Internet conecties

[thijs089]

Beste,

Sinds kort probeert iets of iemand steeds verbinding te maken met het netwerk op mijn pc. Dit word dan geblokkeerd door mijn virusscanner.
Ik vind dit nogal vervelend aangezien ik niet weet of er nou info over mijn computer het internet op gaat.
Dit staat er in de melding:
Netwerk Schild: Connectie naar malware site directitfast.com/seneke/engine/engine.php?d= en dan nog een lading letters en cijfers.

Ik heb al een virus scan en een spyware scan geprobeerd met avast en adaware maar geen resultaat. Kan iemand mij hier misschien mee helpen?

Mvg, Thijs

[Marckie]

Hallo Thijs,

Download MBAM (Malwarebytes' Anti-Malware) hier of hier.

Dubbelklik op mbam-setup.exe om het programma te installeren.
• Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
• Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
• Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
• Het scannen kan een tijdje duren, dus wees geduldig.
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
• De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
• Kopieer en plak de inhoud van het logje in je volgend antwoord.
  
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

[thijs089]

Hey,

Ik heb eerst de snelle scan geprobeerd maar hij vond niks dus heb ik toen maar de volledige scan gedaan. Hier is de log:

Malwarebytes' Anti-Malware 1.36
Database versie: 2040
Windows 5.1.2600 Service Pack 3

25-4-2009 19:36:28
mbam-log-2009-04-25 (19-36-28).txt

Scan type: Volledige Scan (C:\|F:\|)
Objecten gescand: 123008
Verstreken tijd: 12 minute(s), 48 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Er is verder niks verwijderd want hij heeft niks gevonden; en het probleem is er nog steeds

Mvg, Thijs

[Marckie]

Kan je een hijackthislog maken en deze posten?

[thijs089]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:30, on 25-4-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\InterVideo\WinDVR3\WinDvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Control center.exe] C:\Program Files\iZ3D Driver\Control center.exe /silent
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: S3D Service (Win32) - iZ3D Inc. - C:\Program Files\iZ3D Driver\Win32\S3DCService.exe

--
End of file - 6649 bytes

[Marckie]

Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix...-te-worden
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix start met de scan, kan het zijn dat je een melding (schermpje rootkit!!) krijgt dat de computer moet herstarten omdat een rootkit aangetroffen werd.
Indien dit zo is, zie je in het schermpje dat een aantal bestanden opgelijst worden. Schrijf de namen van deze bestanden inclusief het volledige pad waar ze zich bevinden op een papiertje.
Laat daarna de computer herstarten.
Treden er problemen op, dan post je de namen van de bestanden in je volgende bericht.
Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

[thijs089]

Combofix:

ComboFix 09-04-25.A3 - Thijs 25-04-2009 22:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1453 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Thijs\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-25 to 2009-4-25 ))))))))))))))))))))))))))))))
.

2009-04-25 20:12 . 2009-04-25 20:12 -------- d-----w c:\program files\Trend Micro
2009-04-25 19:02 . 2009-04-25 19:02 -------- d-----w c:\program files\WinASO
2009-04-25 17:18 . 2009-04-25 17:18 -------- d-----w c:\documents and settings\Thijs\Application Data\Malwarebytes
2009-04-25 17:18 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-25 17:18 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 17:18 . 2009-04-25 17:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-25 17:18 . 2009-04-25 17:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 15:46 . 2009-04-25 15:46 -------- d-----w c:\documents and settings\All Users\Application Data\xVBQzqqKguJc0Gc9
2009-04-25 13:40 . 2009-04-25 13:40 122 ---ha-w C:\aaw7boot.cmd
2009-04-25 13:35 . 2009-04-25 13:35 -------- d-----w c:\program files\Xiph.Org
2009-04-25 13:29 . 2009-04-25 13:29 -------- d-----w C:\e426750aed7466cc6a4db8e15c
2009-04-25 13:28 . 2009-04-25 13:28 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-25 13:28 . 2009-04-25 13:29 -------- d-----w C:\823016f75c39ba88cdd97b
2009-04-25 13:28 . 2009-04-25 13:28 3462 ----a-w c:\windows\system32\spupdsvc.inf
2009-04-25 13:28 . 2009-04-25 13:28 -------- d-----w C:\aad010e29cfa25ee6a91fe
2009-04-25 13:27 . 2009-04-25 13:28 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-25 13:27 . 2009-04-25 13:27 -------- d-----w c:\windows\system32\LogFiles
2009-04-25 13:18 . 2009-04-25 13:27 -------- d-----w c:\windows\LastGood
2009-04-25 09:06 . 2009-04-25 08:57 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-25 08:57 . 2009-04-25 08:57 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-25 08:57 . 2009-04-25 08:57 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-25 08:56 . 2009-04-25 08:56 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-25 08:56 . 2009-04-25 08:57 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-25 08:56 . 2009-04-25 08:56 -------- d-----w c:\program files\Lavasoft
2009-04-24 21:29 . 2008-12-09 23:50 190464 ----a-w c:\windows\system32\PCGW32.DLL
2009-04-24 18:59 . 2009-04-24 21:28 -------- d-----w c:\program files\iZ3D Driver
2009-04-24 17:55 . 2009-04-24 21:29 -------- d-----w c:\documents and settings\All Users\Application Data\iZ3D Driver
2009-04-24 17:55 . 2009-04-24 17:55 -------- d-----w c:\documents and settings\Thijs\Application Data\iZ3D Driver
2009-04-22 13:10 . 2009-04-22 13:10 -------- d-----w c:\program files\2BrightSparks
2009-04-22 11:17 . 2009-04-22 11:17 -------- d-----w c:\program files\uTorrent
2009-04-19 15:15 . 2009-04-22 20:06 -------- d-----w c:\documents and settings\Thijs\Application Data\uTorrent
2009-04-19 10:02 . 2009-04-25 12:42 -------- d-----w c:\documents and settings\Thijs\Application Data\Dev-Cpp
2009-04-16 16:05 . 2009-04-16 16:05 379 ----a-w c:\windows\ODBC.INI
2009-04-16 16:04 . 2003-06-18 15:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-04-16 16:03 . 2009-04-16 16:03 -------- d-----w c:\program files\Common Files\L&H
2009-04-16 16:03 . 2009-04-16 16:03 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-16 16:02 . 2009-04-16 16:02 -------- d-----w c:\program files\Microsoft Works
2009-04-16 16:01 . 2009-04-16 16:03 -------- d-----w c:\windows\SHELLNEW
2009-04-16 16:01 . 2009-04-16 16:01 -------- d-----w c:\program files\Microsoft.NET
2009-04-16 15:59 . 2009-04-16 15:59 -------- d--h--r C:\MSOCache
2009-04-11 16:11 . 2009-04-11 16:11 -------- d-----w c:\program files\Haali
2009-04-11 16:10 . 2009-04-11 16:10 -------- d-----w c:\program files\CoreCodec
2009-04-11 16:02 . 2009-04-11 16:03 -------- d-----w c:\documents and settings\Thijs\Application Data\vlc
2009-04-11 16:02 . 2009-04-12 17:17 -------- d-----w c:\documents and settings\Thijs\Application Data\dvdcss
2009-04-11 16:00 . 2009-04-11 16:00 -------- d-----w c:\program files\VideoLAN
2009-04-11 14:28 . 2009-04-11 14:29 -------- d-----w c:\program files\WinPcap
2009-04-11 14:26 . 2009-04-11 14:26 -------- d-----w c:\program files\IMMonitor
2009-04-11 09:15 . 2009-04-11 09:15 -------- d-----w c:\program files\THQ
2009-04-11 09:13 . 2009-04-11 09:13 -------- d-sh--w c:\windows\ftpcache
2009-04-11 09:12 . 2009-04-11 09:12 -------- d-----w c:\documents and settings\Thijs\Application Data\DAEMON Tools
2009-04-11 09:11 . 2009-04-11 09:11 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-11 09:10 . 2009-04-11 09:10 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-11 09:10 . 2009-04-11 09:12 -------- d-----w c:\documents and settings\Thijs\Application Data\DAEMON Tools Lite
2009-04-11 09:02 . 2009-04-11 09:02 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-04-11 09:02 . 2009-04-11 09:07 -------- d-----w c:\program files\DAEMON Tools Pro
2009-04-11 08:57 . 2009-04-11 08:57 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-11 08:56 . 2009-04-11 09:12 -------- d-----w c:\documents and settings\Thijs\Application Data\DAEMON Tools Pro
2009-04-11 08:42 . 2009-04-11 08:42 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\WinZip
2009-04-10 09:11 . 2009-04-24 08:22 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\QuickPar
2009-04-10 09:10 . 2009-04-10 09:11 -------- d-----w c:\program files\QuickPar
2009-04-10 09:08 . 2009-04-10 09:13 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-04-10 06:19 . 2009-04-10 06:19 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\sabnzbd
2009-04-10 06:18 . 2009-04-10 06:18 -------- d-----w c:\program files\SABnzbd
2009-04-07 09:24 . 2009-04-07 09:24 -------- d-----w c:\program files\EA Games
2009-04-07 09:17 . 2009-04-07 09:17 0 ----a-w c:\windows\nsreg.dat
2009-04-07 09:17 . 2009-04-07 09:17 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\Mozilla
2009-04-07 09:11 . 2009-04-07 09:11 86016 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-07 09:11 . 2009-04-07 09:11 262144 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-07 09:10 . 2009-04-07 09:10 -------- d-----w c:\windows\system32\Futuremark
2009-04-07 09:10 . 2007-09-07 12:55 6173 ----a-w c:\windows\system32\drivers\Entech.vxd
2009-04-07 09:10 . 2007-09-07 12:55 27672 ----a-w c:\windows\system32\drivers\Entech.sys
2009-04-07 09:10 . 2007-09-07 12:55 12744 ----a-w c:\windows\system32\drivers\Entech64.sys
2009-04-07 09:10 . 2001-11-19 18:05 3972 ----a-w c:\windows\system32\drivers\PciBus.sys
2009-04-07 09:10 . 2009-04-07 09:10 -------- d-----w c:\program files\Futuremark
2009-04-07 08:26 . 2008-12-20 23:03 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-07 08:26 . 2008-12-20 23:03 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-07 08:26 . 2008-12-20 23:03 267776 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-07 08:26 . 2008-12-19 09:10 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-07 08:26 . 2007-04-17 09:32 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-07 08:26 . 2007-03-08 05:11 1032192 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-07 08:26 . 2008-12-20 23:03 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-07 08:26 . 2008-12-20 23:03 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-07 08:26 . 2008-12-20 23:03 6066688 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-07 08:21 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-07 08:21 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-07 08:21 . 2008-10-16 12:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-06 18:49 . 2009-04-25 13:13 -------- d-----w c:\documents and settings\Thijs\Tracing
2009-04-06 18:49 . 2009-04-06 18:49 -------- d-----w c:\program files\Microsoft
2009-04-06 18:48 . 2009-04-06 18:48 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-06 18:48 . 2009-04-06 18:48 -------- d-----w c:\program files\Windows Live
2009-04-06 18:44 . 2009-04-06 18:44 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-06 15:04 . 2009-04-06 15:04 -------- d-----w c:\program files\Ubisoft
2009-04-06 12:13 . 2009-04-06 12:13 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\ATI
2009-04-06 12:13 . 2009-04-06 12:13 -------- d-----w c:\documents and settings\Thijs\Application Data\ATI
2009-04-06 12:13 . 2009-04-06 12:13 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\documents and settings\Thijs\Application Data\Foxit
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\program files\Foxit Software
2009-04-06 11:05 . 2009-04-06 11:05 64200 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 11:05 . 2009-04-06 11:05 -------- d-----w c:\program files\MSBuild
2009-04-06 11:05 . 2009-04-06 11:06 -------- d-----w c:\windows\system32\XPSViewer
2009-04-06 11:04 . 2009-04-06 11:04 -------- d-----w c:\program files\Reference Assemblies
2009-04-06 11:04 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-06 07:15 . 2009-04-06 07:15 -------- d-----w c:\windows\l2schemas
2009-04-06 07:15 . 2009-04-06 07:15 -------- d-----w c:\windows\system32\nl
2009-04-06 07:15 . 2009-04-06 07:15 -------- d-----w c:\windows\system32\bits
2009-04-06 07:13 . 2009-04-06 07:15 -------- d-----w c:\windows\ServicePackFiles
2009-04-05 18:57 . 2009-04-25 13:11 -------- d-----w c:\windows\system32\nl-nl
2009-04-05 17:46 . 2009-04-05 17:46 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\Criterion Games
2009-04-05 17:33 . 2009-04-05 17:33 -------- d-----w c:\program files\Electronic Arts

