mini laptop enorm traag met internet

[patrickvan71]

Ik heb een acer one 150 serie met windows XP

internet via proximus vodofoonstick

de ontvangst ervan is heel goed

Maar een pagina openen duurd soms wel 1 minuut

Logje

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:35:43, on 13/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\igfxext.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\Documents and Settings\All Users\Application Data\Partner\partner.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Partner Service - Google Inc. - C:\Documents and Settings\All Users\Application Data\Partner\partner.exe

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--

End of file - 7371 bytes

[kape]

Ga naar Start - Uitvoeren en tik in: sc stop “Partner Service”

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete “Partner Service”

Druk op Enter.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\Documents and Settings\All Users\Application Data\Partner\partner.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[patrickvan71]

Malwarebytes' Anti-Malware 1.41

Database versie: 3168

Windows 5.1.2600 Service Pack 3

14/11/2009 10:01:50

mbam-log-2009-11-14 (10-01-50).txt

Scan type: Snelle Scan

Objecten gescand: 102885

Verstreken tijd: 5 minute(s), 53 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 1

Registersleutels geïnfecteerd: 2

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

C:\Documents and Settings\All Users\Application Data\Partner\partner.dll (Trojan.BHO) -> Delete on reboot.

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

C:\Documents and Settings\All Users\Application Data\Partner\partner.dll (Trojan.BHO) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:09:18, on 14/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\Patrick\LOCALS~1\Temp\RtkBtMnt.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Partner Service - Google Inc. - C:\Documents and Settings\All Users\Application Data\Partner\partner.exe

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--

End of file - 7289 bytes

[kape]

Heb je dit ook uitgevoerd :

Ga naar Start - Uitvoeren en tik in: sc stop “Partner Service”

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete “Partner Service”

Druk op Enter.

want die service staat nog steeds in je nieuwe logje ?

Zo ja, probeer dan nog eens hetzelfde te doen in "veilige modus" en maak dan even een nieuw logje met HiJackThis (na nieuwe opstart in normale modus).

[patrickvan71]

had ik al gedaan maar kreeg toen heel even een zwart scherm te zien en verdween direkt nu krijg ik bij delete

*** Unrecognized Command ***

DESCRIPTION:

SC is a command line program used for communicating with the

NT Service Controller and services.

USAGE:

sc <server> [command] [service name] <option1> <option2>...

The option <server> has the form "\\ServerName"

Further help on commands can be obtained by typing: "sc [command]"

Commands:

query-----------Queries the status for a service, or

enumerates the status for types of services.

queryex---------Queries the extended status for a service, or

enumerates the status for types of services.

start-----------Starts a service.

pause-----------Sends a PAUSE control request to a service.

interrogate-----Sends an INTERROGATE control request to a service.

continue--------Sends a CONTINUE control request to a service.

stop------------Sends a STOP request to a service.

config----------Changes the configuration of a service (persistant).

description-----Changes the description of a service.

failure---------Changes the actions taken by a service upon failure.

sidtype---------Changes the service SID type of a service.

qc--------------Queries the configuration information for a service.

qdescription----Queries the description for a service.

qfailure--------Queries the actions taken by a service upon failure.

qsidtype--------Queries the service SID type of a service.

delete----------Deletes a service (from the registry).

create----------Creates a service. (adds it to the registry).

control---------Sends a control to a service.

sdshow----------Displays a service's security descriptor.

sdset-----------Sets a service's security descriptor.

showsid---------Displays the service SID string corresponding to an ar

bitrary name.

GetDisplayName--Gets the DisplayName for a service.

GetKeyName------Gets the ServiceKeyName for a service.

EnumDepend------Enumerates Service Dependencies.

The following commands don't require a service name:

sc <server> <command> <option>

boot------------(ok | bad) Indicates whether the last boot should

be saved as the last-known-good boot configuration

Lock------------Locks the Service Database

QueryLock-------Queries the LockStatus for the SCManager Database

EXAMPLE:

sc start MyService

Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]:

en bij stop

*** Unrecognized Command ***

DESCRIPTION:

SC is a command line program used for communicating with the

NT Service Controller and services.

USAGE:

sc <server> [command] [service name] <option1> <option2>...

