Ga naar inhoud

Aanbevolen berichten

Geplaatst:

hallo

sinds vandaag heb ik een ernstig probleem met spyware ed

ik krijg nu heel vaak het volgende scherm van security system warning met file c:\windows\wml.exe en threat Abebot

URL%5DAbebot.jpg

en tevens het volgende scherm van system integrity scan wizard

systemintegrityvz9.png

wanneer ik windows opstart opent hij ok meteen d:\pinnacle

al deze problemen zijn begonnen na het downloaden van een bestand voor pinnacle studio9

ik heb al verschijnende dingen geprobeert om hier vanaf te komen maar kom er nog niet uit

heb hieronder een hijacklog:

als er verder nog informatie nodig is (combofix) hoor ik het wel..

als iemand mij hiermee zou willen helpen..?

alvast bedankt

gr dennis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:24:36, on 10-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\McAfee Enterprise 8.5\SHSTAT.EXE

D:\Common Framework\UdaterUI.exe

C:\WINDOWS\system32\iprntlgn.exe

D:\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

D:\Common Framework\FrameworkService.exe

C:\Program Files\Acer\OrbiCam.exe

C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

D:\Common Framework\McTray.exe

D:\McAfee Enterprise 8.5\VsTskMgr.exe

D:\Common Framework\naPrdMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\DOCUME~1\John\LOCALS~1\Temp\RtkBtMnt.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\qqixktvv.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\alg.exe

D:\Cisco Clean Access Agent\CCAAgent.exe

D:\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws, sterren, games, video en muziek vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK & Ireland

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {138083A1-5963-1A0D-2D7C-012969029BFB} - C:\WINDOWS\system32\pnmfkyuy.dll

O2 - BHO: (no name) - {32DD930C-B458-70F5-4AC1-09A3C6D8CE9A} - C:\WINDOWS\system32\dyidicex.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\McAfee Enterprise 8.5\scriptcl.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [shStatEXE] "D:\McAfee Enterprise 8.5\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe

O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [LaunchList] D:\Pinnacle Studio9\LaunchList.exe

O4 - HKLM\..\Run: [obrpeemr] C:\WINDOWS\system32\obrpeemr.exe

O4 - HKLM\..\Run: [qqixktvv] C:\WINDOWS\system32\qqixktvv.exe

O4 - HKLM\..\Run: [nergzela] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nergzela.dll"

O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [DLD.EXE] D:\Download Direct\DLD.exe

O4 - HKLM\..\Policies\Explorer\Run: [JS3149Boll] C:\WINDOWS\lonqbolg.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: TransBar.lnk = D:\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: RocketDock.lnk = D:\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: SolidWorks Task Scheduler Engine.lnk = D:\SolidWorks 2006 Premium\swScheduler\swBOEngine.exe

O4 - Global Startup: Clean Access Agent.lnk = D:\Cisco Clean Access Agent\CCAAgentLauncher.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://dbmsg04.saxion.nl/iNotes6W.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} (Web Viewer Class) - http://www.voortmanstaalbouw.nl/staalbouw/model/hanzehogeschool/dll/zkitlib.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167291218953

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab

O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/obj/NpFv415.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\McAfee Enterprise 8.5\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\McAfee Enterprise 8.5\VsTskMgr.exe

O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - D:\Nero 7 Premium Reloaded\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--

End of file - 17402 bytes

Geplaatst:

Jouw bericht is even tussen de mazen van het net gevallen, zo lijkt het :s

Download Combofix en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {138083A1-5963-1A0D-2D7C-012969029BFB} - C:\WINDOWS\system32\pnmfkyuy.dll

O2 - BHO: (no name) - {32DD930C-B458-70F5-4AC1-09A3C6D8CE9A} - C:\WINDOWS\system32\dyidicex.dll

O4 - HKLM\..\Run: [obrpeemr] C:\WINDOWS\system32\obrpeemr.exe

O4 - HKLM\..\Run: [qqixktvv] C:\WINDOWS\system32\qqixktvv.exe

O4 - HKLM\..\Run: [nergzela] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nergzela.dll"

O4 - HKLM\..\Policies\Explorer\Run: [JS3149Boll] C:\WINDOWS\lonqbolg.exe

Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix en een nieuw log van HJT aan je volgende bericht.

Geplaatst:

hey hardstikke bedankt voor je reactie!

ik heb HJT gerunt maar kon alleen devolgende twee selecteren:

O2 - BHO: (no name) - {138083A1-5963-1A0D-2D7C-012969029BFB} - C:\WINDOWS\system32\pnmfkyuy.dll

O4 - HKLM\..\Policies\Explorer\Run: [JS3149Boll] C:\WINDOWS\lonqbolg.exe

die anderen stonden er neit meer tussen..

daarna wou pc niet meer afsluiten en ook opende die taakbeheer niet

krijg die twee schermpjes ook niet meer laatste dagen..

hieronder mijn combofix log en HJT log

nogmaals bedankt voor je reactie!

ComboFix 08-04-09.9 - John 2008-04-14 18:40:02.3 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.415 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\John\Mijn documenten\Mijn ontvangen bestanden\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))

.

2008-04-11 17:30 . 2008-04-11 17:30 206 --a------ C:\WINDOWS\system32\MRT.INI

2008-04-10 17:46 . 2008-04-10 17:47 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-04-10 17:01 . 2008-04-10 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-04-10 17:00 . 2008-04-10 17:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-10 16:10 . 2008-04-10 16:10 <DIR> d-------- C:\VundoFix Backups

2008-04-10 15:43 . 2008-04-10 15:43 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-10 13:27 . 2008-04-10 13:27 <DIR> d-------- C:\Program Files\IE Extensions

2008-04-10 13:26 . 2008-04-10 13:26 102,400 --a------ C:\Documents and Settings\All Users\Application Data\zkfyhwdo.dll

2008-04-10 10:50 . 2004-07-02 17:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL

2008-04-10 10:48 . 2002-01-05 04:48 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL

2008-04-10 10:48 . 2002-01-05 04:36 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL

2008-04-10 10:48 . 2002-01-05 03:40 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL

2008-04-10 10:48 . 2002-01-05 03:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-04-10 10:48 . 2002-01-05 03:38 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL

2008-04-10 10:46 . 2008-04-10 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle

2008-04-10 10:46 . 2002-03-19 10:29 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys

2008-04-07 18:34 . 2008-04-07 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-04-07 18:27 . 2008-04-07 18:27 <DIR> d-------- C:\Program Files\Bonjour

