Vraag & Antwoord

Beveiliging & privacy

trojan horse terug

Anoniem
None
12 antwoorden
 • ik had een tijd geleden last van een trojan horse maar heb die met jullie hulp kunnen verwijderen. mijn computer is de laatste tijd weer erg traag en ik heb de computer dus opnieuw gescanned. hij vond weer een trojan horse.
  eerst een vraagje vooraf: kan ik avg free edition 8 gebruiken? ik las een tijd geleden namelijk dat er nogal grote fouten in dat programma zaten.

  hier is mijn hijack logje:
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 12:14:12, on 14-2-2009
  Platform: Windows Vista SP1 (WinNT 6.00.1905)
  MSIE: Internet Explorer v7.00 (7.00.6001.18000)
  Boot mode: Normal

  Running processes:
  C:\Windows\system32\Dwm.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Windows\RtHDVCpl.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
  C:\Program Files\Packard Bell\FIJI\ABoard.exe
  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\Program Files\Packard Bell\FIJI\AOSD.exe
  C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
  C:\Windows\V0230Mon.exe
  C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\AGEIA Technologies\TrayIcon.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Electronic Arts\EADM\Core.exe
  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\ProgramData\U3\U3Launcher\LaunchU3.exe
  C:\Windows\System32\mobsync.exe
  C:\Program Files\Common Files\Teleca Shared\Generic.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
  C:\Program Files\AVG\AVG8\avgtray.exe
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  C:\Windows\system32\SearchFilterHost.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
  O1 - Hosts: ::1 localhost
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
  O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
  O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
  O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
  O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
  O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
  O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
  O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEEM')
  O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
  O4 - Startup: LaunchU3.exe.lnk = ?
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O13 - Gopher Prefix:
  O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
  O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O20 - AppInit_DLLs: avgrsstx.dll
  O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
  O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
  O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
  O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


  End of file - 10683 bytes
 • Start hijackthis en kies voor 'do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:

  [b:4c1cfa1780]R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
  O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:4c1cfa1780]

  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.  Download [b:4c1cfa1780] en sla het op je bureaublad op.
  Dubbelklik op [b:4c1cfa1780]mbam-setup.exe[/b:4c1cfa1780] om het programma te installeren.

  Zorg dat er na de installatie een vinkje is geplaatst bij:[list:4c1cfa1780]
  [*:4c1cfa1780]Update MalwareBytes' Anti-Malware
  [*:4c1cfa1780]Start MalwareBytes' Anti-Malware
  [/list:u:4c1cfa1780]Klik daarna op "[b:4c1cfa1780]Voltooien[/b:4c1cfa1780]".
  Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:4c1cfa1780]
  [*:4c1cfa1780]Zodra het programma gestart is, ga dan naar het tabblad "[b:4c1cfa1780]Instellingen[/b:4c1cfa1780]".
  [*:4c1cfa1780]Vink hier aan: "[b:4c1cfa1780]Sluit Internet Explorer tijdens verwijdering van malware[/b:4c1cfa1780]".
  [*:4c1cfa1780]Ga daarna naar het tabblad "[b:4c1cfa1780]Scanner[/b:4c1cfa1780]", kies hier voor "[b:4c1cfa1780]Snelle Scan[/b:4c1cfa1780]".
  [*:4c1cfa1780]Druk vervolgens op "[b:4c1cfa1780]Scannen[/b:4c1cfa1780]" om de scan te starten.
  [*:4c1cfa1780]Het scannen kan een tijdje duren, dus wees geduldig.

  [*:4c1cfa1780]Wanneer de scan voltooid is, klik op [b:4c1cfa1780]OK[/b:4c1cfa1780], daarna "[b:4c1cfa1780]Bekijk Resultaten[/b:4c1cfa1780]" om de resultaten te zien.
  [*:4c1cfa1780]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:4c1cfa1780]Verwijder geselecteerde[/b:4c1cfa1780]".
  [*:4c1cfa1780]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  [/list:u:4c1cfa1780]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:4c1cfa1780]Logs[/b:4c1cfa1780]" tab te klikken in het programma.

  Plaats dit logje samen met een nieuw logje van HijackThis  Download [b:4c1cfa1780] naar je Bureaublad en gebruik het volgens deze handleiding.
  [i:4c1cfa1780]
 • ik heb een probleem…als ik combofix wil starten, geeft ie aan dat ik AVG eerst moet afsluiten. nu heb ik me kapot gezocht, maar er staat nergens hoe je AVG kan uitzetten…enig idee hoe ik dit doe?

  heb et al gevonden
 • Zou je dan de gevraagde logs willen plaatsen?
 • de 3 logjes

  hijackthis:
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 13:34:50, on 14-2-2009
  Platform: Windows Vista SP1 (WinNT 6.00.1905)
  MSIE: Internet Explorer v7.00 (7.00.6001.18000)
  Boot mode: Normal

  Running processes:
  C:\Windows\system32\Dwm.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\Explorer.EXE
  C:\Windows\RtHDVCpl.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
  C:\Program Files\Packard Bell\FIJI\ABoard.exe
  C:\Program Files\Packard Bell\FIJI\AOSD.exe
  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
  C:\Windows\V0230Mon.exe
  C:\Program Files\AVG\AVG8\avgtray.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\AGEIA Technologies\TrayIcon.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Electronic Arts\EADM\Core.exe
  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Windows\ehome\ehmsas.exe
  C:\ProgramData\U3\U3Launcher\LaunchU3.exe
  C:\Windows\System32\mobsync.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  O1 - Hosts: ::1 localhost
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
  O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
  O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
  O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
  O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
  O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
  O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEEM')
  O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
  O4 - Startup: LaunchU3.exe.lnk = ?
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O13 - Gopher Prefix:
  O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
  O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O20 - AppInit_DLLs: avgrsstx.dll
  O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
  O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
  O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
  O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


  End of file - 9610 bytes


  malware:
  Malwarebytes' Anti-Malware 1.25
  Database versie: 1062
  Windows 6.0.6001 Service Pack 1

  21:38:09 2-1-2009
  mbam-log-01-02-2009 (21-38-09).txt

  Scan type: Snelle Scan
  Objecten gescand: 1
  Verstreken tijd: 4 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 0
  Registerwaarden geïnfecteerd: 0
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 0

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)


  combofix:
  ComboFix 09-02-12.03 - beheer 2009-02-14 13:23:09.2 - NTFSx86
  Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2046.1192 [GMT 1:00]
  Gestart vanuit: c:\users\beheer\Desktop\ComboFix.exe
  AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((( Bestanden Gemaakt van 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))
  .

  2009-02-14 12:47 . 2009-02-14 12:47 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
  2009-02-14 12:47 . 2009-02-11 10:19 38,496 –a—— c:\windows\System32\drivers\mbamswissarmy.sys
  2009-02-14 12:47 . 2009-02-11 10:19 15,504 –a—— c:\windows\System32\drivers\mbam.sys
  2009-02-12 15:06 . 2009-01-15 04:36 1,383,424 –a—— c:\windows\System32\mshtml.tlb
  2009-02-12 15:06 . 2009-01-15 07:11 827,392 –a—— c:\windows\System32\wininet.dll
  2009-02-08 14:07 . 2009-02-08 14:07 <DIR> d——– c:\windows\Watson
  2009-01-31 14:13 . 2009-01-31 14:13 10,520 –a—— c:\windows\System32\avgrsstx.dll
  2009-01-28 02:39 . 2009-01-28 02:39 <DIR> d——– c:\users\beheer\AppData\Roaming\PeerNetworking
  2009-01-15 11:25 . 2009-01-15 11:25 0 –a—— c:\windows\System32\msexcr.ini
  2009-01-14 13:03 . 2008-12-16 03:42 288,768 –a—— c:\windows\System32\drivers\srv.sys