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 13:13 . 2009-04-25 13:08 641 ----a-w C:\aaw7boot.log
2009-04-17 12:28 . 2009-04-05 15:48 64952 ----a-w c:\documents and settings\Thijs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 16:06 . 2001-09-07 12:00 87520 ----a-w c:\windows\system32\perfc013.dat
2009-04-16 16:06 . 2001-09-07 12:00 502674 ----a-w c:\windows\system32\perfh013.dat
2009-04-07 09:10 . 2009-04-05 15:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 07:18 . 2009-04-05 15:02 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-06 07:11 . 2004-08-03 21:59 251712 --sha-r C:\ntldr
2009-04-05 15:57 . 2009-04-05 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2009-04-05 15:55 . 2009-04-05 15:55 -------- d-----w c:\program files\Common Files\InterVideo
2009-04-05 15:55 . 2009-04-05 15:55 -------- d-----w c:\program files\InterVideo
2009-04-05 15:42 . 2009-04-05 15:41 -------- d-----w c:\program files\ATI Technologies
2009-04-05 15:41 . 2009-04-05 15:24 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-05 15:38 . 2009-04-05 15:36 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-04-05 15:36 . 2009-04-05 15:36 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-04-05 15:36 . 2009-04-05 15:36 155384 ----a-w c:\windows\system32\guard32.dll
2009-04-05 15:36 . 2009-04-05 15:36 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-04-05 15:36 . 2009-04-05 15:36 -------- d-----w c:\program files\COMODO
2009-04-05 15:33 . 2009-04-05 15:33 -------- d-----w c:\program files\Alwil Software
2009-04-05 15:28 . 2009-04-05 15:28 -------- d-----w c:\program files\Attansic
2009-04-05 15:25 . 2009-04-05 15:25 -------- d-----w c:\program files\Analog Devices
2009-04-05 15:20 . 2009-04-05 15:20 -------- d-----w c:\program files\Intel
2009-04-05 15:03 . 2009-04-05 15:03 -------- d-----w c:\program files\microsoft frontpage
2009-04-05 15:00 . 2009-04-05 15:00 21748 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-25 22:58 . 2009-02-25 22:58 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2009-02-25 21:41 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2009-02-25 21:16 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2009-02-25 20:59 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat
2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat
2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2009-02-25 20:32 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 13:15 . 2009-04-05 15:42 593920 ------w c:\windows\system32\ati2sgag.exe
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-26 17:55 . 2009-01-26 17:55 182995 ----a-w c:\windows\system32\atiicdxx.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Control center.exe"="c:\program files\iZ3D Driver\Control center.exe" [2009-02-24 4566016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-04-05 1851128]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2003-10-16 155648]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-25 516440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-4-5 167936]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutParadise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\Demo\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2007-08-10 26488]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-25 64160]
S1 aswSP;avast! Self Protection; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-04-05 110992]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-04-05 24336]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [2009-01-19 33816]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-25 953168]
S2 S3D Service (Win32);S3D Service (Win32);c:\program files\iZ3D Driver\Win32\S3DCService.exe [2009-02-24 206848]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2006-10-31 35840]


--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - UPNPHOST
.
Inhoud van de 'Gedeelde Taken' map

2009-04-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 08:57]

2009-04-25 c:\windows\Tasks\SyncBack Thijs-Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-04-22 10:00]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Thijs\Application Data\Mozilla\Firefox\Profiles\ahxiunty.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - plugin: c:\documents and settings\Thijs\Application Data\Mozilla\Firefox\Profiles\ahxiunty.default\extensions\battlefieldheroespatcher@ea.com\platform\W​INNT_x86-msvc\plugins\npBFHUpdater.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 22:54
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


c:\windows\system32\drivers\ovfsthxttlnbgom.sys 84992 bytes executable
c:\docume~1\Thijs\LOCALS~1\Temp\ovfsthxytpfvnptnw.tmp 343040 bytes executable
c:\windows\system32\ovfsthxmuynsmsr.dat 512330 bytes
c:\windows\system32\ovfsthxpuwprqhc.dll 19456 bytes executable
c:\windows\system32\ovfsthxruuctkkw.dll 19456 bytes executable
c:\windows\system32\ovfsthxxdjouvui.dat 43 bytes
c:\windows\system32\ovfsthxylvmllhr.dll 61952 bytes executable

Scan succesvol afgerond
verborgen bestanden: 7

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxixfmqpxe]
"imagepath"="\systemroot\system32\drivers\ovfsthxttlnbgom.sys"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(1044)
c:\program files\iZ3D Driver\Win32\S3DInjector.dll
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2009-04-25 22:55
ComboFix-quarantined-files.txt 2009-04-25 20:55

Pre-Run: 117.333.401.600 bytes beschikbaar
Post-Run: 118.555.312.128 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

285 --- E O F --- 2009-04-25 13:11

HijachThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:00, on 25-4-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Control center.exe] C:\Program Files\iZ3D Driver\Control center.exe /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: S3D Service (Win32) - iZ3D Inc. - C:\Program Files\iZ3D Driver\Win32\S3DCService.exe

--
End of file - 6113 bytes

[Marckie]

Rootkit::
c:\docume~1\Thijs\LOCALS~1\Temp\ovfsthxytpfvnptnw.tmp
c:\windows\system32\ovfsthxmuynsmsr.dat
c:\windows\system32\ovfsthxpuwprqhc.dll
c:\windows\system32\ovfsthxruuctkkw.dll
c:\windows\system32\ovfsthxxdjouvui.dat
c:\windows\system32\ovfsthxylvmllhr.dll

Driver::
ovfsthxixfmqpxe

DIRLOOK::
c:\documents and settings\All Users\Application Data\xVBQzqqKguJc0Gc9

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

[thijs089]

Nadat ik dit gedaan heb kreeg ik de netwerk schild melding niet meer. Maar na 5 minuten zij mijn virusscanner dat die bestanden die u hier had neergezet gevonden waren. En die zijn dus weer verwijderd. Maar verder heb ik die melding niet meer gekregen.
De log:

ComboFix 09-04-25.A3 - Thijs 26-04-2009 9:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1590 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Thijs\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Thijs\Bureaublad\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090425-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Thijs\LOCALS~1\Temp\ovfsthxytpfvnptnw.tmp
c:\windows\system32\ovfsthxmuynsmsr.dat
c:\windows\system32\ovfsthxpuwprqhc.dll
c:\windows\system32\ovfsthxruuctkkw.dll
c:\windows\system32\ovfsthxxdjouvui.dat
c:\windows\system32\ovfsthxylvmllhr.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-05-26 to 2009-4-26 ))))))))))))))))))))))))))))))
.

