Generic Host Process for Win32 Services probleem!!

[igorfranken]

Goedemorgen,

Ben nieuw op dit forum en heb een probleem. Ik krijg bovenstaande foutmelding na een tijdje in windows xp te zitten. IE doet erg raar en er is nauwelijks mee te werken. Zeker nadat deze melding komt. Ik heb een Hijackthis logje ingevoegd alvast. Wie kan me vertellen waar ik allemaal last van heb??

Bij voorbaat hartelijk dank!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:11:37, on 21-05-2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\SetPoint\LBTWiz.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Creative\VoiceCenter\AndreaVC.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\DOCUME~1\IGORFR~1\LOCALS~1\Temp\clclean.0001

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Documents and Settings\Igor Franken\Bureaublad\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Gepersonaliseerde startpagina

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: SetPoint.lnk = ?

O4 - Global Startup: Statusvenster.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation WmiNBService (WmiNBService) - Unknown owner - C:\WINDOWS\system32\acelpdecm.exe (file missing)

--

End of file - 11511 bytes

[Asus]

De malware specialisten zijn verwittigd, zodra ze online komen analyseren ze je logje en begeleiden ze je verder.

[igorfranken]

Dank! daar hoopte ik al op!

Ik wacht met spanning af

[kape]

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop WmiNBService

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete WmiNBService

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 –u

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: SetPoint.lnk = ?

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw log van HijackThis.

[igorfranken]

Dank zovast! ik probeer het snel.

Kon je duidelijk zien dat ik ergens last van had?

[kape]

Kon je duidelijk zien dat ik ergens last van had?

Nog niet echt, nee ... Combofix moet (hopelijk) meer duidelijkheid brengen

[igorfranken]

Sorry het heeft wat langer geduurd omdat ik op dienstreis was...

Hierbij de logs. Opmerkelijk was dat de eerste service sie ik moest afsluiten al niet draaide. Ik heb hem wel verwijderd. Daarnaast moet ik wel AVG verwijderen voordat ik verder kon met Combofix. De melding kwam terug tijdens Combofix.

De logs:

Combofix:

ComboFix 11-05-27.02 - Igor Franken 28-05-2011 9:51.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.2046.1478 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Igor Franken\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\IGORFR~1\LOCALS~1\Temp\clclean.0001.dir.0004\~df394b.tmp

c:\documents and settings\Ernest\Application Data\Adobe\plugs

c:\documents and settings\Ernest\Application Data\Adobe\shed

c:\documents and settings\Ernest\Application Data\Adobe\shed\thr1.chm

c:\documents and settings\Ernest\WINDOWS

c:\documents and settings\Igor Franken\Local Settings\temp\clclean.0001.dir.0004\~df394b.tmp

c:\documents and settings\Igor Franken\WINDOWS

C:\Thumbs.db

c:\windows\system32\Thumbs.db

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-28 to 2011-05-28 ))))))))))))))))))))))))))))))

.

.

2011-05-23 10:01 . 2011-05-23 10:04 -------- d-----w- c:\program files\Common Files\Folio Shared

2011-05-23 10:00 . 2011-05-23 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Elsevier

2011-05-21 07:59 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-21 07:59 . 2011-05-21 07:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-21 07:59 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-21 06:56 . 2011-05-21 06:56 -------- d-----w- C:\f1d023730214b8daa86f

2011-05-14 07:46 . 2011-05-14 07:46 -------- d-sh--w- c:\documents and settings\Igor Franken\IECompatCache

2011-05-14 07:22 . 2011-05-14 07:22 -------- d-----w- C:\3b01e10c745b9d0bd7006de7

2011-05-14 07:18 . 2011-05-14 07:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-14 07:16 . 2011-05-14 07:29 -------- d-----w- c:\windows\system32\CatRoot

2011-05-14 07:16 . 2011-05-14 07:23 -------- d-----w- c:\windows\system32\OldCatRoot2

2011-05-11 06:16 . 2011-05-11 06:16 1409 ----a-w- c:\windows\QTFont.for

2011-05-10 18:00 . 2011-05-10 18:58 -------- d-----w- c:\program files\Parrot Software Update Tool

2011-05-07 07:07 . 2011-05-07 07:07 -------- d-----r- c:\documents and settings\NetworkService\Mijn documenten

2011-05-07 07:07 . 2011-05-07 07:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-05-04 09:45 . 2011-05-04 09:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2011-05-03 01:44 . 2011-05-03 01:44 -------- d-----r- c:\documents and settings\NetworkService\Favorieten

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\atapi.sys

[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

.