2008-04-07 11:15 . 2008-04-07 11:15 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-04-03 09:35 . 2008-04-03 09:36 <DIR> d-------- C:\Program Files\MSXML 6.0

2008-04-01 18:02 . 2008-04-01 18:02 <DIR> d-------- C:\flexlm

2008-04-01 18:02 . 2008-04-01 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision

2008-03-31 20:34 . 2008-03-31 20:34 <DIR> d-------- C:\Documents and Settings\John\Application Data\SolidWorks 2008

2008-03-31 19:47 . 2008-03-31 19:47 <DIR> d-------- C:\Program Files\Common Files\eDrawings2008

2008-03-31 19:47 . 2008-03-31 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SolidWorks

2008-03-31 19:32 . 2008-03-31 19:32 <DIR> d-------- C:\Program Files\MSBuild

2008-03-31 19:28 . 2008-03-31 19:28 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-03-31 19:28 . 2008-03-31 19:28 <DIR> d-------- C:\Program Files\Reference Assemblies

2008-03-31 19:27 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-03-31 19:11 . 2008-03-31 19:11 <DIR> d-------- C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP

2008-03-31 12:47 . 2008-03-31 12:47 0 --a------ C:\WINDOWS\JCMKR32.INI

2008-03-25 18:32 . 2008-03-26 14:00 400 --a------ C:\WINDOWS\system32\drivers\efxjxy_364.set

2008-03-25 18:32 . 2008-03-26 14:00 400 --a------ C:\WINDOWS\system32\drivers\bhtrugl118.dat

2008-03-25 18:32 . 2008-03-26 14:00 400 --a------ C:\WINDOWS\g_nhqnsp503.ini

2008-03-25 18:31 . 2008-03-25 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McNeel

2008-03-25 15:27 . 2008-03-25 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-09 17:01 98,304 ----a-w C:\WINDOWS\DUMP43bf.tmp

2008-04-01 16:20 47,360 ----a-w C:\Documents and Settings\John\Application Data\pcouffin.sys

2008-03-31 16:57 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-03-31 16:57 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-13 07:59 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-03-06 14:43 --------- d-----w C:\Program Files\iPod

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-16 09:32 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll

2008-02-16 09:32 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll

2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

2008-01-14 16:42 56,008 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-01-14 16:42 4,582 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-01-14 16:42 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-01-14 16:42 219,136 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll

2007-09-18 16:18 8 --sh--r C:\WINDOWS\system32\E27131E6D6.sys

.

------- Sigcheck -------

2007-06-13 15:24 979456 1b23f40acaed86b9f6db6833d22cfdb0 C:\WINDOWS\explorer.exe

2007-06-13 15:24 979456 1b23f40acaed86b9f6db6833d22cfdb0 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 15:12 1036800 1d6245afbd3faabc16a885116be1874d C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-09-02 13:00 1035776 a1d7304a87fc3093150f5e3cc7b0f338 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-04-10_16.04.59.90 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-03-31 17:25:30 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2008-04-14 08:01:16 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2008-03-31 17:25:38 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2008-04-14 08:01:22 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2008-03-31 17:25:38 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2008-04-14 08:00:58 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2008-03-31 17:25:38 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2008-04-14 08:01:22 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2008-03-31 17:25:36 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2008-04-14 08:01:10 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2008-03-31 17:25:26 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2008-04-14 08:01:26 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2008-03-31 17:25:26 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2008-04-14 08:01:26 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2008-03-31 17:25:40 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2008-04-14 08:01:22 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2008-03-31 17:25:34 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2008-04-14 08:01:08 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2008-03-31 17:25:30 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2008-04-14 08:01:12 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2008-03-31 17:25:26 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2008-04-14 08:01:08 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2008-03-31 17:25:28 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2008-04-14 08:01:16 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2008-03-31 17:25:36 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2008-04-14 08:01:18 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2008-03-31 17:25:38 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2008-04-14 08:01:20 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2008-03-31 17:25:38 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2008-04-14 08:01:20 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2008-03-31 17:25:28 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2008-04-14 08:01:26 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2008-03-31 17:25:28 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2008-04-14 08:01:26 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2008-03-31 17:25:28 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2008-04-14 08:01:26 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2008-03-31 17:25:28 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2008-04-14 08:01:28 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2008-03-31 17:25:28 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2008-04-14 08:01:20 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2008-03-31 17:25:42 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2008-04-14 08:01:18 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2008-03-31 17:25:40 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2008-04-14 08:01:18 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2008-03-31 17:25:16 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2008-04-14 08:01:24 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2008-03-31 17:25:40 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2008-04-14 08:01:18 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2008-03-31 17:25:42 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2008-04-14 08:01:04 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2008-03-31 17:25:26 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-04-14 08:01:24 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2008-03-31 17:25:26 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2008-04-14 08:01:18 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2008-03-31 17:25:26 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2008-04-14 08:01:16 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2008-03-31 17:25:40 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2008-04-14 08:01:20 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2008-03-31 17:25:30 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2008-04-14 08:01:20 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2008-03-31 17:25:40 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2008-04-14 08:01:08 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2008-03-31 17:25:38 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2008-04-14 08:01:10 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2008-03-31 17:25:28 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2008-04-14 08:01:10 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2008-03-31 17:25:36 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2008-04-14 08:01:28 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2008-03-31 17:25:32 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2008-04-14 08:01:26 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2008-03-31 17:25:30 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2008-04-14 08:01:14 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2008-03-31 17:25:32 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2008-04-14 08:01:24 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2008-03-31 17:25:40 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2008-04-14 08:01:04 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2008-03-31 17:25:38 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2008-04-14 08:01:24 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2008-03-31 17:25:40 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2008-04-14 08:01:24 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2008-03-31 17:25:38 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2008-04-14 08:01:22 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2008-03-31 17:25:38 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2008-04-14 08:01:22 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2008-03-31 17:25:30 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2008-04-14 08:01:06 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2008-03-31 17:25:32 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2008-04-14 08:01:06 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2008-03-31 17:25:40 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2008-04-14 08:01:12 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2008-03-31 17:25:34 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2008-04-14 08:01:12 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2008-03-31 17:25:34 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2008-04-14 08:01:12 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2008-03-31 17:25:36 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2008-04-14 08:01:14 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2008-03-31 17:25:36 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2008-04-14 08:01:06 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2008-03-31 17:25:40 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2008-04-14 08:01:10 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2008-04-14 09:13:50 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll

+ 2008-04-14 09:13:54 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll

+ 2008-04-14 09:14:32 503,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\373d5acced35e392e1f413a69042340d\ComSvcConfig.ni.exe