The option <server> has the form "\\ServerName"

Further help on commands can be obtained by typing: "sc [command]"

Commands:

query-----------Queries the status for a service, or

enumerates the status for types of services.

queryex---------Queries the extended status for a service, or

enumerates the status for types of services.

start-----------Starts a service.

pause-----------Sends a PAUSE control request to a service.

interrogate-----Sends an INTERROGATE control request to a service.

continue--------Sends a CONTINUE control request to a service.

stop------------Sends a STOP request to a service.

config----------Changes the configuration of a service (persistant).

description-----Changes the description of a service.

failure---------Changes the actions taken by a service upon failure.

sidtype---------Changes the service SID type of a service.

qc--------------Queries the configuration information for a service.

qdescription----Queries the description for a service.

qfailure--------Queries the actions taken by a service upon failure.

qsidtype--------Queries the service SID type of a service.

delete----------Deletes a service (from the registry).

create----------Creates a service. (adds it to the registry).

control---------Sends a control to a service.

sdshow----------Displays a service's security descriptor.

sdset-----------Sets a service's security descriptor.

showsid---------Displays the service SID string corresponding to an ar

bitrary name.

GetDisplayName--Gets the DisplayName for a service.

GetKeyName------Gets the ServiceKeyName for a service.

EnumDepend------Enumerates Service Dependencies.

The following commands don't require a service name:

sc <server> <command> <option>

boot------------(ok | bad) Indicates whether the last boot should

be saved as the last-known-good boot configuration

Lock------------Locks the Service Database

QueryLock-------Queries the LockStatus for the SCManager Database

EXAMPLE:

sc start MyService

Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]:

[kape]

Andere poging , dan :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• 
  Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

[patrickvan71]

ComboFix 09-11-14.03 - Patrick 14/11/2009 17:07..2 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1012.599 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Patrick\Bureaublad\ComboFix.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-10-14 to 2009-11-14 ))))))))))))))))))))))))))))))

.

2009-11-14 10:08 . 2009-11-14 10:08 -------- d-----w- c:\windows\system32\XPSViewer

2009-11-14 10:08 . 2009-11-14 10:08 -------- d-----w- c:\program files\MSBuild

2009-11-14 10:08 . 2009-11-14 10:08 -------- d-----w- c:\program files\Reference Assemblies

2009-11-14 10:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-11-14 10:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-11-14 10:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-11-14 10:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-11-14 10:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-11-14 10:07 . 2009-11-14 10:08 -------- d-----w- C:\8edf6edbff74a5779b00aa6d3874b9

2009-11-14 10:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-11-14 10:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-11-14 08:51 . 2009-11-14 08:51 -------- d-----w- c:\documents and settings\Patrick\Application Data\Malwarebytes

2009-11-14 08:51 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-14 08:51 . 2009-11-14 08:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-14 08:51 . 2009-11-14 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-14 08:51 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-13 18:35 . 2009-11-13 18:35 -------- d-----w- c:\program files\Trend Micro

2009-11-13 09:45 . 2009-08-04 17:29 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-11-13 09:45 . 2009-08-04 17:29 2070400 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-11-13 09:45 . 2009-08-04 17:29 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-11-13 09:29 . 2009-11-13 09:29 -------- d-----w- c:\program files\MSXML 4.0

2009-11-10 00:00 . 2009-11-10 00:00 -------- d---a-w- c:\windows\AcerStore

2009-11-09 17:20 . 2008-03-17 10:03 101376 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys

2009-11-09 17:20 . 2008-04-15 21:00 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2009-11-09 17:20 . 2008-04-15 21:00 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-11-09 17:19 . 2009-11-09 17:19 -------- d-----w- c:\documents and settings\Patrick\Application Data\Vodafone

2009-11-09 17:19 . 2009-11-09 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield

2009-11-09 17:19 . 2009-11-09 17:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone

2009-11-09 17:18 . 2009-11-09 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone

2009-11-09 17:18 . 2009-11-09 17:18 -------- d-----w- c:\program files\Vodafone

2009-11-09 17:18 . 2009-11-09 17:18 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\{D53238E8-3427-491E-A57E-097FA966AAC1}