[-] 2004-09-02 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\asyncmac.sys

[-] 2004-09-02 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

.

[-] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys

[-] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2004-08-03 . 59549E9180CE29D832289E1A1D9E3C60 . 25216 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\kbdclass.sys

[-] 2004-08-03 . 59549E9180CE29D832289E1A1D9E3C60 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

.

[-] 2004-09-02 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ndis.sys

[-] 2004-09-02 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

.

[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\ERDNT\cache\ntfs.sys

[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys

[-] 2004-09-02 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

.

[-] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys

[-] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[-] 2004-09-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

.

[-] 2004-09-02 . 195B1255D9383AEFFBDFA8A11AE4D282 . 77312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\browser.dll

[-] 2004-09-02 . 195B1255D9383AEFFBDFA8A11AE4D282 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

.

[-] 2004-09-02 . 34A82DEBEFB057FCCCBE15F619FC98A7 . 13312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\lsass.exe

[-] 2004-09-02 . 34A82DEBEFB057FCCCBE15F619FC98A7 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

.

[-] 2005-08-22 . F32049792BCBF64954FF964508E47AFB . 197632 . . [5.1.2600.2743] . . c:\windows\ERDNT\cache\netman.dll

[-] 2005-08-22 . F32049792BCBF64954FF964508E47AFB . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll

[-] 2005-08-22 . 269182FF03F1FDD0EF803AEB63C01080 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2004-09-02 . B2665A1B502EC037388B7919CBD58C28 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

.

[-] 2004-09-02 11:00 . F0BAE7D75B268BA326D9323DD7C73D8F . 822784 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll

.

[-] 2004-09-02 . 772027CC5FFAEA3E7D10AF2691EE7095 . 382464 . . [6.6.2600.2180] . . c:\windows\ERDNT\cache\qmgr.dll

[-] 2004-09-02 . 772027CC5FFAEA3E7D10AF2691EE7095 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

.

[-] 2009-02-09 . D8D28F6CABEC7D42B8E487E290563B9A . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2009-02-09 . D9883335CC1C17AFC3A09C8AC3E4DBE4 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll

[-] 2009-02-09 . 72C2074FFA3B38078173A11008198019 . 401408 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\rpcss.dll

[-] 2009-02-09 . 72C2074FFA3B38078173A11008198019 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 72C2074FFA3B38078173A11008198019 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2005-07-26 . B52BD9DB0BD6D01BDB01B0DBFBB804CD . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2005-07-26 . 23B465FD2354D83218AC091D0EE6D91B . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll

[7] 2005-04-28 . 6D61211D515EA7E31FDB7B0FA9CEF878 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[7] 2005-04-28 . 0468AA524F6912F449BC14CF7DACAF68 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll

[-] 2004-09-02 . DDE0457B7706C3AD4E5AFDD502698A06 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

.

[-] 2009-02-09 . 657B69389B893F440B07590C9E963F23 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe

[-] 2009-02-09 . D98A222A707FFE40043E533FE7A6BA24 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2009-02-09 . CE06E39F34BBF6B0ADA70F37F70CF0D8 . 111104 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\services.exe

[-] 2009-02-09 . CE06E39F34BBF6B0ADA70F37F70CF0D8 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\services.exe

[-] 2009-02-09 . CE06E39F34BBF6B0ADA70F37F70CF0D8 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe

[-] 2004-09-02 . 39991CD3C17B7529D039151A88E84499 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe

.

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\ERDNT\cache\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

.

[-] 2004-09-02 . 732ED791711DF9C9DD15E5515BC681B8 . 504832 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe

[-] 2004-09-02 . 732ED791711DF9C9DD15E5515BC681B8 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

.

[-] 2006-08-25 . F67AE54BCA3873D48A1AC722A9CA70BF . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll

[-] 2006-08-25 . F67AE54BCA3873D48A1AC722A9CA70BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2006-08-25 . F67AE54BCA3873D48A1AC722A9CA70BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2006-08-25 . F567148940C1F5D93070822C0F3C0C34 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2004-09-02 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2004-09-02 . FBCF5EF8A261632D1CB45B20ACEDE4B1 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

.