+ 2008-04-14 09:47:30 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll

+ 2008-04-14 09:14:32 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe

+ 2008-04-14 09:47:32 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll

+ 2008-04-14 09:47:32 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll

+ 2008-04-14 09:47:34 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll

+ 2008-04-14 09:47:34 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll

+ 2008-04-14 09:14:34 1,114,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\019a85babfbe02cecdbb63a65d391aba\Microsoft.Transactions.Bridge.ni.dll

+ 2008-04-14 09:14:36 401,408 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cb8d7b6cc6827e9f2d66c4d7ef9b5d54\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2008-04-14 09:47:38 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll

+ 2008-04-14 09:46:40 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll

+ 2008-04-14 08:03:06 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll

+ 2008-04-14 09:47:40 1,564,672 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\41bd82648d480ec304ea0c04034787bc\PresentationBuildTasks.ni.dll

+ 2008-04-14 09:47:30 40,448 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\9385f2c37b2e00e06ec3f57153f63a2d\PresentationCFFRasterizer.ni.dll

+ 2008-04-14 09:47:04 11,980,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\7e413273e9d6710be8a39dcce2e45c2c\PresentationCore.ni.dll

+ 2008-04-14 09:46:28 48,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\599806acdd6dc0aeed19ebf9d622dcad\PresentationFontCache.ni.exe

+ 2008-04-14 09:48:20 552,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0766df362854f0330a4a45179773657e\PresentationFramework.Luna.ni.dll

+ 2008-04-14 09:48:22 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8aaa2b56f733902cc1ba9d8300d2a0e3\PresentationFramework.Royale.ni.dll

+ 2008-04-14 09:48:20 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d87c2740add3b0f86833159ce57c71ec\PresentationFramework.Classic.ni.dll

+ 2008-04-14 09:48:08 14,659,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\de20226274a5739a4b42d8e26b546180\PresentationFramework.ni.dll

+ 2008-04-14 09:48:18 393,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e389aa7f3dd4eb1ee585724f130a79cb\PresentationFramework.Aero.ni.dll

+ 2008-04-14 09:48:12 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\f97ac4e9c402e98d2b5b7114e4fbbd2a\PresentationUI.ni.dll

+ 2008-04-14 09:48:16 2,416,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\1fe0f79dd0d47e4d1eb474f98a1949fb\ReachFramework.ni.dll

+ 2008-04-14 09:14:36 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\0bcc4abbe0c5c3feeda7f711304ac4a0\ServiceModelReg.ni.exe

+ 2008-04-14 09:14:38 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\5e3765ee346151c26a3793ddf3a8d6d7\SMDiagnostics.ni.dll

+ 2008-04-14 09:14:38 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\c6f33f28f5bb403981ac148da447e3c5\SMSvcHost.ni.exe

+ 2008-04-14 09:48:28 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\6a075eb8e0f13de87d1278aa8562d51e\sysglobl.ni.dll

+ 2008-04-14 09:46:38 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll

+ 2008-04-14 09:46:30 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll

+ 2008-04-14 09:47:28 1,183,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll

+ 2008-04-14 09:46:36 2,756,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll

+ 2008-04-14 08:03:38 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll

+ 2008-04-14 09:46:40 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll

+ 2008-04-14 08:03:54 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll

+ 2008-04-14 09:47:08 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll

+ 2008-04-14 09:47:28 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll

+ 2008-04-14 08:03:58 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll

+ 2008-04-14 08:03:58 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll

+ 2008-04-14 09:47:06 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll

+ 2008-04-14 09:47:06 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll

+ 2008-04-14 09:13:58 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\dd8f551c39409fa95b0c22cf2ee48b65\System.IdentityModel.Selectors.ni.dll

+ 2008-04-14 09:13:58 978,944 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\581d8571e61ebe24154ae912624c3c9d\System.IdentityModel.ni.dll

+ 2008-04-14 09:14:00 417,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\86cd41998dc72b213d9464b56fe245b9\System.IO.Log.ni.dll

+ 2008-04-14 09:48:46 655,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\00e3750e478bac4913ee7a6c3b7cd392\System.Messaging.ni.dll

+ 2008-04-14 09:48:18 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\690a965457e274ad13f6b1f9ac2bad4e\System.Printing.ni.dll

+ 2008-04-14 09:47:10 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll

+ 2008-04-14 09:46:38 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2008-04-14 09:14:04 2,351,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c4838d300f677f34c9d44ead84b8603b\System.Runtime.Serialization.ni.dll

+ 2008-04-14 09:46:36 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll

+ 2008-04-14 09:14:30 17,354,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7a2bc3302a133e235ec99193c56a0571\System.ServiceModel.ni.dll

+ 2008-04-14 09:46:28 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll

+ 2008-04-14 09:48:26 2,039,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\d38908d5c6a11dd7dceaf9bd34adb437\System.Speech.ni.dll

+ 2008-04-14 09:47:04 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll

+ 2008-04-14 09:48:30 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll

+ 2008-04-14 09:47:28 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll

+ 2008-04-14 09:47:26 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll

+ 2008-04-14 09:47:22 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll

+ 2008-04-14 08:04:14 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll

+ 2008-04-14 09:48:36 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\5e0df5685ce40f838eea52a5f1454b68\System.Workflow.Activities.ni.dll

+ 2008-04-14 09:48:42 4,587,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\2689e361e42d0bb9e3d19f1ecd30c26a\System.Workflow.ComponentModel.ni.dll

+ 2008-04-14 09:48:46 2,093,056 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\41b6c3a0c115c43c53697efa1607fe49\System.Workflow.Runtime.ni.dll

+ 2008-04-14 08:04:20 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll

+ 2008-04-14 08:03:24 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll

+ 2008-04-14 09:14:40 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP129.tmp\WsatConfig.exe

+ 2008-04-14 09:48:48 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\f61803ded1c123ed9ed5849e7dcebf25\UIAutomationClient.ni.dll

+ 2008-04-14 09:48:50 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\679889309b57024e8abbe80c6c7d48bc\UIAutomationClientsideProviders.ni.dll

+ 2008-04-14 09:47:30 50,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9865738a916ad3664dd374582b9ea873\UIAutomationProvider.ni.dll

+ 2008-04-14 09:47:30 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\71605ce631809dcbfba38842fdf59acf\UIAutomationTypes.ni.dll

+ 2008-04-14 09:46:46 3,260,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\50652bfd061ead84841e6c9bfffacfb1\WindowsBase.ni.dll

