Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:00, on 21/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dmrgjhn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Eigenaar\Mijn documenten\cports\cports.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Eigenaar\Mijn documenten\Hijack This\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dmrgjhn] C:\WINDOWS\system32\dmrgjhn.exe
O4 - HKLM\..\Run: [aavoywi] C:\WINDOWS\system32\aavoywi.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Eigenaar\Application Data\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 10641 bytes
Weergegeven resultaten: 1 t/m 10 van 10
-
21 March 2008, 22:00 #1Beginner
- Geregistreerd
- 8 November 2007
- Berichten
- 9
- Bedankjes
- 3
- Bedankt
- 0 keer in 0 posts
MSN virus, kon het niet verwijderen met enig soort anti-virus software
Laatst gewijzigd door TSK; 21 March 2008 om 22:58 Reden: ordening vergeten
-
21 March 2008, 22:45 #2Spyware Slayer
- Geregistreerd
- 19 May 2005
- Locatie
- Zandvliet/ Ledegem
- Berichten
- 4.212
- Bedankjes
- 1.207
- Bedankt
- 2.706 keer in 1.759 posts
Hoi,
uw logje os niet goed geordend!!
Open kladblok, klik op opmaak en vink automatische terugloop uit.
Daarna,
Download hier MSNFix by BendeBoy (Mirror) en sla het op je bureaublad.
Dubbelklik MSNFix.exe, er zal nu een icoontje op je bureaublad verschijnen.
Dubbelklik het icoontje "Start MSNFix"en laat het zijn gang gaan.
(Indien je meldingen krijgt van je scanner e.d. sta dit toe).
Het bestand gaat zijn taken uitvoeren, je hoeft ondertussen niets te doen. Zodra het klaar is en eventueel na herstart zal het een rapport openen (C:\MSNFix.txt). Post deze in je volgende reactie samen met een nieuw HijackThis logje.
-
21 March 2008, 23:04 #3Beginner
- Geregistreerd
- 8 November 2007
- Berichten
- 9
- Bedankjes
- 3
- Bedankt
- 0 keer in 0 posts
- Scan performed on: vr 21/03/2008 - 21:58:35,87 By Eigenaar
- Bootmode: Normal Mode
It is possible to complain about messenger virusses.
Visit MalwareComplaints.com for more information!
Het is mogelijk om uw beklag te doen tegen messenger virussen.
Bezoek MalwareComplaints.com voor meer informatie.
((((((((((((((( CREATED FILES LAST MONTH )))))))))))))))
2008-03-21 -20:30:06 - A.S.. "C:\WINDOWS\bootstat.dat"
2008-02-08 -10:23:42 - A.... "C:\WINDOWS\mozver.dat"
2008-02-03 -13:42:38 - A.... "C:\WINDOWS\system32CmdLineExt.dll"
2008-03-19 -18:28:08 - A.... "C:\WINDOWS\system32\aavoywi.exe"
2008-02-13 -18:30:04 - A.... "C:\WINDOWS\system32\CmdLineExt03.dll"
2008-03-19 -18:28:08 - A.... "C:\WINDOWS\system32\dmrgjhn.exe"
2008-01-28 -18:50:08 - A.... "C:\WINDOWS\system32\emptyregdb.dat"
2008-03-02 - 9:14:56 - A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
2008-02-22 - 1:23:36 - A.... "C:\WINDOWS\system32\java.exe"
2008-02-22 - 1:23:40 - A.... "C:\WINDOWS\system32\javaw.exe"
2008-03-05 - 8:30:56 - A.... "C:\WINDOWS\system32\MRT.exe"
2008-03-21 -14:15:26 - A.... "C:\WINDOWS\system32\perfc009.dat"
2008-03-21 -14:15:26 - A.... "C:\WINDOWS\system32\perfc013.dat"
2008-03-21 -14:15:26 - A.... "C:\WINDOWS\system32\perfh009.dat"
2008-03-21 -14:15:26 - A.... "C:\WINDOWS\system32\perfh013.dat"
2008-03-11 -16:49:04 - ....R "C:\WINDOWS\system32\streamhlp.dll"
2008-03-21 -20:38:06 - A.... "C:\Documents and Settings\Eigenaar\ntuser.dat"
((((((((((((((( DELETING )))))))))))))))
!! FILES BEFORE FIX !!
!! FILES AFTER FIX !!
((((((((((((((( ShellServiceObjectDelayLoad )))))))))))))))
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
---------- END OF LOG ----------
Ik heb de eerste post aangepast met het gecorrigeerde log.(of moet het een log zijn van na de bewerkingen met MSNfix?)Laatst gewijzigd door TSK; 21 March 2008 om 23:06
-
21 March 2008, 23:12 #4Spyware Slayer
- Geregistreerd
- 19 May 2005
- Locatie
- Zandvliet/ Ledegem
- Berichten
- 4.212
- Bedankjes
- 1.207
- Bedankt
- 2.706 keer in 1.759 posts
Hoi,
best geen logjes aanpassen als er al een antwoord of fix staat! Dit is verwarrend voor ons.
Open HijackThis, klik op do a scan only en vink volgende regels aan:
O4 - HKLM\..\Run: [dmrgjhn] C:\WINDOWS\system32\dmrgjhn.exe
O4 - HKLM\..\Run: [aavoywi] C:\WINDOWS\system32\aavoywi.exe
Sluit alle open vensters, behalve HijacThis, en klik op Fix Checked. Sluit HijackThis.
* Bezoek volgende pagina met de instructies voor het downloaden en gebruiken van Combofix.
http://www.bleepingcomputer.com/combofix/n...ruikt-te-worden
Voer dus de instructies op die pagina uit, dus inclusief het installeren van de XP Recovery Console.