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2009-02-13 14:55 ——— d—–w c:\programdata\Microsoft Help
  2009-02-13 14:54 ——— d—–w c:\program files\Windows Mail
  2009-02-08 16:03 ——— d—–w c:\program files\Messenger Plus! Live
  2009-02-08 13:07 ——— d—–w c:\program files\Microsoft Games
  2009-02-08 11:31 ——— d—–w c:\program files\Steam
  2009-02-08 11:29 ——— d—–w c:\program files\Common Files\Steam
  2009-01-31 18:05 ——— d—–w c:\users\beheer\AppData\Roaming\uTorrent
  2009-01-31 17:41 ——— d—–w c:\users\beheer\AppData\Roaming\Tibia
  2009-01-31 13:13 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
  2009-01-31 13:10 ——— d—–w c:\programdata\avg8
  2009-01-24 22:13 ——— d—–w c:\program files\Spybot - Search & Destroy
  2009-01-23 23:33 ——— d—–w c:\users\beheer\AppData\Roaming\Packard Bell
  2009-01-17 13:53 ——— d—–w c:\program files\DVD Decrypter
  2009-01-11 12:47 ——— d—–w c:\program files\GameSpy Arcade
  2009-01-11 12:46 ——— d–h–w c:\program files\InstallShield Installation Information
  2009-01-11 12:46 ——— d—–w c:\program files\Infogrames
  2009-01-09 13:24 ——— d—–w c:\programdata\Electronic Arts
  2009-01-08 19:23 ——— d—–w c:\users\beheer\AppData\Roaming\U3
  2009-01-07 10:05 ——— d—–w c:\programdata\U3
  2009-01-04 17:34 421,888 —-a-w c:\windows\NEXON_EU_DownloaderUpdater.exe
  2009-01-03 20:22 ——— d—–w c:\program files\NEXON
  2009-01-02 20:39 ——— d—–w c:\users\beheer\AppData\Roaming\Red Kawa
  2009-01-02 20:38 ——— d—–w c:\program files\Red Kawa
  2009-01-02 20:38 ——— d—–w c:\program files\AviSynth 2.5
  2009-01-02 16:12 ——— d—–w c:\users\beheer\AppData\Roaming\Apple Computer
  2009-01-01 15:07 ——— d—–w c:\program files\DAEMON Tools Lite
  2009-01-01 13:06 ——— d—a-w c:\programdata\TEMP
  2008-12-26 15:18 ——— d—–w c:\program files\Common Files\INCA Shared
  2008-12-26 14:48 ——— d—–w c:\program files\Triggersoft
  2008-12-26 14:45 ——— d—–w c:\users\beheer\AppData\Roaming\DAEMON Tools Pro
  2008-12-26 14:45 ——— d—–w c:\users\beheer\AppData\Roaming\DAEMON Tools Lite
  2008-12-26 14:45 ——— d—–w c:\users\beheer\AppData\Roaming\DAEMON Tools
  2008-12-24 09:02 ——— d—–w c:\programdata\DAEMON Tools Lite
  2008-12-22 10:32 ——— d—–w c:\program files\Common Files\Adobe
  2008-12-03 16:38 410,984 —-a-w c:\windows\System32\deploytk.dll
  2008-11-03 11:35 22,328 —-a-w c:\users\beheer\AppData\Roaming\PnkBstrK.sys
  2008-06-10 11:37 174 –sha-w c:\program files\desktop.ini
  2007-09-19 06:57 65,536 –sha-w c:\windows\oem\mp\boot\bootstat.dat
  .

