pc start zeer traag op

[momo7869]

hallo,

ik heb in het archief iets gelezen over een pc die zeer traag opstart. nu is dat bij mij sinds een maand of 2 ook het geval. in het archief werd gesproken over een programma combofix. ik heb dit programma gedownload en laten lopen. ik kreeg het volgende log bestand

ComboFix 12-10-14.03 - Marielle 15-10-2012 18:49:23.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3071.2439 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Marielle\Bureaublad\ComboFix.exe

AV: ESET Smart Security 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

FW: ESET Persoonlijke firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FW: Outpost Firewall Pro *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Marielle\Local Settings\Application Data\Vid-Saver

c:\documents and settings\Marielle\Local Settings\Application Data\Vid-Saver\Chrome\Vid-Saver.crx

c:\program files\intellidownload\gunzip.exe

c:\program files\Vid-Saver

c:\program files\Vid-Saver\Uninstall.exe

c:\program files\Vid-Saver\Vid-Saver.dll

c:\program files\Vid-Saver\Vid-Saver.exe

c:\program files\Vid-Saver\Vid-Saver.ico

c:\program files\Vid-Saver\Vid-Saver.ini

c:\program files\Vid-Saver\Vid-SaverGui.exe

c:\program files\Vid-Saver\Vid-SaverInstaller.log

c:\windows\system32\Cache

c:\windows\system32\Cache\03433d03addbf747.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\37b6215e3dc4d3b4.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\4f395b09ca237343.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\682e1b5fa35418eb.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\a679b3c11eac2f41.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\bd7492b88447eadd.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\cf588478b22cab90.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\roboot.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\system32\w32apiw.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NVSVC

-------\Service_NVSvc

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-15 to 2012-10-15 ))))))))))))))))))))))))))))))

.

.

2012-10-15 16:34 . 2012-10-15 16:34 -------- d--h--r- c:\documents and settings\Marielle\Onlangs geopend

2012-10-15 16:17 . 2012-10-15 16:17 -------- d-----w- c:\documents and settings\Marielle\Local Settings\Application Data\ESET

2012-10-15 16:17 . 2012-10-15 16:17 -------- d-----w- c:\documents and settings\Marielle\Application Data\ESET

2012-10-15 16:08 . 2012-10-15 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2012-10-15 15:33 . 2012-10-15 15:33 -------- d-----w- c:\program files\ESET

2012-10-15 14:56 . 2012-10-15 15:05 -------- d-----w- c:\program files\MyDefrag v4.3.1

2012-10-14 12:27 . 2012-10-14 12:27 -------- d-----w- c:\windows\system32\LogFiles

2012-10-14 12:24 . 2012-10-15 11:56 -------- d-----w- c:\program files\Microsoft Bootvis

2012-10-14 11:20 . 2012-10-14 11:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Browser Manager

2012-10-14 11:20 . 2012-10-14 11:20 -------- d-----w- c:\program files\BabylonToolbar

2012-10-14 11:19 . 2012-10-14 11:19 -------- d-----w- c:\documents and settings\Marielle\Application Data\Babylon

2012-10-14 11:19 . 2012-10-14 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

2012-10-14 11:19 . 2012-10-14 11:19 -------- d-----w- c:\documents and settings\Marielle\Application Data\YourFileDownloader

2012-10-14 11:03 . 2012-10-14 11:03 -------- d-----w- c:\documents and settings\Marielle\Application Data\Fighters

2012-10-14 11:03 . 2012-10-14 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters

2012-10-01 12:37 . 2012-10-01 12:37 -------- d-----w- c:\documents and settings\Marielle\Application Data\Western Software Technologies

2012-09-30 21:27 . 2012-09-30 21:27 -------- d-----w- c:\documents and settings\Marielle\Application Data\PoBros

2012-09-30 21:27 . 2012-09-30 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros

2012-09-29 22:14 . 2012-09-29 22:14 -------- d-----w- c:\documents and settings\Marielle\Application Data\MumboJumbo

2012-09-28 20:42 . 2012-09-28 20:42 -------- d-----w- c:\documents and settings\Marielle\Application Data\iMaxGen

2012-09-23 19:31 . 2012-09-23 19:31 -------- d-----w- c:\documents and settings\Marielle\Application Data\Silverback Productions

2012-09-21 18:50 . 2008-04-15 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2012-09-21 18:50 . 2012-10-03 07:13 -------- d-----w- c:\windows\system32\NtmsData

2012-09-21 18:43 . 2012-10-15 15:22 99135654 ----a-w- c:\documents and settings\Marielle\Application Data\hkey_local_machine.reg

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-08 08:42 . 2012-04-09 08:49 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-08 08:42 . 2011-07-20 06:26 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-28 15:17 . 2009-01-31 08:29 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2009-01-31 08:29 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2009-01-31 08:29 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2008-04-15 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-23 06:26 . 2009-01-31 08:27 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:26 . 2008-08-14 17:28 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys

[7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys

[7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

.

[7] 2008-04-15 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys

[7] 2008-04-15 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys

[7] 2008-04-15 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys

.

[7] 2008-04-15 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys

[7] 2008-04-15 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[7] 2008-04-15 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[7] 2008-04-15 . 380397621E94B32C744E7B2CC1330390 . 25088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys

[7] 2008-04-15 . 380397621E94B32C744E7B2CC1330390 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys

[7] 2008-04-15 . 380397621E94B32C744E7B2CC1330390 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[7] 2008-04-14 . 380397621E94B32C744E7B2CC1330390 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys

.

[7] 2008-04-15 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys

[7] 2008-04-15 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys

[7] 2008-04-15 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys

.

[7] 2008-04-22 . A0857C97770034FD2AF17DC4014B5ABD . 576384 . . [5.1.2600.5585] . . c:\windows\ERDNT\cache\ntfs.sys

[7] 2008-04-22 . A0857C97770034FD2AF17DC4014B5ABD . 576384 . . [5.1.2600.5585] . . c:\windows\system32\dllcache\ntfs.sys

[7] 2008-04-22 . A0857C97770034FD2AF17DC4014B5ABD . 576384 . . [5.1.2600.5585] . . c:\windows\system32\drivers\ntfs.sys

[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys

.

[7] 2008-04-15 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys

[7] 2008-04-15 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[7] 2008-04-15 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[7] 2009-01-31 . 367DE8E5F638C091F49273144274F629 . 361600 . . [5.1.2600.5649] . . c:\windows\ERDNT\cache\tcpip.sys

[7] 2009-01-31 . 367DE8E5F638C091F49273144274F629 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\dllcache\tcpip.sys

[7] 2009-01-31 . 367DE8E5F638C091F49273144274F629 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

.

[7] 2012-07-06 . 307DC67231986A9552FA515F1233C1AB . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll

[7] 2012-07-06 . 307DC67231986A9552FA515F1233C1AB . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll

[7] 2008-04-15 . 69EAA7501F53A40E8C04C69F2391224F . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll

[7] 2008-04-14 . 69EAA7501F53A40E8C04C69F2391224F . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll

.

[7] 2008-04-15 . 8754210A3399D19610CE2D71E0C3E5D9 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe

[7] 2008-04-15 . 8754210A3399D19610CE2D71E0C3E5D9 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[7] 2008-04-14 . 8754210A3399D19610CE2D71E0C3E5D9 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe

.

[7] 2008-04-15 . 5431FB616ECAE0D587C5B97D0B86CBD8 . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll

[7] 2008-04-15 . 5431FB616ECAE0D587C5B97D0B86CBD8 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[7] 2008-04-14 . 5431FB616ECAE0D587C5B97D0B86CBD8 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll

.

[7] 2008-04-15 12:00 . 49DEEDAED168FD4723934755BF55CCFE . 822784 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[7] 2008-04-14 21:32 . 49DEEDAED168FD4723934755BF55CCFE . 822784 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll

.