(Indien je geen XP hebt, mag je deze stap ivm de Recovery Console overslaan)
Daarna post je de log van Combofix in je volgende post samen met een nieuw HijackThislog.
-
21 March 2008, 23:38 #5Beginner
- Geregistreerd
- 8 November 2007
- Berichten
- 9
- Bedankjes
- 3
- Bedankt
- 0 keer in 0 posts
ComboFix 08-03-21.1 - Eigenaar 2008-03-21 22:29:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.604 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))
.
2008-03-21 22:29 . 2008-03-21 22:29 3,631 --a------ C:\7.tmp
2008-03-21 22:17 . 2008-03-21 22:17 3,631 --a------ C:\5.tmp
2008-03-21 21:27 . 2008-03-21 21:27 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-03-21 21:26 . 2008-03-21 21:29 <DIR> d-------- C:\Program Files\Hitman Pro
2008-03-21 20:36 . 2008-03-21 20:36 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Uniblue
2008-03-21 20:23 . 2008-03-21 20:24 <DIR> d-------- C:\MSNCleaner
2008-03-21 19:52 . 2008-03-21 19:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-21 19:52 . 2008-03-21 19:52 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Malwarebytes
2008-03-21 19:52 . 2008-03-21 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-21 19:00 . 2008-03-21 19:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-21 19:00 . 2008-03-21 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-21 18:46 . 2008-03-21 18:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 19:52 . 2008-03-20 19:52 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Grisoft
2008-03-20 19:51 . 2008-03-20 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-20 19:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-20 09:04 . 2008-03-20 09:04 268 --ah----- C:\sqmdata15.sqm
2008-03-20 09:04 . 2008-03-20 09:04 244 --ah----- C:\sqmnoopt15.sqm
2008-03-19 18:33 . 2008-03-19 18:28 217,088 --a------ C:\WINDOWS\system32\dmrgjhn.exe
2008-03-19 18:33 . 2008-03-19 18:28 217,088 --a------ C:\WINDOWS\system32\aavoywi.exe
2008-03-17 18:26 . 2008-03-17 18:29 <DIR> d-------- C:\Program Files\Platform Studio
2008-03-16 20:43 . 2008-03-16 20:44 <DIR> d-------- C:\Program Files\Awave Music
2008-03-16 20:38 . 2008-03-16 20:39 <DIR> d-------- C:\Program Files\Power MIDI to MP3
2008-03-16 20:30 . 2008-03-16 20:30 <DIR> d-------- C:\Program Files\Audio Compositor
2008-03-16 20:30 . 1997-11-19 15:49 303,616 --a------ C:\WINDOWS\IsUninst.exe
2008-03-13 18:33 . 2008-03-13 18:33 <DIR> d-------- C:\Program Files\Direct MIDI to MP3 Converter
2008-03-13 16:44 . 2008-03-13 16:44 <DIR> d-------- C:\Program Files\ModPlug
2008-03-13 16:41 . 2008-03-13 16:43 <DIR> d-------- C:\Program Files\ArtMoney
2008-03-12 19:03 . 2008-03-12 19:03 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Echo Software
2008-03-12 19:02 . 2008-03-12 21:43 <DIR> d-------- C:\devkitPro
2008-03-12 16:10 . 2008-03-12 16:10 <DIR> d-------- C:\Program Files\Audacity
2008-03-12 09:44 . 2008-03-12 09:44 268 --ah----- C:\sqmdata14.sqm
2008-03-12 09:44 . 2008-03-12 09:44 244 --ah----- C:\sqmnoopt14.sqm
2008-03-11 17:11 . 2008-03-11 17:11 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\TrojanHunter
2008-03-11 16:48 . 2008-03-11 16:49 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-03-10 19:16 . 2000-07-08 15:06 87,040 --a------ C:\WINDOWS\UnGins.exe
2008-03-10 19:04 . 2008-03-10 19:04 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Dealio
2008-03-09 12:38 . 2008-03-09 12:38 <DIR> d-------- C:\Program Files\Game_Maker7
2008-03-09 12:38 . 2008-03-09 12:38 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-03-09 12:38 . 2008-03-09 12:38 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-03-07 11:25 . 2008-03-07 11:25 268 --ah----- C:\sqmdata13.sqm
2008-03-07 11:25 . 2008-03-07 11:25 244 --ah----- C:\sqmnoopt13.sqm
2008-03-05 08:58 . 2008-03-05 08:58 268 --ah----- C:\sqmdata12.sqm
2008-03-05 08:58 . 2008-03-05 08:58 244 --ah----- C:\sqmnoopt12.sqm
2008-03-04 20:23 . 2008-03-04 20:23 <DIR> d-------- C:\Program Files\iTunes
2008-03-04 20:23 . 2008-03-04 20:23 <DIR> d-------- C:\Program Files\iPod
2008-03-04 20:23 . 2008-03-04 20:23 <DIR> d-------- C:\Program Files\Bonjour
2008-03-04 20:23 . 2008-03-04 20:23 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Apple Computer
2008-03-04 20:23 . 2008-03-21 22:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 20:23 . 2008-03-04 20:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-04 20:22 . 2008-03-04 20:22 <DIR> d-------- C:\Program Files\QuickTime
2008-03-04 20:22 . 2008-03-04 20:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-04 20:22 . 2008-03-04 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-04 20:21 . 2008-03-04 20:21 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-04 20:21 . 2008-03-04 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-04 20:03 . 2008-03-21 22:01 <DIR> d-------- C:\Program Files\Steam
2008-03-03 17:27 . 2008-03-03 17:27 <DIR> d-------- C:\Program Files\Sun
2008-03-03 09:56 . 2008-03-03 09:56 268 --ah----- C:\sqmdata11.sqm
2008-03-03 09:56 . 2008-03-03 09:56 244 --ah----- C:\sqmnoopt11.sqm