2009-11-09 17:11 . 2009-11-09 17:14 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Identities

2009-11-09 16:21 . 2009-11-09 16:21 -------- d-----w- c:\documents and settings\Patrick\Bluetooth Software

2009-11-09 16:19 . 2006-10-15 17:59 30285 ----a-w- c:\windows\system32\drivers\btwmodem.sys

2009-11-09 16:10 . 2008-04-14 21:32 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2009-11-09 16:10 . 2008-04-14 21:32 21504 ----a-w- c:\windows\system32\hidserv.dll

2009-11-09 16:09 . 2001-09-06 18:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2009-11-09 16:09 . 2001-09-06 18:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2009-11-09 16:06 . 2007-01-24 19:27 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys

2009-11-09 16:06 . 2007-02-27 19:02 868042 ----a-w- c:\windows\system32\drivers\btkrnl.sys

2009-11-09 16:06 . 2006-11-28 16:48 47907 ----a-w- c:\windows\system32\drivers\btwhid.sys

2009-11-09 16:06 . 2006-10-15 18:04 106557 ----a-w- c:\windows\system32\btw_ci.dll

2009-11-09 16:06 . 2006-10-15 18:01 149123 ----a-w- c:\windows\system32\drivers\btwdndis.sys

2009-11-09 16:06 . 2006-10-10 02:00 30459 ----a-w- c:\windows\system32\drivers\btport.sys

2009-11-09 16:06 . 2007-01-24 19:33 530861 ----a-w- c:\windows\system32\drivers\btaudio.sys

2009-11-09 16:06 . 2009-11-09 16:06 -------- d-----w- c:\program files\WIDCOMM

2009-11-09 16:04 . 2009-11-09 16:04 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Adobe

2009-11-09 16:02 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-11-09 15:56 . 2007-04-13 10:51 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE

2009-11-09 15:56 . 2006-03-30 12:06 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe

2009-11-09 15:56 . 2006-03-23 11:02 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe

2009-11-09 15:56 . 2005-12-09 08:12 16384 ----a-w- c:\windows\system32\ClearEvent.exe

2009-11-09 15:56 . 2004-11-03 08:06 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll

2009-11-09 15:55 . 2009-11-09 15:55 125 ----a-w- c:\windows\xUninstall.bat

2009-11-09 15:55 . 2008-07-08 01:16 96856 ----a-w- c:\windows\system32\drivers\jmcr.sys

2009-11-09 15:55 . 2009-11-09 15:55 -------- d-----w- c:\windows\JMCR_DIR

2009-11-09 15:55 . 2008-05-14 10:53 110080 ----a-w- c:\windows\system32\JmCrIcon.dll

2009-11-09 15:54 . 2009-11-14 10:19 60592 ----a-w- c:\documents and settings\Patrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-09 15:54 . 2008-04-13 23:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys

2009-11-09 15:54 . 2008-04-13 23:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys

2009-11-09 15:53 . 2009-11-09 15:53 -------- d-----w- c:\program files\Common Files\CrystalEye

2009-11-09 15:52 . 2008-06-13 16:43 4342912 ----a-w- c:\windows\system32\acer.exe

2009-11-09 15:52 . 2007-04-19 12:41 83554304 ----a-w- c:\windows\system32\acer.scr

2009-11-09 15:52 . 2009-11-09 15:52 -------- d-----w- c:\program files\Acer Incorporated

2009-11-09 15:52 . 2009-11-09 15:52 -------- d-----w- c:\windows\ACER

2009-11-09 15:49 . 2009-11-09 16:49 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Google

2009-11-09 15:36 . 2009-11-09 15:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-11-09 15:28 . 2009-11-14 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Partner

2009-11-09 15:28 . 2009-11-09 15:50 110576 ----a-w- c:\documents and settings\All Users\Application Data\Partner\partner.exe

2009-11-09 15:27 . 2009-11-09 16:55 -------- d-----w- c:\program files\Google

2009-11-09 15:25 . 2009-11-09 15:26 -------- d-----w- c:\program files\Launch Manager

2009-11-09 15:22 . 2008-04-13 23:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys

2009-11-09 15:22 . 2008-04-15 21:00 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys

2009-11-09 15:22 . 2008-04-15 21:00 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys

2009-11-09 15:22 . 2008-04-13 23:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS

2009-11-09 15:22 . 2008-04-13 23:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys

2009-11-09 15:22 . 2008-04-13 23:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2009-11-09 15:09 . 2009-11-09 15:09 -------- d-----w- c:\windows\WebCam

2009-11-09 15:09 . 2008-04-14 21:32 54272 ----a-w- c:\windows\vfwwdm32.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-14 16:03 . 2008-08-22 08:38 510980 ----a-w- c:\windows\system32\perfh013.dat

2009-11-14 16:03 . 2008-08-22 08:38 91950 ----a-w- c:\windows\system32\perfc013.dat

2009-11-14 10:51 . 2009-11-14 10:51 103018 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1043.dat

2009-11-14 10:51 . 2008-08-21 19:57 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-10 00:00 . 2004-09-21 21:28 3 ----a-w- c:\windows\HotFix.bat

2009-11-10 00:00 . 2004-06-26 00:13 139 ----a-w- c:\windows\HotFix2.bat

2009-11-09 23:56 . 2008-08-21 20:20 -------- d-----w- c:\program files\Realtek

2009-11-09 23:56 . 2008-08-21 20:39 -------- d-----w- c:\program files\Microsoft Works

2009-11-09 23:56 . 2008-08-21 20:36 -------- d-----w- c:\program files\Microsoft.NET

2009-11-09 23:56 . 2008-08-21 20:39 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant

2009-11-09 23:56 . 2008-08-21 19:58 -------- d-----w- c:\program files\microsoft frontpage

2009-11-09 23:56 . 2008-08-21 20:33 -------- d-----w- c:\program files\InterVideo

2009-11-09 23:56 . 2008-08-21 20:01 -------- d-----w- c:\program files\Intel

2009-11-09 23:55 . 2008-08-21 20:32 -------- d-----w- c:\program files\Common Files\InterVideo

2009-11-09 23:55 . 2008-08-21 20:24 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-11-09 23:55 . 2008-08-21 20:23 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-09 23:55 . 2008-08-21 20:21 -------- d-----w- c:\program files\Atheros

2009-11-09 23:54 . 2009-11-09 15:23 -------- d-----w- c:\documents and settings\Patrick\Application Data\InstallShield

2009-11-09 23:54 . 2008-08-21 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-11-09 23:54 . 2008-08-21 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros

2009-11-09 17:18 . 2008-08-21 20:19 -------- d-----w- c:\program files\Common Files\InstallShield

2009-11-09 16:22 . 2008-08-21 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-11-09 16:22 . 2008-08-21 20:30 -------- d-----w- c:\program files\McAfee

2009-11-09 15:55 . 2008-08-21 20:33 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-09 15:54 . 2009-11-09 15:23 130 ----a-w- c:\documents and settings\Patrick\Local Settings\Application Data\fusioncache.dat

2009-11-09 15:27 . 2008-08-21 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor

2009-09-11 14:20 . 2008-04-15 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:05 . 2008-04-15 21:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:32 . 2007-08-13 16:54 832512 ----a-w- c:\windows\system32\wininet.dll

2009-08-29 07:32 . 2008-04-15 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-08-29 07:32 . 2008-04-15 21:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-08-26 08:02 . 2008-04-15 21:00 247326 ----a-w- c:\windows\system32\strmdll.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-09 24064]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2007-02-20 61440]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]

"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]

InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4/07/2008 12:52 14336]

R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [5/05/2008 17:01 254976]

S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/11/2009 16:27 24064]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [9/11/2009 16:55 96856]

S3 Partner Service;Partner Service;c:\documents and settings\All Users\Application Data\Partner\partner.exe [9/11/2009 16:28 110576]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - MBR

*Deregistered* - mbr

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=0&o=xph&d=1109&m=aoa150

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

.

- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-M3000Mnt - M3000Rmv.dll

**************************************************************************

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden:

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3380)

c:\windows\system32\btmmhook.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\windows\system32\igfxext.exe

.

**************************************************************************

.