[7] 2008-04-15 . 5C0073A51C4873430FA8B262E92183FF . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll

[7] 2008-04-15 . 5C0073A51C4873430FA8B262E92183FF . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[7] 2008-04-14 . 5C0073A51C4873430FA8B262E92183FF . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll

[7] 2008-04-14 . 5C0073A51C4873430FA8B262E92183FF . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll

.

[7] 2009-02-09 . D8D28F6CABEC7D42B8E487E290563B9A . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll

[7] 2009-02-09 . D8D28F6CABEC7D42B8E487E290563B9A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[7] 2009-02-09 . D8D28F6CABEC7D42B8E487E290563B9A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[7] 2008-04-15 . 70357A0F411DF464F9FF434F2DDCB68F . 399360 . . [5.1.2600.5512] . . c:\windows\uninstall updates\$NtUninstallKB956572$\rpcss.dll

[7] 2008-04-14 . 70357A0F411DF464F9FF434F2DDCB68F . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll

.

[7] 2009-02-09 . D98A222A707FFE40043E533FE7A6BA24 . 111104 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe

[7] 2009-02-09 . D98A222A707FFE40043E533FE7A6BA24 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[7] 2009-02-09 . D98A222A707FFE40043E533FE7A6BA24 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[7] 2008-04-15 . B77BC5CD88EB96D4352AF5202EC4AEC2 . 109056 . . [5.1.2600.5512] . . c:\windows\uninstall updates\$NtUninstallKB956572$\services.exe

[7] 2008-04-14 . B77BC5CD88EB96D4352AF5202EC4AEC2 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

.

[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe

[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

[7] 2008-04-14 . DB454135DE1A09FE7FEDA7B554B5CCA2 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

.

[7] 2008-04-15 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe

[7] 2008-04-15 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[7] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

.

[7] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\system32\wuauclt.exe

[7] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\system32\dllcache\wuauclt.exe

[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\ERDNT\cache\wuauclt.exe

[7] 2008-04-14 . FCACAD9819D9A698AC93A7188D97F355 . 112128 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe

.

[7] 2008-04-15 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys

[7] 2008-04-15 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

.

[7] 2010-08-23 . 7826282032F459694DE7BCE330FF31FC . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll

[7] 2010-08-23 . 7826282032F459694DE7BCE330FF31FC . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[7] 2010-08-23 . 7826282032F459694DE7BCE330FF31FC . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[7] 2010-08-23 . 01D982636AFC3A79537B81D9C3DA897A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[7] 2008-04-15 . 1EAA8CD46BFB33307ACAF10EFF80E8BD . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\3383513\comctl32.dll

[7] 2008-04-15 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[7] 2008-04-14 . EFD9660AF9177D90018AC9A9AA42310F . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[7] 2008-04-14 . 1EAA8CD46BFB33307ACAF10EFF80E8BD . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\1298525\comctl32.dll

[7] 2008-04-14 . 1EAA8CD46BFB33307ACAF10EFF80E8BD . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

.

[7] 2008-04-15 . 0A9CF5D3CF63A8699F28C814EF821C7E . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll

[7] 2008-04-15 . 0A9CF5D3CF63A8699F28C814EF821C7E . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[7] 2008-04-14 . 0A9CF5D3CF63A8699F28C814EF821C7E . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll

.

[7] 2009-01-31 08:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll

[7] 2009-01-31 08:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[7] 2008-04-14 21:32 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

.

[7] 2008-04-15 . 58211BB9D2F5C761BFB504C2BBBA8D99 . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll

[7] 2008-04-15 . 58211BB9D2F5C761BFB504C2BBBA8D99 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[7] 2008-04-14 . 58211BB9D2F5C761BFB504C2BBBA8D99 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll

.

[7] 2009-03-21 . 93E2307273AE7B2D5418E132902373A7 . 1032704 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[7] 2009-03-21 . CE7EFE07C7119C8CD09D953AD9ECA7CD . 1030656 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll

[7] 2009-03-21 . CE7EFE07C7119C8CD09D953AD9ECA7CD . 1030656 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[7] 2009-03-21 . CE7EFE07C7119C8CD09D953AD9ECA7CD . 1030656 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[7] 2008-04-15 . 09BCB7171F8172C2BA0189FE1F9C25CB . 1030656 . . [5.1.2600.5512] . . c:\windows\uninstall updates\$NtUninstallKB959426$\kernel32.dll

[7] 2008-04-14 . 09BCB7171F8172C2BA0189FE1F9C25CB . 1030656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll

.

[7] 2008-04-15 . 9234F9A97016954CC67C01DA9C4F39C2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll

[7] 2008-04-15 . 9234F9A97016954CC67C01DA9C4F39C2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[7] 2008-04-14 . 9234F9A97016954CC67C01DA9C4F39C2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll

.

[7] 2008-04-15 . FE6417AB01E9A5B124A58BE2B5DB663B . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll

[7] 2008-04-15 . FE6417AB01E9A5B124A58BE2B5DB663B . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[7] 2008-04-15 . FE6417AB01E9A5B124A58BE2B5DB663B . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

[7] 2008-04-14 . FE6417AB01E9A5B124A58BE2B5DB663B . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll

.

[7] 2012-08-28 . 56AD20AA74B7C8F452900A97F04645BF . 6008832 . . [8.00.6001.19328] . . c:\windows\system32\mshtml.dll

[7] 2012-08-28 . 56AD20AA74B7C8F452900A97F04645BF . 6008832 . . [8.00.6001.19328] . . c:\windows\system32\dllcache\mshtml.dll

[7] 2012-08-28 . EB88C25DD9097B465F37985958768495 . 6010368 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll

[7] 2012-07-02 . AD719DB00C052DFD62B5BCF44A1BC1D5 . 6010368 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\mshtml.dll

[7] 2012-05-11 . F45E5701FF03719D2AC7FE1B426FCABA . 6009344 . . [8.00.6001.23345] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll

[7] 2012-03-01 . 467D9D5FB15DD88E82768C6F31A7A5D4 . 5980672 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll

[7] 2011-12-17 . 46FE106946083872716147AD223F20C1 . 5980160 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll

[7] 2011-11-04 . E43D37858B634BDE1E099E92F0202458 . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll

[7] 2011-10-03 . 5AF7AC6924E7CB72D76A796262B1C25E . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll

[7] 2011-07-25 . 03B085EEE1DB5F2E32721CF5C72F7A26 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll

[7] 2011-05-30 . 6DE2D62A51F4C110AA995583B7463487 . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll

[7] 2011-02-22 . 80A564DD39C82A79F34F5A093CE1A6BD . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll

[7] 2010-12-20 . 55F5920E04513ED481129E5E1DD94772 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll

[7] 2010-12-20 . 526CE973C994FDA6691D27D803D0B27E . 3609088 . . [7.00.6000.21297] . . c:\windows\ie8\mshtml.dll

[7] 2010-11-05 . 8ED20C64846BB2C7B825A758614107D2 . 3607040 . . [7.00.6000.21295] . . c:\windows\ie7updates\KB2482017-IE7\mshtml.dll

[7] 2010-09-09 . 96A4A9845BC0A858CFB1CDA20F266B9B . 3605504 . . [7.00.6000.21294] . . c:\windows\ERDNT\cache\mshtml.dll

[7] 2010-09-09 . 96A4A9845BC0A858CFB1CDA20F266B9B . 3605504 . . [7.00.6000.21294] . . c:\windows\ie7updates\KB2416400-IE7\mshtml.dll

[7] 2010-06-24 . 0FFE3D08254BBDAD11077FC64EEFBFC7 . 3603968 . . [7.00.6000.21283] . . c:\windows\ie7updates\KB2360131-IE7\mshtml.dll

[7] 2010-05-06 . 47A7DDF5DF0F323F877EEFC75338C4A3 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll

[7] 2010-05-04 . 5B4AB8CA6E711D44F70472BDF08DE2A8 . 3603456 . . [7.00.6000.21264] . . c:\windows\ie7updates\KB2183461-IE7\mshtml.dll

[7] 2010-03-11 . 925644F690B09853EC3D59B83625D5E2 . 3602944 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll

[7] 2010-01-05 . 0719BB9695A3B029689F5F322A98EAF9 . 3599360 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\405ecfba1c36d3d2e268e0f3a30103db\SP3GDR\mshtml.dll

[7] 2010-01-05 . 247E251C82853166DFD161871534F0FB . 3602944 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll

[7] 2010-01-05 . 247E251C82853166DFD161871534F0FB . 3602944 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\405ecfba1c36d3d2e268e0f3a30103db\SP3QFE\mshtml.dll

[7] 2009-10-29 . 460BD186C5F245B99846E0F9EE10CD0B . 3602432 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll

[7] 2009-10-21 . 052E8D2C7459AA94D8A2369CC9A9ACF8 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll

[7] 2009-10-21 . 052E8D2C7459AA94D8A2369CC9A9ACF8 . 3602432 . . [7.00.6000.21142] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll

[7] 2009-08-29 . 032A6374DC1167FF11BAF6F98B7F11C4 . 3600384 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll

[7] 2009-07-19 . 2395491A5DAD04A6B58B9F55945EDCFA . 3600384 . . [7.00.6000.21089] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll

[7] 2009-04-29 . 65B7FE26ABEC85DCAA6EB610D7AFA544 . 3598336 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll

[7] 2009-02-21 . ED8D8B5B74BC2F3F62DC3136294334F5 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll

[7] 2009-02-21 . ED8D8B5B74BC2F3F62DC3136294334F5 . 3596800 . . [7.00.6000.21015] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll

[7] 2008-12-13 . B621B834A8F81D4D4550B91760261B77 . 3594752 . . [7.00.6000.20973] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll

[7] 2008-04-14 . B937B964B164A7B588D09BF419F90875 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll

.

[7] 2008-04-15 . 074C38B50CE71E3EC6DD3F6DAABF4EEF . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll

[7] 2008-04-15 . 074C38B50CE71E3EC6DD3F6DAABF4EEF . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[7] 2008-04-15 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[7] 2008-04-14 . 074C38B50CE71E3EC6DD3F6DAABF4EEF . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll

[7] 2008-04-14 . 61E70054981A2F9E64CEA7CA9479C0AA . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

.

[7] 2009-01-31 . 822D7472532B1154587CA8C7C1E36DE8 . 247296 . . [5.1.2600.5649] . . c:\windows\ERDNT\cache\mswsock.dll

[7] 2009-01-31 . 822D7472532B1154587CA8C7C1E36DE8 . 247296 . . [5.1.2600.5649] . . c:\windows\system32\mswsock.dll

[7] 2008-06-20 . 18740E8EC5BE4B6D66FA0E4CBFD3B9C6 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[7] 2008-04-14 . 6BBC05038DF477F12E930A0F99F7D219 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

.

[7] 2009-01-31 . 534CC5EBAB1476EF5371E443D8AD0255 . 407040 . . [5.1.2600.5582] . . c:\windows\ERDNT\cache\netlogon.dll

[7] 2009-01-31 . 534CC5EBAB1476EF5371E443D8AD0255 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll

[7] 2008-04-14 . E6A7071DF6855AB7CCCC220AC3AAD087 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll

.

[7] 2008-04-15 . 32167CE0150DC2A269D99689A143FB67 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll

[7] 2008-04-15 . 32167CE0150DC2A269D99689A143FB67 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[7] 2008-04-14 . 32167CE0150DC2A269D99689A143FB67 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll

.

[7] 2008-04-15 . 0E3B585761E23C1E35442E972B7E45F9 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll

[7] 2008-04-15 . 0E3B585761E23C1E35442E972B7E45F9 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[7] 2008-04-14 . 0E3B585761E23C1E35442E972B7E45F9 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll

.

[7] 2008-04-15 . E6DCF5DD55AC2655971A478718307D18 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll

[7] 2008-04-15 . E6DCF5DD55AC2655971A478718307D18 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[7] 2008-04-14 . E6DCF5DD55AC2655971A478718307D18 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll

.

[7] 2008-04-15 . E410EC73E2BE2A41D923B006F51C8427 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe

[7] 2008-04-15 . E410EC73E2BE2A41D923B006F51C8427 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[7] 2008-04-14 . E410EC73E2BE2A41D923B006F51C8427 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe

.

[7] 2009-01-31 . ABAEC91155E18BE1215B9170EE6B2F13 . 249856 . . [5.1.2600.5654] . . c:\windows\ERDNT\cache\tapisrv.dll

[7] 2009-01-31 . ABAEC91155E18BE1215B9170EE6B2F13 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\tapisrv.dll

[7] 2008-04-14 . 2BC9FB448F0C2394FF53C83A7BB04731 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll

.

[7] 2008-04-15 . 4CF588D2F2363B73EB4AF57967D46DFF . 580096 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll

[7] 2008-04-15 . 4CF588D2F2363B73EB4AF57967D46DFF . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[7] 2008-04-14 . 4CF588D2F2363B73EB4AF57967D46DFF . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

.

[7] 2008-04-15 . 6818A533ED3B2FA9936DF3DAF45352DF . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe

[7] 2008-04-15 . 6818A533ED3B2FA9936DF3DAF45352DF . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[7] 2008-04-15 . 6818A533ED3B2FA9936DF3DAF45352DF . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

[7] 2008-04-14 . 6818A533ED3B2FA9936DF3DAF45352DF . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe

.

[7] 2012-08-28 . 3DF8D09AAF370851B667D74124761BF7 . 916992 . . [8.00.6001.19328] . . c:\windows\system32\wininet.dll

[7] 2012-08-28 . 3DF8D09AAF370851B667D74124761BF7 . 916992 . . [8.00.6001.19328] . . c:\windows\system32\dllcache\wininet.dll

[7] 2012-08-28 . 81238859FB35A808580517F870D78DDD . 920064 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll

[7] 2012-07-02 . 702678E5C7AE81B5E07E03C34F67D6FF . 920064 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll

[7] 2012-05-16 . 7FC207568D4D9AAFC266FC84F716FEC1 . 920064 . . [8.00.6001.23359] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll

[7] 2012-03-01 . B2E54BC4C5B399547EE3C8188DBBA509 . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll

[7] 2011-12-17 . 38C3CDBC40464D40C7B716C8E154B86C . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll

[7] 2011-11-04 . A484703720C95391777DF05F2458FEF8 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll

[7] 2011-08-22 . EDD945F6C0630DB8453673DF9E7B009E . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll

[7] 2011-06-23 . 3BC2081CD791584B4ED373F3B4959CC8 . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll

[7] 2011-04-25 . 00F17371D9145B114061564BDABD8C24 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll

[7] 2011-02-22 . CC5AE9A79DA18AFD29FB7CF95F23A143 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll

[7] 2010-12-20 . 21A739156ED963C45419D3EB02E44F0C . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll

[7] 2010-12-20 . F0E93A4F86640701D2ED3E8C7301ABA2 . 841216 . . [7.00.6000.21297] . . c:\windows\ie8\wininet.dll

[7] 2010-11-06 . 45E8B2B0922646B7FDEA9A02DB40596E . 841216 . . [7.00.6000.21295] . . c:\windows\ie7updates\KB2482017-IE7\wininet.dll

[7] 2010-09-09 . C32F521FE3B4A32BDBDEDD58D4C7EF3D . 841216 . . [7.00.6000.21293] . . c:\windows\ERDNT\cache\wininet.dll

[7] 2010-09-09 . C32F521FE3B4A32BDBDEDD58D4C7EF3D . 841216 . . [7.00.6000.21293] . . c:\windows\ie7updates\KB2416400-IE7\wininet.dll

[7] 2010-06-24 . 676FA5C5429976FEA8B46FDF2147F2B8 . 841216 . . [7.00.6000.21283] . . c:\windows\ie7updates\KB2360131-IE7\wininet.dll

[7] 2010-05-06 . A319118B77A91EB08AB2BF098D91900E . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll

[7] 2010-05-04 . E001FD787A5FE8C758BC586A26A0E470 . 841216 . . [7.00.6000.21256] . . c:\windows\ie7updates\KB2183461-IE7\wininet.dll

[7] 2010-03-11 . 78EAA246423E49EA6931015CC27C008A . 841216 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll

[7] 2010-01-05 . F802C66238A60FC9A2D86B6D89B0F3ED . 832512 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\405ecfba1c36d3d2e268e0f3a30103db\SP3GDR\wininet.dll

[7] 2010-01-05 . C7B2FE1B42DB42B2E01679845D417408 . 841216 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll

[7] 2010-01-05 . C7B2FE1B42DB42B2E01679845D417408 . 841216 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\405ecfba1c36d3d2e268e0f3a30103db\SP3QFE\wininet.dll

[7] 2009-10-29 . 271E70C5784986E0B76902C70CE5FD9C . 841216 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll

[7] 2009-08-29 . A40687088B5F953DC71BC152F11AFC4A . 840704 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll

[7] 2009-06-29 . 6D1BBF88D2A5B945E3400FFBBDE02BEC . 828928 . . [7.00.6000.21073] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll

[7] 2009-04-29 . 478A5E95C6121A98673EE33DFCBE3400 . 828928 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll

[7] 2009-03-03 . 78B519AC87AD7256C24EF44279EFD694 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll

[7] 2009-03-03 . 78B519AC87AD7256C24EF44279EFD694 . 828416 . . [7.00.6000.21020] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll

[7] 2009-01-31 . C5C71C8265D07F52E304EE906332BEEE . 827904 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll

[7] 2008-04-14 . 80CA4DCDD3DAD65CB8800508076712E7 . 669184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll

.

[7] 2008-04-15 . 520391367546218929749612ABFE840C . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll

[7] 2008-04-15 . 520391367546218929749612ABFE840C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[7] 2008-04-14 . 520391367546218929749612ABFE840C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll

.

[7] 2008-04-15 . 7ED22EA6D840CD388BD68B68580468E1 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll

[7] 2008-04-15 . 7ED22EA6D840CD388BD68B68580468E1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[7] 2008-04-14 . 7ED22EA6D840CD388BD68B68580468E1 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll

.

[7] 2009-01-31 . 36F3CC7AE034B88E1770CDA56D082B4F . 1037312 . . [6.00.2900.5634] . . c:\windows\explorer.exe

[7] 2009-01-31 . 36F3CC7AE034B88E1770CDA56D082B4F . 1037312 . . [6.00.2900.5634] . . c:\windows\ERDNT\cache\explorer.exe

[7] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

.

[7] 2008-04-15 . E67C9B97306DEEFBB481072CE5FF8E07 . 153088 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[7] 2008-04-15 . E67C9B97306DEEFBB481072CE5FF8E07 . 153088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe

[7] 2008-04-14 . E67C9B97306DEEFBB481072CE5FF8E07 . 153088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe

.

[7] 2011-11-01 . 02AF8E4C7B851A213AC70BF6DD6E3537 . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll

[7] 2011-11-01 . 02AF8E4C7B851A213AC70BF6DD6E3537 . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll

[7] 2010-07-16 . 57F12B548695C680421CD1EB8169A1C8 . 1288704 . . [5.1.2600.6010] . . c:\windows\ERDNT\cache\ole32.dll

[7] 2008-04-14 . B2EE0E38A8025D6D7A7F3EEC8CA2829E . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll

.

[7] 2010-04-16 . 36BA0AAABD0AA4798403CB3FF08D5DDD . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

[7] 2010-04-16 . 36BA0AAABD0AA4798403CB3FF08D5DDD . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll

[7] 2010-04-16 . 7BB3922CB9973877D2BF4C7222EA8E70 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

[7] 2008-04-14 . 0996802B726C0CFE94A44CDBD661983A . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll

.

[7] 2008-04-14 . 2D54DB081CDACF8C0B738B9F25B25DCD . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll

[7] 2008-04-14 . 2D54DB081CDACF8C0B738B9F25B25DCD . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll

[7] 2008-04-14 . 2D54DB081CDACF8C0B738B9F25B25DCD . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll

[7] 2008-04-14 . 2D54DB081CDACF8C0B738B9F25B25DCD . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\ksuser.dll

.

[7] 2008-04-15 . E98A8C802CDB31FCF4121D9DFBEA3677 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe

[7] 2008-04-15 . E98A8C802CDB31FCF4121D9DFBEA3677 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[7] 2008-04-14 . E98A8C802CDB31FCF4121D9DFBEA3677 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

.

[7] 2009-07-27 . 2D5D4156292150FE571872C1B88E9299 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[7] 2009-07-27 . 2D5D4156292150FE571872C1B88E9299 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

[7] 2009-07-27 . C28A9E9D28ACDAF8097BE4578C49559B . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

[7] 2008-04-15 . CFB406497D9CF95DFFE17594899FD367 . 135680 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll

[7] 2008-04-14 . CFB406497D9CF95DFFE17594899FD367 . 135680 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll

.

[7] 2008-04-15 . 2803311C919E6A8EBD6A095BE1A41C9A . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll

[7] 2008-04-14 . 2803311C919E6A8EBD6A095BE1A41C9A . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll

.

[7] 2008-04-15 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll

[7] 2008-04-15 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[7] 2008-04-14 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

.

[7] 2008-04-15 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe

[7] 2008-04-15 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[7] 2008-04-15 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

[7] 2008-04-14 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

.

[7] 2008-04-15 . FD3C38635808920F8235BF2FED642F54 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll

[7] 2008-04-15 . FD3C38635808920F8235BF2FED642F54 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[7] 2008-04-15 . FD3C38635808920F8235BF2FED642F54 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[7] 2008-04-14 . FD3C38635808920F8235BF2FED642F54 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

.

[7] 2010-12-09 . 9011D64E9090247C04EE767ED6C7B4BE . 739328 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll

[7] 2010-12-09 . 9011D64E9090247C04EE767ED6C7B4BE . 739328 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll

[7] 2008-04-15 . EF5F6C88C4282A739844DB6013E15720 . 727040 . . [5.1.2600.5512] . . c:\windows\uninstall updates\$NtUninstallKB956572$\ntdll.dll

[7] 2008-04-14 . EF5F6C88C4282A739844DB6013E15720 . 727040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll

.

[7] 2009-02-27 . 987DB6FA4D4EE7DB81004EB0A86578B1 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime

[7] 2009-02-27 . 987DB6FA4D4EE7DB81004EB0A86578B1 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime

[7] 2009-02-27 . C5B2B305D9ADC11FB1C581E6C68002DB . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime

[7] 2008-04-14 . BC1C255415DFCA2E202924A1FBAE3D4F . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime

.

[7] 2008-04-15 . CA64B9406EEDA4FFA2DAEAE1DABCCE42 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll

[7] 2008-04-15 . CA64B9406EEDA4FFA2DAEAE1DABCCE42 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[7] 2008-04-14 . CA64B9406EEDA4FFA2DAEAE1DABCCE42 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll

.

[7] 2008-04-15 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll

[7] 2008-04-15 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[7] 2008-04-15 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll

[7] 2008-04-14 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll

.

[7] 2008-04-15 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys

[7] 2008-04-15 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

.

[7] 2008-04-15 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll

[7] 2008-04-15 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[7] 2008-04-15 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[7] 2008-04-14 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

.

[7] 2008-04-15 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll

[7] 2008-04-15 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[7] 2008-04-14 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll

.

[7] 2008-04-15 . 5B9D0DE64BE96A806819516440FD211C . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll

[7] 2008-04-15 . 5B9D0DE64BE96A806819516440FD211C . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[7] 2008-04-15 . 5B9D0DE64BE96A806819516440FD211C . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[7] 2008-04-14 . 5B9D0DE64BE96A806819516440FD211C . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll

.