2008-03-01 19:32 . 2008-03-01 19:32 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-01 19:32 . 2008-03-01 19:32 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-03-01 19:32 . 2008-03-01 19:32 <DIR> d-------- C:\Program Files\MSBuild
2008-03-01 19:32 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-01 19:29 . 2008-03-01 19:29 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-27 21:35 . 2008-02-27 21:35 <DIR> d-------- C:\Program Files\VirtuallTek
2008-02-27 16:46 . 2008-02-27 16:46 268 --ah----- C:\sqmdata10.sqm
2008-02-27 16:46 . 2008-02-27 16:46 244 --ah----- C:\sqmnoopt10.sqm
2008-02-27 11:58 . 2008-02-27 11:58 268 --ah----- C:\sqmdata09.sqm
2008-02-27 11:58 . 2008-02-27 11:58 244 --ah----- C:\sqmnoopt09.sqm
2008-02-26 11:10 . 2008-02-26 11:10 268 --ah----- C:\sqmdata08.sqm
2008-02-26 11:10 . 2008-02-26 11:10 244 --ah----- C:\sqmnoopt08.sqm
2008-02-26 10:54 . 2008-02-26 10:54 <DIR> d-------- C:\Documents and Settings\Eddy\Application Data\TuneUp Software
2008-02-26 10:52 . 2008-02-26 10:52 <DIR> d-------- C:\Documents and Settings\Eddy\Application Data\Thunderbird
2008-02-26 10:51 . 2008-02-26 10:51 268 --ah----- C:\sqmdata07.sqm
2008-02-26 10:51 . 2008-02-26 10:51 244 --ah----- C:\sqmnoopt07.sqm
2008-02-26 10:33 . 2008-02-26 10:33 <DIR> d-------- C:\Documents and Settings\Eddy\Application Data\Ahead
2008-02-25 10:38 . 2008-02-25 10:38 268 --ah----- C:\sqmdata06.sqm
2008-02-25 10:38 . 2008-02-25 10:38 244 --ah----- C:\sqmnoopt06.sqm
2008-02-24 13:48 . 2008-02-24 13:48 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-02-24 13:48 . 2008-02-24 13:48 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Jasc Software Inc
2008-02-23 08:59 . 2008-02-23 08:59 268 --ah----- C:\sqmdata05.sqm
2008-02-23 08:59 . 2008-02-23 08:59 244 --ah----- C:\sqmnoopt05.sqm
2008-02-22 13:29 . 2008-02-22 13:29 268 --ah----- C:\sqmdata04.sqm
2008-02-22 13:29 . 2008-02-22 13:29 244 --ah----- C:\sqmnoopt04.sqm
2008-02-22 10:03 . 2008-02-22 10:03 268 --ah----- C:\sqmdata03.sqm
2008-02-22 10:03 . 2008-02-22 10:03 244 --ah----- C:\sqmnoopt03.sqm
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-21 13:05 --------- d-----w C:\Program Files\Java
2008-03-19 12:10 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AdobeUM
2008-03-16 20:03 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\LimeWire
2008-03-16 10:31 3,864 ----a-w C:\Documents and Settings\Eigenaar\Application Data\wklnhst.dat
2008-03-14 17:49 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-12 08:41 --------- d-----w C:\Documents and Settings\Eddy\Application Data\AdobeUM
2008-03-01 10:48 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Ahead
2008-02-25 09:35 --------- d-----w C:\Program Files\Google
2008-02-20 19:30 --------- d-----w C:\Program Files\Ahead
2008-02-20 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-20 18:58 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-19 18:34 75,883 ----a-w C:\WINDOWS\system32\Fix.bat
2008-02-19 15:57 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\CyberLink
2008-02-19 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-19 15:55 --------- d-----w C:\Documents and Settings\LocalService\Application Data\X10 Commander
2008-02-19 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 15:54 --------- d-----w C:\Program Files\X10 Hardware
2008-02-19 15:54 --------- d-----w C:\Program Files\Home Cinema
2008-02-19 15:54 --------- d-----w C:\Program Files\Common Files\X10
2008-02-19 15:52 --------- d-----w C:\Program Files\DivX
2008-02-19 15:52 --------- d-----w C:\Program Files\CyberLink
2008-02-19 15:51 5,224 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-19 15:47 --------- d-----w C:\Program Files\muvee Technologies
2008-02-19 15:47 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-02-19 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-02-13 17:30 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-13 12:32 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-13 12:31 --------- d-----w C:\Program Files\HP
2008-02-11 10:15 0 ----a-w C:\Documents and Settings\Eddy\Application Data\wklnhst.dat
2008-02-10 20:27 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\X-Chat 2
2008-02-10 19:49 --------- d-----w C:\Program Files\xchat
2008-02-10 19:47 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\mIRC
2008-02-10 19:41 --------- d-----w C:\Program Files\mIRC
2008-02-10 09:32 --------- d-----w C:\Program Files\Sega
2008-02-06 11:48 --------- d-----w C:\Program Files\MyProduct
2008-02-05 10:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-05 10:43 --------- d-----w C:\Program Files\Lavasoft
2008-02-05 10:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 17:34 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Thunderbird
2008-02-03 15:32 --------- d-----w C:\Program Files\NoteWorthy Composer
2008-02-03 15:09 --------- d-----w C:\Program Files\sonic DX
2008-02-03 12:42 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-02-03 12:15 --------- d-----w C:\Program Files\Ubisoft
2008-02-02 11:28 --------- d-----w C:\Program Files\Project64 1.6
2008-01-31 16:52 --------- d-----w C:\Program Files\LimeWire
2008-01-30 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-01-30 17:25 --------- d-----w C:\Program Files\Nexon