[-] 2004-09-02 . 5F321535D399516B6D780FF9EF8D8B7A . 60416 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\cryptsvc.dll

[-] 2004-09-02 . 5F321535D399516B6D780FF9EF8D8B7A . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

.

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\ERDNT\cache\es.dll

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[-] 2005-07-26 04:42 . 094ECC4FB57ABA154F840C8414867E90 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2005-07-26 04:36 . 3732BE0811CE6E15A56AD1CEC02CF532 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2004-09-02 11:00 . 3F59BCDFAC47550F43001C4CE8CB0B91 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

.

[-] 2004-09-02 . 7ADE4584ED6657CAE3D523CF101992BD . 110080 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\imm32.dll

[-] 2004-09-02 . 7ADE4584ED6657CAE3D523CF101992BD . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

.

[-] 2009-03-21 . B30975B6B1B08A5A18AAC7E3577C7C53 . 1027072 . . [5.1.2600.3541] . . c:\windows\ERDNT\cache\kernel32.dll

[-] 2009-03-21 . B30975B6B1B08A5A18AAC7E3577C7C53 . 1027072 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . B30975B6B1B08A5A18AAC7E3577C7C53 . 1027072 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . CE7EFE07C7119C8CD09D953AD9ECA7CD . 1030656 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll

[-] 2009-03-21 . 93E2307273AE7B2D5418E132902373A7 . 1032704 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2009-03-21 . 67A29642EC9A1ADA0768605B21AA4552 . 1030144 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll

[-] 2007-04-16 . 68757F5935D6D76DD10975B7B7A9751D . 1027072 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[-] 2007-04-16 . 6557EA471552BB9AF16B66902D572BD5 . 1025536 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2006-07-05 . 8672CE1E9BAF84EC0665D73DB8849EDB . 1026048 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2006-07-05 . F2352FB7D9E5C70374568724A32B5CB7 . 1025024 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

.

[-] 2005-09-01 . BDF49EB509B446650A752F751634AA1C . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

[-] 2005-09-01 . 74B59D2B62583D3932FCE6CBB6EB5F77 . 19968 . . [5.1.2600.2751] . . c:\windows\ERDNT\cache\linkinfo.dll

[-] 2005-09-01 . 74B59D2B62583D3932FCE6CBB6EB5F77 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll

[-] 2004-09-02 . 5B42639BE48C8E84FD52C66958A44427 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

.

[-] 2004-09-02 . 8DF7AC820F9B3FD5E713E9A74827931C . 22016 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\lpk.dll

[-] 2004-09-02 . 8DF7AC820F9B3FD5E713E9A74827931C . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

.

[-] 2004-09-02 . 687ABDBF4790F907FB0D3A50B8D9FE3A . 343040 . . [7.0.2600.2180] . . c:\windows\ERDNT\cache\msvcrt.dll

[-] 2004-09-02 . 687ABDBF4790F907FB0D3A50B8D9FE3A . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2004-09-02 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2004-09-02 . 40AC9CE966A05B05C9A4DB5B306A26C3 . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

.

[-] 2008-06-20 . 74816260AECBE87C473962A359007EEB . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[-] 2008-06-20 . 18740E8EC5BE4B6D66FA0E4CBFD3B9C6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . FF59588E31F864FED9D0258969559A4B . 247296 . . [5.1.2600.3394] . . c:\windows\ERDNT\cache\mswsock.dll

[-] 2008-06-20 . FF59588E31F864FED9D0258969559A4B . 247296 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . FF59588E31F864FED9D0258969559A4B . 247296 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-06-20 . 71AB52C70B9436C0A0B704FDE9D1A7CD . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[-] 2004-09-02 . 0C53DB0671AB5A93D169DAFFC8DA11CF . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

.

[-] 2009-02-06 . 45AE58ACDD9B4A8767064544533F94E2 . 408064 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\netlogon.dll

[-] 2009-02-06 . 45AE58ACDD9B4A8767064544533F94E2 . 408064 . . [5.1.2600.3520] . . c:\windows\system32\netlogon.dll

[-] 2009-02-06 . 45AE58ACDD9B4A8767064544533F94E2 . 408064 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2004-09-02 . B3FDAC7A518B6B684BEFE792DC1DC560 . 407040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB968389$\netlogon.dll

.

