdat in je vorige Cobofix log de MBR een rootkit zou bevatten, maar volgenns de laatste Combofixscan is de MBR schoon!
    Ik heb daar overigens geen verklaaring voor.

    Hoe gaat het nu met jouw Windows![/quote:86407a93ab]
    Het gaat heel goed, ik heb ongeveer zes, zeven keer Combofix laten draaien met tussenpozen en het lijkt erop dat ie steeds meer kon weghalen. Geweldig programma!De eerste keren gaf hij steeds aan dat een rootkit gevonden was en dan startte de computer opnieuw op en begon Combofix opnieuw. Maar de laatste keren gaf hij niet meer aan dat er een rootkit was gevonden. I'm very happy! Ik had ondertussen ook een aantal programma's die ik nooit gebruik verwijderd, misschien dat dat ook geholpen heeft. Ik heb mijn wachtwoord van mijn provider ook gewijzigd en de spam is helemaal opgehouden. (Afkloppen.)
  • Dan zal ik nog een geweldig tool erbij geven, want het is echt niet de bedoeling, dat Combofix je standaard scanner wordt!


    Download, installeer en blijf [b:4824d242f7]MBAM[/b:4824d242f7] gebruiken.
    Al meteen na de installatie wil [b:4824d242f7]MBAM[/b:4824d242f7] zijn database opwaarderen – toestaan dus.
    Ook bij herhaald gebruik: eerst de tab [b:4824d242f7]Update[/b:4824d242f7] aandoen!

    [b:4824d242f7]Download MBAM[/b:4824d242f7]

    Start [b:4824d242f7]MBAM[/b:4824d242f7] en kies voor [b:4824d242f7]Snelle Scan[/b:4824d242f7]


    [b:4824d242f7]N.B.: Vistagebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:4824d242f7]



    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik dan op de knop [b:4824d242f7]OK[/b:4824d242f7] , daarna op de knop [b:4824d242f7]Bekijk Resultaten[/b:4824d242f7] om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klikken op: [b:4824d242f7]Verwijder geselecteerde[/b:4824d242f7] .
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    Het log wordt automatisch bewaard door [b:4824d242f7]MBAM[/b:4824d242f7] en dat kan je terugvinden door op de tab [b:4824d242f7]Logs[/b:4824d242f7] te klikken in [b:4824d242f7]MBAM[/b:4824d242f7] .

    Indien [b:4824d242f7]MBAM[/b:4824d242f7] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:4824d242f7]OK[/b:4824d242f7] klikken!
    Daarna zal [b:4824d242f7]MBAM[/b:4824d242f7] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.



    Hierna een nieuw Hijack This Log aanmaken en het resultaat daarvan samen met het scanresultaat van MBAM posten;
    tevens een Uninstall-lijst posten (Start HijackThis, klik op de knop [b:4824d242f7]Open the Misc Tools section[/b:4824d242f7], dan op de knop [b:4824d242f7]Open Uninstall Manager[/b:4824d242f7] en als laatse op de knop [b:4824d242f7]Save[/b:4824d242f7]).
  • [quote:e76e237261="Abraham54"]Dan zal ik nog een geweldig tool erbij geven, want het is echt niet de bedoeling, dat Combofix je standaard scanner wordt!


    Download, installeer en blijf [b:e76e237261]MBAM[/b:e76e237261] gebruiken.
    Al meteen na de installatie wil [b:e76e237261]MBAM[/b:e76e237261] zijn database opwaarderen – toestaan dus.
    Ook bij herhaald gebruik: eerst de tab [b:e76e237261]Update[/b:e76e237261] aandoen!

    [b:e76e237261]Download MBAM[/b:e76e237261]

    Start [b:e76e237261]MBAM[/b:e76e237261] en kies voor [b:e76e237261]Snelle Scan[/b:e76e237261]

    [b:e76e237261]N.B.: Vistagebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:e76e237261]

    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik dan op de knop [b:e76e237261]OK[/b:e76e237261] , daarna op de knop [b:e76e237261]Bekijk Resultaten[/b:e76e237261] om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klikken op: [b:e76e237261]Verwijder geselecteerde[/b:e76e237261] .
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    Het log wordt automatisch bewaard door [b:e76e237261]MBAM[/b:e76e237261] en dat kan je terugvinden door op de tab [b:e76e237261]Logs[/b:e76e237261] te klikken in [b:e76e237261]MBAM[/b:e76e237261] .

    Indien [b:e76e237261]MBAM[/b:e76e237261] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:e76e237261]OK[/b:e76e237261] klikken!
    Daarna zal [b:e76e237261]MBAM[/b:e76e237261] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.



    Hierna een nieuw Hijack This Log aanmaken en het resultaat daarvan samen met het scanresultaat van MBAM posten;
    tevens een Uninstall-lijst posten (Start HijackThis, klik op de knop [b:e76e237261]Open the Misc Tools section[/b:e76e237261], dan op de knop [b:e76e237261]Open Uninstall Manager[/b:e76e237261] en als laatse op de knop [b:e76e237261]Save[/b:e76e237261]).[/quote:e76e237261]


    Malwarebytes héb ik al als standaardprogramma, maar die kon niet wat Combofix kan. Overigens zie ik het risico van Combofix wel in, maar ik heb er al langer ervaring mee, je moet gewoon goed opletten wat je doet.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.