[7] 2008-04-15 . E0AEF86A594C9990D6321C5CA239C5B7 . 297472 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll

[7] 2008-04-15 . E0AEF86A594C9990D6321C5CA239C5B7 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[7] 2008-04-14 . E0AEF86A594C9990D6321C5CA239C5B7 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll

.

[-] 2009-01-31 . 1D6C0AA22542503705554E4252781885 . 347648 . . [5.1.2600.5589] . . c:\windows\system32\hnetcfg.dll

[7] 2008-04-14 . 6F18B42068D29B1F6F283DC37057836D . 347648 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll

.

[7] 2008-04-15 . 434A70FA278EB3C42140E3755C2FA4F8 . 175616 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll

[7] 2008-04-15 . 434A70FA278EB3C42140E3755C2FA4F8 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[7] 2008-04-15 . 434A70FA278EB3C42140E3755C2FA4F8 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

[7] 2008-04-14 . 434A70FA278EB3C42140E3755C2FA4F8 . 175616 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll

.

[7] 2008-04-15 . 63F517B1A87DABF3F5ACB8A7952FC1D1 . 12032 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys

[7] 2008-04-15 . 63F517B1A87DABF3F5ACB8A7952FC1D1 . 12032 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys

[7] 2008-04-15 . 63F517B1A87DABF3F5ACB8A7952FC1D1 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[7] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys

[7] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys

[7] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys

[7] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

.

[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys

[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys

[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys

[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

.

[7] 2008-04-15 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys

[7] 2008-04-15 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys

[7] 2008-04-15 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

.

[7] 2010-09-18 07:18 . C7F383764824117AEE9C3ED0FCA78044 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[7] 2010-09-18 06:53 . 7892005CE5CDC809783F452B21FAF58F . 953856 . . [4.1.6151] . . c:\windows\ERDNT\cache\mfc40u.dll

[7] 2010-09-18 06:53 . 7892005CE5CDC809783F452B21FAF58F . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[7] 2010-09-18 06:53 . 7892005CE5CDC809783F452B21FAF58F . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

[7] 2008-04-14 21:32 . 2407EADA5E2E146AB51E925F151DDAA5 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll

.

[7] 2008-04-15 . C56A45A03DCA11712DE9FDF98224230B . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll

[7] 2008-04-15 . C56A45A03DCA11712DE9FDF98224230B . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[7] 2008-04-15 . C56A45A03DCA11712DE9FDF98224230B . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

[7] 2008-04-14 . C56A45A03DCA11712DE9FDF98224230B . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll

.

[7] 2009-01-31 08:27 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll

[7] 2009-01-31 08:27 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[7] 2009-01-31 08:27 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

.

[7] 2012-08-23 . 0D23EDD531CC5D01FC90459ABF14A84F . 2073984 . . [5.1.2600.6284] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[7] 2012-08-23 . 0D23EDD531CC5D01FC90459ABF14A84F . 2073984 . . [5.1.2600.6284] . . c:\windows\SoftwareDistribution\Download\2daa4de0a38b6e80ca758a7b9ea295cb\SP3QFE\ntkrnlpa.exe

[7] 2012-08-23 . 0D23EDD531CC5D01FC90459ABF14A84F . 2073984 . . [5.1.2600.6284] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2012-08-23 . 7AAAEC4FECB02F1C0D45907B2F5109EB . 2073984 . . [5.1.2600.6284] . . c:\windows\SoftwareDistribution\Download\2daa4de0a38b6e80ca758a7b9ea295cb\SP3GDR\ntkrnlpa.exe

[7] 2012-08-23 . 8BFBA25C49E285B83D0C1CCE2EA69CE9 . 2032128 . . [5.1.2600.6284] . . c:\windows\system32\ntkrnlpa.exe

[7] 2012-05-05 . 553D2DED0EA4A6FD4016468A76F24F53 . 2031104 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntkrnlpa.exe

[7] 2010-04-28 . 75EA98BC36C13E976653400F8183D356 . 2071296 . . [5.1.2600.5973] . . c:\windows\ERDNT\cache\ntkrnlpa.exe

[7] 2009-02-09 . 07EE73D79A7CA142463470AEF230082B . 2070528 . . [5.1.2600.5755] . . c:\windows\uninstall updates\$NtUninstallKB971486$\ntkrnlpa.exe

[7] 2009-01-31 . DE961B54D30C7DD6AA6C3BD27D584E30 . 2070400 . . [5.1.2600.5657] . . c:\windows\uninstall updates\$NtUninstallKB956572$\ntkrnlpa.exe

[7] 2008-04-14 . 6129DA5C68C13DCA12E77580730FD770 . 2070272 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

.

[7] 2008-04-15 12:00 . AC1A78237B53044735693633F8235468 . 437248 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll

[7] 2008-04-15 12:00 . AC1A78237B53044735693633F8235468 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[7] 2008-04-15 12:00 . AC1A78237B53044735693633F8235468 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[7] 2008-04-14 21:32 . AC1A78237B53044735693633F8235468 . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll

.

[7] 2008-04-15 . 01653D6C9604F1FB31A76EC94E08954F . 186368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll

[7] 2008-04-15 . 01653D6C9604F1FB31A76EC94E08954F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[7] 2008-04-15 . 01653D6C9604F1FB31A76EC94E08954F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

[7] 2008-04-14 . 01653D6C9604F1FB31A76EC94E08954F . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll

.

[7] 2008-04-15 . 3A9974C925F4500BFF226F61DE1C4AF8 . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll

[7] 2008-04-15 . 3A9974C925F4500BFF226F61DE1C4AF8 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

[7] 2008-04-15 . 3A9974C925F4500BFF226F61DE1C4AF8 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

[7] 2008-04-14 . 3A9974C925F4500BFF226F61DE1C4AF8 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll

.

[7] 2009-01-31 . 6211531BFC60CF965197E3CC0525C653 . 1689088 . . [5.03.2600.5601] . . c:\windows\ERDNT\cache\d3d9.dll

[7] 2009-01-31 . 6211531BFC60CF965197E3CC0525C653 . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\d3d9.dll

[7] 2009-01-31 . 6211531BFC60CF965197E3CC0525C653 . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\dllcache\d3d9.dll

[7] 2008-04-14 . 85F98F220C5E69E08149186BFEEF7B70 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll

.

[7] 2008-04-15 . 7D2ABE7AA2D6CBC1CB0A1EB8B2619FCF . 279552 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\ddraw.dll

[7] 2008-04-15 . 7D2ABE7AA2D6CBC1CB0A1EB8B2619FCF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

[7] 2008-04-15 . 7D2ABE7AA2D6CBC1CB0A1EB8B2619FCF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll

[7] 2008-04-14 . 7D2ABE7AA2D6CBC1CB0A1EB8B2619FCF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll

.

[7] 2008-04-15 12:00 . 6508ED3152C29B28B5E9183160DD2686 . 84992 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\olepro32.dll

[7] 2008-04-15 12:00 . 6508ED3152C29B28B5E9183160DD2686 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

[7] 2008-04-15 12:00 . 6508ED3152C29B28B5E9183160DD2686 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll

[7] 2008-04-14 21:32 . 6508ED3152C29B28B5E9183160DD2686 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll

.

[7] 2008-04-15 . E62337E275E82AA3F0ABFFED7E6E01E2 . 41472 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\perfctrs.dll

[7] 2008-04-15 . E62337E275E82AA3F0ABFFED7E6E01E2 . 41472 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

[7] 2008-04-15 . E62337E275E82AA3F0ABFFED7E6E01E2 . 41472 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll

[7] 2008-04-14 . E62337E275E82AA3F0ABFFED7E6E01E2 . 41472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll

.

[7] 2008-04-15 . 85844EC167674A67F547E13747E3E0E3 . 18944 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\version.dll

[7] 2008-04-15 . 85844EC167674A67F547E13747E3E0E3 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[7] 2008-04-14 . 85844EC167674A67F547E13747E3E0E3 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll

.