+ 2008-04-14 09:48:52 270,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\2c96738a6ba8ff9e88889f331590e181\WindowsFormsIntegration.ni.dll

+ 2008-04-14 09:46:24 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\02436080d129210828823210ce879fd8\WsatConfig.ni.exe

- 2008-03-20 15:16:04 593,920 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-04-11 15:30:48 593,920 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-03-20 15:16:04 12,288 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-04-11 15:30:48 12,288 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-03-20 15:16:04 86,016 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-04-11 15:30:48 86,016 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-03-20 15:16:04 135,168 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-04-11 15:30:46 135,168 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-03-20 15:16:04 11,264 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-04-11 15:30:48 11,264 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-03-20 15:16:04 27,136 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-04-11 15:30:48 27,136 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-03-20 15:16:04 4,096 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-04-11 15:30:48 4,096 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-03-20 15:16:04 794,624 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-04-11 15:30:48 794,624 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-03-20 15:16:04 249,856 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-04-11 15:30:48 249,856 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-03-20 15:16:04 61,440 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-04-11 15:30:48 61,440 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-03-20 15:16:04 23,040 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-04-11 15:30:48 23,040 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-03-20 15:16:04 286,720 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-04-11 15:30:46 286,720 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-03-20 15:16:04 409,600 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-04-11 15:30:46 409,600 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2007-10-23 23:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe

- 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll

+ 2007-10-23 23:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll

- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll

+ 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll

- 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2007-10-23 23:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

- 2005-09-23 05:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

+ 2007-10-23 23:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

- 2005-09-23 05:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll

+ 2007-10-23 23:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll

- 2005-09-23 05:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

+ 2007-10-23 23:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

- 2005-09-23 05:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll

+ 2007-10-23 23:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll

- 2005-09-23 05:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll

+ 2007-10-23 23:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll

- 2005-09-23 05:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

+ 2007-10-23 23:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

- 2005-09-23 05:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll

+ 2007-10-23 23:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll

- 2005-09-23 05:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll

+ 2007-10-23 23:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll

- 2005-09-23 05:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2007-10-23 23:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

- 2005-09-23 05:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2007-10-23 23:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

- 2005-09-23 05:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2007-10-23 23:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

- 2005-09-23 05:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

+ 2007-10-23 23:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

- 2005-09-23 05:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2007-10-23 23:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

- 2005-09-23 05:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2007-10-23 23:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

- 2005-09-23 05:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

+ 2007-10-23 23:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

- 2005-09-23 05:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2007-10-23 23:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

- 2005-09-23 05:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

+ 2007-10-23 23:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

- 2005-09-23 05:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2007-10-23 23:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

- 2005-09-23 05:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2007-10-23 23:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

- 2005-09-23 05:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

+ 2007-10-23 23:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

- 2005-09-23 05:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

+ 2007-10-23 23:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

- 2005-09-23 05:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2007-10-23 23:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

- 2005-09-23 05:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe

+ 2007-10-23 23:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe

- 2005-09-23 05:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll

+ 2007-10-23 23:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll

- 2005-09-23 05:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2007-10-23 23:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

- 2005-09-23 05:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll

+ 2007-10-23 23:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll

- 2005-09-23 05:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

+ 2007-10-23 23:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

- 2005-09-23 05:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

+ 2007-10-23 23:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

- 2005-09-23 05:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

+ 2007-10-23 23:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

- 2005-09-23 05:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2007-10-23 23:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

- 2005-09-23 05:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

+ 2007-10-23 23:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

- 2005-09-23 05:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

+ 2007-10-23 23:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll

+ 2007-10-23 23:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll

- 2005-09-23 05:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2007-10-23 23:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

- 2005-09-23 05:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

+ 2007-10-23 23:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

- 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

+ 2007-10-23 23:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

- 2005-09-23 05:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

+ 2007-10-23 23:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

- 2005-09-23 05:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

+ 2007-10-23 23:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

- 2005-09-23 05:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2007-10-23 23:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

- 2005-09-23 05:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

+ 2007-10-23 23:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

- 2005-09-23 05:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

+ 2007-10-23 23:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

- 2005-09-23 05:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2007-10-23 23:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe

- 2005-09-23 05:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

+ 2007-10-23 23:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

- 2005-09-23 05:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

+ 2007-10-23 23:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

- 2005-09-23 05:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

+ 2007-10-23 23:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

- 2005-09-23 05:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

+ 2007-10-23 23:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

- 2005-09-23 05:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

+ 2007-10-23 23:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

- 2005-09-23 05:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2007-10-23 23:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

- 2005-09-23 05:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

+ 2007-10-23 23:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

- 2005-09-23 05:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll

+ 2007-10-23 23:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll

- 2005-09-23 05:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2007-10-23 23:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

- 2005-09-23 05:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2007-10-23 23:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

- 2005-09-23 05:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

+ 2007-10-23 23:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

- 2005-09-23 05:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2007-10-23 23:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2005-09-23 05:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

+ 2007-10-23 23:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

- 2005-09-23 05:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

+ 2007-10-23 23:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

- 2005-09-23 05:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

+ 2007-10-23 23:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

- 2005-09-23 05:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2007-10-23 23:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2005-09-23 05:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

+ 2007-10-23 23:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

- 2005-09-23 05:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll

+ 2007-10-23 23:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll

- 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2007-10-23 23:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

- 2005-09-23 05:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2007-10-23 23:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

- 2005-09-23 05:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

+ 2007-10-23 23:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

- 2005-09-23 05:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2007-10-23 23:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2005-09-23 05:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

+ 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

- 2005-09-23 05:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

+ 2007-10-23 23:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

- 2005-09-23 05:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

+ 2007-10-23 23:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

+ 2007-10-23 23:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

- 2005-09-23 05:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

+ 2007-10-23 23:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

- 2005-09-23 05:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

+ 2007-10-23 23:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

- 2005-09-23 05:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

+ 2007-10-23 23:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

- 2005-09-23 05:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2007-10-23 23:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2005-09-23 05:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

+ 2007-10-23 23:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

- 2005-09-23 05:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe

+ 2007-10-23 23:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe

- 2005-09-23 05:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2007-10-23 23:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll

- 2005-09-23 05:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

+ 2007-10-23 23:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

- 2005-09-23 05:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll

+ 2007-10-23 23:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll

- 2005-09-23 05:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

+ 2007-10-23 23:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

- 2005-09-23 05:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2007-10-23 23:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