Voltooingstijd: 2009-11-14 17:19 - machine werd herstart

ComboFix-quarantined-files.txt 2009-11-14 16:18

Pre-Run: 104.358.010.880 bytes beschikbaar

Post-Run: 104.402.972.672 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B777C875DB6076812156E418B8E6121D

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\documents and settings\All Users\Application Data\Partner\partner.exe

Folder::

c:\documents and settings\All Users\Application Data\Partner

Driver::

Partner Service

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[patrickvan71]

ComboFix 09-11-15.01 - Patrick 15/11/2009 12:06..2 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1012.652 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Patrick\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Patrick\Bureaublad\CFScript.txt..txt

FILE ::

"c:\documents and settings\All Users\Application Data\Partner\partner.exe"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Partner

c:\documents and settings\All Users\Application Data\Partner\partner.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_PARTNER_SERVICE

-------\Service_Partner Service

(((((((((((((((((((( Bestanden Gemaakt van 2009-10-15 to 2009-11-15 ))))))))))))))))))))))))))))))

.

2009-11-14 10:08 . 2009-11-14 10:08 -------- d-----w- c:\windows\system32\XPSViewer

2009-11-14 10:08 . 2009-11-14 10:08 -------- d-----w- c:\program files\MSBuild

2009-11-14 10:08 . 2009-11-14 10:08 -------- d-----w- c:\program files\Reference Assemblies

2009-11-14 10:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-11-14 10:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-11-14 10:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-11-14 10:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-11-14 10:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-11-14 10:07 . 2009-11-14 10:08 -------- d-----w- C:\8edf6edbff74a5779b00aa6d3874b9

2009-11-14 10:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-11-14 10:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-11-14 08:51 . 2009-11-14 08:51 -------- d-----w- c:\documents and settings\Patrick\Application Data\Malwarebytes

2009-11-14 08:51 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-14 08:51 . 2009-11-14 08:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-14 08:51 . 2009-11-14 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-14 08:51 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-13 18:35 . 2009-11-13 18:35 -------- d-----w- c:\program files\Trend Micro

2009-11-13 09:45 . 2009-08-04 17:29 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-11-13 09:45 . 2009-08-04 17:29 2070400 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-11-13 09:45 . 2009-08-04 17:29 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-11-13 09:29 . 2009-11-13 09:29 -------- d-----w- c:\program files\MSXML 4.0

2009-11-10 00:00 . 2009-11-10 00:00 -------- d---a-w- c:\windows\AcerStore

2009-11-09 17:20 . 2008-03-17 10:03 101376 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys

2009-11-09 17:20 . 2008-04-15 21:00 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2009-11-09 17:20 . 2008-04-15 21:00 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-11-09 17:19 . 2009-11-09 17:19 -------- d-----w- c:\documents and settings\Patrick\Application Data\Vodafone

2009-11-09 17:19 . 2009-11-09 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield

2009-11-09 17:19 . 2009-11-09 17:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone

2009-11-09 17:18 . 2009-11-09 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone

2009-11-09 17:18 . 2009-11-09 17:18 -------- d-----w- c:\program files\Vodafone

2009-11-09 17:18 . 2009-11-09 17:18 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\{D53238E8-3427-491E-A57E-097FA966AAC1}

2009-11-09 17:11 . 2009-11-09 17:14 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Identities

2009-11-09 16:21 . 2009-11-09 16:21 -------- d-----w- c:\documents and settings\Patrick\Bluetooth Software

2009-11-09 16:19 . 2006-10-15 17:59 30285 ----a-w- c:\windows\system32\drivers\btwmodem.sys

2009-11-09 16:10 . 2008-04-14 21:32 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2009-11-09 16:10 . 2008-04-14 21:32 21504 ----a-w- c:\windows\system32\hidserv.dll

2009-11-09 16:09 . 2001-09-06 18:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2009-11-09 16:09 . 2001-09-06 18:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2009-11-09 16:06 . 2007-01-24 19:27 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys

2009-11-09 16:06 . 2007-02-27 19:02 868042 ----a-w- c:\windows\system32\drivers\btkrnl.sys

2009-11-09 16:06 . 2006-11-28 16:48 47907 ----a-w- c:\windows\system32\drivers\btwhid.sys