2009-04-25 20:12 . 2009-04-25 20:12 -------- d-----w c:\program files\Trend Micro
2009-04-25 19:02 . 2009-04-25 19:02 -------- d-----w c:\program files\WinASO
2009-04-25 17:18 . 2009-04-25 17:18 -------- d-----w c:\documents and settings\Thijs\Application Data\Malwarebytes
2009-04-25 17:18 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-25 17:18 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 17:18 . 2009-04-25 17:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-25 17:18 . 2009-04-25 17:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 15:46 . 2009-04-25 15:46 -------- d-----w c:\documents and settings\All Users\Application Data\xVBQzqqKguJc0Gc9
2009-04-25 13:35 . 2009-04-25 13:35 -------- d-----w c:\program files\Xiph.Org
2009-04-25 13:28 . 2009-04-25 13:28 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-25 13:28 . 2009-04-25 13:28 -------- d-----w C:\aad010e29cfa25ee6a91fe
2009-04-25 13:27 . 2009-04-25 13:28 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-25 13:27 . 2009-04-25 13:27 -------- d-----w c:\windows\system32\LogFiles
2009-04-25 13:21 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-25 13:20 . 2009-02-09 11:27 2193408 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-25 13:20 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-25 13:20 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-25 13:20 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-25 13:20 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-25 13:20 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-25 13:20 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-25 13:20 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-25 13:20 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-25 13:20 . 2009-02-09 11:27 2149888 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-25 13:20 . 2009-02-09 11:27 2028544 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-25 13:18 . 2009-03-27 06:59 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-25 13:18 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-25 09:06 . 2009-04-25 08:57 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-25 08:57 . 2009-04-25 08:57 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-25 08:57 . 2009-04-25 08:57 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-25 08:56 . 2009-04-25 08:56 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-25 08:56 . 2009-04-25 08:57 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-25 08:56 . 2009-04-25 08:56 -------- d-----w c:\program files\Lavasoft
2009-04-24 21:29 . 2008-12-09 23:50 190464 ----a-w c:\windows\system32\PCGW32.DLL
2009-04-24 18:59 . 2009-04-24 21:28 -------- d-----w c:\program files\iZ3D Driver
2009-04-24 17:55 . 2009-04-24 21:29 -------- d-----w c:\documents and settings\All Users\Application Data\iZ3D Driver
2009-04-24 17:55 . 2009-04-24 17:55 -------- d-----w c:\documents and settings\Thijs\Application Data\iZ3D Driver
2009-04-22 13:10 . 2009-04-22 13:10 -------- d-----w c:\program files\2BrightSparks
2009-04-22 11:17 . 2009-04-22 11:17 -------- d-----w c:\program files\uTorrent
2009-04-19 15:15 . 2009-04-22 20:06 -------- d-----w c:\documents and settings\Thijs\Application Data\uTorrent
2009-04-19 10:02 . 2009-04-25 12:42 -------- d-----w c:\documents and settings\Thijs\Application Data\Dev-Cpp
2009-04-16 16:05 . 2009-04-16 16:05 379 ----a-w c:\windows\ODBC.INI
2009-04-16 16:04 . 2007-04-09 11:23 28040 ----a-w c:\windows\system32\mdimon.dll
2009-04-16 16:03 . 2009-04-16 16:03 -------- d-----w c:\program files\Common Files\L&H
2009-04-16 16:03 . 2009-04-16 16:03 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-16 16:02 . 2009-04-25 21:06 -------- d-----w c:\program files\Microsoft Works
2009-04-16 16:01 . 2009-04-16 16:03 -------- d-----w c:\windows\SHELLNEW
2009-04-16 16:01 . 2009-04-16 16:01 -------- d-----w c:\program files\Microsoft.NET
2009-04-16 15:59 . 2009-04-16 15:59 -------- d--h--r C:\MSOCache
2009-04-11 16:11 . 2009-04-11 16:11 -------- d-----w c:\program files\Haali
2009-04-11 16:10 . 2009-04-11 16:10 -------- d-----w c:\program files\CoreCodec
2009-04-11 16:02 . 2009-04-11 16:03 -------- d-----w c:\documents and settings\Thijs\Application Data\vlc
2009-04-11 16:02 . 2009-04-12 17:17 -------- d-----w c:\documents and settings\Thijs\Application Data\dvdcss
2009-04-11 16:00 . 2009-04-11 16:00 -------- d-----w c:\program files\VideoLAN
2009-04-11 14:28 . 2009-04-11 14:29 -------- d-----w c:\program files\WinPcap
2009-04-11 14:26 . 2009-04-11 14:26 -------- d-----w c:\program files\IMMonitor
2009-04-11 09:15 . 2009-04-11 09:15 -------- d-----w c:\program files\THQ
2009-04-11 09:13 . 2009-04-11 09:13 -------- d-sh--w c:\windows\ftpcache
2009-04-11 09:12 . 2009-04-11 09:12 -------- d-----w c:\documents and settings\Thijs\Application Data\DAEMON Tools
2009-04-11 09:11 . 2009-04-11 09:11 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-11 09:10 . 2009-04-11 09:10 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-11 09:10 . 2009-04-11 09:12 -------- d-----w c:\documents and settings\Thijs\Application Data\DAEMON Tools Lite
2009-04-11 09:02 . 2009-04-11 09:02 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-04-11 09:02 . 2009-04-11 09:07 -------- d-----w c:\program files\DAEMON Tools Pro
2009-04-11 08:57 . 2009-04-11 08:57 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-11 08:56 . 2009-04-11 09:12 -------- d-----w c:\documents and settings\Thijs\Application Data\DAEMON Tools Pro
2009-04-11 08:42 . 2009-04-11 08:42 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\WinZip
2009-04-10 09:11 . 2009-04-24 08:22 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\QuickPar
2009-04-10 09:10 . 2009-04-10 09:11 -------- d-----w c:\program files\QuickPar
2009-04-10 09:08 . 2009-04-10 09:13 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-04-10 06:19 . 2009-04-10 06:19 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\sabnzbd
2009-04-10 06:18 . 2009-04-10 06:18 -------- d-----w c:\program files\SABnzbd
2009-04-07 09:24 . 2009-04-07 09:24 -------- d-----w c:\program files\EA Games
2009-04-07 09:17 . 2009-04-07 09:17 0 ----a-w c:\windows\nsreg.dat
2009-04-07 09:17 . 2009-04-07 09:17 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\Mozilla
2009-04-07 09:11 . 2009-04-07 09:11 86016 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-07 09:11 . 2009-04-07 09:11 262144 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-07 09:10 . 2009-04-07 09:10 -------- d-----w c:\windows\system32\Futuremark
2009-04-07 09:10 . 2007-09-07 12:55 6173 ----a-w c:\windows\system32\drivers\Entech.vxd
2009-04-07 09:10 . 2007-09-07 12:55 27672 ----a-w c:\windows\system32\drivers\Entech.sys
2009-04-07 09:10 . 2007-09-07 12:55 12744 ----a-w c:\windows\system32\drivers\Entech64.sys
2009-04-07 09:10 . 2001-11-19 18:05 3972 ----a-w c:\windows\system32\drivers\PciBus.sys
2009-04-07 09:10 . 2009-04-07 09:10 -------- d-----w c:\program files\Futuremark
2009-04-07 08:26 . 2009-02-20 17:18 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-07 08:26 . 2009-02-20 17:18 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-07 08:26 . 2009-02-20 17:18 268288 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-07 08:26 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-07 08:26 . 2008-07-09 14:30 1032192 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-07 08:26 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-07 08:26 . 2009-02-20 17:18 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-07 08:26 . 2009-02-20 17:18 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-07 08:26 . 2009-02-20 17:18 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-07 08:21 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-07 08:21 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-07 08:21 . 2008-10-16 12:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-06 18:49 . 2009-04-25 13:13 -------- d-----w c:\documents and settings\Thijs\Tracing
2009-04-06 18:49 . 2009-04-06 18:49 -------- d-----w c:\program files\Microsoft
2009-04-06 18:48 . 2009-04-06 18:48 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-06 18:48 . 2009-04-06 18:48 -------- d-----w c:\program files\Windows Live
2009-04-06 18:44 . 2009-04-06 18:44 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-06 15:04 . 2009-04-06 15:04 -------- d-----w c:\program files\Ubisoft
2009-04-06 12:13 . 2009-04-06 12:13 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\ATI
2009-04-06 12:13 . 2009-04-06 12:13 -------- d-----w c:\documents and settings\Thijs\Application Data\ATI
2009-04-06 12:13 . 2009-04-06 12:13 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\documents and settings\Thijs\Application Data\Foxit
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\program files\Foxit Software
2009-04-06 11:05 . 2009-04-06 11:05 64200 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 11:05 . 2009-04-06 11:05 -------- d-----w c:\program files\MSBuild
2009-04-06 11:05 . 2009-04-06 11:06 -------- d-----w c:\windows\system32\XPSViewer
2009-04-06 11:04 . 2009-04-06 11:04 -------- d-----w c:\program files\Reference Assemblies
2009-04-06 11:04 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-06 07:15 . 2009-04-06 07:15 -------- d-----w c:\windows\l2schemas
2009-04-06 07:15 . 2009-04-06 07:15 -------- d-----w c:\windows\system32\nl
2009-04-06 07:15 . 2009-04-06 07:15 -------- d-----w c:\windows\system32\bits
2009-04-06 07:13 . 2009-04-06 07:15 -------- d-----w c:\windows\ServicePackFiles
2009-04-05 18:57 . 2009-04-25 21:07 -------- d-----w c:\windows\system32\nl-nl
2009-04-05 17:46 . 2009-04-05 17:46 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\Criterion Games
2009-04-05 17:33 . 2009-04-05 17:33 -------- d-----w c:\program files\Electronic Arts

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 07:44 . 2009-04-25 13:08 1251 ----a-w C:\aaw7boot.log
2009-04-26 07:37 . 2001-09-07 12:00 87520 ----a-w c:\windows\system32\perfc013.dat
2009-04-26 07:37 . 2001-09-07 12:00 502674 ----a-w c:\windows\system32\perfh013.dat
2009-04-26 07:33 . 2009-04-05 15:48 64952 ----a-w c:\documents and settings\Thijs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-07 09:10 . 2009-04-05 15:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 07:18 . 2009-04-05 15:02 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-06 07:11 . 2004-08-03 21:59 251712 --sha-r C:\ntldr
2009-04-05 15:57 . 2009-04-05 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2009-04-05 15:55 . 2009-04-05 15:55 -------- d-----w c:\program files\Common Files\InterVideo
2009-04-05 15:55 . 2009-04-05 15:55 -------- d-----w c:\program files\InterVideo
2009-04-05 15:42 . 2009-04-05 15:41 -------- d-----w c:\program files\ATI Technologies
2009-04-05 15:41 . 2009-04-05 15:24 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-05 15:38 . 2009-04-05 15:36 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-04-05 15:36 . 2009-04-05 15:36 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-04-05 15:36 . 2009-04-05 15:36 155384 ----a-w c:\windows\system32\guard32.dll
2009-04-05 15:36 . 2009-04-05 15:36 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-04-05 15:36 . 2009-04-05 15:36 -------- d-----w c:\program files\COMODO
2009-04-05 15:33 . 2009-04-05 15:33 -------- d-----w c:\program files\Alwil Software
2009-04-05 15:28 . 2009-04-05 15:28 -------- d-----w c:\program files\Attansic
2009-04-05 15:25 . 2009-04-05 15:25 -------- d-----w c:\program files\Analog Devices
2009-04-05 15:20 . 2009-04-05 15:20 -------- d-----w c:\program files\Intel
2009-04-05 15:03 . 2009-04-05 15:03 -------- d-----w c:\program files\microsoft frontpage
2009-04-05 15:00 . 2009-04-05 15:00 21748 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:23 . 2004-08-04 00:03 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:16 . 2004-08-04 00:03 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-25 22:58 . 2009-02-25 22:58 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2009-02-25 21:41 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2009-02-25 21:16 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2009-02-25 20:59 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat
2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat
2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2009-02-25 20:32 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 13:15 . 2009-04-05 15:42 593920 ------w c:\windows\system32\ati2sgag.exe
2009-02-20 17:18 . 2004-08-04 00:03 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 11:27 . 2004-08-04 00:58 2028544 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:27 . 2004-08-03 23:58 2149888 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:27 . 2004-08-04 00:03 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2004-08-04 00:03 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2004-08-04 00:03 734208 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-04 00:03 684544 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2004-08-04 00:03 735744 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2001-09-07 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 00:03 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-26 17:55 . 2009-01-26 17:55 182995 ----a-w c:\windows\system32\atiicdxx.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\All Users\Application Data\xVBQzqqKguJc0Gc9 ----