- 2005-09-23 05:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

+ 2007-10-23 23:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

- 2005-09-23 05:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll

+ 2007-10-23 23:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll

- 2005-09-23 05:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

+ 2007-10-23 23:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

- 2005-09-23 05:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2007-10-23 23:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2005-09-23 05:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

+ 2007-10-23 23:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

- 2005-09-23 05:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

+ 2007-10-23 23:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

+ 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

- 2005-09-23 05:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

+ 2007-10-23 23:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

- 2005-09-23 05:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2007-10-23 23:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

- 2005-09-23 05:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

+ 2007-10-23 23:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

- 2005-09-23 05:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

+ 2007-10-23 23:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

- 2005-09-23 05:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

+ 2007-10-23 23:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

- 2005-09-23 05:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll

+ 2007-10-23 23:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll

- 2005-09-23 05:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

+ 2007-10-23 23:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

- 2005-09-23 05:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2007-10-23 23:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll

- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

- 2005-09-23 05:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2007-10-23 23:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

- 2005-09-23 05:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

+ 2007-10-23 23:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

- 2005-09-23 05:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

+ 2007-10-23 23:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

- 2005-09-23 05:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

+ 2007-10-23 23:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll

+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll

- 2005-09-23 05:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

+ 2007-10-23 23:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

- 2005-09-23 05:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

+ 2007-10-23 23:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

- 2005-09-23 05:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll

+ 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll

- 2005-09-23 05:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

+ 2007-10-23 23:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

- 2005-09-23 05:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2007-10-23 23:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

- 2005-09-23 05:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll

+ 2007-10-23 23:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll

- 2005-09-23 05:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

+ 2007-10-23 23:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

- 2005-09-23 05:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll

+ 2007-10-23 23:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll

- 2005-09-23 05:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2007-10-23 23:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

- 2005-09-23 05:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

+ 2007-10-23 23:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

- 2005-09-23 05:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

+ 2007-10-23 23:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

- 2005-09-23 05:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe

+ 2007-10-23 23:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe

- 2005-09-23 05:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

+ 2007-10-23 23:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

- 2005-09-23 05:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2007-10-23 23:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll

- 2005-09-23 05:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

+ 2007-10-23 23:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

- 2008-04-10 14:01:34 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE

+ 2008-04-14 16:42:18 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE

- 2007-12-06 23:47:38 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll

+ 2008-02-16 09:32:58 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll

- 2007-12-06 23:47:38 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll

+ 2008-02-16 09:32:58 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll

- 2007-12-06 23:47:38 1,057,280 ----a-w C:\WINDOWS\system32\danim.dll

+ 2008-02-16 09:33:00 1,057,280 ----a-w C:\WINDOWS\system32\danim.dll

- 2005-09-23 05:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll

+ 2007-10-23 23:47:28 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll

- 2007-12-06 23:47:38 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll

+ 2008-02-16 09:33:00 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll

- 2007-12-06 23:47:38 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-02-16 09:33:00 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2007-12-06 23:47:38 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-02-16 09:33:00 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2007-12-06 23:47:38 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-02-16 09:33:00 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2007-12-06 23:47:38 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll

+ 2008-02-16 09:33:00 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll

- 2007-12-06 23:47:38 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll

+ 2008-02-16 09:33:00 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll

- 2007-11-14 06:29:20 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2007-12-18 14:43:08 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll

- 2007-12-06 23:47:38 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-02-16 09:33:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2007-12-06 23:47:38 3,087,360 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-02-16 09:33:02 3,087,872 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2007-12-06 23:47:38 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-02-16 09:33:04 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2007-12-06 23:47:38 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-02-16 09:33:04 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2007-12-06 23:47:38 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-02-16 09:33:04 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2007-12-06 23:47:38 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-02-16 09:33:04 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2007-12-06 23:47:38 1,499,136 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

+ 2008-02-16 09:33:04 1,499,136 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

- 2007-12-06 23:47:38 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

+ 2008-02-16 09:33:04 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

- 2007-12-06 23:47:38 619,520 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-02-16 09:33:04 620,032 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2004-09-02 11:00:00 417,792 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll

+ 2007-12-18 14:43:08 417,792 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll

- 2007-12-06 23:47:38 669,184 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-02-16 09:33:04 669,184 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2006-06-26 16:45:40 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-02-20 05:39:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

- 2007-12-06 23:47:38 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-02-16 09:33:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2007-12-06 23:47:38 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-02-16 09:33:00 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2007-12-06 23:47:38 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-02-16 09:33:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2008-04-10 12:26:18 1,692,688 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-04-13 10:58:22 1,692,688 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2007-12-06 23:47:38 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll

+ 2008-02-16 09:33:00 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll

- 2007-12-06 23:47:38 96,768 ----a-w C:\WINDOWS\system32\inseng.dll

+ 2008-02-16 09:33:00 96,768 ----a-w C:\WINDOWS\system32\inseng.dll

- 2007-11-14 06:29:20 450,560 ----a-w C:\WINDOWS\system32\jscript.dll

+ 2007-12-18 14:43:08 450,560 ----a-w C:\WINDOWS\system32\jscript.dll

- 2007-12-06 23:47:38 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-02-16 09:33:00 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll

+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll

- 2008-03-05 06:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe

- 2006-12-22 10:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll

+ 2007-10-23 23:47:38 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll

- 2005-09-23 05:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll

+ 2007-10-23 23:47:38 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll

- 2005-09-23 05:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll

+ 2007-10-23 23:47:38 84,480 ----a-w C:\WINDOWS\system32\mscories.dll

- 2007-12-06 23:47:38 3,087,360 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-02-16 09:33:02 3,087,872 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-12-06 23:47:38 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-02-16 09:33:04 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2007-12-06 23:47:38 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2008-02-16 09:33:04 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

- 2007-12-06 23:47:38 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2008-02-16 09:33:04 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

- 2006-12-22 11:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll

+ 2007-10-23 23:47:44 15,360 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll

- 2008-03-31 17:32:44 71,974 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-04-14 08:01:36 73,158 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-03-31 17:32:44 91,336 ----a-w C:\WINDOWS\system32\perfc013.dat

+ 2008-04-14 08:01:36 93,416 ----a-w C:\WINDOWS\system32\perfc013.dat

- 2008-03-31 17:32:44 440,940 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-04-14 08:01:36 446,204 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-03-31 17:32:44 508,260 ----a-w C:\WINDOWS\system32\perfh013.dat