2008-01-30 13:20 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-30 13:02 --------- d-----w C:\Program Files\7-Zip
2008-01-29 17:48 --------- d-----w C:\Program Files\Common Files\Java
2008-01-29 17:37 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-29 17:37 --------- d-----w C:\Program Files\Windows Live Favorites
2008-01-29 17:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-29 17:36 --------- d-----w C:\Program Files\Windows Live
2008-01-29 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-29 16:17 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-29 16:12 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-29 15:55 --------- d-----w C:\Program Files\Medion
2008-01-29 15:40 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-29 15:40 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\TuneUp Software
2008-01-29 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-28 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-01-28 20:10 --------- d-----w C:\Program Files\Alwil Software
2008-01-28 19:32 --------- d-----w C:\Program Files\D-Link AirPlus G+ Access Point
2008-01-28 19:30 15,939 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-28 19:30 --------- d-----w C:\Program Files\RALINK
2008-01-28 19:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-28 19:00 --------- d-----w C:\Program Files\IVT Corporation
2008-01-28 18:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 18:48 --------- d-----w C:\Program Files\Microsoft AutoRoute
2008-01-28 18:47 --------- d-----w C:\Program Files\Encarta
2008-01-28 18:46 --------- d-----w C:\Program Files\Picture It! Premium 10
2008-01-28 18:44 --------- d-----w C:\Program Files\Microsoft Works
2008-01-28 18:42 --------- d-----w C:\Program Files\Microsoft Works Suite 2005
2008-01-28 17:51 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-02-25 10:35 171448]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-04 20:04 1266936]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 14:00 79224]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"Keyboard Status"="C:\PROGRA~1\Medion\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 18:55 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb10.exe" [2004-03-04 16:46 172032]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-04 11:48 118926]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"dmrgjhn"="C:\WINDOWS\system32\dmrgjhn.exe" [2008-03-19 18:28 217088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-01-28 20:00:25 1048576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2008-01-28 20:30:13 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\D-Link AirPlus G+ Access Point\\AirPlus_Manager.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Nexon\\KartRider\\NMService.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]
S2 oaievgxufa9u1;Print Spooler Service;C:\WINDOWS\system32\aavoywi.exe [2008-03-19 18:28]
S3 cdiskdun;cdiskdun;C:\DOCUME~1\Eigenaar\LOCALS~1\Te mp\cdiskdun.sys []
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Nexon\KartRider\GameGuard\dump_wmimmc.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
"2008-03-17 11:48:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-21 20:51:01 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-21 16:19:46 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 22:30:47
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-03-21 22:31:17
.
2008-03-21 13:14:23 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:42, on 21/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eigenaar\Mijn documenten\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\RunServices: [dmrgjhn] C:\WINDOWS\system32\dmrgjhn.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Eigenaar\Application Data\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Print Spooler Service (oaievgxufa9u1) - Unknown owner - C:\WINDOWS\system32\aavoywi.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 10523 bytes
-
22 March 2008, 11:42 #6Spyware Slayer
- Geregistreerd
- 19 May 2005
- Locatie
- Zandvliet/ Ledegem
- Berichten
- 4.212
- Bedankjes
- 1.207
- Bedankt
- 2.706 keer in 1.759 posts
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\WINDOWS\system32\dmrgjhn.exe
C:\WINDOWS\system32\aavoywi.exe
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
C:\sqmdata08.sqm
C:\sqmnoopt08.sqm
C:\sqmdata07.sqm
C:\sqmnoopt07.sqm
C:\sqmdata06.sqm
C:\sqmnoopt06.sqm
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"dmrgjhn"=-
Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord en laat me weten hoe alles werkt nu.
-
22 March 2008, 12:38 #7Beginner
- Geregistreerd
- 8 November 2007
- Berichten
- 9
- Bedankjes
- 3
- Bedankt
- 0 keer in 0 posts
ComboFix 08-03-21.2 - Eigenaar 2008-03-22 11:24:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.557 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\WINDOWS\system32\aavoywi.exe
C:\WINDOWS\system32\dmrgjhn.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\WINDOWS\system32\dmrgjhn.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))
.