2009-11-09 16:06 . 2006-10-15 18:04 106557 ----a-w- c:\windows\system32\btw_ci.dll

2009-11-09 16:06 . 2006-10-15 18:01 149123 ----a-w- c:\windows\system32\drivers\btwdndis.sys

2009-11-09 16:06 . 2006-10-10 02:00 30459 ----a-w- c:\windows\system32\drivers\btport.sys

2009-11-09 16:06 . 2007-01-24 19:33 530861 ----a-w- c:\windows\system32\drivers\btaudio.sys

2009-11-09 16:06 . 2009-11-09 16:06 -------- d-----w- c:\program files\WIDCOMM

2009-11-09 16:04 . 2009-11-09 16:04 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Adobe

2009-11-09 16:02 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-11-09 15:56 . 2007-04-13 10:51 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE

2009-11-09 15:56 . 2006-03-30 12:06 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe

2009-11-09 15:56 . 2006-03-23 11:02 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe

2009-11-09 15:56 . 2005-12-09 08:12 16384 ----a-w- c:\windows\system32\ClearEvent.exe

2009-11-09 15:56 . 2004-11-03 08:06 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll

2009-11-09 15:55 . 2009-11-09 15:55 125 ----a-w- c:\windows\xUninstall.bat

2009-11-09 15:55 . 2008-07-08 01:16 96856 ----a-w- c:\windows\system32\drivers\jmcr.sys

2009-11-09 15:55 . 2009-11-09 15:55 -------- d-----w- c:\windows\JMCR_DIR

2009-11-09 15:55 . 2008-05-14 10:53 110080 ----a-w- c:\windows\system32\JmCrIcon.dll

2009-11-09 15:54 . 2009-11-14 10:19 60592 ----a-w- c:\documents and settings\Patrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-09 15:23 . 2009-11-15 11:14 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\ApplicationHistory

2009-11-09 15:22 . 2008-04-13 23:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys

2009-11-09 15:22 . 2008-04-15 21:00 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys

2009-11-09 15:22 . 2008-04-15 21:00 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys

2009-11-09 15:22 . 2008-04-13 23:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS

2009-11-09 15:22 . 2008-04-13 23:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys

2009-11-09 15:22 . 2008-04-13 23:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2009-11-09 15:09 . 2009-11-09 15:09 -------- d-----w- c:\windows\WebCam

2009-11-09 15:09 . 2008-04-14 21:32 54272 ----a-w- c:\windows\vfwwdm32.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-15 10:51 . 2008-08-22 08:38 91950 ----a-w- c:\windows\system32\perfc013.dat

2009-11-15 10:51 . 2008-08-22 08:38 510980 ----a-w- c:\windows\system32\perfh013.dat

2009-11-14 10:51 . 2009-11-14 10:51 103018 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1043.dat

2009-11-14 10:51 . 2008-08-21 19:57 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-10 00:00 . 2004-09-21 21:28 3 ----a-w- c:\windows\HotFix.bat

2009-11-10 00:00 . 2004-06-26 00:13 139 ----a-w- c:\windows\HotFix2.bat

2009-11-09 23:56 . 2008-08-21 20:20 -------- d-----w- c:\program files\Realtek

2009-11-09 23:56 . 2008-08-21 20:39 -------- d-----w- c:\program files\Microsoft Works

2009-11-09 23:56 . 2008-08-21 20:36 -------- d-----w- c:\program files\Microsoft.NET

2009-11-09 23:56 . 2008-08-21 20:39 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant

2009-11-09 23:56 . 2008-08-21 19:58 -------- d-----w- c:\program files\microsoft frontpage

2009-11-09 23:56 . 2008-08-21 20:33 -------- d-----w- c:\program files\InterVideo

2009-11-09 23:56 . 2008-08-21 20:01 -------- d-----w- c:\program files\Intel

2009-11-09 23:55 . 2008-08-21 20:32 -------- d-----w- c:\program files\Common Files\InterVideo

2009-11-09 23:55 . 2008-08-21 20:24 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-11-09 23:55 . 2008-08-21 20:23 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-09 23:55 . 2008-08-21 20:21 -------- d-----w- c:\program files\Atheros