2009-04-25 15:46 . 2009-04-25 15:46 2581 --sh--r c:\documents and settings\All Users\Application Data\xVBQzqqKguJc0Gc9\PCGWIN32.LI5


((((((((((((((((((((((((((((( SnapShot@2009-04-25_20.54.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-26 07:45 . 2009-04-26 07:45 16384 c:\windows\Temp\Perflib_Perfdata_720.dat
- 2009-04-05 15:25 . 2007-08-10 18:52 26488 c:\windows\system32\spupdsvc.exe
+ 2009-04-05 15:25 . 2008-07-09 07:44 26488 c:\windows\system32\spupdsvc.exe
+ 2009-04-16 16:04 . 2007-04-09 11:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2009-04-16 16:04 . 2007-04-09 11:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2009-04-16 16:04 . 2007-04-09 11:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2009-04-25 13:29 . 2007-11-30 12:39 18808 c:\windows\system32\spmsg.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 44544 c:\windows\system32\pngfilt.dll
+ 2001-09-07 12:00 . 2009-04-26 07:37 68540 c:\windows\system32\perfc009.dat
- 2001-09-07 12:00 . 2009-04-16 16:06 68540 c:\windows\system32\perfc009.dat
+ 2009-04-05 14:59 . 2008-06-12 14:24 91648 c:\windows\system32\mtxoci.dll
- 2009-04-05 14:59 . 2008-04-14 17:02 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 00:03 . 2008-04-14 17:02 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 00:03 . 2008-06-12 14:24 66560 c:\windows\system32\mtxclu.dll
+ 2007-08-13 16:54 . 2009-02-20 17:18 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 16:54 . 2008-12-20 23:03 52224 c:\windows\system32\msfeedsbs.dll
- 2009-04-05 14:59 . 2008-04-14 17:02 58880 c:\windows\system32\msdtclog.dll
+ 2009-04-05 14:59 . 2008-06-12 14:24 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 27648 c:\windows\system32\jsproxy.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 16:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 16:39 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 00:03 . 2009-02-20 17:18 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 00:03 . 2008-12-19 09:13 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 00:03 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 16:36 . 2009-02-20 17:18 63488 c:\windows\system32\icardie.dll
- 2007-08-13 16:36 . 2008-12-20 23:03 63488 c:\windows\system32\icardie.dll
+ 2007-03-22 17:17 . 2007-03-22 17:17 35440 c:\windows\system32\FM20ENU.DLL
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2001-09-07 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-04 00:03 . 2009-02-20 17:18 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:24 . 2008-06-12 14:24 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:24 . 2008-06-12 14:24 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:24 . 2008-06-12 14:24 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 17:18 . 2009-02-20 17:18 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 00:03 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 00:03 . 2008-12-19 09:13 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-04-05 15:06 . 2009-04-26 07:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-05 15:06 . 2009-04-25 13:13 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-05 15:06 . 2009-04-25 13:13 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2009-04-05 15:06 . 2009-04-26 07:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2009-04-05 15:06 . 2009-04-25 13:13 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-05 15:06 . 2009-04-26 07:32 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-16 16:04 . 2009-04-25 21:08 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-04-16 16:04 . 2009-04-16 16:04 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-04-16 16:04 . 2009-04-16 16:04 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-16 16:04 . 2009-04-25 21:08 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-16 16:04 . 2009-04-25 21:08 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-04-16 16:04 . 2009-04-16 16:04 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-04-16 16:04 . 2009-04-16 16:04 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-16 16:04 . 2009-04-25 21:08 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-04-16 16:04 . 2009-04-16 16:04 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-04-16 16:04 . 2009-04-25 21:08 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-16 16:04 . 2009-04-16 16:04 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-16 16:04 . 2009-04-25 21:08 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2003-01-17 12:03 . 2003-01-17 12:03 59466 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
+ 1999-12-09 19:21 . 1999-12-09 19:21 32768 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XLCALL32.DLL
+ 2009-04-16 16:03 . 2009-04-16 16:03 64088 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-07-14 20:57 . 2003-07-14 20:57 59960 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2002-10-07 07:49 . 2002-10-07 07:49 81983 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2003-07-14 21:00 . 2003-07-14 21:00 99904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2003-07-14 20:53 . 2003-07-14 20:53 11848 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL​.EXE
+ 2003-07-14 20:57 . 2003-07-14 20:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-14 20:44 . 2003-07-14 20:44 66616 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-14 20:43 . 2003-07-14 20:43 74288 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2002-10-07 07:49 . 2002-10-07 07:49 81984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-14 20:57 . 2003-07-14 20:57 40512 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-05-08 19:54 . 2003-05-08 19:54 77824 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-14 20:42 . 2003-07-14 20:42 37432 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-07-14 20:40 . 2003-07-14 20:40 51256 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-01-13 13:04 . 2003-01-13 13:04 39504 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBENV.DLL
+ 2003-07-15 01:18 . 2003-07-15 01:18 93752 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-14 20:43 . 2003-07-14 20:43 49208 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-14 20:43 . 2003-07-14 20:43 64056 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-14 20:44 . 2003-07-14 20:44 88128 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-14 20:41 . 2003-07-14 20:41 24640 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-07-14 20:53 . 2003-07-14 20:53 95792 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OSA.EXE
+ 2009-04-16 16:03 . 2009-04-16 16:03 35448 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL
+ 2003-07-15 01:14 . 2003-07-15 01:14 27192 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-14 20:56 . 2003-07-14 20:56 13888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-14 20:57 . 2003-07-14 20:57 56888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2009-04-16 16:03 . 2009-04-16 16:03 20080 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL
+ 2003-07-14 20:52 . 2003-07-14 20:52 41528 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-06-18 15:31 . 2003-06-18 15:31 16384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-14 20:45 . 2003-07-14 20:45 39488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-07-14 20:45 . 2003-07-14 20:45 55360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-14 20:46 . 2003-07-14 20:46 42040 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-14 20:53 . 2003-07-14 20:53 39488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-14 20:53 . 2003-07-14 20:53 55872 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-07-14 20:52 . 2003-07-14 20:52 35896 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-14 20:52 . 2003-07-14 20:52 28224 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-14 20:56 . 2003-07-14 20:56 54328 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-14 20:52 . 2003-07-14 20:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-14 20:52 . 2003-07-14 20:52 67128 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOHEV.DLL
+ 2003-07-14 20:44 . 2003-07-14 20:44 25144 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-14 20:52 . 2003-07-14 20:52 27704 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-14 20:52 . 2003-07-14 20:52 17464 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-14 20:51 . 2003-07-14 20:51 87104 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-14 20:56 . 2003-07-14 20:56 40504 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-14 21:12 . 2003-07-14 21:12 47872 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-06-18 15:31 . 2003-06-18 15:31 35328 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 15:31 . 2003-06-18 15:31 18944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-18 15:31 . 2003-06-18 15:31 17920 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-07-14 20:45 . 2003-07-14 20:45 58944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
+ 2003-07-14 20:57 . 2003-07-14 20:57 87096 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-14 20:41 . 2003-07-14 20:41 13368 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-14 20:57 . 2003-07-14 20:57 98360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-14 20:56 . 2003-07-14 20:56 14904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-25 16:57 . 2003-07-25 16:57 75832 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-15 01:18 . 2003-07-15 01:18 14400 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DFUIPRXY.DLL
+ 2003-07-15 01:18 . 2003-07-15 01:18 47160 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-14 20:53 . 2003-07-14 20:53 46144 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-14 20:53 . 2003-07-14 20:53 60984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\BLNMGR.DLL
+ 2003-07-14 20:53 . 2003-07-14 20:53 94768 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-14 20:57 . 2003-07-14 20:57 38968 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-14 20:43 . 2003-07-14 20:43 87616 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2009-04-25 21:07 . 2008-12-20 23:03 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-25 21:07 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-25 21:07 . 2008-12-20 23:03 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-25 21:07 . 2008-04-14 17:02 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-25 21:07 . 2008-12-19 09:13 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-25 21:07 . 2008-12-20 23:03 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2009-04-25 21:06 . 2009-04-25 21:06 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-04-25 21:06 . 2009-04-25 21:06 22928 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Offic​e.Interop.SmartTag.dll
+ 2009-04-25 21:06 . 2009-04-25 21:06 38304 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft​.Office.Interop.OutlookViewCtl.dll
+ 2009-04-25 21:06 . 2009-04-25 21:06 91488 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.O​ffice.Interop.InfoPath.Xml.dll
+ 2008-05-05 05:25 . 2008-05-05 05:25 3072 c:\windows\system32\xpsp4res.dll
+ 2009-04-16 16:04 . 2009-04-25 21:08 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-04-16 16:04 . 2009-04-16 16:04 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2003-06-18 15:31 . 2003-06-18 15:31 6144 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
- 2004-08-04 00:03 . 2008-04-14 17:02 354304 c:\windows\system32\winhttp.dll
+ 2004-08-04 00:03 . 2008-12-16 12:33 354304 c:\windows\system32\winhttp.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 233472 c:\windows\system32\webcheck.dll
+ 2009-04-05 14:59 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-04-05 14:59 . 2009-02-09 10:56 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-04-05 14:59 . 2009-02-09 10:56 473600 c:\windows\system32\wbem\fastprox.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 105984 c:\windows\system32\url.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 105984 c:\windows\system32\url.dll
+ 2009-04-16 16:04 . 2007-04-09 11:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2009-04-16 16:04 . 2007-04-09 11:24 758664 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2001-09-07 12:00 . 2009-04-16 16:06 435896 c:\windows\system32\perfh009.dat
+ 2001-09-07 12:00 . 2009-04-26 07:37 435896 c:\windows\system32\perfh009.dat
- 2004-08-04 00:03 . 2008-12-20 23:03 102912 c:\windows\system32\occache.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 102912 c:\windows\system32\occache.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 671232 c:\windows\system32\mstime.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 193024 c:\windows\system32\msrating.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 477696 c:\windows\system32\mshtmled.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 16:54 . 2008-12-20 23:03 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 16:54 . 2009-02-20 17:18 459264 c:\windows\system32\msfeeds.dll
- 2009-04-05 14:59 . 2008-04-14 17:02 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-04-05 14:59 . 2008-06-12 14:24 161792 c:\windows\system32\msdtcuiu.dll
- 2009-04-05 14:59 . 2008-04-14 17:02 956928 c:\windows\system32\msdtctm.dll
+ 2009-04-05 14:59 . 2008-06-12 14:24 956928 c:\windows\system32\msdtctm.dll
+ 2009-04-05 14:59 . 2008-06-12 14:24 428032 c:\windows\system32\msdtcprx.dll
+ 2007-08-13 16:34 . 2009-02-20 17:18 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 10:27 . 2008-12-20 23:03 383488 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 10:27 . 2009-02-20 17:18 383488 c:\windows\system32\ieapfltr.dll
+ 2001-09-07 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2001-09-07 12:00 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 153088 c:\windows\system32\ieakeng.dll
- 2009-04-05 16:50 . 2009-04-17 12:27 248696 c:\windows\system32\FNTCACHE.DAT