2008-03-22 09:29 . 2008-03-22 09:29 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2008-03-22 09:22 . 2007-12-07 03:18 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-22 09:22 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-22 09:22 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-22 09:22 . 2007-12-07 03:18 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-22 09:22 . 2007-12-07 03:18 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-22 09:22 . 2007-12-07 03:18 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-22 09:22 . 2007-12-07 03:18 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-22 09:22 . 2007-12-07 03:18 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-22 09:22 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-22 09:10 . 2008-03-22 09:10 <DIR> d-------- C:\Program Files\Xdrive Desktop Lite
2008-03-22 09:10 . 2008-03-22 09:10 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-03-22 09:10 . 2008-03-22 09:10 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\XdriveDesktopLite.D42DF930FC57DEEBEFA7CACA53E 3816427CD6B50.1
2008-03-22 08:57 . 2008-03-22 11:27 514,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-22 08:57 . 2008-03-22 10:31 7,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-22 08:55 . 2008-03-22 08:55 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-03-22 08:53 . 2008-03-22 08:53 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-22 08:53 . 2008-03-22 08:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-22 08:52 . 2008-03-22 11:22 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-22 08:50 . 2008-03-22 08:50 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Sereniti
2008-03-21 22:29 . 2008-03-21 22:29 3,631 --a------ C:\7.tmp
2008-03-21 22:17 . 2008-03-21 22:17 3,631 --a------ C:\5.tmp
2008-03-21 21:27 . 2008-03-21 21:27 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-03-21 21:26 . 2008-03-21 21:29 <DIR> d-------- C:\Program Files\Hitman Pro
2008-03-21 20:36 . 2008-03-21 20:36 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Uniblue
2008-03-21 20:23 . 2008-03-21 20:24 <DIR> d-------- C:\MSNCleaner
2008-03-21 19:52 . 2008-03-21 19:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-21 19:52 . 2008-03-21 19:52 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Malwarebytes
2008-03-21 19:52 . 2008-03-21 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-21 19:00 . 2008-03-21 19:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-21 19:00 . 2008-03-21 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-21 18:46 . 2008-03-21 18:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 19:52 . 2008-03-20 19:52 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Grisoft
2008-03-20 19:51 . 2008-03-20 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-20 19:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-17 18:26 . 2008-03-17 18:29 <DIR> d-------- C:\Program Files\Platform Studio
2008-03-16 20:43 . 2008-03-16 20:44 <DIR> d-------- C:\Program Files\Awave Music
2008-03-16 20:38 . 2008-03-16 20:39 <DIR> d-------- C:\Program Files\Power MIDI to MP3
2008-03-16 20:30 . 2008-03-16 20:30 <DIR> d-------- C:\Program Files\Audio Compositor
2008-03-16 20:30 . 1997-11-19 15:49 303,616 --a------ C:\WINDOWS\IsUninst.exe
2008-03-13 18:33 . 2008-03-13 18:33 <DIR> d-------- C:\Program Files\Direct MIDI to MP3 Converter
2008-03-13 16:44 . 2008-03-13 16:44 <DIR> d-------- C:\Program Files\ModPlug
2008-03-13 16:41 . 2008-03-13 16:43 <DIR> d-------- C:\Program Files\ArtMoney
2008-03-12 19:03 . 2008-03-12 19:03 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Echo Software
2008-03-12 19:02 . 2008-03-12 21:43 <DIR> d-------- C:\devkitPro
2008-03-12 16:10 . 2008-03-12 16:10 <DIR> d-------- C:\Program Files\Audacity
2008-03-11 17:11 . 2008-03-11 17:11 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\TrojanHunter
2008-03-11 16:48 . 2008-03-11 16:49 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-03-10 19:16 . 2000-07-08 15:06 87,040 --a------ C:\WINDOWS\UnGins.exe
2008-03-10 19:04 . 2008-03-10 19:04 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Dealio
2008-03-09 12:38 . 2008-03-09 12:38 <DIR> d-------- C:\Program Files\Game_Maker7
2008-03-09 12:38 . 2008-03-09 12:38 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-03-09 12:38 . 2008-03-09 12:38 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-03-04 20:23 . 2008-03-04 20:23 <DIR> d-------- C:\Program Files\iTunes
2008-03-04 20:23 . 2008-03-04 20:23 <DIR> d-------- C:\Program Files\iPod
2008-03-04 20:23 . 2008-03-04 20:23 <DIR> d-------- C:\Program Files\Bonjour
2008-03-04 20:23 . 2008-03-04 20:23 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Apple Computer
2008-03-04 20:23 . 2008-03-22 10:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 20:23 . 2008-03-04 20:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-04 20:22 . 2008-03-04 20:22 <DIR> d-------- C:\Program Files\QuickTime
2008-03-04 20:22 . 2008-03-04 20:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-04 20:22 . 2008-03-04 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-04 20:21 . 2008-03-04 20:21 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-04 20:21 . 2008-03-04 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-04 20:03 . 2008-03-22 10:32 <DIR> d-------- C:\Program Files\Steam
2008-03-03 17:27 . 2008-03-03 17:27 <DIR> d-------- C:\Program Files\Sun
2008-03-01 19:32 . 2008-03-01 19:32 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-01 19:32 . 2008-03-01 19:32 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-03-01 19:32 . 2008-03-01 19:32 <DIR> d-------- C:\Program Files\MSBuild
2008-03-01 19:32 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-01 19:29 . 2008-03-01 19:29 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-27 21:35 . 2008-02-27 21:35 <DIR> d-------- C:\Program Files\VirtuallTek
2008-02-26 10:54 . 2008-02-26 10:54 <DIR> d-------- C:\Documents and Settings\Eddy\Application Data\TuneUp Software
2008-02-26 10:52 . 2008-02-26 10:52 <DIR> d-------- C:\Documents and Settings\Eddy\Application Data\Thunderbird
2008-02-26 10:33 . 2008-02-26 10:33 <DIR> d-------- C:\Documents and Settings\Eddy\Application Data\Ahead
2008-02-24 13:48 . 2008-02-24 13:48 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-02-24 13:48 . 2008-02-24 13:48 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Jasc Software Inc
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-21 13:05 --------- d-----w C:\Program Files\Java
2008-03-19 12:10 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AdobeUM
2008-03-16 20:03 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\LimeWire
2008-03-16 10:31 3,864 ----a-w C:\Documents and Settings\Eigenaar\Application Data\wklnhst.dat
2008-03-14 17:49 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-13 22:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 22:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-12 08:41 --------- d-----w C:\Documents and Settings\Eddy\Application Data\AdobeUM
2008-03-01 10:48 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Ahead
2008-02-25 09:35 --------- d-----w C:\Program Files\Google
2008-02-20 19:30 --------- d-----w C:\Program Files\Ahead
2008-02-20 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-20 18:58 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-19 18:34 75,883 ----a-w C:\WINDOWS\system32\Fix.bat
2008-02-19 15:57 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\CyberLink
2008-02-19 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-19 15:55 --------- d-----w C:\Documents and Settings\LocalService\Application Data\X10 Commander
2008-02-19 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 15:54 --------- d-----w C:\Program Files\X10 Hardware
2008-02-19 15:54 --------- d-----w C:\Program Files\Home Cinema
2008-02-19 15:54 --------- d-----w C:\Program Files\Common Files\X10
2008-02-19 15:52 --------- d-----w C:\Program Files\DivX
2008-02-19 15:52 --------- d-----w C:\Program Files\CyberLink
2008-02-19 15:51 5,224 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-19 15:47 --------- d-----w C:\Program Files\muvee Technologies
2008-02-19 15:47 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-02-19 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-02-13 17:30 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-13 12:32 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-13 12:31 --------- d-----w C:\Program Files\HP
2008-02-11 10:15 0 ----a-w C:\Documents and Settings\Eddy\Application Data\wklnhst.dat
2008-02-10 20:27 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\X-Chat 2
2008-02-10 19:49 --------- d-----w C:\Program Files\xchat
2008-02-10 19:47 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\mIRC
2008-02-10 19:41 --------- d-----w C:\Program Files\mIRC
2008-02-10 09:32 --------- d-----w C:\Program Files\Sega
2008-02-06 11:48 --------- d-----w C:\Program Files\MyProduct
2008-02-05 10:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-05 10:43 --------- d-----w C:\Program Files\Lavasoft
2008-02-05 10:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 17:34 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Thunderbird
2008-02-03 15:32 --------- d-----w C:\Program Files\NoteWorthy Composer
2008-02-03 15:09 --------- d-----w C:\Program Files\sonic DX