[7] 2010-12-20 . B74CBEBA34E3CAA2CCACC87FEE8A16C0 . 634648 . . [7.00.6000.21297] . . c:\windows\ie8\iexplore.exe

[7] 2010-10-18 . DA6E1F0F1932B62DD2F6ED05541C555C . 634648 . . [7.00.6000.21295] . . c:\windows\ie7updates\KB2482017-IE7\iexplore.exe

[7] 2010-08-25 . F047BEB9771E45A05F425499A30F9BBA . 634648 . . [7.00.6000.21293] . . c:\windows\ERDNT\cache\iexplore.exe

[7] 2010-08-25 . F047BEB9771E45A05F425499A30F9BBA . 634648 . . [7.00.6000.21293] . . c:\windows\ie7updates\KB2416400-IE7\iexplore.exe

[7] 2010-06-17 . B0BC6DC9C9277250C5C8F7B7A48A02CC . 634648 . . [7.00.6000.21283] . . c:\windows\ie7updates\KB2360131-IE7\iexplore.exe

[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\ie7updates\KB2183461-IE7\iexplore.exe

[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\iexplore.exe

[7] 2009-12-18 . 53C291F3B01EECECBD7FD358EA3ACC94 . 634648 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\405ecfba1c36d3d2e268e0f3a30103db\SP3GDR\iexplore.exe

[7] 2009-12-18 . D19E56D5930C37CF211867DF450C372A . 634632 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\iexplore.exe

[7] 2009-12-18 . D19E56D5930C37CF211867DF450C372A . 634632 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\405ecfba1c36d3d2e268e0f3a30103db\SP3QFE\iexplore.exe

[7] 2009-10-28 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\iexplore.exe

[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976325-IE7\iexplore.exe

[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe

[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe

[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe

[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe

[7] 2009-01-31 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe

[7] 2008-04-14 . 164B6F619C579FAD4E548ACC654FF710 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

.

[7] 2012-08-23 . 1D623A68C867B69B031132E93706329F . 2197248 . . [5.1.2600.6284] . . c:\windows\SoftwareDistribution\Download\2daa4de0a38b6e80ca758a7b9ea295cb\SP3GDR\ntoskrnl.exe

[7] 2012-08-23 . 46B0CC36308F546A128FBB32DA498D6E . 2197376 . . [5.1.2600.6284] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[7] 2012-08-23 . 46B0CC36308F546A128FBB32DA498D6E . 2197376 . . [5.1.2600.6284] . . c:\windows\SoftwareDistribution\Download\2daa4de0a38b6e80ca758a7b9ea295cb\SP3QFE\ntoskrnl.exe

[7] 2012-08-23 . 46B0CC36308F546A128FBB32DA498D6E . 2197376 . . [5.1.2600.6284] . . c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2012-08-23 . E440486E8C4BEEAD2445F1D58AA87DCD . 2153472 . . [5.1.2600.6284] . . c:\windows\system32\ntoskrnl.exe

[7] 2012-05-05 . C6099BF41A5DE1D616C80892BBC234B1 . 2152960 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntoskrnl.exe

[7] 2010-04-28 . 59582F46CAAAA049DB613B4005AF57B5 . 2194432 . . [5.1.2600.5973] . . c:\windows\ERDNT\cache\ntoskrnl.exe

[7] 2009-02-10 . 7625D5BAFD2A4A8458468B139C893BB7 . 2193536 . . [5.1.2600.5755] . . c:\windows\uninstall updates\$NtUninstallKB971486$\ntoskrnl.exe

[7] 2009-01-31 . E332B6DE826D4222A758E3264AD8D520 . 2193536 . . [5.1.2600.5657] . . c:\windows\uninstall updates\$NtUninstallKB956572$\ntoskrnl.exe

[7] 2008-04-14 . 140A1BAD8A6642C1386BB5B388EB447F . 2193408 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

.

[7] 2008-04-15 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll

[7] 2008-04-15 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[7] 2008-04-14 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

.

[7] 2009-01-31 . 99BDD2DFF6F04482B738A90D74688212 . 176640 . . [5.1.2600.5635] . . c:\windows\system32\w32time.dll

[7] 2008-04-14 . 390D8E65F362327AD510B08971478301 . 176128 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll

.

[7] 2008-04-15 . 5AE996186D2DC694FEF88F14A3FC9242 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

[7] 2008-04-15 . 5AE996186D2DC694FEF88F14A3FC9242 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll

[7] 2008-04-14 . 5AE996186D2DC694FEF88F14A3FC9242 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll

.

[7] 2008-04-15 . 5203C84A11E39CBB1408F5E2767B04ED . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

[7] 2008-04-14 . 5203C84A11E39CBB1408F5E2767B04ED . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll

.

[7] 2008-04-15 . 3D5CC4BFF926A0ABD4F5A117825629A3 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

[7] 2008-04-14 . 3D5CC4BFF926A0ABD4F5A117825629A3 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll

.

[7] 2008-04-15 . 514490ECBBA4CCC950ED5CBBFE327CF4 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll

[7] 2008-04-14 . 514490ECBBA4CCC950ED5CBBFE327CF4 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016]

"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start Linkscanner Uninstall Survey | AVG Nederland" [?]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-07 19:45 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Event Reminder.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Event Reminder.lnk

backup=c:\windows\pss\Event Reminder.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]

2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2009-04-07 08:13 673616 ----a-w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2009-08-28 11:39 33673216 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

2008-04-15 12:00 172032 -c--a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-08-01 22:48 13529088 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-08-01 22:48 86016 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-08-01 22:48 1630208 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2011-11-13 11:21 1833576 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"UxTuneUp"=2 (0x2)

"TuneUp.UtilitiesSvc"=2 (0x2)

"TuneUp.Defrag"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R?2 CareMon;CareMon;c:\program files\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [6-7-2012 19:43 146792]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [22-1-2012 16:37 14776]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14-3-2012 8:40 120152]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [22-1-2012 16:38 913792]

R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [14-10-2012 13:20 2203160]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7-3-2012 15:40 913144]

R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [6-7-2012 19:43 354176]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [30-6-2012 16:06 1390976]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29-4-2009 20:56 1691480]

S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [29-7-2010 0:25 25112]

S4 gupdate1c9f4c22818bd34;Google Update Service (gupdate1c9f4c22818bd34); [x]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29-4-2009 18:26 715248]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2012-09-21 c:\windows\Tasks\Epson Printer Software Downloader.job

- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=e7184e50-7724-482b-8f9f-35f9b334d908&searchtype=ds&q={searchTerms}

TCP: Interfaces\{33B2C9B4-6930-4D58-8F03-A5299012B3AC}: NameServer = 192.168.0.1,192.168.0.3

TCP: Interfaces\{3433E096-81BE-4F54-B862-D2C96648184A}: NameServer = 192.168.0.1,192.168.0.3

TCP: Interfaces\{47B381AD-8EF0-4CA8-B14A-C2F1DEC598BC}: NameServer = 192.168.0.1,192.168.0.5

TCP: Interfaces\{7D8E9A1D-1486-4795-BA3C-A574B239B7DA}: NameServer = 192.168.0.1,192.168.0.5

DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab

DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://download10.managerzone.com/soccer-3d/PowerLoader.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe

MSConfigStartUp-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe

MSConfigStartUp-PowerSuite - c:\progra~1\Uniblue\POWERS~1\launcher.exe

MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-15 18:59

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1757981266-1454471165-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36102093-9564-96CC-E35C-D98B50165EEA}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(2412)

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE

c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2012-10-15 19:02:52 - machine werd herstart

ComboFix-quarantined-files.txt 2012-10-15 17:02

.

Pre-Run: 7.061.241.856 bytes beschikbaar

Post-Run: 7.354.130.432 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="windows xp professional" 2

.