+ 2009-04-05 16:50 . 2009-04-26 07:32 248696 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 00:03 . 2008-12-20 23:03 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 00:03 . 2009-03-03 00:16 826368 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 826368 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:33 . 2008-12-16 12:33 354304 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-12 14:24 . 2008-06-12 14:24 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:24 . 2008-06-12 14:24 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:24 . 2008-06-12 14:24 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-04-05 15:00 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 00:03 . 2009-02-20 17:18 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2001-09-07 12:00 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2001-09-07 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 124928 c:\windows\system32\advpack.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 124928 c:\windows\system32\advpack.dll
- 2009-04-16 16:04 . 2009-04-16 16:04 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-04-16 16:04 . 2009-04-25 21:08 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-04-16 16:04 . 2009-04-16 16:04 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-16 16:04 . 2009-04-25 21:08 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-16 16:04 . 2009-04-25 21:08 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-04-16 16:04 . 2009-04-16 16:04 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-04-16 16:04 . 2009-04-25 21:08 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-04-16 16:04 . 2009-04-16 16:04 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-04-16 16:04 . 2009-04-25 21:08 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-16 16:04 . 2009-04-16 16:04 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-04-16 16:04 . 2009-04-25 21:08 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-04-16 16:04 . 2009-04-16 16:04 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-16 16:03 . 2009-04-16 16:03 662120 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL
+ 2003-04-02 09:21 . 2003-04-02 09:21 111632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\WAVTOASF.EXE
+ 2002-10-07 07:51 . 2002-10-07 07:51 221252 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2002-10-07 07:50 . 2002-10-07 07:50 118847 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 07:51 . 2002-10-07 07:51 102467 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 07:51 . 2002-10-07 07:51 147520 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 07:51 . 2002-10-07 07:51 180289 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 07:50 . 2002-10-07 07:50 241729 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 07:53 . 2002-10-07 07:53 106561 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2003-08-06 11:26 . 2003-08-06 11:26 445488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SOA.DLL
+ 2003-08-06 11:31 . 2003-08-06 11:31 362552 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SETLANG.EXE
+ 2003-07-14 20:57 . 2003-07-14 20:57 349248 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-21 09:46 . 2003-07-21 09:46 390712 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2009-04-16 16:03 . 2009-04-16 16:03 211568 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBPIA.DLL
+ 2003-07-14 20:50 . 2003-07-14 20:50 551480 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBCONV.DLL
+ 2003-07-14 20:51 . 2003-07-14 20:51 604728 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PTXT9.DLL
+ 2002-10-07 08:11 . 2002-10-07 08:11 167997 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2003-07-14 20:40 . 2003-07-14 20:40 130104 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PRTF9.DLL
+ 2009-04-16 16:03 . 2009-04-16 16:03 223856 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL
+ 2003-07-15 01:18 . 2003-07-15 01:18 430136 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2009-04-16 16:03 . 2009-04-16 16:03 461416 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL
+ 2009-04-16 16:03 . 2009-04-16 16:03 408176 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL
+ 2003-07-14 20:43 . 2003-07-14 20:43 139320 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2003-07-14 20:45 . 2003-07-14 20:45 196152 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-08 09:48 . 2003-07-08 09:48 115288 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
+ 2003-07-14 20:44 . 2003-07-14 20:44 102968 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 01:14 . 2003-07-15 01:14 242240 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 01:14 . 2003-07-15 01:14 828472 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 01:14 . 2003-07-15 01:14 283696 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2009-04-16 16:03 . 2009-04-16 16:03 223800 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-14 21:00 . 2003-07-14 21:00 145984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-23 20:40 . 2003-07-23 20:40 482872 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-14 20:56 . 2003-07-14 20:56 124984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-14 21:02 . 2003-07-14 21:02 627256 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-14 21:02 . 2003-07-14 21:02 637496 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-06-19 14:05 . 2003-06-19 14:05 364648 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-06-19 14:05 . 2003-06-19 14:05 128104 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-06-18 15:31 . 2003-06-18 15:31 788480 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-07-15 01:18 . 2003-07-15 01:18 376888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-23 20:35 . 2003-07-23 20:35 127032 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 01:14 . 2003-07-15 01:14 106552 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-14 20:57 . 2003-07-14 20:57 120888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2002-04-09 18:14 . 2002-04-09 18:14 187560 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2003-07-15 01:14 . 2003-07-15 01:14 139328 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL
+ 2002-12-17 17:08 . 2002-12-17 17:08 359600 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2003-07-14 20:51 . 2003-07-14 20:51 116288 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
+ 2003-07-14 20:58 . 2003-07-14 20:58 230968 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-14 20:57 . 2003-07-14 20:57 124480 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-07-15 01:13 . 2003-07-15 01:13 130112 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL
+ 2003-07-14 21:01 . 2003-07-14 21:01 445496 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MODHELP.DLL
+ 2003-07-14 20:46 . 2003-07-14 20:46 176696 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-06-18 15:31 . 2003-06-18 15:31 443904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-06-18 15:31 . 2003-06-18 15:31 252928 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-18 15:31 . 2003-06-18 15:31 758784 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-07-23 20:32 . 2003-07-23 20:32 121400 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-07-14 20:53 . 2003-07-14 20:53 161336 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2009-04-16 16:03 . 2009-04-16 16:03 141928 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL
+ 2003-07-25 17:14 . 2003-07-25 17:14 799288 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-14 20:40 . 2003-07-14 20:40 165944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-14 20:40 . 2003-07-14 20:40 179768 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-14 21:36 . 2003-07-14 21:36 186424 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2009-04-16 16:03 . 2009-04-16 16:03 371296 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL
+ 2002-10-07 07:49 . 2002-10-07 07:49 192573 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2003-07-31 13:19 . 2003-07-31 13:19 131648 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-07-15 01:14 . 2003-07-15 01:14 350264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 01:13 . 2003-07-15 01:13 166456 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL
+ 2009-04-16 16:03 . 2009-04-16 16:03 997992 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ACCESS.DLL
+ 2009-04-25 21:07 . 2008-12-20 23:03 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-25 21:07 . 2008-07-09 07:44 401272 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-25 21:07 . 2008-07-08 13:07 234872 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-25 21:07 . 2008-12-20 23:03 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-25 21:07 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-25 21:07 . 2008-12-20 23:03 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-25 21:07 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-25 21:07 . 2008-12-20 23:03 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2009-04-25 21:06 . 2009-04-25 21:06 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-04-25 21:06 . 2009-04-25 21:06 374152 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop​.Forms.dll
+ 2009-04-25 21:06 . 2009-04-25 21:06 664968 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.In​terop.Word.dll
+ 2009-04-25 21:06 . 2009-04-25 21:06 214424 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Offi​ce.Interop.Publisher.dll
+ 2009-04-25 21:06 . 2009-04-25 21:06 226712 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Off​ice.Interop.PowerPoint.dll
+ 2009-04-25 21:06 . 2009-04-25 21:06 464272 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.I​nterop.Owc11.dll
+ 2009-04-25 21:06 . 2009-04-25 21:06 411024 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office​.Interop.Outlook.dll
+ 2009-04-25 21:06 . 2009-04-25 21:06 103776 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Offic​e.Interop.InfoPath.dll
+ 2009-04-25 21:06 . 2009-04-25 21:06 144784 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.I​nterop.Graph.dll
- 2004-08-04 00:03 . 2008-12-20 23:03 1160192 c:\windows\system32\urlmon.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 1160192 c:\windows\system32\urlmon.dll
- 2004-08-04 00:03 . 2008-04-14 17:02 1292288 c:\windows\system32\quartz.dll
+ 2004-08-04 00:03 . 2008-12-20 22:15 1292288 c:\windows\system32\quartz.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 3595264 c:\windows\system32\mshtml.dll
- 2004-08-04 00:03 . 2008-04-14 17:02 1030656 c:\windows\system32\kernel32.dll
+ 2004-08-04 00:03 . 2009-03-21 14:09 1030656 c:\windows\system32\kernel32.dll
+ 2007-08-13 16:54 . 2009-02-20 17:18 6066176 c:\windows\system32\ieframe.dll
- 2007-02-12 14:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat
+ 2007-02-12 14:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
+ 2007-06-06 08:53 . 2007-06-06 08:53 1195888 c:\windows\system32\FM20.DLL
- 2004-08-04 00:03 . 2008-12-20 23:03 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 00:03 . 2009-02-20 17:18 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 22:15 . 2008-12-20 22:15 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2009-02-10 17:10 . 2009-02-10 17:10 2070400 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2004-08-04 00:03 . 2009-02-20 17:18 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2009-03-21 14:09 . 2009-03-21 14:09 1030656 c:\windows\system32\dllcache\kernel32.dll
+ 2003-04-30 09:52 . 2003-04-30 09:52 1581120 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2002-10-07 08:03 . 2002-10-07 08:03 1794113 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-07-03 13:19 . 2003-07-03 13:19 2502656 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2003-08-03 08:52 . 2003-08-03 08:52 2808376 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-31 13:21 . 2003-07-31 13:21 1782840 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-30 10:40 . 2003-07-30 10:40 6133312 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-08-01 13:09 . 2003-08-01 13:09 8086072 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-08-04 11:19 . 2003-08-04 11:19 7330360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
+ 2003-08-09 21:06 . 2003-08-09 21:06 7522360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-07 11:36 . 2003-07-07 11:36 2058343 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-14 21:05 . 2003-07-14 21:05 1054264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-28 10:24 . 2003-07-28 10:24 5677112 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPUB.EXE
+ 2003-06-18 15:31 . 2003-06-18 15:31 1033216 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-07-11 00:15 . 2003-07-11 00:15 1292872 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2002-12-17 17:09 . 2002-12-17 17:09 2071752 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2002-12-17 17:08 . 2002-12-17 17:08 1383592 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-08-14 22:54 . 2003-08-14 22:54 6627392 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE
+ 2003-08-01 13:07 . 2003-08-01 13:07 4815424 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INFOPATH.EXE
+ 2003-07-14 21:11 . 2003-07-14 21:11 2139192 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-25 17:00 . 2003-07-25 17:00 1157696 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-23 21:01 . 2003-07-23 21:01 1949240 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-08-03 08:56 . 2003-08-03 08:56 1146184 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2009-04-16 16:03 . 2009-04-16 16:03 1100392 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL
+ 2009-04-25 21:07 . 2008-12-20 23:03 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-25 21:07 . 2009-01-16 19:31 3594752