+ 2008-04-14 08:01:36 514,480 ----a-w C:\WINDOWS\system32\perfh013.dat

- 2007-12-06 23:47:38 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-02-16 09:33:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2007-12-06 23:47:38 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll

+ 2008-02-16 09:33:04 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll

- 2007-12-06 23:47:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll

+ 2008-02-16 09:33:04 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll

- 2004-01-30 13:07:46 245,408 ----a-r C:\WINDOWS\system32\unicows.dll

+ 2004-12-07 08:11:00 258,352 ----a-w C:\WINDOWS\system32\unicows.dll

- 2007-12-06 23:47:38 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-02-16 09:33:04 620,032 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2004-09-02 11:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll

+ 2007-12-18 14:43:08 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll

- 2007-12-06 23:47:38 669,184 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2008-02-16 09:33:04 669,184 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2006-09-11 09:56:00 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll

- 2001-10-29 07:44:36 397,856 ----a-r C:\WINDOWS\system32\XceedZip.dll

+ 2006-12-21 13:18:00 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll

- 2007-12-06 22:40:38 369,664 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2008-02-15 23:03:22 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2007-10-23 23:47:56 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll

+ 2007-10-23 23:47:56 558,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll

+ 2007-10-23 23:47:56 635,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360]

"Steam"="" []

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

"DLD.EXE"="D:\Download Direct\DLD.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]

"LaunchApp"="Alaunch" []

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 14:51 774233]

"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]

"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 13:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-02 13:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]

"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]

"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [ ]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 12:04 52840]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]

"ShStatEXE"="D:\McAfee Enterprise 8.5\SHSTAT.exe" [2007-02-22 20:50 112216]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"McAfeeUpdaterUI"="D:\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]

"iPrint Event Monitor"="C:\WINDOWS\system32\iprntlgn.exe" [2007-05-07 11:31 45056]

"iPrint Tray"="C:\WINDOWS\system32\iprntctl.exe" [2007-05-07 11:31 40960]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:06 304664]

"AcerOrbicamRibbon"="C:\Program Files\Acer\OrbiCam.exe" [2006-11-28 18:43 754712]

"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 18:38 244512]

"LaunchList"="D:\Pinnacle Studio9\LaunchList.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360]

C:\Documents and Settings\John\Menu Start\Programma's\Opstarten\

TransBar.lnk - D:\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536]

RocketDock.lnk - D:\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]

SolidWorks Task Scheduler Engine.lnk - D:\SolidWorks 2006 Premium\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Clean Access Agent.lnk - D:\Cisco Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 17:12:50 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"D:\\Steam\\Steam.exe"=

"D:\\Steam\\steamapps\\dennuzz\\counter-strike\\hl.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"D:\\Common Framework\\FrameworkService.exe"=

"D:\\LimeWire\\LimeWire.exe"=

"D:\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1863:TCP"= 1863:TCP:MSN TCP Poort 1863 Dennis

"6891:TCP"= 6891:TCP:MSN TCP Poort 6891 Dennis

R1 nipplpt2;Novell iCapture Lpt Redirector 2;C:\WINDOWS\system32\drivers\nipplpt.sys [2007-05-07 11:26]

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-11-28 18:36]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]

R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-28 20:36:40 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - John.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:

"2007-01-08 16:55:00 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-14 18:42:19

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> D:\Vista Inspirat 2\RocketDock\RocketDock.dll

.

Voltooingstijd: 2008-04-14 18:42:52

ComboFix-quarantined-files.txt 2008-04-14 16:42:46

ComboFix2.txt 2008-04-10 14:05:28

Pre-Run: 30,140,497,920 bytes beschikbaar

Post-Run: 30,353,391,616 bytes beschikbaar

.

2008-04-14 08:02:41 --- E O F ---

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:38, on 2008-04-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

D:\Common Framework\FrameworkService.exe

D:\McAfee Enterprise 8.5\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\McAfee Enterprise 8.5\SHSTAT.EXE

D:\Common Framework\UdaterUI.exe

C:\WINDOWS\system32\iprntlgn.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\igfxext.exe

D:\Common Framework\McTray.exe

D:\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

C:\Program Files\Acer\OrbiCam.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Vista Inspirat 2\RocketDock\RocketDock.exe

D:\SolidWorks 2006 Premium\swScheduler\swBOEngine.exe

D:\Cisco Clean Access Agent\CCAAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\John\LOCALS~1\Temp\RtkBtMnt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws, sterren, games, video en muziek vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK & Ireland

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\McAfee Enterprise 8.5\scriptcl.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [shStatEXE] "D:\McAfee Enterprise 8.5\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe

O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [LaunchList] D:\Pinnacle Studio9\LaunchList.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [DLD.EXE] D:\Download Direct\DLD.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: TransBar.lnk = D:\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: RocketDock.lnk = D:\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: SolidWorks Task Scheduler Engine.lnk = D:\SolidWorks 2006 Premium\swScheduler\swBOEngine.exe

O4 - Global Startup: Clean Access Agent.lnk = D:\Cisco Clean Access Agent\CCAAgentLauncher.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://dbmsg04.saxion.nl/iNotes6W.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} (Web Viewer Class) - http://www.voortmanstaalbouw.nl/staalbouw/model/hanzehogeschool/dll/zkitlib.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167291218953

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab

O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/obj/NpFv415.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\McAfee Enterprise 8.5\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\McAfee Enterprise 8.5\VsTskMgr.exe

O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - D:\Nero 7 Premium Reloaded\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--

End of file - 16487 bytes

Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\Documents and Settings\All Users\Application Data\zkfyhwdo.dll

C:\WINDOWS\system32\spmsg2.dll

C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP

C:\WINDOWS\JCMKR32.INI

C:\WINDOWS\system32\drivers\efxjxy_364.set

C:\WINDOWS\system32\drivers\bhtrugl118.dat

C:\WINDOWS\g_nhqnsp503.ini

C:\WINDOWS\DUMP43bf.tmp

C:\WINDOWS\system32\E27131E6D6.sys

Folder::

C:\VundoFix Backups

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

En weet meteen ook eens te vertellen of je nog pop-ups krijgt ?