2008-02-03 12:42 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-02-03 12:15 --------- d-----w C:\Program Files\Ubisoft
2008-02-02 11:28 --------- d-----w C:\Program Files\Project64 1.6
2008-01-31 16:52 --------- d-----w C:\Program Files\LimeWire
2008-01-30 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-01-30 17:25 --------- d-----w C:\Program Files\Nexon
2008-01-30 13:20 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-30 13:02 --------- d-----w C:\Program Files\7-Zip
2008-01-29 17:48 --------- d-----w C:\Program Files\Common Files\Java
2008-01-29 17:37 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-29 17:37 --------- d-----w C:\Program Files\Windows Live Favorites
2008-01-29 17:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-29 17:36 --------- d-----w C:\Program Files\Windows Live
2008-01-29 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-29 16:17 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-29 16:12 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-29 15:55 --------- d-----w C:\Program Files\Medion
2008-01-29 15:40 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-29 15:40 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\TuneUp Software
2008-01-29 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-28 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-01-28 20:10 --------- d-----w C:\Program Files\Alwil Software
2008-01-28 19:32 --------- d-----w C:\Program Files\D-Link AirPlus G+ Access Point
2008-01-28 19:30 15,939 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-28 19:30 --------- d-----w C:\Program Files\RALINK
2008-01-28 19:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-28 19:00 --------- d-----w C:\Program Files\IVT Corporation
2008-01-28 18:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 18:48 --------- d-----w C:\Program Files\Microsoft AutoRoute
2008-01-28 18:47 --------- d-----w C:\Program Files\Encarta
2008-01-28 18:46 --------- d-----w C:\Program Files\Picture It! Premium 10
2008-01-28 18:44 --------- d-----w C:\Program Files\Microsoft Works
2008-01-28 18:42 --------- d-----w C:\Program Files\Microsoft Works Suite 2005
2008-01-28 17:51 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@2008-03-21_22.31.07,12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 12:00:00 100,864 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-04 12:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-02 19:34:07 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2007-12-07 01:08:24 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-12-07 01:08:24 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-12-07 01:08:25 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 12:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 12:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 12:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 12:00:00 220,160 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-04 12:00:00 237,568 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 12:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-12-06 13:07:07 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 12:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2007-12-07 01:08:25 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 12:00:00 48,640 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 12:00:00 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 12:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 12:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2007-12-07 01:08:25 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2007-11-14 07:29:20 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2007-12-07 01:08:25 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 12:00:00 22,016 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 12:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2007-12-07 14:38:28 3,080,192 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2007-12-07 01:08:26 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-04 12:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-04 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2007-12-07 01:08:26 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2007-12-07 01:08:26 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-04 12:00:00 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2007-12-07 01:08:26 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 17:54:42 32,960 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 17:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:16 213,216 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:18 371,424 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-04 12:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2007-12-07 01:08:26 616,960 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-04 12:00:00 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 13:58:08 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 12:00:00 279,552 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2007-12-07 01:08:27 662,528 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-13 17:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-13 17:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-02-12 15:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-13 17:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-13 17:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-13 17:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-13 17:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-13 17:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:58:27 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-06-30 20:28:11 389,856 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-13 17:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-13 17:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2007-10-10 23:53:51 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2007-10-10 23:53:51 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll.000
+ 2007-08-13 17:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2007-10-10 23:53:51 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2007-10-10 23:53:51 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll.000
+ 2007-10-10 23:53:51 132,608 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2007-10-10 23:53:51 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2007-10-10 23:53:51 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll.000
+ 2007-10-10 11:02:26 70,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2007-10-10 23:53:51 153,088 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2007-10-10 23:53:52 230,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
+ 2007-10-10 23:53:52 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2007-10-10 23:53:52 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll.000
+ 2007-10-10 23:53:52 384,512 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2007-10-10 23:53:54 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2007-10-10 23:53:54 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll.000
+ 2007-10-10 23:53:54 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2007-10-10 23:53:54 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2007-10-10 23:53:54 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll.000
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2007-10-10 11:02:43 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2007-10-10 11:02:43 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe.000
+ 2007-10-10 23:53:55 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2007-10-10 23:53:55 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll.000
+ 2007-10-10 23:53:55 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2007-10-10 23:53:55 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll.000
+ 2007-10-10 23:53:55 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2007-10-10 23:53:55 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll.000
+ 2007-10-31 03:57:16 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2007-10-31 03:57:16 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll.000
+ 2007-10-10 23:53:57 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2007-10-10 23:53:57 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll.000
+ 2007-10-10 23:53:58 193,024 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2007-10-10 23:53:58 671,232 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2007-10-10 23:53:58 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2007-08-13 17:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:58:27 216,800 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:59:37 389,856 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2007-10-10 23:53:58 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2007-10-10 23:53:58 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll.000
+ 2007-10-10 23:53:59 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2007-10-10 23:53:59 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll.000
+ 2007-10-10 23:53:59 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2007-10-10 23:53:59 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll.000
+ 2007-10-10 23:54:00 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-10-10 23:54:00 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll.000