[Marckie]

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

Folder::
c:\documents and settings\All Users\Application Data\xVBQzqqKguJc0Gc9

Snapshot::

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

[thijs089]

ComboFix 09-04-25.A3 - Thijs 26-04-2009 14:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1556 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Thijs\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Thijs\Bureaublad\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090425-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\xVBQzqqKguJc0Gc9
c:\documents and settings\All Users\Application Data\xVBQzqqKguJc0Gc9\PCGWIN32.LI5

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-05-26 to 2009-4-26 ))))))))))))))))))))))))))))))
.

2009-04-25 20:12 . 2009-04-25 20:12 -------- d-----w c:\program files\Trend Micro
2009-04-25 19:02 . 2009-04-25 19:02 -------- d-----w c:\program files\WinASO
2009-04-25 17:18 . 2009-04-25 17:18 -------- d-----w c:\documents and settings\Thijs\Application Data\Malwarebytes
2009-04-25 17:18 . 2009-04-25 17:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-25 17:18 . 2009-04-26 08:51 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 13:35 . 2009-04-25 13:35 -------- d-----w c:\program files\Xiph.Org
2009-04-25 13:28 . 2009-04-25 13:28 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-25 13:28 . 2009-04-25 13:28 -------- d-----w C:\aad010e29cfa25ee6a91fe
2009-04-25 13:27 . 2009-04-25 13:28 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-25 13:27 . 2009-04-25 13:27 -------- d-----w c:\windows\system32\LogFiles
2009-04-25 13:21 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-25 13:20 . 2009-02-09 11:27 2193408 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-25 13:20 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-25 13:20 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-25 13:20 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-25 13:20 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-25 13:20 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-25 13:20 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-25 13:20 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-25 13:20 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-25 13:20 . 2009-02-09 11:27 2149888 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-25 13:20 . 2009-02-09 11:27 2028544 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-25 13:18 . 2009-03-27 06:59 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-25 13:18 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-25 09:06 . 2009-04-25 08:57 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-25 08:57 . 2009-04-25 08:57 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-25 08:57 . 2009-04-25 08:57 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-25 08:56 . 2009-04-25 08:56 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-25 08:56 . 2009-04-25 08:57 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-25 08:56 . 2009-04-25 08:56 -------- d-----w c:\program files\Lavasoft
2009-04-24 21:29 . 2008-12-09 23:50 190464 ----a-w c:\windows\system32\PCGW32.DLL
2009-04-24 18:59 . 2009-04-24 21:28 -------- d-----w c:\program files\iZ3D Driver
2009-04-24 17:55 . 2009-04-24 21:29 -------- d-----w c:\documents and settings\All Users\Application Data\iZ3D Driver
2009-04-24 17:55 . 2009-04-24 17:55 -------- d-----w c:\documents and settings\Thijs\Application Data\iZ3D Driver
2009-04-22 11:17 . 2009-04-22 11:17 -------- d-----w c:\program files\uTorrent
2009-04-19 15:15 . 2009-04-22 20:06 -------- d-----w c:\documents and settings\Thijs\Application Data\uTorrent
2009-04-19 10:02 . 2009-04-25 12:42 -------- d-----w c:\documents and settings\Thijs\Application Data\Dev-Cpp
2009-04-16 16:05 . 2009-04-16 16:05 379 ----a-w c:\windows\ODBC.INI
2009-04-16 16:04 . 2007-04-09 11:23 28040 ----a-w c:\windows\system32\mdimon.dll
2009-04-16 16:03 . 2009-04-16 16:03 -------- d-----w c:\program files\Common Files\L&H
2009-04-16 16:03 . 2009-04-16 16:03 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-16 16:02 . 2009-04-25 21:06 -------- d-----w c:\program files\Microsoft Works
2009-04-16 16:01 . 2009-04-16 16:03 -------- d-----w c:\windows\SHELLNEW
2009-04-16 16:01 . 2009-04-16 16:01 -------- d-----w c:\program files\Microsoft.NET
2009-04-16 15:59 . 2009-04-16 15:59 -------- d--h--r C:\MSOCache
2009-04-11 16:11 . 2009-04-11 16:11 -------- d-----w c:\program files\Haali
2009-04-11 16:10 . 2009-04-11 16:10 -------- d-----w c:\program files\CoreCodec
2009-04-11 16:02 . 2009-04-11 16:03 -------- d-----w c:\documents and settings\Thijs\Application Data\vlc
2009-04-11 16:02 . 2009-04-12 17:17 -------- d-----w c:\documents and settings\Thijs\Application Data\dvdcss
2009-04-11 16:00 . 2009-04-11 16:00 -------- d-----w c:\program files\VideoLAN
2009-04-11 14:28 . 2009-04-11 14:29 -------- d-----w c:\program files\WinPcap
2009-04-11 14:26 . 2009-04-11 14:26 -------- d-----w c:\program files\IMMonitor
2009-04-11 09:15 . 2009-04-11 09:15 -------- d-----w c:\program files\THQ
2009-04-11 09:13 . 2009-04-11 09:13 -------- d-sh--w c:\windows\ftpcache
2009-04-11 09:12 . 2009-04-11 09:12 -------- d-----w c:\documents and settings\Thijs\Application Data\DAEMON Tools
2009-04-11 09:11 . 2009-04-11 09:11 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-11 09:10 . 2009-04-11 09:10 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-11 09:10 . 2009-04-11 09:12 -------- d-----w c:\documents and settings\Thijs\Application Data\DAEMON Tools Lite
2009-04-11 09:02 . 2009-04-11 09:02 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-04-11 09:02 . 2009-04-11 09:07 -------- d-----w c:\program files\DAEMON Tools Pro
2009-04-11 08:57 . 2009-04-11 08:57 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-11 08:56 . 2009-04-11 09:12 -------- d-----w c:\documents and settings\Thijs\Application Data\DAEMON Tools Pro
2009-04-11 08:42 . 2009-04-11 08:42 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\WinZip
2009-04-10 09:11 . 2009-04-24 08:22 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\QuickPar
2009-04-10 09:10 . 2009-04-10 09:11 -------- d-----w c:\program files\QuickPar
2009-04-10 09:08 . 2009-04-10 09:13 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-04-10 06:19 . 2009-04-10 06:19 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\sabnzbd
2009-04-10 06:18 . 2009-04-10 06:18 -------- d-----w c:\program files\SABnzbd
2009-04-07 09:24 . 2009-04-07 09:24 -------- d-----w c:\program files\EA Games
2009-04-07 09:17 . 2009-04-07 09:17 0 ----a-w c:\windows\nsreg.dat
2009-04-07 09:17 . 2009-04-07 09:17 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\Mozilla
2009-04-07 09:11 . 2009-04-07 09:11 86016 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-07 09:11 . 2009-04-07 09:11 262144 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-07 09:10 . 2009-04-07 09:10 -------- d-----w c:\windows\system32\Futuremark
2009-04-07 09:10 . 2007-09-07 12:55 6173 ----a-w c:\windows\system32\drivers\Entech.vxd
2009-04-07 09:10 . 2007-09-07 12:55 27672 ----a-w c:\windows\system32\drivers\Entech.sys
2009-04-07 09:10 . 2007-09-07 12:55 12744 ----a-w c:\windows\system32\drivers\Entech64.sys
2009-04-07 09:10 . 2001-11-19 18:05 3972 ----a-w c:\windows\system32\drivers\PciBus.sys
2009-04-07 09:10 . 2009-04-07 09:10 -------- d-----w c:\program files\Futuremark
2009-04-07 08:26 . 2009-02-20 17:18 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-07 08:26 . 2009-02-20 17:18 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-07 08:26 . 2009-02-20 17:18 268288 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-07 08:26 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-07 08:26 . 2008-07-09 14:30 1032192 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-07 08:26 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-07 08:26 . 2009-02-20 17:18 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-07 08:26 . 2009-02-20 17:18 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-07 08:26 . 2009-02-20 17:18 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-07 08:21 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-07 08:21 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-07 08:21 . 2008-10-16 12:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-06 18:49 . 2009-04-26 08:14 -------- d-----w c:\documents and settings\Thijs\Tracing
2009-04-06 18:49 . 2009-04-06 18:49 -------- d-----w c:\program files\Microsoft
2009-04-06 18:48 . 2009-04-06 18:48 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-06 18:48 . 2009-04-06 18:48 -------- d-----w c:\program files\Windows Live
2009-04-06 18:44 . 2009-04-06 18:44 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-06 12:13 . 2009-04-06 12:13 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\ATI
2009-04-06 12:13 . 2009-04-06 12:13 -------- d-----w c:\documents and settings\Thijs\Application Data\ATI
2009-04-06 12:13 . 2009-04-06 12:13 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\documents and settings\Thijs\Application Data\Foxit
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\program files\Foxit Software
2009-04-06 11:05 . 2009-04-06 11:05 64200 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 11:05 . 2009-04-06 11:05 -------- d-----w c:\program files\MSBuild
2009-04-06 11:05 . 2009-04-06 11:06 -------- d-----w c:\windows\system32\XPSViewer
2009-04-06 11:04 . 2009-04-06 11:04 -------- d-----w c:\program files\Reference Assemblies
2009-04-06 11:04 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-06 07:15 . 2009-04-06 07:15 -------- d-----w c:\windows\l2schemas
2009-04-06 07:15 . 2009-04-06 07:15 -------- d-----w c:\windows\system32\nl
2009-04-06 07:15 . 2009-04-06 07:15 -------- d-----w c:\windows\system32\bits
2009-04-06 07:13 . 2009-04-06 07:15 -------- d-----w c:\windows\ServicePackFiles
2009-04-05 18:57 . 2009-04-25 21:07 -------- d-----w c:\windows\system32\nl-nl
2009-04-05 17:46 . 2009-04-05 17:46 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\Criterion Games
2009-04-05 17:33 . 2009-04-05 17:33 -------- d-----w c:\program files\Electronic Arts