Geplaatst:

Bedankt voor je reactie

nee heb de laatste dagen geen pop-ups gekregen en alles werkt weer als voorheen

vind hem alleen langzamer opstarten

hieronder de log

ComboFix 08-04-09.9 - John 2008-04-15 19:44:45.4 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.597 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\John\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\John\Bureaublad\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

C:\Documents and Settings\All Users\Application Data\zkfyhwdo.dll

C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP

C:\WINDOWS\DUMP43bf.tmp

C:\WINDOWS\g_nhqnsp503.ini

C:\WINDOWS\JCMKR32.INI

C:\WINDOWS\system32\drivers\bhtrugl118.dat

C:\WINDOWS\system32\drivers\efxjxy_364.set

C:\WINDOWS\system32\E27131E6D6.sys

C:\WINDOWS\system32\spmsg2.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\zkfyhwdo.dll

C:\VundoFix Backups

C:\WINDOWS\DUMP43bf.tmp

C:\WINDOWS\g_nhqnsp503.ini

C:\WINDOWS\JCMKR32.INI

C:\WINDOWS\system32\drivers\bhtrugl118.dat

C:\WINDOWS\system32\drivers\efxjxy_364.set

C:\WINDOWS\system32\E27131E6D6.sys

C:\WINDOWS\system32\spmsg2.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))

.

2008-04-11 17:30 . 2008-04-11 17:30 206 --a------ C:\WINDOWS\system32\MRT.INI

2008-04-10 17:46 . 2008-04-10 17:47 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-04-10 17:01 . 2008-04-10 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-04-10 17:00 . 2008-04-10 17:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-10 15:43 . 2008-04-10 15:43 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-10 13:27 . 2008-04-10 13:27 <DIR> d-------- C:\Program Files\IE Extensions

2008-04-10 10:50 . 2004-07-02 17:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL

2008-04-10 10:48 . 2002-01-05 04:48 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL

2008-04-10 10:48 . 2002-01-05 04:36 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL

2008-04-10 10:48 . 2002-01-05 03:40 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL

2008-04-10 10:48 . 2002-01-05 03:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-04-10 10:48 . 2002-01-05 03:38 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL

2008-04-10 10:46 . 2008-04-10 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle

2008-04-10 10:46 . 2002-03-19 10:29 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys

2008-04-07 18:34 . 2008-04-07 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-04-07 18:27 . 2008-04-07 18:27 <DIR> d-------- C:\Program Files\Bonjour

2008-04-07 11:15 . 2008-04-07 11:15 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-04-03 09:35 . 2008-04-03 09:36 <DIR> d-------- C:\Program Files\MSXML 6.0

2008-04-01 18:02 . 2008-04-01 18:02 <DIR> d-------- C:\flexlm

2008-04-01 18:02 . 2008-04-01 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision

2008-03-31 20:34 . 2008-03-31 20:34 <DIR> d-------- C:\Documents and Settings\John\Application Data\SolidWorks 2008

2008-03-31 19:47 . 2008-03-31 19:47 <DIR> d-------- C:\Program Files\Common Files\eDrawings2008

2008-03-31 19:47 . 2008-03-31 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SolidWorks

2008-03-31 19:32 . 2008-03-31 19:32 <DIR> d-------- C:\Program Files\MSBuild

2008-03-31 19:28 . 2008-03-31 19:28 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-03-31 19:28 . 2008-03-31 19:28 <DIR> d-------- C:\Program Files\Reference Assemblies

2008-03-31 19:11 . 2008-03-31 19:11 <DIR> d-------- C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP

2008-03-25 18:31 . 2008-03-25 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McNeel

2008-03-25 15:27 . 2008-03-25 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-01 16:20 47,360 ----a-w C:\Documents and Settings\John\Application Data\pcouffin.sys

2008-03-31 16:57 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-03-31 16:57 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-13 07:59 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-03-06 14:43 --------- d-----w C:\Program Files\iPod

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-16 09:32 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll

2008-02-16 09:32 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll

2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

.

------- Sigcheck -------

2007-06-13 15:24 979456 1b23f40acaed86b9f6db6833d22cfdb0 C:\WINDOWS\explorer.exe

2007-06-13 15:24 979456 1b23f40acaed86b9f6db6833d22cfdb0 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 15:12 1036800 1d6245afbd3faabc16a885116be1874d C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-09-02 13:00 1035776 a1d7304a87fc3093150f5e3cc7b0f338 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

.

((((((((((((((((((((((((((((( snapshot_2008-04-14_18.42.32.11 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-14 16:42:18 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE

+ 2008-04-15 17:47:08 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360]

"Steam"="" []

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

"DLD.EXE"="D:\Download Direct\DLD.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]

"LaunchApp"="Alaunch" []

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 14:51 774233]

"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]

"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 13:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-02 13:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]

"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]

"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [ ]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 12:04 52840]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]

"ShStatEXE"="D:\McAfee Enterprise 8.5\SHSTAT.exe" [2007-02-22 20:50 112216]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"McAfeeUpdaterUI"="D:\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]

"iPrint Event Monitor"="C:\WINDOWS\system32\iprntlgn.exe" [2007-05-07 11:31 45056]

"iPrint Tray"="C:\WINDOWS\system32\iprntctl.exe" [2007-05-07 11:31 40960]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:06 304664]

"AcerOrbicamRibbon"="C:\Program Files\Acer\OrbiCam.exe" [2006-11-28 18:43 754712]

"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 18:38 244512]

"LaunchList"="D:\Pinnacle Studio9\LaunchList.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360]

C:\Documents and Settings\John\Menu Start\Programma's\Opstarten\

TransBar.lnk - D:\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536]

RocketDock.lnk - D:\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]

SolidWorks Task Scheduler Engine.lnk - D:\SolidWorks 2006 Premium\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Clean Access Agent.lnk - D:\Cisco Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 17:12:50 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"D:\\Steam\\Steam.exe"=

"D:\\Steam\\steamapps\\dennuzz\\counter-strike\\hl.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"D:\\Common Framework\\FrameworkService.exe"=

"D:\\LimeWire\\LimeWire.exe"=

"D:\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1863:TCP"= 1863:TCP:MSN TCP Poort 1863 Dennis

"6891:TCP"= 6891:TCP:MSN TCP Poort 6891 Dennis

R1 nipplpt2;Novell iCapture Lpt Redirector 2;C:\WINDOWS\system32\drivers\nipplpt.sys [2007-05-07 11:26]

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-11-28 18:36]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]

R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

*Newly Created Service* - INT15.SYS

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-28 20:36:40 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - John.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:

"2007-01-08 16:55:00 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-15 19:47:11

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> D:\Vista Inspirat 2\RocketDock\RocketDock.dll

.