  ((((((((((((((((((((((((((((( snapshot@2008-05-13_23.20.32,61 )))))))))))))))))))))))))))))))))))))))))
  .
  - 2008-04-19 09:50:50 2,144,256 —-a-w c:\windows\AppPatch\AcGenral.dll
  + 2008-11-01 03:44:34 2,154,496 —-a-w c:\windows\AppPatch\AcGenral.dll
  - 2008-04-19 09:50:50 537,600 —-a-w c:\windows\AppPatch\AcLayers.dll
  + 2008-11-01 03:44:34 541,696 —-a-w c:\windows\AppPatch\AcLayers.dll
  - 2006-11-02 09:46:02 237,568 —-a-w c:\windows\AppPatch\AcRedir.dll
  + 2008-01-19 07:33:41 237,568 —-a-w c:\windows\AppPatch\AcRedir.dll
  - 2008-04-19 09:50:51 2,560 —-a-w c:\windows\AppPatch\AcRes.dll
  + 2008-03-08 01:58:43 2,560 —-a-w c:\windows\AppPatch\AcRes.dll
  - 2008-04-19 09:50:50 449,536 —-a-w c:\windows\AppPatch\AcSpecfc.dll
  + 2008-11-01 03:44:34 460,288 —-a-w c:\windows\AppPatch\AcSpecfc.dll
  - 2008-04-19 09:50:50 173,056 —-a-w c:\windows\AppPatch\AcXtrnal.dll
  + 2008-11-01 03:44:34 173,056 —-a-w c:\windows\AppPatch\AcXtrnal.dll
  - 2006-11-02 09:46:02 40,960 —-a-w c:\windows\AppPatch\apihex86.dll
  + 2008-01-19 07:33:43 40,960 —-a-w c:\windows\AppPatch\apihex86.dll
  - 2008-04-19 09:47:55 52,736 —-a-w c:\windows\AppPatch\iebrshim.dll
  + 2008-11-01 03:44:36 52,736 —-a-w c:\windows\AppPatch\iebrshim.dll
  + 2008-11-22 13:01:34 53,248 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
  + 2008-11-22 13:01:34 12,800 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
  + 2008-11-22 13:01:34 473,600 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
  + 2008-11-22 13:01:27 2,676,224 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2008-11-22 13:01:28 2,846,720 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2008-11-22 13:01:29 563,712 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2008-11-22 13:01:29 567,296 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2008-11-22 13:01:30 576,000 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2008-11-22 13:01:30 577,024 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2008-11-22 13:01:31 577,536 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2008-11-22 13:01:32 577,536 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2008-11-22 13:01:32 578,560 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2008-11-22 13:01:35 578,560 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
  + 2008-11-22 13:01:35 145,920 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
  + 2008-11-22 13:01:36 159,232 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
  + 2008-11-22 13:01:36 364,544 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
  + 2008-11-22 13:01:37 178,176 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
  + 2008-11-22 13:01:34 223,232 —-a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
  - 2008-05-07 20:44:43 248,632 —-a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
  + 2008-08-16 08:31:02 250,928 —-a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
  - 2008-05-07 20:44:43 781,104 —-a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
  + 2008-07-10 12:07:03 783,744 —-a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
  - 2006-11-02 12:35:32 143,360 —-a-w c:\windows\assembly\GAC_32\BDATunePIA\6.0.6000.0__31bf3856ad364e35\BDATunePIA.dll
  + 2008-01-19 07:38:12 144,384 —-a-w c:\windows\assembly\GAC_32\BDATunePIA\6.0.6000.0__31bf3856ad364e35\BDATunePIA.dll
  - 2006-10-20 01:13:56 69,120 —-a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
  + 2008-01-05 11:26:08 69,120 —-a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
  - 2006-10-20 01:14:03 72,192 —-a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
  + 2008-01-05 11:26:17 72,192 —-a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
  - 2006-11-02 12:35:34 77,824 —-a-w c:\windows\assembly\GAC_32\mcstoredb\6.0.6000.0__31bf3856ad364e35\mcstoredb.dll
  + 2008-01-19 07:38:31 78,336 —-a-w c:\windows\assembly\GAC_32\mcstoredb\6.0.6000.0__31bf3856ad364e35\mcstoredb.dll
  - 2006-11-02 12:35:33 136,192 —-a-w c:\windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
  + 2008-08-05 09:51:47 140,288 —-a-w c:\windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
  - 2006-11-02 12:35:33 105,472 —-a-w c:\windows\assembly\GAC_32\Mcx2Dvcs\6.0.6000.0__31bf3856ad364e35\Mcx2Dvcs.dll
  + 2008-01-19 07:38:32 106,496 —-a-w c:\windows\assembly\GAC_32\Mcx2Dvcs\6.0.6000.0__31bf3856ad364e35\Mcx2Dvcs.dll
  - 2006-11-02 12:35:24 507,904 —-a-w c:\windows\assembly\GAC_32\Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Microsoft.Ink.dll
  + 2008-01-19 07:38:34 507,904 —-a-w c:\windows\assembly\GAC_32\Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Microsoft.Ink.dll
  - 2008-05-07 20:45:20 118,112 —-a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
  + 2008-07-10 12:07:09 120,408 —-a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
  - 2006-11-02 12:36:03 151,552 —-a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
  + 2008-01-05 11:21:39 151,552 —-a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
  - 2006-10-20 01:14:15 4,366,336 —-a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
  + 2008-01-05 11:26:32 4,444,160 —-a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
  - 2006-11-02 09:47:03 39,936 —-a-w c:\windows\assembly\GAC_32\napcrypt\6.0.0.0__31bf3856ad364e35\NAPCRYPT.DLL
  + 2008-01-19 07:38:44 46,080 —-a-w c:\windows\assembly\GAC_32\napcrypt\6.0.0.0__31bf3856ad364e35\NAPCRYPT.DLL
  - 2006-11-02 09:47:03 98,816 —-a-w c:\windows\assembly\GAC_32\naphlpr\6.0.0.0__31bf3856ad364e35\NAPHLPR.DLL
  + 2008-01-19 07:38:45 103,936 —-a-w c:\windows\assembly\GAC_32\naphlpr\6.0.0.0__31bf3856ad364e35\NAPHLPR.DLL
  - 2006-11-02 12:36:01 3,915,264 —-a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
  + 2008-01-05 11:21:53 4,174,336 —-a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
  - 2006-10-20 01:14:47 482,304 —-a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
  + 2008-01-05 11:26:54 483,840 —-a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
  - 2006-10-20 01:14:47 2,894,336 —-a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
  + 2008-01-05 11:26:54 3,036,160 —-a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
  - 2006-10-20 01:14:51 258,048 —-a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
  + 2008-01-05 11:26:55 258,048 —-a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
  - 2006-11-02 06:34:22 114,176 —-a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
  + 2008-01-19 03:22:55 113,664 —-a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
  - 2006-11-02 12:36:01 344,064 —-a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
  + 2008-01-05 11:21:55 346,624 —-a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
  - 2006-10-20 01:14:53 260,096 —-a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
  + 2008-01-05 11:26:59 261,120 —-a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
  - 2008-04-19 09:55:23 5,156,864 —-a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
  + 2008-01-05 11:26:59 5,431,296 —-a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
  - 2006-10-20 01:13:37 10,752 —-a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
  + 2008-01-05 11:25:52 10,752 —-a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
  - 2007-09-19 06:59:14 315,392 —-a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_nl_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
  + 2008-01-06 06:56:43 315,392 —-a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_nl_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
  - 2006-10-20 01:13:41 503,808 —-a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
  + 2008-01-05 11:25:59 507,904 —-a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
  - 2006-11-02 12:36:03 159,744 —-a-w c:\windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
  + 2008-01-05 11:21:39 159,744 —-a-w c:\windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
  - 2006-10-20 01:13:56 13,312 —-a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
  + 2008-01-05 11:26:08 13,312 —-a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
  - 2006-10-20 01:13:57 5,120 —-a-w c:\windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
  + 2008-01-05 11:26:11 5,120 —-a-w c:\windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
  - 2008-04-19 09:44:40 864,256 —-a-w c:\windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll
  + 2008-01-19 07:38:16 827,392 —-a-w c:\windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll
  - 2006-11-02 12:35:28 139,264 —-a-w c:\windows\assembly\GAC_MSIL\ehepgdat\6.0.6000.0__31bf3856ad364e35\ehepgdat.dll
  + 2008-01-19 07:38:16 139,264 —-a-w c:\windows\assembly\GAC_MSIL\ehepgdat\6.0.6000.0__31bf3856ad364e35\ehepgdat.dll
  - 2008-04-19 09:44:35 135,168 —-a-w c:\windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe
  + 2008-01-19 07:38:17 131,072 —-a-w c:\windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe
  - 2008-04-19 09:44:40 77,824 —-a-w c:\windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll
  + 2006-11-02 12:35:28 77,824 —-a-w c:\windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll
  - 2006-11-02 12:35:32 401,408 —-a-w c:\windows\assembly\GAC_MSIL\ehiProxy\6.0.6000.0__31bf3856ad364e35\ehiProxy.dll
  + 2008-01-19 07:38:18 401,408 —-a-w c:\windows\assembly\GAC_MSIL\ehiProxy\6.0.6000.0__31bf3856ad364e35\ehiProxy.dll
  - 2006-11-02 12:35:30 19,456 —-a-w c:\windows\assembly\GAC_MSIL\ehiReplay\6.0.6000.0__31bf3856ad364e35\ehiReplay.dll
  + 2008-01-19 07:38:18 19,456 —-a-w c:\windows\assembly\GAC_MSIL\ehiReplay\6.0.6000.0__31bf3856ad364e35\ehiReplay.dll
  - 2006-11-02 12:35:32 307,200 —-a-w c:\windows\assembly\GAC_MSIL\ehiVidCtl\6.0.6000.0__31bf3856ad364e35\ehiVidCtl.dll
  + 2008-01-19 07:38:19 307,200 —-a-w c:\windows\assembly\GAC_MSIL\ehiVidCtl\6.0.6000.0__31bf3856ad364e35\ehiVidCtl.dll
  - 2006-11-02 12:35:34 143,360 —-a-w c:\windows\assembly\GAC_MSIL\ehiwmp\6.0.6000.0__31bf3856ad364e35\ehiwmp.dll
  + 2008-01-19 07:38:19 143,360 —-a-w c:\windows\assembly\GAC_MSIL\ehiwmp\6.0.6000.0__31bf3856ad364e35\ehiwmp.dll
  - 2006-11-02 12:35:29 520,192 —-a-w c:\windows\assembly\GAC_MSIL\ehRecObj\6.0.6000.0__31bf3856ad364e35\ehRecObj.dll
  + 2008-01-19 07:38:19 520,192 —-a-w c:\windows\assembly\GAC_MSIL\ehRecObj\6.0.6000.0__31bf3856ad364e35\ehRecObj.dll
  - 2008-04-19 09:44:35 4,370,432 —-a-w c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
  + 2008-08-05 09:51:30 4,046,848 —-a-w c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
  - 2007-09-19 06:59:06 9,216 —-a-w c:\windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_nl_31bf3856ad364e35\EventViewer.resources.dll
  + 2008-01-19 11:11:47 9,216 —-a-w c:\windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_nl_31bf3856ad364e35\EventViewer.resources.dll
  - 2006-11-02 09:46:54 364,544 —-a-w c:\windows\assembly\GAC_MSIL\EventViewer\6.0.0.0__31bf3856ad364e35\EventViewer.dll
  + 2008-01-19 07:38:21 364,544 —-a-w c:\windows\assembly\GAC_MSIL\EventViewer\6.0.0.0__31bf3856ad364e35\EventViewer.dll
  - 2006-10-20 01:14:02 8,192 —-a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
  + 2008-01-05 11:26:12 8,192 —-a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
  - 2006-10-20 01:14:02 36,864 —-a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
  + 2008-01-05 11:26:12 77,824 —-a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
  - 2006-10-20 01:14:02 5,632 —-a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
  + 2008-01-05 11:26:13 6,656 —-a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
  - 2006-11-02 12:35:29 200,704 —-a-w c:\windows\assembly\GAC_MSIL\mcstore\6.0.6000.0__31bf3856ad364e35\mcstore.dll
  + 2008-01-19 07:38:31 176,128 —-a-w c:\windows\assembly\GAC_MSIL\mcstore\6.0.6000.0__31bf3856ad364e35\mcstore.dll
  - 2007-09-19 06:59:30 53,248 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
  + 2008-01-06 06:56:45 53,248 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
  - 2006-10-20 01:14:03 413,696 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
  + 2008-01-05 11:26:17 348,160 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
  - 2006-10-20 01:14:03 36,864 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