[-] 2004-09-02 . D5A792DB732622A393A0469FE6EAA728 . 17408 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\powrprof.dll

[-] 2004-09-02 . D5A792DB732622A393A0469FE6EAA728 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

.

[-] 2004-09-02 . 5AE934F6837B5A583DED535C4BE5A804 . 184832 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\scecli.dll

[-] 2004-09-02 . 5AE934F6837B5A583DED535C4BE5A804 . 184832 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

.

[-] 2004-09-02 . 0B10A3122527910CE60D23A7F29C28B1 . 5120 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfc.dll

[-] 2004-09-02 . 0B10A3122527910CE60D23A7F29C28B1 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

.

[-] 2004-09-02 . AB8C6D89A897BACBA4657FDF00E344A6 . 14336 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\svchost.exe

[-] 2004-09-02 . AB8C6D89A897BACBA4657FDF00E344A6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2004-09-02 . AB8C6D89A897BACBA4657FDF00E344A6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

.

[-] 2005-07-08 . 5A145DBF2916F583921BB27B91B2DC0B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 2005-07-08 . C2A4E29888F45E7FC1FD64C83D5EA669 . 249344 . . [5.1.2600.2716] . . c:\windows\ERDNT\cache\tapisrv.dll

[-] 2005-07-08 . C2A4E29888F45E7FC1FD64C83D5EA669 . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[-] 2004-09-02 . F38C48EE55AD051BF5474F5BDD69C846 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

.

[-] 2007-03-08 . FA35431E333943F4B2A6D33FA4EE3CE9 . 579584 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 . CB18F701A5D55A6308FAB8D18322C060 . 579072 . . [5.1.2600.3099] . . c:\windows\ERDNT\cache\user32.dll

[-] 2007-03-08 . CB18F701A5D55A6308FAB8D18322C060 . 579072 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll

[-] 2007-03-08 . CB18F701A5D55A6308FAB8D18322C060 . 579072 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll

[-] 2005-03-02 . 0B62745CE93E8C6F56547F70269DBABC . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . A9F2EBFC6EF9C1FB38CEDCF747162B6C . 578560 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2004-09-02 . 8E5D344FD717D35EE7ED1C8E0AD0CBE6 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

.

[-] 2004-09-02 . DE7A0EE4A6A28E6DFE3118EB22468DA6 . 24576 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\userinit.exe

[-] 2004-09-02 . DE7A0EE4A6A28E6DFE3118EB22468DA6 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

.

[-] 2004-09-02 . 06EBCBE58321E924980148B7E3DBD753 . 82944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ws2_32.dll

[-] 2004-09-02 . 06EBCBE58321E924980148B7E3DBD753 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

.

[-] 2004-09-02 . 3B728289DFA923A2C12BE827382C2DB1 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll

.

[-] 2007-06-13 . 147E95A42A58CE99E403F7F57656BBEB . 1036800 . . [6.00.2900.3156] . . c:\windows\explorer.exe

[-] 2007-06-13 . 147E95A42A58CE99E403F7F57656BBEB . 1036800 . . [6.00.2900.3156] . . c:\windows\ERDNT\cache\explorer.exe

[-] 2007-06-13 . 147E95A42A58CE99E403F7F57656BBEB . 1036800 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe

[-] 2007-06-13 . 1D6245AFBD3FAABC16A885116BE1874D . 1036800 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2004-09-02 . A1D7304A87FC3093150F5E3CC7B0F338 . 1035776 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

.

[-] 2004-09-02 . 39C7FA0F39376599CFA59888816F477B . 153088 . . [5.1.2600.2180] . . c:\windows\regedit.exe

.

[-] 2005-07-26 . 588443247F2EE6A61B5864B64A7E270E . 1284608 . . [5.1.2600.2726] . . c:\windows\system32\ole32.dll

[-] 2005-07-26 . 0F0E95779DB45EB8D09EAA8827D740CC . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll

[7] 2005-04-28 . 5C3B15C45ADF30B024927F1A0823BD16 . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll

[7] 2005-04-28 . 48629EDCD92AA071554304F9F9E96E38 . 1284608 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll

[-] 2004-09-02 . 602969286376832E3F49F54E4F0F051A . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll

.

[-] 2004-09-02 . 24B72C7A002170ECC72B6AA5F642A705 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll

.

[-] 2004-09-02 . 0B96A1E4252F663222C9C3BAC89F596C . 170496 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\srsvc.dll

[-] 2004-09-02 . 0B96A1E4252F663222C9C3BAC89F596C . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

.