- - End Of File - - CDA8800C4121DBD40E0464F0D26BE179

kan iemand mij vertellen of mijn problemen nu voorbij zijn?

alvast bedankt

marielle

[kape]

Neen ... je problemen zijn nog niet voorbij. Er moet nog wat aan gewerkt worden ;-)

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

f:\FXDrv32.sys

Folder::

c:\documents and settings\All Users\Application Data\Browser Manager

c:\program files\BabylonToolbar

c:\documents and settings\Marielle\Application Data\Babylon

c:\documents and settings\All Users\Application Data\Babylon

c:\documents and settings\Marielle\Application Data\YourFileDownloader

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"=-

Driver::

Browser Manager

FXDrv32

DDS::

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=e7184e50-7724-482b-8f9f-35f9b334d908&searchtype=ds&q={searchTerms}

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[momo7869]

sorry dat het even duurde maar door omstandigheden was ik er niet aan toe gekomen heb nu alles van hierboven opgeschreven en ga dit zo uitvoeren. zodra het klaar is post ik het. alvast bedankt

[momo7869]

ComboFix 12-10-16.02 - Marielle 17-10-2012 10:24:23.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3071.2443 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Marielle\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Marielle\Bureaublad\CFScript.txt

AV: AVG Internet Security Business Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

FILE ::

"f:\FXDrv32.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Babylon

c:\documents and settings\All Users\Application Data\Browser Manager

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\chrome.manifest

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\browsemngr-3.6.xpt

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content\browsemngr.js

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content\overlay.xul

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\install.rdf

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\00

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\01

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\02

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\10

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\11

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\12

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\20

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\21

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\22

c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe

c:\documents and settings\Marielle\Application Data\Babylon

c:\documents and settings\Marielle\Application Data\Babylon\log_file.txt

c:\documents and settings\Marielle\Application Data\YourFileDownloader

c:\program files\BabylonToolbar

c:\program files\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarApp.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarEng.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarsrv.exe

c:\program files\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarTlbr.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.8.0.7\escortShld.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.8.0.7\uninstall.exe

.

---- Voorgaande Run -------

.

c:\windows\system32\avgfwdx.dll

c:\windows\system32\msstdfmt.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_BROWSER_MANAGER

-------\Legacy_FXDRV32

-------\Service_Browser Manager

-------\Service_FXDrv32

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-17 to 2012-10-17 ))))))))))))))))))))))))))))))

.

.

2012-10-16 23:02 . 2012-10-17 08:20 -------- d--h--r- c:\documents and settings\Marielle\Onlangs geopend

2012-10-16 13:50 . 2008-04-14 20:32 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2012-10-15 21:29 . 2012-10-15 21:29 -------- d-----w- c:\documents and settings\Marielle\Application Data\AVG10

2012-10-15 17:45 . 2012-10-17 08:00 -------- d-----w- c:\windows\system32\CatRoot2

2012-10-15 17:34 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe

2012-10-15 17:24 . 2012-10-15 17:46 181064 ----a-w- c:\windows\PSEXESVC.EXE

2012-10-15 17:23 . 2012-10-15 17:46 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-10-15 17:23 . 2012-10-15 17:23 -------- d-----w- c:\program files\Tweaking.com

2012-10-15 16:17 . 2012-10-15 16:17 -------- d-----w- c:\documents and settings\Marielle\Local Settings\Application Data\ESET

2012-10-15 16:17 . 2012-10-15 16:17 -------- d-----w- c:\documents and settings\Marielle\Application Data\ESET

2012-10-15 15:33 . 2012-10-15 21:10 -------- d-----w- c:\program files\ESET

2012-10-15 14:56 . 2012-10-15 15:05 -------- d-----w- c:\program files\MyDefrag v4.3.1

2012-10-14 12:27 . 2012-10-14 12:27 -------- d-----w- c:\windows\system32\LogFiles

2012-10-14 12:24 . 2012-10-15 11:56 -------- d-----w- c:\program files\Microsoft Bootvis

2012-10-14 11:03 . 2012-10-14 11:03 -------- d-----w- c:\documents and settings\Marielle\Application Data\Fighters

2012-10-14 11:03 . 2012-10-14 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters

2012-10-01 12:37 . 2012-10-01 12:37 -------- d-----w- c:\documents and settings\Marielle\Application Data\Western Software Technologies

2012-09-30 21:27 . 2012-09-30 21:27 -------- d-----w- c:\documents and settings\Marielle\Application Data\PoBros

2012-09-30 21:27 . 2012-09-30 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros

2012-09-29 22:14 . 2012-09-29 22:14 -------- d-----w- c:\documents and settings\Marielle\Application Data\MumboJumbo

2012-09-28 20:42 . 2012-09-28 20:42 -------- d-----w- c:\documents and settings\Marielle\Application Data\iMaxGen

2012-09-23 19:31 . 2012-09-23 19:31 -------- d-----w- c:\documents and settings\Marielle\Application Data\Silverback Productions

2012-09-21 18:50 . 2008-04-15 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2012-09-21 18:50 . 2012-10-03 07:13 -------- d-----w- c:\windows\system32\NtmsData

2012-09-21 18:43 . 2012-10-15 15:22 99135654 ----a-w- c:\documents and settings\Marielle\Application Data\hkey_local_machine.reg

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-08 08:42 . 2012-04-09 08:49 696520 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-08 08:42 . 2011-07-20 06:26 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-28 15:17 . 2009-01-31 08:29 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2009-01-31 08:29 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2009-01-31 08:29 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2008-04-15 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-23 06:26 . 2009-01-31 08:27 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:26 . 2008-08-14 17:28 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-01-31 . 1D6C0AA22542503705554E4252781885 . 347648 . . [5.1.2600.5589] . . c:\windows\system32\hnetcfg.dll

[7] 2008-04-14 . 6F18B42068D29B1F6F283DC37057836D . 347648 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016]

"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-07 19:45 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Event Reminder.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Event Reminder.lnk

backup=c:\windows\pss\Event Reminder.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]

2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2009-04-07 08:13 673616 -c--a-w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2009-08-28 11:39 33673216 -c--a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

2008-04-15 12:00 172032 -c--a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-08-01 22:48 13529088 -c--a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-08-01 22:48 86016 -c--a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-08-01 22:48 1630208 -c--a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-18 18:56 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2011-11-13 11:21 1833576 -c--a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"UxTuneUp"=2 (0x2)

"TuneUp.UtilitiesSvc"=2 (0x2)

"TuneUp.Defrag"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R?2 CareMon;CareMon;c:\program files\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [6-7-2012 19:43 146792]

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 8:13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-3-2011 16:03 32592]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [22-1-2012 16:37 14776]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 6:41 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5-4-2011 0:59 297168]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [22-1-2012 16:38 913792]

R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [9-3-2011 19:24 2708024]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31-1-2012 15:02 7391072]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 5:33 269520]

R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [6-7-2012 19:43 354176]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12-7-2010 4:33 30432]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [27-5-2011 19:05 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 7:53 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 7:53 27216]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [30-6-2012 16:06 1390976]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29-4-2009 20:56 1691480]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12-7-2010 4:33 30432]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [29-7-2010 0:25 25112]

S4 gupdate1c9f4c22818bd34;Google Update Service (gupdate1c9f4c22818bd34); [x]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29-4-2009 18:26 715248]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2012-10-16 c:\windows\Tasks\Epson Printer Software Downloader.job

- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=e7184e50-7724-482b-8f9f-35f9b334d908&searchtype=ds&q={searchTerms}

TCP: Interfaces\{7D8E9A1D-1486-4795-BA3C-A574B239B7DA}: NameServer = 192.168.0.1,192.168.0.3

DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab

DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://download10.managerzone.com/soccer-3d/PowerLoader.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.8.0.7\uninstall.exe

AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\documents and settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-17 10:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1757981266-1454471165-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36102093-9564-96CC-E35C-D98B50165EEA}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(3740)

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG10\avgchsvx.exe

c:\progra~1\AVG\AVG10\avgrsx.exe

c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE

c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\AVG\AVG10\avgcsrvx.exe

c:\program files\AVG\AVG10\avgnsx.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\AVG\AVG10\avgcsrvx.exe

c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2012-10-17 10:36:04 - machine werd herstart

ComboFix-quarantined-files.txt 2012-10-17 08:36

ComboFix2.txt 2012-10-15 17:02

.