  + 2008-01-05 11:26:17 36,864 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
  - 2007-09-19 06:59:30 135,168 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
  + 2008-01-06 06:56:45 139,264 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
  - 2006-10-20 01:14:03 647,168 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
  + 2008-01-05 11:26:17 655,360 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
  - 2007-09-19 06:59:14 10,240 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.resources\2.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
  + 2008-01-06 06:56:48 10,240 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.resources\2.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
  - 2006-10-20 01:14:04 73,728 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
  + 2008-01-05 11:26:17 77,824 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
  - 2007-09-19 06:59:07 45,056 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.JScript.resources.dll
  + 2008-01-06 06:56:48 45,056 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.JScript.resources.dll
  - 2006-10-20 01:14:04 749,568 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
  + 2008-01-05 11:26:19 749,568 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
  - 2006-11-02 09:47:01 245,760 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
  + 2008-01-19 07:38:35 188,416 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
  - 2008-04-19 09:44:35 1,196,032 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
  + 2008-01-19 07:38:36 1,241,088 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
  - 2006-11-02 12:35:33 167,936 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
  + 2008-01-19 07:38:36 167,936 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
  - 2008-04-19 09:44:35 2,342,912 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
  + 2008-08-05 09:51:56 1,957,888 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
  - 2008-04-19 09:44:35 217,088 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
  + 2008-01-19 07:38:35 204,800 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
  - 2008-05-07 20:45:20 609,104 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
  + 2008-07-10 12:07:09 611,392 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
  - 2007-09-19 06:59:35 28,672 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\3.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
  + 2008-01-06 06:56:58 28,672 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\3.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
  - 2006-11-02 12:36:03 352,256 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
  + 2008-01-05 11:21:39 397,312 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
  - 2007-09-19 06:59:11 9,216 —-a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
  + 2008-01-06 06:56:43 9,216 —-a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
  - 2006-10-20 01:14:05 110,592 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
  + 2008-01-05 11:26:19 110,592 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
  - 2007-09-19 06:59:31 9,216 —-a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
  + 2008-01-06 06:56:43 9,216 —-a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
  - 2006-10-20 01:14:05 372,736 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
  + 2008-01-05 11:26:23 372,736 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
  - 2007-09-19 06:59:13 57,344 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
  + 2008-01-06 06:56:52 57,344 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
  - 2006-10-20 01:14:05 28,672 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
  + 2008-01-05 11:26:23 28,672 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
  - 2006-10-20 01:14:05 667,648 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
  + 2008-01-05 11:26:23 671,744 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
  - 2006-10-20 01:14:05 12,800 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
  + 2008-01-05 11:26:24 12,800 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
  - 2006-10-20 01:14:05 32,768 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
  + 2008-01-05 11:26:23 32,768 —-a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
  - 2007-09-19 06:59:30 1,392,640 —-a-w c:\windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_nl_31bf3856ad364e35\MIGUIControls.resources.dll
  + 2008-01-19 11:11:54 1,503,232 —-a-w c:\windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_nl_31bf3856ad364e35\MIGUIControls.resources.dll
  - 2006-11-02 09:47:03 3,100,672 —-a-w c:\windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
  + 2008-01-19 07:38:41 3,371,008 —-a-w c:\windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
  - 2006-11-02 09:47:03 413,696 —-a-w c:\windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
  + 2008-01-19 07:38:41 417,792 —-a-w c:\windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
  - 2007-09-19 06:59:30 4,608 —-a-w c:\windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_nl_31bf3856ad364e35\MMCFxCommon.Resources.dll
  + 2008-01-19 11:11:54 4,608 —-a-w c:\windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_nl_31bf3856ad364e35\MMCFxCommon.Resources.dll
  - 2007-09-19 06:59:14 303,104 —-a-w c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
  + 2008-01-06 06:56:52 303,104 —-a-w c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
  - 2007-09-19 06:59:07 40,960 —-a-w c:\windows\assembly\GAC_MSIL\napinit.resources\6.0.0.0_nl_31bf3856ad364e35\napinit.Resources.dll
  + 2008-01-19 11:11:55 40,960 —-a-w c:\windows\assembly\GAC_MSIL\napinit.resources\6.0.0.0_nl_31bf3856ad364e35\napinit.Resources.dll
  - 2006-11-02 09:47:03 65,536 —-a-w c:\windows\assembly\GAC_MSIL\napinit\6.0.0.0__31bf3856ad364e35\NAPINIT.DLL
  + 2008-01-19 07:38:45 65,536 —-a-w c:\windows\assembly\GAC_MSIL\napinit\6.0.0.0__31bf3856ad364e35\NAPINIT.DLL
  - 2007-09-19 06:59:11 245,760 —-a-w c:\windows\assembly\GAC_MSIL\napsnap.resources\6.0.0.0_nl_31bf3856ad364e35\napsnap.resources.dll
  + 2008-01-19 11:11:55 245,760 —-a-w c:\windows\assembly\GAC_MSIL\napsnap.resources\6.0.0.0_nl_31bf3856ad364e35\napsnap.resources.dll
  - 2006-11-02 09:47:04 458,752 —-a-w c:\windows\assembly\GAC_MSIL\napsnap\6.0.0.0__31bf3856ad364e35\NAPSNAP.DLL
  + 2008-01-19 07:38:45 458,752 —-a-w c:\windows\assembly\GAC_MSIL\napsnap\6.0.0.0__31bf3856ad364e35\NAPSNAP.DLL
  - 2006-11-02 12:36:00 593,920 —-a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
  + 2008-01-05 11:21:52 602,112 —-a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
  - 2006-11-02 12:36:00 32,768 —-a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
  + 2008-01-05 11:21:52 32,768 —-a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
  - 2006-11-02 12:36:01 36,864 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
  + 2008-01-05 11:21:53 36,864 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
  - 2006-11-02 12:36:01 184,320 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
  + 2008-01-05 11:21:53 184,320 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
  - 2006-11-02 12:36:01 126,976 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
  + 2008-01-05 11:21:53 131,072 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
  - 2006-11-02 12:36:01 376,832 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
  + 2008-01-05 11:21:53 376,832 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
  - 2006-11-02 12:36:01 151,552 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
  + 2008-01-05 11:21:54 151,552 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
  - 2006-11-02 12:36:01 4,972,544 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
  + 2008-01-05 11:21:53 5,210,112 —-a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
  - 2006-11-02 12:36:00 897,024 —-a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
  + 2008-01-05 11:21:55 897,024 —-a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
  - 2006-11-02 12:36:00 528,384 —-a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
  + 2008-01-05 11:21:55 528,384 —-a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
  - 2006-11-02 12:36:03 61,440 —-a-w c:\windows\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a\ServiceModelReg.exe
  + 2008-01-05 11:21:39 61,440 —-a-w c:\windows\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a\ServiceModelReg.exe
  - 2006-11-02 12:36:03 94,208 —-a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
  + 2008-01-05 11:21:39 102,400 —-a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
  - 2006-11-02 12:36:02 122,880 —-a-w c:\windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
  + 2008-01-05 11:21:39 122,880 —-a-w c:\windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
  - 2007-09-19 06:59:11 10,752 —-a-w c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_nl_b03f5f7f11d50a3a\sysglobl.resources.dll
  + 2008-01-06 06:56:55 10,752 —-a-w c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_nl_b03f5f7f11d50a3a\sysglobl.resources.dll
  - 2006-10-20 01:14:46 110,592 —-a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
  + 2008-01-05 11:26:54 110,592 —-a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
  - 2007-09-19 06:59:06 28,672 —-a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Configuration.Install.resources.dll
  + 2008-01-06 06:56:55 28,672 —-a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Configuration.Install.resources.dll
  - 2006-10-20 01:14:46 81,920 —-a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
  + 2008-01-05 11:26:54 81,920 —-a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
  - 2007-09-19 06:59:05 49,152 —-a-w c:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Configuration.resources.dll
  + 2008-01-06 06:56:55 49,152 —-a-w c:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Configuration.resources.dll
  - 2006-10-20 01:14:46 413,696 —-a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
  + 2008-01-05 11:26:54 425,984 —-a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
  - 2007-09-19 06:59:30 110,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_nl_b77a5c561934e089\System.Data.OracleClient.resources.dll
  + 2008-01-06 06:56:55 110,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_nl_b77a5c561934e089\System.Data.OracleClient.resources.dll
  - 2007-09-19 06:59:05 331,776 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_nl_b77a5c561934e089\System.Data.resources.dll
  + 2008-01-06 06:56:55 344,064 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_nl_b77a5c561934e089\System.Data.resources.dll
  - 2007-09-19 06:59:11 36,864 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_nl_b77a5c561934e089\system.data.sqlxml.resources.dll
  + 2008-01-06 06:56:55 36,864 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_nl_b77a5c561934e089\system.data.sqlxml.resources.dll
  - 2006-10-20 01:14:48 716,800 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
  + 2008-01-05 11:26:55 741,376 —-a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
  - 2007-09-19 06:59:07 380,928 —-a-w c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Deployment.resources.dll
  + 2008-01-06 06:56:55 385,024 —-a-w c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Deployment.resources.dll
  - 2006-10-20 01:14:49 888,832 —-a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
  + 2008-01-05 11:26:55 933,888 —-a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
  - 2007-09-19 06:59:00 540,672 —-a-w c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Design.resources.dll
  + 2008-01-06 06:56:55 540,672 —-a-w c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Design.resources.dll
  - 2006-10-20 01:14:49 5,050,368 —-a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
  + 2008-01-05 11:26:55 5,070,848 —-a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
  - 2007-09-19 06:59:13 28,672 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
  + 2008-01-06 06:56:55 28,672 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