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 09:46 . 2001-09-07 12:00 87520 ----a-w c:\windows\system32\perfc013.dat
2009-04-26 09:46 . 2001-09-07 12:00 502674 ----a-w c:\windows\system32\perfh013.dat
2009-04-26 08:49 . 2009-04-05 15:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 08:14 . 2009-04-25 13:08 1699 ----a-w C:\aaw7boot.log
2009-04-26 07:33 . 2009-04-05 15:48 64952 ----a-w c:\documents and settings\Thijs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 07:18 . 2009-04-05 15:02 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-06 07:11 . 2004-08-03 21:59 251712 --sha-r C:\ntldr
2009-04-05 15:57 . 2009-04-05 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2009-04-05 15:55 . 2009-04-05 15:55 -------- d-----w c:\program files\Common Files\InterVideo
2009-04-05 15:55 . 2009-04-05 15:55 -------- d-----w c:\program files\InterVideo
2009-04-05 15:42 . 2009-04-05 15:41 -------- d-----w c:\program files\ATI Technologies
2009-04-05 15:41 . 2009-04-05 15:24 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-05 15:38 . 2009-04-05 15:36 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-04-05 15:36 . 2009-04-05 15:36 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-04-05 15:36 . 2009-04-05 15:36 155384 ----a-w c:\windows\system32\guard32.dll
2009-04-05 15:36 . 2009-04-05 15:36 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-04-05 15:36 . 2009-04-05 15:36 -------- d-----w c:\program files\COMODO
2009-04-05 15:33 . 2009-04-05 15:33 -------- d-----w c:\program files\Alwil Software
2009-04-05 15:28 . 2009-04-05 15:28 -------- d-----w c:\program files\Attansic
2009-04-05 15:25 . 2009-04-05 15:25 -------- d-----w c:\program files\Analog Devices
2009-04-05 15:20 . 2009-04-05 15:20 -------- d-----w c:\program files\Intel
2009-04-05 15:03 . 2009-04-05 15:03 -------- d-----w c:\program files\microsoft frontpage
2009-04-05 15:00 . 2009-04-05 15:00 21748 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:23 . 2004-08-04 00:03 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:16 . 2004-08-04 00:03 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-25 22:58 . 2009-02-25 22:58 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2009-02-25 21:41 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2009-02-25 21:16 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2009-02-25 20:59 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat
2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat
2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2009-02-25 20:32 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 13:15 . 2009-04-05 15:42 593920 ------w c:\windows\system32\ati2sgag.exe
2009-02-20 17:18 . 2004-08-04 00:03 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 11:27 . 2004-08-04 00:58 2028544 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:27 . 2004-08-03 23:58 2149888 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:27 . 2004-08-04 00:03 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2004-08-04 00:03 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2004-08-04 00:03 734208 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-04 00:03 684544 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2004-08-04 00:03 735744 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2001-09-07 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 00:03 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-26 17:55 . 2009-01-26 17:55 182995 ----a-w c:\windows\system32\atiicdxx.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Control center.exe"="c:\program files\iZ3D Driver\Control center.exe" [2009-02-24 4566016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-04-05 1851128]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2003-10-16 155648]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-25 516440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-4-5 167936]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutParadise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-25 64160]
S1 aswSP;avast! Self Protection; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-04-05 110992]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-04-05 24336]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [2009-01-19 33816]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-25 953168]
S2 S3D Service (Win32);S3D Service (Win32);c:\program files\iZ3D Driver\Win32\S3DCService.exe [2009-02-24 206848]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2006-10-31 35840]


--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - OVFSTHXIXFMQPXE
*Deregistered* - ovfsthxixfmqpxe
.
Inhoud van de 'Gedeelde Taken' map

2009-04-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 08:57]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Thijs\Application Data\Mozilla\Firefox\Profiles\ahxiunty.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - plugin: c:\documents and settings\Thijs\Application Data\Mozilla\Firefox\Profiles\ahxiunty.default\extensions\battlefieldheroespatcher@ea.com\platform\W​INNT_x86-msvc\plugins\npBFHUpdater.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 14:10
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\guard32.dll
.
Voltooingstijd: 2009-04-26 14:11
ComboFix-quarantined-files.txt 2009-04-26 12:11
ComboFix2.txt 2009-04-26 07:48
ComboFix3.txt 2009-04-25 20:55

Pre-Run: 119.054.856.192 bytes beschikbaar
Post-Run: 119.045.320.704 bytes beschikbaar

285 --- E O F --- 2009-04-25 21:08

[Marckie]

Herstart de computer.
Start ComboFix opnieuw en post de log die het maakt.

[thijs089]

ComboFix 09-04-25.A3 - Thijs 27-04-2009 13:52.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1558 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Thijs\Bureaublad\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090426-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-27 to 2009-4-27 ))))))))))))))))))))))))))))))
.

2009-04-25 20:12 . 2009-04-25 20:12 -------- d-----w c:\program files\Trend Micro
2009-04-25 19:02 . 2009-04-25 19:02 -------- d-----w c:\program files\WinASO
2009-04-25 17:18 . 2009-04-25 17:18 -------- d-----w c:\documents and settings\Thijs\Application Data\Malwarebytes
2009-04-25 17:18 . 2009-04-25 17:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-25 13:35 . 2009-04-25 13:35 -------- d-----w c:\program files\Xiph.Org
2009-04-25 13:28 . 2009-04-25 13:28 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-25 13:28 . 2009-04-25 13:28 -------- d-----w C:\aad010e29cfa25ee6a91fe
2009-04-25 13:27 . 2009-04-25 13:28 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-25 13:27 . 2009-04-25 13:27 -------- d-----w c:\windows\system32\LogFiles
2009-04-25 13:21 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-25 13:20 . 2009-02-09 11:27 2193408 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-25 13:20 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-25 13:20 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-25 13:20 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-25 13:20 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-25 13:20 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-25 13:20 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-25 13:20 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-25 13:20 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-25 13:20 . 2009-02-09 11:27 2149888 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-25 13:20 . 2009-02-09 11:27 2028544 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-25 13:18 . 2009-03-27 06:59 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-25 13:18 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-25 09:06 . 2009-04-25 08:57 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-25 08:57 . 2009-04-25 08:57 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-25 08:57 . 2009-04-25 08:57 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-25 08:56 . 2009-04-25 08:56 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-25 08:56 . 2009-04-25 08:57 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-25 08:56 . 2009-04-25 08:56 -------- d-----w c:\program files\Lavasoft
2009-04-24 21:29 . 2008-12-09 23:50 190464 ----a-w c:\windows\system32\PCGW32.DLL
2009-04-24 18:59 . 2009-04-24 21:28 -------- d-----w c:\program files\iZ3D Driver
2009-04-24 17:55 . 2009-04-24 21:29 -------- d-----w c:\documents and settings\All Users\Application Data\iZ3D Driver
2009-04-24 17:55 . 2009-04-24 17:55 -------- d-----w c:\documents and settings\Thijs\Application Data\iZ3D Driver
2009-04-22 11:17 . 2009-04-22 11:17 -------- d-----w c:\program files\uTorrent
2009-04-19 15:15 . 2009-04-22 20:06 -------- d-----w c:\documents and settings\Thijs\Application Data\uTorrent
2009-04-19 10:02 . 2009-04-25 12:42 -------- d-----w c:\documents and settings\Thijs\Application Data\Dev-Cpp
2009-04-16 16:05 . 2009-04-16 16:05 379 ----a-w c:\windows\ODBC.INI
2009-04-16 16:04 . 2007-04-09 11:23 28040 ----a-w c:\windows\system32\mdimon.dll
2009-04-16 16:03 . 2009-04-16 16:03 -------- d-----w c:\program files\Common Files\L&H
2009-04-16 16:03 . 2009-04-16 16:03 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-16 16:02 . 2009-04-25 21:06 -------- d-----w c:\program files\Microsoft Works
2009-04-16 16:01 . 2009-04-16 16:03 -------- d-----w c:\windows\SHELLNEW
2009-04-16 16:01 . 2009-04-16 16:01 -------- d-----w c:\program files\Microsoft.NET
2009-04-16 15:59 . 2009-04-16 15:59 -------- d--h--r C:\MSOCache
2009-04-11 16:11 . 2009-04-11 16:11 -------- d-----w c:\program files\Haali
2009-04-11 16:10 . 2009-04-11 16:10 -------- d-----w c:\program files\CoreCodec
2009-04-11 16:02 . 2009-04-11 16:03 -------- d-----w c:\documents and settings\Thijs\Application Data\vlc
2009-04-11 16:02 . 2009-04-12 17:17 -------- d-----w c:\documents and settings\Thijs\Application Data\dvdcss
2009-04-11 16:00 . 2009-04-11 16:00 -------- d-----w c:\program files\VideoLAN
2009-04-11 14:28 . 2009-04-11 14:29 -------- d-----w c:\program files\WinPcap
2009-04-11 14:26 . 2009-04-11 14:26 -------- d-----w c:\program files\IMMonitor
2009-04-11 09:15 . 2009-04-11 09:15 -------- d-----w c:\program files\THQ
2009-04-11 09:13 . 2009-04-11 09:13 -------- d-sh--w c:\windows\ftpcache
2009-04-11 09:12 . 2009-04-11 09:12 -------- d-----w c:\documents and settings\Thijs\Application Data\DAEMON Tools
2009-04-11 09:11 . 2009-04-11 09:11 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-11 09:10 . 2009-04-11 09:10 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-11 09:10 . 2009-04-11 09:12 -------- d-----w c:\documents and settings\Thijs\Application Data\DAEMON Tools Lite
2009-04-11 09:02 . 2009-04-11 09:02 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-04-11 09:02 . 2009-04-11 09:07 -------- d-----w c:\program files\DAEMON Tools Pro
2009-04-11 08:57 . 2009-04-11 08:57 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-11 08:56 . 2009-04-11 09:12 -------- d-----w c:\documents and settings\Thijs\Application Data\DAEMON Tools Pro
2009-04-11 08:42 . 2009-04-11 08:42 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\WinZip
2009-04-10 09:11 . 2009-04-24 08:22 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\QuickPar
2009-04-10 09:10 . 2009-04-10 09:11 -------- d-----w c:\program files\QuickPar
2009-04-10 09:08 . 2009-04-10 09:13 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-04-10 06:19 . 2009-04-10 06:19 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\sabnzbd
2009-04-10 06:18 . 2009-04-10 06:18 -------- d-----w c:\program files\SABnzbd
2009-04-07 09:24 . 2009-04-07 09:24 -------- d-----w c:\program files\EA Games
2009-04-07 09:17 . 2009-04-07 09:17 0 ----a-w c:\windows\nsreg.dat
2009-04-07 09:17 . 2009-04-07 09:17 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\Mozilla
2009-04-07 09:11 . 2009-04-07 09:11 86016 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-07 09:11 . 2009-04-07 09:11 262144 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-07 09:10 . 2009-04-07 09:10 -------- d-----w c:\windows\system32\Futuremark
2009-04-07 09:10 . 2007-09-07 12:55 6173 ----a-w c:\windows\system32\drivers\Entech.vxd
2009-04-07 09:10 . 2007-09-07 12:55 27672 ----a-w c:\windows\system32\drivers\Entech.sys
2009-04-07 09:10 . 2007-09-07 12:55 12744 ----a-w c:\windows\system32\drivers\Entech64.sys
2009-04-07 09:10 . 2001-11-19 18:05 3972 ----a-w c:\windows\system32\drivers\PciBus.sys
2009-04-07 09:10 . 2009-04-07 09:10 -------- d-----w c:\program files\Futuremark
2009-04-07 08:26 . 2009-02-20 17:18 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-07 08:26 . 2009-02-20 17:18 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-07 08:26 . 2009-02-20 17:18 268288 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-07 08:26 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-07 08:26 . 2008-07-09 14:30 1032192 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-07 08:26 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-07 08:26 . 2009-02-20 17:18 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-07 08:26 . 2009-02-20 17:18 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-07 08:26 . 2009-02-20 17:18 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-07 08:21 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-07 08:21 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-07 08:21 . 2008-10-16 12:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-06 18:49 . 2009-04-27 07:32 -------- d-----w c:\documents and settings\Thijs\Tracing
2009-04-06 18:49 . 2009-04-06 18:49 -------- d-----w c:\program files\Microsoft
2009-04-06 18:48 . 2009-04-06 18:48 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-06 18:48 . 2009-04-06 18:48 -------- d-----w c:\program files\Windows Live
2009-04-06 18:44 . 2009-04-06 18:44 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-06 12:13 . 2009-04-06 12:13 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\ATI
2009-04-06 12:13 . 2009-04-06 12:13 -------- d-----w c:\documents and settings\Thijs\Application Data\ATI
2009-04-06 12:13 . 2009-04-06 12:13 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\documents and settings\Thijs\Application Data\Foxit
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\program files\Foxit Software
2009-04-06 11:05 . 2009-04-06 11:05 64200 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 11:05 . 2009-04-06 11:05 -------- d-----w c:\program files\MSBuild
2009-04-06 11:05 . 2009-04-06 11:06 -------- d-----w c:\windows\system32\XPSViewer
2009-04-06 11:04 . 2009-04-06 11:04 -------- d-----w c:\program files\Reference Assemblies
2009-04-06 11:04 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-06 07:15 . 2009-04-06 07:15 -------- d-----w c:\windows\l2schemas
2009-04-06 07:15 . 2009-04-06 07:15 -------- d-----w c:\windows\system32\nl
2009-04-06 07:15 . 2009-04-06 07:15 -------- d-----w c:\windows\system32\bits
2009-04-06 07:13 . 2009-04-06 07:15 -------- d-----w c:\windows\ServicePackFiles
2009-04-05 18:57 . 2009-04-25 21:07 -------- d-----w c:\windows\system32\nl-nl
2009-04-05 17:46 . 2009-04-05 17:46 -------- d-----w c:\documents and settings\Thijs\Local Settings\Application Data\Criterion Games
2009-04-05 17:33 . 2009-04-05 17:33 -------- d-----w c:\program files\Electronic Arts