Pre-Run: 10.004.635.648 bytes beschikbaar

Post-Run: 9.973.358.592 bytes beschikbaar

.

- - End Of File - - 833C0A96BDEE576ACB98F4B876EBB8AF

[momo7869]

en nog even een vraagje

ik heb gekeken onder C: en daar zie ik 2 bestanden staan die best wel veel opslag gebruiken. de ene heet

pagefile systeembestand 3.143.680 kb en de andere

hiberfil systeembestand 3.144.948 kb

deze bestanden moeten zeker blijven staan?

[kape]

en nog even een vraagje

ik heb gekeken onder C: en daar zie ik 2 bestanden staan die best wel veel opslag gebruiken. de ene heet

pagefile systeembestand 3.143.680 kb en de andere

hiberfil systeembestand 3.144.948 kb

deze bestanden moeten zeker blijven staan?

Inderdaad.

Verder ziet je nieuwe logje van Combofix er netjes uit. Hoe staat het nu met de snelheid van de PC ?

[momo7869]

het opstarten blijft sloom gaan. krijg eerst een beeld van merk moederbord. duurt ong. 20 sec dan gaat het weg. dan krijg ik zwart beeld met knipperende cursor. die blijft ook ongeveer die tijd staan. dan krijg ik beeld met 3 keuzes en hij staat auto op xp opstarten dan start xp op dat gaat volgens mij zoals het hoort. als xp is opgestart duurt het nog ong. anderhalf tot 2 minuten voordat mijn werkbalk compleet is opgestart en ik dan eindelijk aan de slag kan

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\PSEXESVC.EXE

Folder::

c:\program files\ESET

c:\documents and settings\Marielle\Application Data\ESET

c:\documents and settings\Marielle\Local Settings\Application Data\ESET

DDS::

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=e7184e50-7724-482b-8f9f-35f9b334d908&searchtype=ds&q={searchTerms}

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[momo7869]

ComboFix 12-10-16.02 - Marielle 18-10-2012 9:56.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3071.2345 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Marielle\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Marielle\Bureaublad\CFScript.txt

AV: AVG Internet Security Business Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

FILE ::

"c:\windows\PSEXESVC.EXE"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Marielle\Application Data\ESET

c:\documents and settings\Marielle\Local Settings\Application Data\ESET

c:\program files\ESET

c:\windows\PSEXESVC.EXE

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-18 to 2012-10-18 ))))))))))))))))))))))))))))))

.

.

2012-10-17 17:19 . 2012-10-18 07:54 -------- d--h--r- c:\documents and settings\Marielle\Onlangs geopend

2012-10-17 08:34 . 2012-10-17 08:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

2012-10-16 13:50 . 2008-04-14 20:32 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2012-10-15 21:29 . 2012-10-15 21:29 -------- d-----w- c:\documents and settings\Marielle\Application Data\AVG10

2012-10-15 17:45 . 2012-10-18 07:50 -------- d-----w- c:\windows\system32\CatRoot2

2012-10-15 17:34 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe

2012-10-15 17:23 . 2012-10-15 17:46 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-10-15 17:23 . 2012-10-15 17:23 -------- d-----w- c:\program files\Tweaking.com

2012-10-15 14:56 . 2012-10-15 15:05 -------- d-----w- c:\program files\MyDefrag v4.3.1

2012-10-14 12:27 . 2012-10-14 12:27 -------- d-----w- c:\windows\system32\LogFiles

2012-10-14 12:24 . 2012-10-15 11:56 -------- d-----w- c:\program files\Microsoft Bootvis

2012-10-14 11:03 . 2012-10-14 11:03 -------- d-----w- c:\documents and settings\Marielle\Application Data\Fighters

2012-10-14 11:03 . 2012-10-14 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters

2012-10-01 12:37 . 2012-10-01 12:37 -------- d-----w- c:\documents and settings\Marielle\Application Data\Western Software Technologies

2012-09-30 21:27 . 2012-09-30 21:27 -------- d-----w- c:\documents and settings\Marielle\Application Data\PoBros

2012-09-30 21:27 . 2012-09-30 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros

2012-09-29 22:14 . 2012-09-29 22:14 -------- d-----w- c:\documents and settings\Marielle\Application Data\MumboJumbo

2012-09-28 20:42 . 2012-09-28 20:42 -------- d-----w- c:\documents and settings\Marielle\Application Data\iMaxGen

2012-09-23 19:31 . 2012-09-23 19:31 -------- d-----w- c:\documents and settings\Marielle\Application Data\Silverback Productions

2012-09-21 18:50 . 2008-04-15 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2012-09-21 18:50 . 2012-10-03 07:13 -------- d-----w- c:\windows\system32\NtmsData

2012-09-21 18:43 . 2012-10-15 15:22 99135654 ----a-w- c:\documents and settings\Marielle\Application Data\hkey_local_machine.reg

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-08 08:42 . 2012-04-09 08:49 696520 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-08 08:42 . 2011-07-20 06:26 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-28 15:17 . 2009-01-31 08:29 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2009-01-31 08:29 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2009-01-31 08:29 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2008-04-15 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-23 06:26 . 2009-01-31 08:27 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:26 . 2008-08-14 17:28 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-01-31 . 1D6C0AA22542503705554E4252781885 . 347648 . . [5.1.2600.5589] . . c:\windows\system32\hnetcfg.dll

[7] 2008-04-14 . 6F18B42068D29B1F6F283DC37057836D . 347648 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016]

"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-07 19:45 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Event Reminder.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Event Reminder.lnk

backup=c:\windows\pss\Event Reminder.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]

2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2009-04-07 08:13 673616 -c--a-w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2009-08-28 11:39 33673216 -c--a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

2008-04-15 12:00 172032 -c--a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-08-01 22:48 13529088 -c--a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-08-01 22:48 86016 -c--a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-08-01 22:48 1630208 -c--a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-18 18:56 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2011-11-13 11:21 1833576 -c--a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"UxTuneUp"=2 (0x2)

"TuneUp.UtilitiesSvc"=2 (0x2)

"TuneUp.Defrag"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R?2 CareMon;CareMon;c:\program files\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [6-7-2012 19:43 146792]

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 8:13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-3-2011 16:03 32592]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [22-1-2012 16:37 14776]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 6:41 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5-4-2011 0:59 297168]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [22-1-2012 16:38 913792]

R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [9-3-2011 19:24 2708024]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31-1-2012 15:02 7391072]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 5:33 269520]

R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [6-7-2012 19:43 354176]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12-7-2010 4:33 30432]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [27-5-2011 19:05 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 7:53 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 7:53 27216]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [30-6-2012 16:06 1390976]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29-4-2009 20:56 1691480]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12-7-2010 4:33 30432]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [29-7-2010 0:25 25112]

S4 gupdate1c9f4c22818bd34;Google Update Service (gupdate1c9f4c22818bd34); [x]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29-4-2009 18:26 715248]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2012-10-17 c:\windows\Tasks\Epson Printer Software Downloader.job

- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=e7184e50-7724-482b-8f9f-35f9b334d908&searchtype=ds&q={searchTerms}

TCP: Interfaces\{7D8E9A1D-1486-4795-BA3C-A574B239B7DA}: NameServer = 192.168.0.1,192.168.0.3

DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab

DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://download10.managerzone.com/soccer-3d/PowerLoader.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-18 10:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1757981266-1454471165-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36102093-9564-96CC-E35C-D98B50165EEA}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Voltooingstijd: 2012-10-18 10:03:19

ComboFix-quarantined-files.txt 2012-10-18 08:03

ComboFix2.txt 2012-10-17 08:36

ComboFix3.txt 2012-10-15 17:02

.

Pre-Run: 9.970.290.688 bytes beschikbaar

Post-Run: 9.955.860.480 bytes beschikbaar

.

- - End Of File - - 9EA490DE4808C9FE39C64442EF22D5A8

[kape]

Hoe staat het nu met het opstarten van de PC ?