[-] 2004-09-02 . D6381A7C1704BE7A8FD5EFDFD9F1463B . 13824 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\wscntfy.exe

[-] 2004-09-02 . D6381A7C1704BE7A8FD5EFDFD9F1463B . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

.

[-] 2004-09-02 . F4C8D4B0A294AAF37FE50C407B6E03F9 . 129536 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\xmlprov.dll

[-] 2004-09-02 . F4C8D4B0A294AAF37FE50C407B6E03F9 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

.

[-] 2004-09-02 . F1720914CAB06FDE4BE250E3767713CF . 55808 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\eventlog.dll

[-] 2004-09-02 . F1720914CAB06FDE4BE250E3767713CF . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

.

[-] 2004-09-02 . 486594A19F7AEDEBEA600855FFD5E914 . 1548288 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfcfiles.dll

[-] 2004-09-02 . 486594A19F7AEDEBEA600855FFD5E914 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

.

[-] 2004-09-02 . 7DE46C9C40ABB58C8FDFE0212A3BF2B4 . 15360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ctfmon.exe

[-] 2004-09-02 . 7DE46C9C40ABB58C8FDFE0212A3BF2B4 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

.

[-] 2006-12-19 . D6F2B8963663F2014FAFCD8E15E4E778 . 135168 . . [6.00.2900.3051] . . c:\windows\ERDNT\cache\shsvcs.dll

[-] 2006-12-19 . D6F2B8963663F2014FAFCD8E15E4E778 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll

[-] 2006-12-19 . D6F2B8963663F2014FAFCD8E15E4E778 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2006-12-19 . 20A1DFA416579DACEE28E15E331C3930 . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

.

[-] 2004-09-02 . D01BB100558945178E4BCB33B0FE9364 . 59904 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\regsvc.dll

[-] 2004-09-02 . D01BB100558945178E4BCB33B0FE9364 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

.

[-] 2004-09-02 . D245B3E32F8AB3B2FB576AFCFDEC105E . 192000 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\schedsvc.dll

[-] 2004-09-02 . D245B3E32F8AB3B2FB576AFCFDEC105E . 192000 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

.

[-] 2004-09-02 . B02FDCE64F64CDE3AA809D28D25D2A12 . 71680 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ssdpsrv.dll

[-] 2004-09-02 . B02FDCE64F64CDE3AA809D28D25D2A12 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

.

[-] 2005-03-09 . C066674CB15B3B6F8A1D210D603091B6 . 297472 . . [5.1.2600.2627] . . c:\windows\ERDNT\cache\termsrv.dll

[-] 2005-03-09 . C066674CB15B3B6F8A1D210D603091B6 . 297472 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll

[-] 2004-09-02 . E2CE999886A4636026F157DEB886AA94 . 297472 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll

.

[-] 2004-09-02 . 490BF3896AE3EBD21B448FFB1579AA09 . 347648 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll

.

[-] 2004-09-02 . CC888653E0DEC81B525B956C77960F88 . 175616 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\appmgmts.dll

[-] 2004-09-02 . CC888653E0DEC81B525B956C77960F88 . 175616 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll

.

[-] 2004-09-02 . 63F517B1A87DABF3F5ACB8A7952FC1D1 . 12032 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys

[-] 2004-09-02 . 63F517B1A87DABF3F5ACB8A7952FC1D1 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\ERDNT\cache\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

.

[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\AGP440.SYS

[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\AGP440.SYS

.

[-] 2004-09-02 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ip6fw.sys

[-] 2004-09-02 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

.

[-] 2006-11-01 19:19 . 13E52326F0F19A1A8D34681E3444E8D1 . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll

[-] 2006-11-01 19:19 . 13E52326F0F19A1A8D34681E3444E8D1 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll

[-] 2006-11-01 19:19 . 13E52326F0F19A1A8D34681E3444E8D1 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

.

[-] 2004-09-02 . 1405B1431F51CAB25FE9B2ECF13CB198 . 33792 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\msgsvc.dll

[-] 2004-09-02 . 1405B1431F51CAB25FE9B2ECF13CB198 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

.

[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll

[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2005-08-03 17:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2005-08-03 17:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2004-09-02 11:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

.