  - 2006-10-20 01:14:50 188,416 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
  + 2008-01-05 11:26:55 188,416 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
  - 2007-09-19 06:59:16 40,960 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.DirectoryServices.resources.dll
  + 2008-01-06 06:56:55 40,960 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.DirectoryServices.resources.dll
  - 2006-10-20 01:14:50 397,312 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
  + 2008-01-05 11:26:55 401,408 —-a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
  - 2007-09-19 06:59:15 6,144 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Drawing.Design.resources.dll
  + 2008-01-06 06:56:55 6,144 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Drawing.Design.resources.dll
  - 2006-10-20 01:14:51 81,920 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
  + 2008-01-05 11:26:55 81,920 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
  - 2007-09-19 06:59:06 24,576 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Drawing.resources.dll
  + 2008-01-06 06:56:55 24,576 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Drawing.resources.dll
  - 2006-10-20 01:14:51 704,512 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
  + 2008-01-05 11:26:55 630,784 —-a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
  - 2007-09-19 06:59:04 32,768 —-a-w c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.EnterpriseServices.resources.dll
  + 2008-01-06 06:56:55 32,768 —-a-w c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.EnterpriseServices.resources.dll
  - 2007-09-19 06:59:35 61,440 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.resources\3.0.0.0_nl_b77a5c561934e089\System.IdentityModel.Resources.dll
  + 2008-01-06 06:56:58 61,440 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.resources\3.0.0.0_nl_b77a5c561934e089\System.IdentityModel.Resources.dll
  - 2007-09-19 06:59:35 53,248 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors.resources\3.0.0.0_nl_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
  + 2008-01-06 06:56:58 53,248 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors.resources\3.0.0.0_nl_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
  - 2006-11-02 12:36:02 126,976 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
  + 2008-01-05 11:21:38 126,976 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
  - 2006-11-02 12:36:02 413,696 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
  + 2008-01-05 11:21:37 430,080 —-a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
  - 2007-09-19 06:59:35 11,264 —-a-w c:\windows\assembly\GAC_MSIL\System.IO.Log.resources\3.0.0.0_nl_b03f5f7f11d50a3a\System.IO.Log.Resources.dll
  + 2008-01-06 06:56:58 11,264 —-a-w c:\windows\assembly\GAC_MSIL\System.IO.Log.resources\3.0.0.0_nl_b03f5f7f11d50a3a\System.IO.Log.Resources.dll
  - 2006-11-02 12:36:02 131,072 —-a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
  + 2008-01-05 11:21:38 131,072 —-a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
  - 2007-09-19 06:59:14 13,312 —-a-w c:\windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Management.resources.dll
  + 2008-01-06 06:56:55 13,824 —-a-w c:\windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Management.resources.dll
  - 2006-10-20 01:14:52 368,640 —-a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
  + 2008-01-05 11:26:58 372,736 —-a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
  - 2007-09-19 06:59:05 77,824 —-a-w c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Messaging.resources.dll
  + 2008-01-06 06:56:55 77,824 —-a-w c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Messaging.resources.dll
  - 2006-10-20 01:14:52 258,048 —-a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
  + 2008-01-05 11:26:58 258,048 —-a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
  - 2007-09-19 06:59:30 204,800 —-a-w c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_nl_b77a5c561934e089\system.resources.dll
  + 2008-01-06 06:56:55 208,896 —-a-w c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_nl_b77a5c561934e089\system.resources.dll
  - 2007-09-19 06:59:11 32,768 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_nl_b77a5c561934e089\System.Runtime.Remoting.resources.dll
  + 2008-01-06 06:56:55 32,768 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_nl_b77a5c561934e089\System.Runtime.Remoting.resources.dll
  - 2006-10-20 01:14:53 299,008 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
  + 2008-01-05 11:26:58 299,008 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
  - 2007-09-19 06:59:10 11,264 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
  + 2008-01-06 06:56:55 11,264 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
  - 2006-10-20 01:14:53 131,072 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
  + 2008-01-05 11:26:58 131,072 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
  - 2007-09-19 06:59:35 86,016 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_nl_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
  + 2008-01-06 06:56:58 90,112 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_nl_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
  - 2006-11-02 12:36:03 888,832 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
  + 2008-01-05 11:21:38 929,792 —-a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
  - 2007-09-19 06:59:10 28,672 —-a-w c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Security.resources.dll
  + 2008-01-06 06:56:55 28,672 —-a-w c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Security.resources.dll
  - 2006-10-20 01:14:53 258,048 —-a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
  + 2008-01-05 11:26:58 258,048 —-a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
  - 2007-09-19 06:59:35 36,864 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install.resources\3.0.0.0_nl_b77a5c561934e089\System.ServiceModel.Install.Resources.dll
  + 2008-01-06 06:56:58 36,864 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install.resources\3.0.0.0_nl_b77a5c561934e089\System.ServiceModel.Install.Resources.dll
  - 2006-11-02 12:36:02 159,744 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
  + 2008-01-05 11:21:40 159,744 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
  - 2007-09-19 06:59:35 438,272 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_nl_b77a5c561934e089\System.ServiceModel.Resources.dll
  + 2008-01-06 06:56:58 458,752 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_nl_b77a5c561934e089\System.ServiceModel.Resources.dll
  - 2006-11-02 12:36:03 16,384 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
  + 2008-01-05 11:21:40 32,768 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
  - 2006-11-02 12:36:03 5,672,960 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
  + 2008-01-05 11:21:38 5,971,968 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
  - 2007-09-19 06:59:11 40,960 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
  + 2008-01-06 06:56:55 40,960 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
  - 2006-10-20 01:14:53 114,688 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
  + 2008-01-05 11:26:58 114,688 —-a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
  - 2006-11-02 12:36:01 688,128 —-a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
  + 2008-01-05 11:21:55 688,128 —-a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
  - 2007-09-19 06:59:05 16,384 —-a-w c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_nl_b77a5c561934e089\System.Transactions.resources.dll
  + 2008-01-06 06:56:55 16,384 —-a-w c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_nl_b77a5c561934e089\System.Transactions.resources.dll
  - 2007-09-19 06:59:14 40,960 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
  + 2008-01-06 06:56:55 40,960 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
  - 2006-10-20 01:14:54 835,584 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
  + 2008-01-05 11:26:59 884,736 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
  - 2006-10-20 01:14:55 86,016 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
  + 2008-01-05 11:26:59 90,112 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
  - 2008-04-19 09:55:24 622,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Web.resources.dll
  + 2008-01-06 06:56:55 622,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Web.resources.dll
  - 2007-09-19 06:59:15 77,824 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Web.Services.resources.dll
  + 2008-01-06 06:56:55 81,920 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Web.Services.resources.dll
  - 2006-10-20 01:14:55 823,296 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
  + 2008-01-05 11:27:00 839,680 —-a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
  - 2007-09-19 06:59:31 446,464 —-a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll
  + 2008-01-06 06:56:55 446,464 —-a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll
  - 2006-10-20 01:14:56 5,414,912 —-a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
  + 2008-01-05 11:27:02 5,013,504 —-a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
  - 2007-09-19 06:59:35 187,208 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities.resources\3.0.0.0_nl_31bf3856ad364e35\System.Workflow.Activities.resources.dll
  + 2008-01-06 06:57:03 193,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities.resources\3.0.0.0_nl_31bf3856ad364e35\System.Workflow.Activities.resources.dll
  - 2006-11-02 12:36:00 1,108,784 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
  + 2008-01-05 11:22:14 1,152,040 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
  - 2007-09-19 06:59:35 314,192 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel.resources\3.0.0.0_nl_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
  + 2008-01-06 06:57:03 316,480 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel.resources\3.0.0.0_nl_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
  - 2006-11-02 12:36:00 1,641,272 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
  + 2008-01-05 11:22:15 1,635,376 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
  - 2007-09-19 06:59:35 43,840 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_nl_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
  + 2008-01-06 06:57:03 46,136 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_nl_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
  - 2006-11-02 12:36:00 588,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
  + 2008-01-05 11:22:15 578,592 —-a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
  - 2007-09-19 06:59:05 163,840 —-a-w c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_nl_b77a5c561934e089\System.xml.resources.dll
  + 2008-01-06 06:56:55 163,840 —-a-w c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_nl_b77a5c561934e089\System.xml.resources.dll
  - 2006-10-20 01:14:58 2,039,808 —-a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
  + 2008-01-05 11:27:03 2,068,480 —-a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
  - 2006-10-20 01:14:51 3,035,136 —-a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
  + 2008-01-05 11:26:55 3,076,096 —-a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
  - 2006-11-02 09:47:22 163,840 —-a-w c:\windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll
  + 2008-01-19 07:39:26 163,840 —-a-w c:\windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll
  - 2006-11-02 12:36:01 163,840 —-a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
  + 2008-0
 • Zou je de log [b:15f72fccc8]volledig[/b:15f72fccc8] willen plaatsen?
 • hmmm dat is erg vreemd. ik heb de complete log van combofix toch echt gekopieerd, maar blijkbaar ging daar wat mis.
  ik doe de log van combofix in een volgend bericht..ik heb nu namelijk 100% zeker de complete log geplaatst, maar ik ga waarschijnlijk over een maximum aantal tekens heen. de combofix log werd namelijk alweer niet helemaal getoond