- 2008-03-21 13:12:41 34,304 ----a-r C:\WINDOWS\Installer\{911B0413-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-03-22 08:54:53 34,304 ----a-r C:\WINDOWS\Installer\{911B0413-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-03-21 13:12:41 8,192 ----a-r C:\WINDOWS\Installer\{911B0413-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-03-22 08:54:53 8,192 ----a-r C:\WINDOWS\Installer\{911B0413-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-03-21 13:12:41 3,584 ----a-r C:\WINDOWS\Installer\{911B0413-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-03-22 08:54:54 3,584 ----a-r C:\WINDOWS\Installer\{911B0413-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-03-21 13:12:41 16,384 ----a-r C:\WINDOWS\Installer\{911B0413-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-03-22 08:54:53 16,384 ----a-r C:\WINDOWS\Installer\{911B0413-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-03-21 13:12:41 22,528 ----a-r C:\WINDOWS\Installer\{911B0413-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-03-22 08:54:54 22,528 ----a-r C:\WINDOWS\Installer\{911B0413-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-03-21 13:12:41 45,056 ----a-r C:\WINDOWS\Installer\{911B0413-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-03-22 08:54:53 45,056 ----a-r C:\WINDOWS\Installer\{911B0413-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-06-02 19:34:07 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-04 12:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 17:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-04 12:00:00 100,864 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-12-07 02:18:00 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2001-01-22 02:25:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL
+ 2004-01-29 06:08:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL
- 2004-08-04 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 17:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2004-08-04 12:00:00 100,864 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-12-07 02:18:00 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-04 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 17:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-12-07 01:08:24 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-12-19 22:57:24 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 01:08:24 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-12-07 02:18:00 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 01:08:25 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-12-07 02:18:00 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 17:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-12-06 11:04:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-12-07 02:18:00 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00:00 220,160 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-12-07 02:18:00 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00:00 237,568 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2004-08-04 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-12-07 02:18:01 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-06 13:07:07 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-04 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 17:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-12-07 01:08:25 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 17:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-04 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-12-07 02:18:03 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2004-08-04 12:00:00 63,488 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 17:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2004-08-04 12:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-12-06 11:04:44 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2004-08-04 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 17:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-12-07 01:08:25 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 17:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-11-14 07:29:20 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 17:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-12-07 01:08:25 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-12-07 02:18:04 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-13 17:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-12-07 14:38:28 3,080,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-12-08 09:48:08 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 01:08:26 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-12-07 02:18:06 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00:00 57,344 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 17:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-12-07 01:08:26 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-12-07 02:18:06 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 01:08:26 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 02:18:06 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 12:00:00 97,280 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-12-07 02:18:07 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-12-07 01:08:26 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-01-11 05:52:55 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-12-07 02:18:07 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 01:08:26 616,960 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-07 02:18:07 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-04 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 17:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 13:58:08 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-08-13 17:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
- 2004-08-04 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
+ 2006-03-24 04:40:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
- 2004-08-04 12:00:00 279,552 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-12-07 02:18:07 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-12-07 01:08:27 662,528 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-12-07 02:18:08 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-07-19 14:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2007-12-07 01:08:24 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-12-19 22:57:24 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 01:08:24 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-12-07 02:18:00 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 01:08:25 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 02:18:00 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 02:18:00 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-04 12:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-12-06 11:04:23 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-04 12:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-12-07 02:18:00 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-04 12:00:00 220,160 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-12-07 02:18:00 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-04 12:00:00 237,568 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-12-07 02:18:01 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-04 12:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-12-07 02:18:01 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-04 12:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 17:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-12-07 02:18:03 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 01:08:25 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 12:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-12-07 02:18:03 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-12-07 02:18:03 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-04 12:00:00 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 17:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 17:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-04 12:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 17:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-12-07 01:08:25 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:29:20 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 17:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-12-07 01:08:25 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-12-07 02:18:04 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-13 22:10:48 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2004-08-04 12:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-12-07 02:18:04 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-12-07 02:18:04 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 17:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-04 12:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 17:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-12-07 14:38:28 3,080,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-08 09:48:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 01:08:26 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-12-07 02:18:06 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 12:00:00 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 17:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-12-07 01:08:26 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-12-07 02:18:06 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 01:08:26 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-07 02:18:06 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-04 12:00:00 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-12-07 02:18:07 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2007-12-07 01:08:26 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-01-11 05:52:55 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2004-04-27 03:40:52 11,264 ----a-w C:\WINDOWS\system32\SpOrder.dll