[-] 2010-02-17 . 1BA87670B4305072123A0CC0F478A340 . 2068096 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2010-02-17 . 1BA87670B4305072123A0CC0F478A340 . 2068096 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2010-02-16 . 38D52FDA70F0275385D4CFD88E824688 . 2026496 . . [5.1.2600.3670] . . c:\windows\ERDNT\cache\ntkrnlpa.exe

[-] 2010-02-16 . 38D52FDA70F0275385D4CFD88E824688 . 2026496 . . [5.1.2600.3670] . . c:\windows\system32\ntkrnlpa.exe

[-] 2010-02-16 . F6049CA4515D37D5DA502D162E9B6AA0 . 2071168 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe

[-] 2010-02-16 . 7C4F935FC449E4D27C685A5BC1792664 . 2071296 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe

[-] 2009-12-09 . 6A42A70506E7ACFF6C3ACD740E22A01F . 2070528 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe

[-] 2009-12-09 . 06B79556F2BAC4EC207E7A26F7D9728C . 2025472 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe

[-] 2009-12-09 . F63B0CC3CE1E6E8EA39B4933B595C73A . 2070400 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntkrnlpa.exe

[-] 2009-08-04 . AB21A63A3B15653043E71126E5BBE3DE . 2070528 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe

[-] 2009-08-04 . BF6965EA17CC1E48DA287783AEEF3CDB . 2070400 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe

[-] 2009-08-04 . 20B768F98D8F664EE06986C1742F1A0B . 2025472 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe

[-] 2009-02-10 . 6A94A7317E28B6543D94174F9016BB68 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe

[-] 2009-02-09 . 3F52B22DDBC323A39F11B64E1D381D0E . 2025472 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe

[-] 2009-02-09 . 07EE73D79A7CA142463470AEF230082B . 2070528 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2008-08-14 . DE961B54D30C7DD6AA6C3BD27D584E30 . 2070400 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[-] 2008-08-14 . 456B34656C7DE51728BDAB378E563463 . 2025472 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-08-14 . C92E65CBB38161373319BB11340DE919 . 2070400 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

[-] 2007-02-28 . CA7BD390DD6C35AF9BF6B56B3B6B086F . 2021888 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] 2005-10-12 . F864A9D7DB8E519FB9F36D1DF60DAF12 . 2019840 . . [5.1.2600.2774] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[-] 2005-03-02 . C26D84B802567E629D42861A11C7EC04 . 2061312 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

.

[-] 2004-09-02 11:00 . AC75E028773CBBD7D8B1313F382E7C05 . 437248 . . [5.1.2400.2180] . . c:\windows\ERDNT\cache\ntmssvc.dll

[-] 2004-09-02 11:00 . AC75E028773CBBD7D8B1313F382E7C05 . 437248 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

.

[-] 2007-02-05 . 063B30C37E3902760919D3E5D98CC7C9 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll

[-] 2007-02-05 . DE0A3D72D98A08A115300E2B2DC4374B . 185344 . . [5.1.2600.3077] . . c:\windows\ERDNT\cache\upnphost.dll

[-] 2007-02-05 . DE0A3D72D98A08A115300E2B2DC4374B . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll

[-] 2007-02-05 . DE0A3D72D98A08A115300E2B2DC4374B . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2004-09-02 . 348B60067B10EFA7D7763EE44674108C . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll

.

[-] 2004-09-02 . 4AAB7EC0EA6C53C6B381546F15C286CA . 367616 . . [5.3.2600.2180] . . c:\windows\ERDNT\cache\dsound.dll

[-] 2004-09-02 . 4AAB7EC0EA6C53C6B381546F15C286CA . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll

.

[-] 2004-09-02 . 66B9B43A5E0777F465CA492039176455 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll

.

[-] 2004-09-02 . B54EF2F95DD3A188A2E4798C2CFB7EE7 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll

.

[-] 2004-09-02 11:00 . DFB4A7A3E7948686DBC4B0DEA4A0AE94 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll

.

[-] 2004-09-02 . D521890151A11C410F6A94EE3C37CD14 . 41472 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll

.

[-] 2004-09-02 . D67A94C11062EEE45BED5106DFDB9C0A . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll

.