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 07:31 . 2009-04-25 13:08 1923 ----a-w C:\aaw7boot.log
2009-04-26 09:46 . 2001-09-07 12:00 87520 ----a-w c:\windows\system32\perfc013.dat
2009-04-26 09:46 . 2001-09-07 12:00 502674 ----a-w c:\windows\system32\perfh013.dat
2009-04-26 08:49 . 2009-04-05 15:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 07:33 . 2009-04-05 15:48 64952 ----a-w c:\documents and settings\Thijs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 07:18 . 2009-04-05 15:02 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-06 07:11 . 2004-08-03 21:59 251712 --sha-r C:\ntldr
2009-04-05 15:57 . 2009-04-05 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2009-04-05 15:55 . 2009-04-05 15:55 -------- d-----w c:\program files\Common Files\InterVideo
2009-04-05 15:55 . 2009-04-05 15:55 -------- d-----w c:\program files\InterVideo
2009-04-05 15:42 . 2009-04-05 15:41 -------- d-----w c:\program files\ATI Technologies
2009-04-05 15:41 . 2009-04-05 15:24 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-05 15:38 . 2009-04-05 15:36 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-04-05 15:36 . 2009-04-05 15:36 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-04-05 15:36 . 2009-04-05 15:36 155384 ----a-w c:\windows\system32\guard32.dll
2009-04-05 15:36 . 2009-04-05 15:36 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-04-05 15:36 . 2009-04-05 15:36 -------- d-----w c:\program files\COMODO
2009-04-05 15:33 . 2009-04-05 15:33 -------- d-----w c:\program files\Alwil Software
2009-04-05 15:28 . 2009-04-05 15:28 -------- d-----w c:\program files\Attansic
2009-04-05 15:25 . 2009-04-05 15:25 -------- d-----w c:\program files\Analog Devices
2009-04-05 15:20 . 2009-04-05 15:20 -------- d-----w c:\program files\Intel
2009-04-05 15:03 . 2009-04-05 15:03 -------- d-----w c:\program files\microsoft frontpage
2009-04-05 15:00 . 2009-04-05 15:00 21748 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:23 . 2004-08-04 00:03 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:16 . 2004-08-04 00:03 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2009-02-25 21:41 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2009-02-25 21:16 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2009-02-25 20:59 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat
2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat
2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2009-02-25 20:32 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 13:15 . 2009-04-05 15:42 593920 ------w c:\windows\system32\ati2sgag.exe
2009-02-20 17:18 . 2004-08-04 00:03 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 11:27 . 2004-08-04 00:58 2028544 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:27 . 2004-08-03 23:58 2149888 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:27 . 2004-08-04 00:03 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2004-08-04 00:03 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2004-08-04 00:03 734208 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-04 00:03 684544 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2004-08-04 00:03 735744 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2001-09-07 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 00:03 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-26_12.11.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-27 07:31 . 2009-04-27 07:31 16384 c:\windows\Temp\Perflib_Perfdata_714.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Control center.exe"="c:\program files\iZ3D Driver\Control center.exe" [2009-02-24 4566016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-04-05 1851128]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2003-10-16 155648]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-25 516440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-4-5 167936]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutParadise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-25 64160]
S1 aswSP;avast! Self Protection; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-04-05 110992]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-04-05 24336]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [2009-01-19 33816]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-25 953168]
S2 S3D Service (Win32);S3D Service (Win32);c:\program files\iZ3D Driver\Win32\S3DCService.exe [2009-02-24 206848]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2006-10-31 35840]

.
Inhoud van de 'Gedeelde Taken' map

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 08:57]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Thijs\Application Data\Mozilla\Firefox\Profiles\ahxiunty.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - plugin: c:\documents and settings\Thijs\Application Data\Mozilla\Firefox\Profiles\ahxiunty.default\extensions\battlefieldheroespatcher@ea.com\platform\W​INNT_x86-msvc\plugins\npBFHUpdater.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 13:54
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(2780)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2009-04-27 13:55
ComboFix-quarantined-files.txt 2009-04-27 11:54
ComboFix2.txt 2009-04-26 12:11
ComboFix3.txt 2009-04-26 07:48
ComboFix4.txt 2009-04-25 20:55

Pre-Run: 119.069.696.000 bytes beschikbaar
Post-Run: 119.061.225.472 bytes beschikbaar

282 --- E O F --- 2009-04-25 21:08

[Marckie]

Zijn er nog problemen nu?

[thijs089]

Nee, er is niks meer gebeurd.
Bedankt voor de hulp.

Mvg, Thijs

[Marckie]

Mooi zo.

Doe dit nog:
Deïnstalleer ComboFix. Ga naar Start - Uitvoeren, tik in: Combofix /U
(Let op de spatie tussen Combofix en /U)
Druk daarna op Enter.
Dit zal Combofix verwijderen en alle gerelateerde mappen en bestanden, het herstelt de klokinstellingen, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en het reset Systeemherstel.

Update je virusscanner en laat je volledige computer scannen. Wordt er nog wat gevonden dan laat je dit verwijderen.


Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.
Lees ook dit artikel even door: Niets voor niets.
Ga naar de website van Secunia ( http://secunia.com/vulnerability_scanning/online/ ) en laat de Secunia Online Software Inspector (OSI) je computer scannen.
De Secunia Online Software Inspector scant de computer op programma's die niet geupdate zijn en daardoor ook mogelijke beveiligingslekken kunnen bevatten die ondermeer door malware misbruikt kunnen worden.
Plaats voor je de scan start eventueel ook een vinkje bij 'Enable thorough system inspection'. Hierdoor kan OSI ook de programma's vinden indien deze niet op de standaardlocatie geïnstalleerd zijn.
Wordt een niet-up-to-date programma gevonden dan wordt deze in het rood als 'insecure' weergegeven en krijg je de mogelijk om via de 'download-link' de meest recente versie te downloaden.

Happy surfing again.