  de 3 logjes

  hijackthis:
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 13:34:50, on 14-2-2009
  Platform: Windows Vista SP1 (WinNT 6.00.1905)
  MSIE: Internet Explorer v7.00 (7.00.6001.18000)
  Boot mode: Normal

  Running processes:
  C:\Windows\system32\Dwm.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\Explorer.EXE
  C:\Windows\RtHDVCpl.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
  C:\Program Files\Packard Bell\FIJI\ABoard.exe
  C:\Program Files\Packard Bell\FIJI\AOSD.exe
  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
  C:\Windows\V0230Mon.exe
  C:\Program Files\AVG\AVG8\avgtray.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\AGEIA Technologies\TrayIcon.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Electronic Arts\EADM\Core.exe
  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Windows\ehome\ehmsas.exe
  C:\ProgramData\U3\U3Launcher\LaunchU3.exe
  C:\Windows\System32\mobsync.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  O1 - Hosts: ::1 localhost
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
  O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
  O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
  O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
  O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
  O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
  O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEEM')
  O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
  O4 - Startup: LaunchU3.exe.lnk = ?
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O13 - Gopher Prefix:
  O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
  O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O20 - AppInit_DLLs: avgrsstx.dll
  O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
  O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
  O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
  O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


  End of file - 9610 bytes


  malware:
  Malwarebytes' Anti-Malware 1.25
  Database versie: 1062
  Windows 6.0.6001 Service Pack 1

  21:38:09 2-1-2009
  mbam-log-01-02-2009 (21-38-09).txt

  Scan type: Snelle Scan
  Objecten gescand: 1
  Verstreken tijd: 4 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 0
  Registerwaarden geïnfecteerd: 0
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 0

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)
 • om de 1 of andere reden kan ik niet mijn complete log plaatsen van combofix……..
 • Plaats dan 2 berichten achter elkaar.
 • het is een bestand van 1,23 MB….ik moet dan dus echt 10 berichte plaatse ofzo :P…moet u anders een specifiek onderdeel zien?
  als ik bij andere berichten kijk, dan valt me op dat de combofix logjes van hun echt veel kleiner zijn.
  ook kan ik niet vinden tot hoever het logje geplaatst is in mijn vorige bericht. ik heb al de zoekfunctie geprobeerd, maar dat haalt ook niks uit.
 • Download ATF cleaner (mirror)(gemaakt door Atribune)

  Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

  Dubbelklik op

  ATF cleaner om het programma te starten.
  Op het tabblad Main, plaats je een vinkje bij Select All.
  Klik op de knop Empty Selected.

  Het volgende doen als je ook FireFox als browser hebt:

  Klik op tabblad Firefox, plaats een vinkje bij Select All.
  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
  (dit haalt het vinkje weer weg bij Firefox saved passwords)
  Klik op de knop Empty Selected.

  Het volgende doen als je ook Opera als browser hebt:

  Klik op tabblad Opera, plaats een vinkje bij Select All.
  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
  Klik op de knop Empty Selected.
  Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.


  Kijk vervolgens of het logje kleiner wordt.
 • me logje is nu mooi klein :)

  combofix logje
  ComboFix 09-02-12.03 - beheer 2009-02-14 17:53:07.3 - NTFSx86
  Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2046.1236 [GMT 1:00]
  Gestart vanuit: c:\users\beheer\Desktop\ComboFix.exe
  AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
  .

  (((((((((((((((((((( Bestanden Gemaakt van 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))
  .

  2009-02-14 12:47 . 2009-02-14 12:47 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
  2009-02-14 12:47 . 2009-02-11 10:19 38,496 –a—— c:\windows\System32\drivers\mbamswissarmy.sys
  2009-02-14 12:47 . 2009-02-11 10:19 15,504 –a—— c:\windows\System32\drivers\mbam.sys
  2009-02-12 15:06 . 2009-01-15 04:36 1,383,424 –a—— c:\windows\System32\mshtml.tlb
  2009-02-12 15:06 . 2009-01-15 07:11 827,392 –a—— c:\windows\System32\wininet.dll
  2009-02-08 14:07 . 2009-02-08 14:07 <DIR> d——– c:\windows\Watson
  2009-01-31 14:13 . 2009-01-31 14:13 10,520 –a—— c:\windows\System32\avgrsstx.dll
  2009-01-28 02:39 . 2009-01-28 02:39 <DIR> d——– c:\users\beheer\AppData\Roaming\PeerNetworking
  2009-01-15 11:25 . 2009-01-15 11:25 0 –a—— c:\windows\System32\msexcr.ini
  2009-01-14 13:03 . 2008-12-16 03:42 288,768 –a—— c:\windows\System32\drivers\srv.sys