[-] 2010-02-17 . FD62829F3524A1BE95FD384A3C445AAB . 2194304 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe

[-] 2010-02-16 . 481961F97B0526A66EF676E0D00C4180 . 2191232 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2010-02-16 . 481961F97B0526A66EF676E0D00C4180 . 2191232 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2010-02-16 . E3ADA72560FE0DAE340389CE1DD0EF36 . 2148352 . . [5.1.2600.3670] . . c:\windows\ERDNT\cache\ntoskrnl.exe

[-] 2010-02-16 . E3ADA72560FE0DAE340389CE1DD0EF36 . 2148352 . . [5.1.2600.3670] . . c:\windows\system32\ntoskrnl.exe

[-] 2010-02-16 . B79C48187CA08D2EC27DA4939953F082 . 2194432 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe

[-] 2009-12-09 . 5037978D6ED651AEC5D6ACC87D65C715 . 2193664 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe

[-] 2009-12-09 . 1E2C845C28B7BF68A39E4B7823DBF73A . 2147328 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe

[-] 2009-12-09 . 13C15BFF7E82D3F9FD215ADD54A3929D . 2193536 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe

[-] 2009-08-04 . 270DE336026B0815F064BB8BD4CFD336 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe

[-] 2009-08-04 . 2F1443AB72A64182FD8258BBAE801EA7 . 2193664 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[-] 2009-08-04 . 278A3E51A4A9703DEC651A459E0AA9D0 . 2147328 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe

[-] 2009-02-10 . 7625D5BAFD2A4A8458468B139C893BB7 . 2193536 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[-] 2009-02-09 . A9C6F20FC84246A2761C10430B2BF5CF . 2147328 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe

[-] 2009-02-09 . 27380B877348030B0662A39C47AAEC11 . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe

[-] 2008-08-14 . E332B6DE826D4222A758E3264AD8D520 . 2193536 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[-] 2008-08-14 . F73F850155AFE927F19C7DA0E73E7809 . 2147328 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-08-14 . 3E5E63D926C5E9F81045F3646815D2A1 . 2193536 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

[-] 2007-02-28 . 4192EC8ADFE1D11896021A6617ED907F . 2142208 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2005-10-12 . 0C67EB019C222CFA25F8D663DBFB49F2 . 2140672 . . [5.1.2600.2774] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[-] 2005-03-02 . 5DB3E8DEC987B5D350E4A105DCEAEE6A . 2183936 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

.

[-] 2004-09-02 . 0B96A1E4252F663222C9C3BAC89F596C . 170496 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\srsvc.dll

[-] 2004-09-02 . 0B96A1E4252F663222C9C3BAC89F596C . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

.

[-] 2004-09-02 . EF361E7A6319C445C21C81A131CF1F99 . 175616 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll

.

[-] 2006-12-19 . 1689AC8BD2FC31B377D5D23CC7D872A8 . 334336 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll

[-] 2006-12-19 . 0BF8DE5896D9A02C99C4A4EF896E917E . 334336 . . [5.1.2600.3051] . . c:\windows\system32\wiaservc.dll

[-] 2006-12-19 . 0BF8DE5896D9A02C99C4A4EF896E917E . 334336 . . [5.1.2600.3051] . . c:\windows\system32\dllcache\wiaservc.dll

.

[-] 2004-09-02 . E291F42AE2793304990C6EA77C482979 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll

.

[-] 2006-06-26 . 5F1240D4B842F0122042FDA8540432FC . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll

[-] 2006-06-26 . 91282911237187F11BD3AD8F834CB5E6 . 8192 . . [5.1.2600.2938] . . c:\windows\system32\rasadhlp.dll

[-] 2006-06-26 . 91282911237187F11BD3AD8F834CB5E6 . 8192 . . [5.1.2600.2938] . . c:\windows\system32\dllcache\rasadhlp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech BT Wizard"="LBTWiz.exe -silent" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]

"MBMon"="CTMBHA.DLL" [2006-06-28 1355042]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 28160]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-02 110592]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-11 229952]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-07-19 933888]

"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-02 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Statusvenster.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2010-2-6 802816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2006-04-27 09:30 53248 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Program Files\\DrayTek Router Tools V3.7\\SyslogRd.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"110:TCP"= 110:TCP:svchost

"4981:UDP"= 4981:UDP:Windows Media Format SDK (IEXPLORE.EXE)

"4980:UDP"= 4980:UDP:Windows Media Format SDK (IEXPLORE.EXE)

.