Voltooingstijd: 2008-04-15 19:47:45

ComboFix-quarantined-files.txt 2008-04-15 17:47:40

ComboFix3.txt 2008-04-10 14:05:28

ComboFix2.txt 2008-04-14 16:42:54

Pre-Run: 30,301,913,088 bytes beschikbaar

Post-Run: 30,284,120,064 bytes beschikbaar

.

2008-04-14 08:02:41 --- E O F ---

Geplaatst:

Dit moet je eerst nog even uitvoeren.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Klik op 'Fix checked' om de items te verwijderen.

En dan zit je nog met té veel programma's die onnodig mee opstarten. Daar gaan we even een aantal uitschakelen.

Download Codestuff Starter

Start Codestuff Starter op

Selecteer het tabblad Automatisch Opstarten en vink volgende items uit. Deze programma’s worden onnodig mee opgestart.

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start

O4 - HKLM\..\Run: [shStatEXE] "D:\McAfee Enterprise 8.5\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

Op het tabblad zal je deze programma's vinden zonder de cijfers (04) en de letters (HKLM) maar met de programmanaam of afkorting ervan. Indien je later één van deze programma's terug wil laten opstarten kan je dit steeds terug aanvinken.

Nog een vraagje : ik ontdek McAfee en Norton in je logs. Heb je twee actieve antivirusscanners tegelijk ?

Als je dit achter de rug hebt, geef dan aub een seintje, dan gaan we over naar de "grote schoonmaak".

Geplaatst:

ik heb de opdrachten uitgevoerd

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

deze stond er niet meer tussen..

ik heb inderdaad 2 virusscanners erop staan.. dit komt omdat mijn norton verlopen is

en op mijn school hebben ze een heel irritant netwerk waar je met cisco systems in moet loggen e.d. en dit werkt eigenlijk alleen als je een mcafee virusscanner hebt..

ben zelf eigenlijk niet zo weg van deze mcafee virusscanner, heb hier nog een norton 360 liggen en wou die nog installeren

is dit een goed idee of heb jij nog een oplossing?

en btw werkt het scrollen van mijn touchpad nu ff niet meer

heb dit wel eens vaker gehad dus kan zijn als ik hem opnieuw opstart dat die het weer doet of dat komt omdat ik iets uitgeschakeld heb net?

bedankt! ook maar ff nog een hijacklog eronder gehangen

weet niet of het nodig is:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:00:05, on 15-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

D:\Common Framework\FrameworkService.exe

D:\McAfee Enterprise 8.5\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\Common Framework\UdaterUI.exe

C:\WINDOWS\system32\iprntlgn.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

D:\Common Framework\McTray.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Acer\OrbiCam.exe

C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

D:\Vista Inspirat 2\RocketDock\RocketDock.exe

D:\SolidWorks 2006 Premium\swScheduler\swBOEngine.exe

D:\Cisco Clean Access Agent\CCAAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws, sterren, games, video en muziek vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK & Ireland

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\McAfee Enterprise 8.5\scriptcl.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [LaunchList] D:\Pinnacle Studio9\LaunchList.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [DLD.EXE] D:\Download Direct\DLD.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - Startup: TransBar.lnk = D:\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: RocketDock.lnk = D:\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: SolidWorks Task Scheduler Engine.lnk = D:\SolidWorks 2006 Premium\swScheduler\swBOEngine.exe

O4 - Global Startup: Clean Access Agent.lnk = D:\Cisco Clean Access Agent\CCAAgentLauncher.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://dbmsg04.saxion.nl/iNotes6W.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} (Web Viewer Class) - http://www.voortmanstaalbouw.nl/staalbouw/model/hanzehogeschool/dll/zkitlib.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167291218953

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab

O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/obj/NpFv415.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\McAfee Enterprise 8.5\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\McAfee Enterprise 8.5\VsTskMgr.exe

O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - D:\Nero 7 Premium Reloaded\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--

End of file - 14229 bytes

Geplaatst:

Eerst een antwoord op je vragen :

1 : die touchpad moet andere oorzaken hebben, want er is geen enkel programma uitgeschakeld dat iets met dit onderdeel te maken heeft.

2. de virusscanners : Norton is een systeemvreter (en de 360 helemaal). Persoonlijk zou ik daar absoluut niet voor kiezen, maar dat is iets dat iedere PC-gebruiker zelf moet beslissen. De keuze is aan jou. Die McAfee lijkt me wel OK, zeker als je hem toch nodig hebt voor schoolgebruik.

3. vermits je nu nog een beetje klaagt over de traagheid bij het opstarten, zou ik - zeker bij wijze van test - alles van Symantec/Norton eens van je PC zwieren. Doe dit met het Norton Removal Tool ... en bekijk eens of dit iets doet aan de snelheid. Kan je later nog altijd beslissen om toch die 360 te installeren.

4. je log van HJT ziet er nu perfect clean uit.

En dan de "grote schoonmaak", nu je problemen achter de rug lijken te zijn. Verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Download CCleaner.

Installeer het en start het op. Klik in de linkse kolom op “Opties”. Selecteer het tabblad ‘Geavanceerd’ en haal het vinkje weg voor “Verwijder alleen tijdelijke bestanden in de Windows systeemmap die ouder zijn dan 48 uur” en sluit hierna het programma.

Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen.

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".

- Zet een vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Windows vraagt of je dat zeker weet.

- Klik "Ja".

- Klik "OK".

- Start de pc opnieuw op.

- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"

- Klik "Ja".

- Verwijder het vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Klik "OK".

- Start de pc opnieuw op

- Er is nu een nieuw herstelpunt aangemaakt.

That’s it !

Geplaatst:

bedankt!!

alles is prima verlopen en het werkt allemaal weer ook touchpad

norton heb ik nog niks aan veranderd

zal deze morgen eens verwijderen en testen

nogmaals hardstikke bedankt voor de tijd die je hierin hebt gestoken!

ps: hoe weet je eigenlijk welke onderdelen je moet selecteren bij hijackthis en combofix..

is daar een handleiding of dergelijke voor?

zodat ik het de volgende keer misschien zelf zou kunnen proberen?!

Geplaatst:
ps: hoe weet je eigenlijk welke onderdelen je moet selecteren bij hijackthis en combofix. is daar een handleiding of dergelijke voor? zodat ik het de volgende keer misschien zelf zou kunnen proberen?!
Wat info over de basis van HiJackThis kan je bvb. hier vinden. Over Combofix vind je nergens een handleiding. En ik zou je - zonder opleiding of ervaring - absoluut afraden om zelf aan de slag te gaan met HJT of Combofix. Kan behoorlijk tegenvallen als je eens een fout bestandje laat fixen of verwijderen ;)
Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.