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2009-02-13 14:55 ——— d—–w c:\programdata\Microsoft Help
  2009-02-13 14:54 ——— d—–w c:\program files\Windows Mail
  2009-02-08 16:03 ——— d—–w c:\program files\Messenger Plus! Live
  2009-02-08 13:07 ——— d—–w c:\program files\Microsoft Games
  2009-02-08 11:31 ——— d—–w c:\program files\Steam
  2009-02-08 11:29 ——— d—–w c:\program files\Common Files\Steam
  2009-01-31 18:05 ——— d—–w c:\users\beheer\AppData\Roaming\uTorrent
  2009-01-31 17:41 ——— d—–w c:\users\beheer\AppData\Roaming\Tibia
  2009-01-31 13:13 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
  2009-01-31 13:10 ——— d—–w c:\programdata\avg8
  2009-01-24 22:13 ——— d—–w c:\program files\Spybot - Search & Destroy
  2009-01-23 23:33 ——— d—–w c:\users\beheer\AppData\Roaming\Packard Bell
  2009-01-17 13:53 ——— d—–w c:\program files\DVD Decrypter
  2009-01-11 12:47 ——— d—–w c:\program files\GameSpy Arcade
  2009-01-11 12:46 ——— d–h–w c:\program files\InstallShield Installation Information
  2009-01-11 12:46 ——— d—–w c:\program files\Infogrames
  2009-01-09 13:24 ——— d—–w c:\programdata\Electronic Arts
  2009-01-08 19:23 ——— d—–w c:\users\beheer\AppData\Roaming\U3
  2009-01-07 10:05 ——— d—–w c:\programdata\U3
  2009-01-04 17:34 421,888 —-a-w c:\windows\NEXON_EU_DownloaderUpdater.exe
  2009-01-03 20:22 ——— d—–w c:\program files\NEXON
  2009-01-02 20:39 ——— d—–w c:\users\beheer\AppData\Roaming\Red Kawa
  2009-01-02 20:38 ——— d—–w c:\program files\Red Kawa
  2009-01-02 20:38 ——— d—–w c:\program files\AviSynth 2.5
  2009-01-02 16:12 ——— d—–w c:\users\beheer\AppData\Roaming\Apple Computer
  2009-01-01 15:07 ——— d—–w c:\program files\DAEMON Tools Lite
  2009-01-01 13:06 ——— d—a-w c:\programdata\TEMP
  2008-12-26 15:18 ——— d—–w c:\program files\Common Files\INCA Shared
  2008-12-26 14:48 ——— d—–w c:\program files\Triggersoft
  2008-12-26 14:45 ——— d—–w c:\users\beheer\AppData\Roaming\DAEMON Tools Pro
  2008-12-26 14:45 ——— d—–w c:\users\beheer\AppData\Roaming\DAEMON Tools Lite
  2008-12-26 14:45 ——— d—–w c:\users\beheer\AppData\Roaming\DAEMON Tools
  2008-12-24 09:02 ——— d—–w c:\programdata\DAEMON Tools Lite
  2008-12-22 10:32 ——— d—–w c:\program files\Common Files\Adobe
  2008-12-03 16:38 410,984 —-a-w c:\windows\System32\deploytk.dll
  2008-11-03 11:35 22,328 —-a-w c:\users\beheer\AppData\Roaming\PnkBstrK.sys
  2008-06-10 11:37 174 –sha-w c:\program files\desktop.ini
  2007-09-19 06:57 65,536 –sha-w c:\windows\oem\mp\boot\bootstat.dat
  .

  ((((((((((((((((((((((((((((( SnapShot_2009-02-14_13.26.50,04 )))))))))))))))))))))))))))))))))))))))))
  .
  - 2009-02-14 11:56:31 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
  + 2009-02-14 12:33:17 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
  - 2009-02-14 11:56:31 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
  + 2009-02-14 12:33:17 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
  - 2009-02-14 12:26:26 262,144 –sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
  + 2009-02-14 12:35:34 262,144 –sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
  + 2009-02-14 12:35:34 262,144 —ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
  - 2009-02-14 11:57:22 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
  + 2009-02-14 12:35:29 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
  + 2009-02-14 12:35:29 262,144 —ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
  - 2009-02-07 15:06:08 104,742 —-a-w c:\windows\System32\perfc009.dat
  + 2009-02-14 14:07:04 104,742 —-a-w c:\windows\System32\perfc009.dat
  - 2009-02-07 15:06:08 131,268 —-a-w c:\windows\System32\perfc013.dat
  + 2009-02-14 14:07:04 131,268 —-a-w c:\windows\System32\perfc013.dat
  - 2009-02-07 15:06:08 595,308 —-a-w c:\windows\System32\perfh009.dat
  + 2009-02-14 14:07:04 595,308 —-a-w c:\windows\System32\perfh009.dat
  - 2009-02-07 15:06:08 676,772 —-a-w c:\windows\System32\perfh013.dat
  + 2009-02-14 14:07:04 676,772 —-a-w c:\windows\System32\perfh013.dat
  - 2009-02-14 11:58:19 11,236 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3522226232-1942944502-194646757-1002_UserData.bin
  + 2009-02-14 12:35:36 11,252 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3522226232-1942944502-194646757-1002_UserData.bin
  - 2009-02-14 11:58:19 106,688 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
  + 2009-02-14 12:35:36 106,688 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
  - 2009-02-14 11:58:16 50,160 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
  + 2009-02-14 12:35:34 50,176 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
  "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
  "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
  "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]
  "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
  "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
  "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
  "ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-18 79416]
  "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
  "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
  "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
  "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-08-16 24576]
  "V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-06 32768]
  "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
  "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
  "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
  "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
  "AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
  "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
  "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
  "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

  c:\users\beheer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  LaunchU3.exe.lnk - c:\users\beheer\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2009-01-07 22486]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  "EnableUIADesktopToggle"= 0 (0x0)

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  "AppInit_DLLs"=avgrsstx.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
  "msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
  "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000001

  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  "DisableMonitoring"=dword:00000001