- 2004-08-04 12:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-12-07 02:18:07 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 01:08:26 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 02:18:07 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 17:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2008-03-13 22:10:52 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2008-03-13 22:11:18 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2008-03-13 22:10:52 161,256 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2008-03-13 22:10:52 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2008-03-13 22:10:54 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2008-03-13 22:10:54 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2008-03-13 22:10:54 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2008-03-13 22:10:56 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2008-03-13 22:10:56 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2004-08-04 12:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:40:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-04 12:00:00 279,552 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-12-07 02:18:07 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 17:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-12-07 01:08:27 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 02:18:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-03-13 22:10:56 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2008-03-13 22:10:56 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2008-03-22 07:55:21 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-03-13 22:10:44 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-30 23:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.da t
+ 2006-06-30 13:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.d ll
+ 2007-05-30 23:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 23:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 23:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 23:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-19 22:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-12-03 13:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 17:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-30 23:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 23:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 23:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 23:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-12-03 13:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
+ 2006-12-19 17:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2008-03-13 22:10:44 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 11:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2008-03-13 22:10:46 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2008-03-13 22:10:46 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2008-03-13 22:10:46 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2008-03-13 22:11:20 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip. dll
+ 2008-03-13 22:11:20 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-03-13 22:11:20 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-03-13 22:11:22 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-03-13 22:11:22 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-03-13 22:12:38 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rp c_server.dll
+ 2008-03-13 22:12:38 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\ vsmon_plugin.dll
+ 2008-02-27 02:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2008-02-27 02:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2008-03-13 22:10:50 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2008-01-21 07:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-02-27 02:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2008-02-27 02:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2008-03-13 22:10:50 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2008-03-13 22:12:38 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker \httpblocker.dll
+ 2008-03-13 22:12:40 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imsl sp.dll
+ 2006-09-04 19:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-10-11 15:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2008-03-13 22:11:08 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 16:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2008-03-13 22:10:52 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2008-03-13 22:10:52 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2008-03-13 22:11:08 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2008-03-13 22:10:54 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2008-03-13 22:10:54 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2008-03-13 22:10:54 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2008-01-21 07:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2008-03-13 22:10:56 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2008-03-13 22:10:58 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2008-03-13 22:10:58 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2008-03-13 22:10:58 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2008-03-22 09:32:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_790.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-22 08:55 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-03-22 08:55 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-02-25 10:35 171448]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-04 20:04 1266936]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 14:00 79224]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"Keyboard Status"="C:\PROGRA~1\Medion\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 18:55 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb10.exe" [2004-03-04 16:46 172032]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-04 11:48 118926]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [2006-11-07 15:11 2500096]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-01-28 20:00:25 1048576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2008-01-28 20:30:13 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\D-Link AirPlus G+ Access Point\\AirPlus_Manager.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Nexon\\KartRider\\NMService.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]
S3 cdiskdun;cdiskdun;C:\DOCUME~1\Eigenaar\LOCALS~1\Te mp\cdiskdun.sys []
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Nexon\KartRider\GameGuard\dump_wmimmc.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
"2008-03-17 11:48:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-22 09:51:01 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-21 16:19:46 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 11:27:32
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-03-22 11:28:21
ComboFix-quarantined-files.txt 2008-03-22 10:28:17
ComboFix2.txt 2008-03-21 21:31:18
.
2008-03-22 08:54:55 --- E O F ---
De meest duidelijke uitwerking van dit virus zijn de Messenger messages, er heeft tot dusver nog niemand geklaagd dus ik vermoed dat de problemen van de baan zijn. Wel, dat hoop ik toch.
-
23 March 2008, 19:37 #8Spyware Slayer
- Geregistreerd
- 19 May 2005
- Locatie
- Zandvliet/ Ledegem
- Berichten
- 4.212
- Bedankjes
- 1.207
- Bedankt
- 2.706 keer in 1.759 posts
Ik zie toch niet direct iets verdachts aanwezig.
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.
-
De volgende gebruiker bedankt Rosty voor deze nuttige post:
TSK (24 March 2008)
-
24 March 2008, 15:32 #9Beginner
- Geregistreerd
- 8 November 2007
- Berichten
- 9
- Bedankjes
- 3
- Bedankt
- 0 keer in 0 posts
Ok alles is weer in orde, bedankt! =]
-
27 March 2008, 09:05 #10Spyware Slayer
- Geregistreerd
- 19 May 2005
- Locatie
- Zandvliet/ Ledegem
- Berichten
- 4.212
- Bedankjes
- 1.207
- Bedankt
- 2.706 keer in 1.759 posts
Aangezien dat deze opgelost is gaat er hier een slotje op. Wil je het teug geopend stuur dan iemand van de crew of mij een PM met de link van deze thread.
Discussie informatie
Users Browsing this Thread
Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)
Soortgelijke discussies
-
anti virus
Door Timon22 in forum Processoren, moederborden en geheugenReacties: 5Laatste bericht: 21 November 2006, 09:31 -
anti-virus voor gsm
Door minoe in forum Mobiele & Home mediaReacties: 5Laatste bericht: 22 July 2006, 17:13 -
anti-virus
Door copertje in forum MalwareReacties: 5Laatste bericht: 1 July 2005, 12:12 -
Panda anti virus
Door Wayne in forum MalwareReacties: 6Laatste bericht: 14 May 2005, 22:02
Regels voor berichten
- Copyright © 2004 - 2019, Minatica.be
-
Powered by vBulletin®, versie 4.2.2
Copyright © 2024 vBulletin Solutions, Inc. - Design door Gert Bangels
Favorieten/bladwijzers