2009-11-09 23:54 . 2009-11-09 15:23 -------- d-----w- c:\documents and settings\Patrick\Application Data\InstallShield

2009-11-09 23:54 . 2008-08-21 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-11-09 23:54 . 2008-08-21 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros

2009-11-09 17:18 . 2008-08-21 20:19 -------- d-----w- c:\program files\Common Files\InstallShield

2009-11-09 16:55 . 2009-11-09 15:27 -------- d-----w- c:\program files\Google

2009-11-09 16:22 . 2008-08-21 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-11-09 16:22 . 2008-08-21 20:30 -------- d-----w- c:\program files\McAfee

2009-11-09 15:55 . 2008-08-21 20:33 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-09 15:54 . 2009-11-09 15:23 130 ----a-w- c:\documents and settings\Patrick\Local Settings\Application Data\fusioncache.dat

2009-11-09 15:53 . 2009-11-09 15:53 -------- d-----w- c:\program files\Common Files\CrystalEye

2009-11-09 15:52 . 2009-11-09 15:52 -------- d-----w- c:\program files\Acer Incorporated

2009-11-09 15:36 . 2009-11-09 15:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-11-09 15:27 . 2008-08-21 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor

2009-11-09 15:26 . 2009-11-09 15:25 -------- d-----w- c:\program files\Launch Manager

2009-09-11 14:20 . 2008-04-15 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:05 . 2008-04-15 21:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:32 . 2007-08-13 16:54 832512 ------w- c:\windows\system32\wininet.dll

2009-08-29 07:32 . 2008-04-15 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-08-29 07:32 . 2008-04-15 21:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-08-26 08:02 . 2008-04-15 21:00 247326 ----a-w- c:\windows\system32\strmdll.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-11-14_16.16.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-30 12:39 . 2007-11-30 11:19 18808 c:\windows\system32\spmsg.dll

- 2008-08-22 08:38 . 2009-11-14 16:03 72066 c:\windows\system32\perfc009.dat

+ 2008-08-22 08:38 . 2009-11-15 10:51 72066 c:\windows\system32\perfc009.dat

+ 2009-11-15 10:48 . 2009-11-15 10:48 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll

+ 2009-11-15 10:44 . 2009-11-15 10:44 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe

+ 2009-11-15 10:43 . 2009-11-15 10:43 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll

+ 2009-11-15 10:57 . 2009-11-15 10:57 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll

+ 2009-11-15 10:57 . 2009-11-15 10:57 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe

+ 2009-11-15 10:56 . 2009-11-15 10:56 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2009-11-15 10:41 . 2009-11-15 10:41 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2009-11-14 10:14 . 2009-11-14 10:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2008-08-22 08:38 . 2009-11-14 16:03 442800 c:\windows\system32\perfh009.dat

+ 2008-08-22 08:38 . 2009-11-15 10:51 442800 c:\windows\system32\perfh009.dat

+ 2009-08-07 22:51 . 2009-08-07 22:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2009-03-20 10:48 . 2009-03-20 10:48 183808 c:\windows\Installer\161692.msp

+ 2009-11-14 10:14 . 2009-11-14 10:14 303104 c:\windows\assembly\temp\WAMX8KV6IT\System.Runtime.Remoting.dll

+ 2009-11-14 10:14 . 2009-11-14 10:14 261632 c:\windows\assembly\temp\FT5HS3FQ2D\System.Transactions.dll

+ 2009-11-15 10:57 . 2009-11-15 10:57 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe

+ 2009-11-15 10:48 . 2009-11-15 10:48 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll

+ 2009-11-15 10:48 . 2009-11-15 10:48 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll

+ 2009-11-15 10:48 . 2009-11-15 10:48 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll

+ 2009-11-15 10:56 . 2009-11-15 10:56 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll

+ 2009-11-15 10:56 . 2009-11-15 10:56 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll

+ 2009-11-15 10:48 . 2009-11-15 10:48 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll

+ 2009-11-15 10:57 . 2009-11-15 10:57 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe

+ 2009-11-15 10:57 . 2009-11-15 10:57 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll

+ 2009-11-15 10:57 . 2009-11-15 10:57 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe

+ 2009-11-15 10:45 . 2009-11-15 10:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll

+ 2009-11-15 10:45 . 2009-11-15 10:45 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll

+ 2009-11-15 10:45 . 2009-11-15 10:45 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll

+ 2009-11-15 10:45 . 2009-11-15 10:45 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll

+ 2009-11-15 10:57 . 2009-11-15 10:57 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe

+ 2009-11-15 10:57 . 2009-11-15 10:57 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2009-11-15 10:57 . 2009-11-15 10:57 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe

+ 2009-11-15 10:56 . 2009-11-15 10:56 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2009-11-15 10:41 . 2009-11-15 10:41 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2009-11-15 10:41 . 2009-11-15 10:41 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2009-11-15 10:41 . 2009-11-15 10:41 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2009-08-07 22:51 . 2009-08-07 22:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2009-08-07 22:51 . 2009-08-07 22:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2008-11-25 03:59 . 2008-11-25 03:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2009-11-14 10:14 . 2009-11-14 10:14 2933248 c:\windows\assembly\temp\R2BLU3CLU3\System.Data.dll

+ 2009-11-15 10:43 . 2009-11-15 10:43 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll

+ 2009-11-15 10:48 . 2009-11-15 10:48 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll

+ 2009-11-15 10:43 . 2009-11-15 10:43 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll

+ 2009-11-15 10:48 . 2009-11-15 10:48 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll

+ 2009-11-15 10:48 . 2009-11-15 10:48 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll

+ 2009-11-15 10:56 . 2009-11-15 10:56 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll

+ 2009-11-15 10:48 . 2009-11-15 10:48 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll

+ 2009-11-15 10:56 . 2009-11-15 10:56 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll

+ 2009-11-15 10:47 . 2009-11-15 10:47 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll

+ 2009-11-15 10:47 . 2009-11-15 10:47 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll

+ 2009-11-15 10:47 . 2009-11-15 10:47 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll

+ 2009-11-15 10:45 . 2009-11-15 10:45 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll

+ 2009-11-15 10:45 . 2009-11-15 10:45 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll

+ 2009-11-15 10:45 . 2009-11-15 10:45 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll

+ 2009-11-15 10:43 . 2009-11-15 10:43 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll

+ 2009-11-15 10:57 . 2009-11-15 10:57 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll

+ 2009-11-15 10:57 . 2009-11-15 10:57 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2009-11-15 10:41 . 2009-11-15 10:41 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2009-11-15 10:41 . 2009-11-15 10:41 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2009-11-14 10:14 . 2009-11-14 10:14 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-11-15 10:42 . 2009-11-15 10:42 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-08-14 19:32 . 2009-08-14 19:32 11110912 c:\windows\Installer\16169b.msp

+ 2009-11-15 10:48 . 2009-11-15 10:48 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll

+ 2009-11-15 10:57 . 2009-11-15 10:57 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll

+ 2009-11-15 10:47 . 2009-11-15 10:47 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll

+ 2009-11-15 10:45 . 2009-11-15 10:45 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll

+ 2009-11-15 10:44 . 2009-11-15 10:44 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll

+ 2009-11-15 10:43 . 2009-11-15 10:43 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-09 24064]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2007-02-20 61440]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]

"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]

InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4/07/2008 12:52 14336]

R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [5/05/2008 17:01 254976]

S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/11/2009 16:27 24064]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [9/11/2009 16:55 96856]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mbr

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=0&o=xph&d=1109&m=aoa150

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-11-15 12:14

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(1992)

c:\windows\system32\btmmhook.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\windows\system32\igfxext.exe

.

**************************************************************************

.

Voltooingstijd: 2009-11-15 12:17 - machine werd herstart

ComboFix-quarantined-files.txt 2009-11-15 11:17

ComboFix2.txt 2009-11-14 16:19

Pre-Run: 104.136.273.920 bytes beschikbaar

Post-Run: 104.114.995.200 bytes beschikbaar

- - End Of File - - 7F7254DC3806CD9494BADA0A85A986F5

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:20:04, on 15/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--

End of file - 6790 bytes

[kape]

Ziet er goed uit Hoe staat het nu met de snelheid ?