R2 NetProbe;NetProbe Packet Driver;c:\windows\system32\drivers\NetProbe.sys [06-03-2008 14:10 5365]

R3 AVMNgBasM779;AVerMedia M779 Base Driver;c:\windows\system32\drivers\AVerBas.sys [22-06-2007 12:28 49152]

R3 AVMNgCapM779;AVerMedia M779 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [22-06-2007 12:28 219392]

R3 AVMNgTunM779;AVerMedia M779 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [22-06-2007 12:28 147456]

S3 arusb(TP-LINK);Atheros Wireless Network Adapter Service(TP-LINK);c:\windows\system32\drivers\arusb.sys [30-10-2010 12:40 458240]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]

.

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: ing.nl

TCP: DhcpNameServer = 10.2.1.70

FF - ProfilePath - c:\documents and settings\Igor Franken\Application Data\Mozilla\Firefox\Profiles\erg9tg3o.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS VERWIJDERD - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-28 10:01

Windows 5.1.2600 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

.

c:\docume~1\IGORFR~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

.

Scan succesvol afgerond

verborgen bestanden: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(724)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

c:\windows\system32\COMRes.dll

.

Voltooingstijd: 2011-05-28 10:05:59

ComboFix-quarantined-files.txt 2011-05-28 08:05

.

Pre-Run: 14.736.556.032 bytes beschikbaar

Post-Run: 17.449.750.528 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - BCC6AEEA3E3B54E468AA605671E3B4CA

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:09:32, on 28-05-2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\SetPoint\LBTWiz.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Creative\VoiceCenter\AndreaVC.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Igor Franken\Bureaublad\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Gepersonaliseerde startpagina

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDk4OTc2ODgzLVQ1LUJBKzEtS1YzKzctQkFSOUcrMS1GTCs5LVFJWDErMy1MSUMrNy1TUDErMS1TUDFUQisxLVNVUCs0LUZMMTArMS1TUDFTMisxLVNQMVMzKzE"&"prod=90"&"ver=10.0.1375

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Statusvenster.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 9670 bytes

Ik hoop dat je er wat mee kan!

Thanks so far!

Igor

[kape]

Combofix heeft behoorlijk wat weggehaald. Dit mag je nu nog doen :

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop NBService

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete NBService

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Free Uninstall Survey | AVG Nederland 0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDk4OTc2ODgzLVQ1LUJBKzEtS1YzKzct QkFSOUcrMS1GTCs5LVFJWDErMy1MSUMrNy1TUDErMS1TUDFUQisxLVNVUCs0LUZMMTArMS1TUDFTMisx LVNQMVMzKzE"&"prod=9 0"&"ver=10.0.1375

Klik op 'Fix checked' om de items te verwijderen.

En laat dan eens weten of je de Generic Host-melding nog krijgt ?

[igorfranken]

Ik houd het in de gaten!

Mag ik AVG wel weer terug installeren? anders ben ik zo onbeschermd...

Dank alvast!

---------- Post toegevoegd om 12:20 ---------- Vorige post was om 12:16 ----------

He shit, net vijf minuten later... weer de melding!

En nu?

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:20:31, on 28-05-2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\SetPoint\LBTWiz.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Creative\VoiceCenter\AndreaVC.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\DOCUME~1\IGORFR~1\LOCALS~1\Temp\clclean.0001

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\cmd.exe

C:\Documents and Settings\Igor Franken\Local Settings\Temporary Internet Files\Content.IE5\KRU09J9B\avg_free_stb_eu_2011_1375_free[1].exe

C:\DOCUME~1\IGORFR~1\LOCALS~1\Temp\7zS51.tmp\avgmfapx.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\dwwin.exe

C:\Documents and Settings\Igor Franken\Bureaublad\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=6070622

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Statusvenster.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 9889 bytes

[kape]

Download Dr.Web CureIt en sla het op je bureaublad op.

• Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
  Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
  
• De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
  
• Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
  
• Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
  
  • 
    
  • Adware: Verplaats
    
  • Dialers: Verplaats
    
  • Jokes: Rapportage
    
  • Riskware: Rapportage
    
  • Hacktools: Verplaats
    
  • Haal dan het vinkje weg bij 'Prompt bij actie'.
    

  [*]Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.

  Druk vervolgens op Toepassen gevolgd door OK.

  [*]Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.

  Druk daarna op het groene pijltje (start knop) om de scan te starten.

  [*]Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.

  [*]Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.

  Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.

  [*]Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.

  [*]Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.