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
  "{2D53509A-3ED5-4CC3-9F34-6A268EE77BC5}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
  "{D970F797-5F19-4867-BEAB-05231C597985}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
  "{47021227-DEE2-46B1-8404-F8BA768AE001}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
  "TCP Query User{F10CE4DA-0307-4046-939D-8725A708CFEF}c:\\users\\beheer\\desktop\\utorrent.exe"= UDP:c:\users\beheer\desktop\utorrent.exe:utorrent.exe
  "UDP Query User{0109AE69-AB1F-43E2-B426-EDE9EDC5B7A3}c:\\users\\beheer\\desktop\\utorrent.exe"= TCP:c:\users\beheer\desktop\utorrent.exe:utorrent.exe
  "TCP Query User{7B621949-9CC8-45E8-90F5-A991AB24CBB0}c:\\team17\\worms2\\frontend.exe"= UDP:c:\team17\worms2\frontend.exe:Worms 2 Frontend
  "UDP Query User{937C11A0-490D-40E3-A0B1-3BBD9FE006CA}c:\\team17\\worms2\\frontend.exe"= TCP:c:\team17\worms2\frontend.exe:Worms 2 Frontend
  "TCP Query User{0F215929-FA5A-4CCF-A64C-8C95BF29CC4B}c:\\program files\\steam\\steamapps\\common\\quake ii demo\\quake2.exe"= UDP:c:\program files\steam\steamapps\common\quake ii demo\quake2.exe:quake2
  "UDP Query User{65BB292A-0895-4205-97D6-9BDD4FF7FC6B}c:\\program files\\steam\\steamapps\\common\\quake ii demo\\quake2.exe"= TCP:c:\program files\steam\steamapps\common\quake ii demo\quake2.exe:quake2
  "{083CA4CC-315A-40FB-8D8F-D4B4EDB2E280}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
  "{90EA6059-5A76-4C84-84D3-A963C3204430}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
  "{C78C6D22-7C31-45B6-BD16-BBD89C3355AA}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
  "{EAC5E012-18A5-4AA9-BBBC-2D8F7E7535C4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
  "{F31901A9-9B74-4D45-81B2-60B0DA612B16}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
  "TCP Query User{EC77B39B-DA17-4696-B66A-26B7636006B6}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft
  "UDP Query User{8C0C4558-B60B-4895-8D69-7734FE8B6627}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft
  "TCP Query User{7B03B8D5-2255-4845-9BDC-09B8FCAC4C32}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
  "UDP Query User{A43BFCB2-A8EA-4AFD-B8B2-431EBCE8C508}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
  "{E1260816-32EC-47FA-B16B-C9D6534DC11B}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
  "{898E47C1-2562-41B2-87A6-94D6DF73252C}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
  "{B60D594B-779D-46D2-82F8-C716424D5825}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
  "{B02722A2-AA23-4C5D-B608-A63929431E7B}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
  "{91B1DCB6-65E1-4502-B88E-DCB5845D53F6}"= UDP:c:\program files\SightSpeed\SightSpeed.exe:SightSpeed
  "{935901A1-7767-4F52-936D-D2E32077E7D5}"= TCP:c:\program files\SightSpeed\SightSpeed.exe:SightSpeed
  "TCP Query User{BD6B22E4-13ED-419C-988A-A75B3DC712EE}c:\\program files\\steam\\steamapps\\benniejuckers\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\benniejuckers\counter-strike source\hl2.exe:hl2
  "UDP Query User{8621F41B-D3F1-438F-9729-785047B2B4C2}c:\\program files\\steam\\steamapps\\benniejuckers\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\benniejuckers\counter-strike source\hl2.exe:hl2
  "{A9C500EB-34DB-457D-BC45-528AF807FDA9}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
  "TCP Query User{116E958E-D0E8-45B1-ACEA-A2B964DEF4B2}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
  "UDP Query User{7AB2CBB8-4162-42E6-B31A-A06CCD1FA6B2}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
  "{DFC2A072-2AE3-4524-8DAE-9C409835E4DE}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
  "{07B237DC-B47C-41B6-AB37-BF8F77F237C0}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
  "TCP Query User{080C9DAB-80D4-43A7-BBEC-13B65A368C27}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
  "UDP Query User{EB5F40FB-4863-4BDB-A1B6-1FFF51EEF5F0}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
  "TCP Query User{50319A0A-7DA1-4796-B93C-365A63D6CA90}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
  "UDP Query User{9825299B-2E9B-4A98-8562-56A9E6DE4BCE}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
  "{5EA1AA3F-D656-4B07-AF77-58617CA01063}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
  "{971E0735-BE36-4440-A937-555579F3AF12}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
  "TCP Query User{13D08E48-23D0-4E5C-AC66-60AC8014C769}c:\\users\\beheer\\desktop\\utorrent(2).exe"= UDP:c:\users\beheer\desktop\utorrent(2).exe:utorrent(2).exe
  "UDP Query User{323C161E-BE44-4AF9-A99D-5440E96EA29B}c:\\users\\beheer\\desktop\\utorrent(2).exe"= TCP:c:\users\beheer\desktop\utorrent(2).exe:utorrent(2).exe
  "TCP Query User{69C45C40-FDC6-49D6-8448-FDE102715397}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
  "UDP Query User{D326E9CB-1CA5-40AC-A1C4-286AC6489285}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
  "TCP Query User{2AE1B003-74C2-4AFA-AC15-97EA24D8F93F}c:\\program files\\ubisoft\\demo\\ghost recon advanced warfighter demo\\graw_demo.exe"= UDP:c:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe:GRAW_demo
  "UDP Query User{99A0EBEC-8764-40FF-990D-6A65D4CBC2D8}c:\\program files\\ubisoft\\demo\\ghost recon advanced warfighter demo\\graw_demo.exe"= TCP:c:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe:GRAW_demo
  "TCP Query User{79E5A2CD-4298-4BBD-8081-860A3CE662A1}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
  "UDP Query User{E0A841C0-14C8-40C4-8481-C432A76C4B7E}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
  "{A299A4BD-0C07-48E1-9C19-0A59C180EF47}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
  "{C03EEFD2-03BF-448C-9BE6-F44778EC099F}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
  "{AD521E78-BE10-45DF-8A57-B9EEFEF68851}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
  "{9B3AF09D-907B-4BD0-A31C-3ADCAB8E911E}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
  "{839199EF-8EB3-4A06-9149-BD880FD84F6D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
  "{9DEC24EF-2EAC-4042-A7B7-08123C79C4D9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
  "{970CD10E-E24C-43E7-A948-2A4637F550AF}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
  "{DEBA4046-7390-4DC3-8386-720F169AC81E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
  "{3321CBC2-1D91-4AB3-B7EC-4C24E406B6D2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
  "{3F5D81E7-3CE7-4E82-A752-3D91C595CE81}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
  "{C76A53DC-D556-41C4-9A18-84C0F2119F6C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
  "{B7C31A96-CE7A-4669-9BB4-6557F64F5ABC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
  "{A0DB3443-7596-4362-8070-A844D30E5161}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
  "TCP Query User{BBA67C94-DBF0-4B28-B4A1-86999F71873C}c:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
  "UDP Query User{279D769E-427C-47B0-955A-A31F656B74AC}c:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
  "TCP Query User{73463C0F-9215-46D4-A294-F7E682CD72F3}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
  "UDP Query User{E34159B0-400C-4C42-B482-CC4FA71BA128}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
  "{6209C124-C8BA-433E-9DA7-6A3E9352B435}"= UDP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
  "{780B5518-83DD-4146-B844-A35B1838D1EE}"= TCP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
  "{3F0089AF-F826-4BAD-9CCB-A148AFC51091}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
  "{F6B6F843-1B87-427A-ACC5-DD4DF8DB21E0}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
  "EnableFirewall"= 0 (0x0)

  R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-07-17 325128]
  R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
  R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-05-11 809296]
  S2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2008-10-17 10240]
  S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [2008-08-07 13352]
  S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [2008-08-06 81832]
  S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [2008-08-06 13864]
  S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [2008-08-06 107304]
  S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [2008-08-06 99112]
  S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [2008-08-06 21928]
  S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [2008-08-06 97320]
  S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [2008-08-06 97704]
  S3 V0230Vfx;V0230Vfx;c:\windows\System32\drivers\V0230Vfx.sys [2008-07-05 6272]
  S3 V0230VID;Live! Cam Video IM Pro;c:\windows\System32\drivers\V0230VID.sys [2008-07-05 500480]

  — Andere Services/Drivers In Geheugen —

  *Deregistered* - sptd

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0536c5f9-8412-11dd-b5cf-001c2532cb35}]
  \shell\AutoRun\command - J:\InstallTomTomHOME.exe

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{307d437d-dc95-11dd-bbc5-001c2532cb35}]
  \shell\AutoRun\command - K:\LaunchU3.exe -a

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6620ce7f-0f9e-11dd-83de-001c2532cb35}]
  \shell\AutoRun\command - J:\autorun.exe

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc1802fa-f524-11dd-928d-001c2532cb35}]
  \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Info.exe protect.ed 480 480
  .
  Inhoud van de 'Gedeelde Taken' map

  2009-02-14 c:\windows\Tasks\Recovery DVD Creator.job
  - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]
  .
  .
  ——- Bijkomende Scan ——-
  .
  uStart Page = hxxp://www.google.nl/
  uInternet Settings,ProxyOverride = *.local
  IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
  DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
  FF - ProfilePath - c:\users\beheer\AppData\Roaming\Mozilla\Firefox\Profiles\msm2wx0d.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
  FF - prefs.js: browser.search.selectedEngine - Marktplaats.nl
  FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/webhp?hl=nl&tab=iw
  FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
  .

  **************************************************************************

  catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2009-02-14 17:55:27
  Windows 6.0.6001 Service Pack 1 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2009-02-14 17:57:15
  ComboFix-quarantined-files.txt 2009-02-14 16:57:13
  ComboFix2.txt 2009-02-14 12:28:30
  ComboFix3.txt 2008-05-13 21:20:55

  Pre-Run: 250.340.020.224 bytes beschikbaar
  Post-Run: 250,320,887,808 bytes beschikbaar

  261 — E O F — 2009-02-13 21:42:58

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.