PDA

Volledige versie bekijken : In behandeling siemens



quido64
6 maart 2009, 14:44
Hallo allemaal,

ik heb het zelfde probleem met mijn medion laptop.
Als ik windows xp opstart wordt automatisch C:\windows\system32 geopend.
Verder doet hij niks raars.Die map is natuurlijk zo weg te klikken maar ik denk een signaal dat er ergens iets niet klopt.
Heb MalwareBytes' Anti-Malware al 3x laten draaien met resultaat maar dit euvel blijft.

Waar kan dit aan liggen?
Al vast héél erg bedankt !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:02, on 6-3-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\windows\SOUNDMAN.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google (http://www.google.nl/)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com (http://go.microsoft.com/fwlink/?LinkId=69157)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com (http://go.microsoft.com/fwlink/?LinkId=69157)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings (http://go.microsoft.com/fwlink/?LinkId=74005)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Sarah\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
O4 - HKUS\S-1-5-19\..\Run: [jegoborura] Rundll32.exe "C:\WINDOWS\system32\yopalimi.dll",s (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236260016486&h=c933d2111bf99587c698035ab326d0d2/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: bupxdh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6791 bytes

Juisterr
6 maart 2009, 20:03
Start Hijackthis op en kies dan voor
'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [jegoborura] Rundll32.exe "C:\WINDOWS\system32\yopalimi.dll",s (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Netwerkservice')
O20 - AppInit_DLLs: bupxdh.dll




Klik op 'Fix checked' om de items te verwijderen.

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.Post dit logje in je volgende antwoord.

quido64
6 maart 2009, 22:05
Gelukt,

ComboFix 09-03-04.01 - Sarah 2009-03-06 22:00:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.3070.2628 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Sarah\Bureaublad\ComboFix.exe
AV: avast! antivirus 4.7.1335 [VPS 090305-1] *On-access scanning disabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sarah\Local Settings\Temporary Internet Files\fbk.sts
c:\temp\1cb
c:\temp\1cb\syscheck.log

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-02-06 to 2009-03-06 ))))))))))))))))))))))))))))))
.

2009-03-06 14:42 . 2009-03-06 14:42 <DIR> d-------- c:\program files\Trend Micro
2009-03-06 00:29 . 2009-03-06 00:29 <DIR> d-------- c:\program files\Sygate
2009-03-06 00:29 . 2009-03-06 00:29 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-06 00:29 . 2004-06-30 15:06 83,096 --a------ c:\windows\system32\SSSensor.dll
2009-03-06 00:29 . 2004-06-30 14:49 59,472 --a------ c:\windows\system32\drivers\Teefer.sys
2009-03-06 00:29 . 2004-06-30 14:51 21,075 --a------ c:\windows\system32\drivers\wpsdrvnt.sys
2009-03-06 00:29 . 2004-06-30 15:06 14,320 --a------ c:\windows\system32\drivers\wg6n.sys
2009-03-06 00:29 . 2004-06-30 15:06 14,320 --a------ c:\windows\system32\drivers\wg5n.sys
2009-03-06 00:29 . 2004-06-30 15:06 14,320 --a------ c:\windows\system32\drivers\wg4n.sys
2009-03-06 00:29 . 2004-06-30 15:06 14,320 --a------ c:\windows\system32\drivers\wg3n.sys
2009-03-05 19:53 . 2009-03-05 19:53 <DIR> d-------- c:\documents and settings\Sarah\.housecall6.6
2009-03-05 19:51 . 2009-03-05 19:51 <DIR> d-------- c:\program files\Lavasoft
2009-03-05 19:22 . 2009-03-05 19:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 19:22 . 2009-03-05 19:22 <DIR> d-------- c:\documents and settings\Sarah\Application Data\Malwarebytes
2009-03-05 19:22 . 2009-03-05 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-05 19:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 19:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-05 19:21 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2009-03-05 19:21 . 2009-03-05 19:21 395 --a------ c:\windows\ODBC.INI
2009-03-05 19:20 . 2009-03-05 19:21 <DIR> d-------- c:\windows\SHELLNEW
2009-03-05 19:20 . 2009-03-05 19:20 <DIR> d-------- c:\program files\Microsoft.NET
2009-03-05 19:15 . 2001-09-06 19:04 12,288 --a------ c:\windows\system32\drivers\mouhid.sys
2009-03-05 19:15 . 2001-09-06 19:04 12,288 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-03-05 19:15 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-05 19:15 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-03-05 18:48 . 2009-03-05 18:48 <DIR> d-------- c:\program files\Alwil Software
2009-03-05 18:48 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-03-05 18:48 . 2003-03-18 20:14 499,712 --a------ c:\windows\system32\MSVCP71.dll
2009-03-05 17:20 . 2009-03-05 17:20 244 --ah----- C:\sqmnoopt17.sqm
2009-03-05 17:20 . 2009-03-05 17:20 232 --ah----- C:\sqmdata17.sqm
2009-03-05 17:06 . 2009-03-05 17:06 <DIR> d-------- c:\windows\system32\MR
2009-03-05 17:06 . 2009-03-06 13:30 <DIR> d-------- c:\windows\system32\aNI02
2009-03-05 17:06 . 2009-03-05 17:06 <DIR> d-------- c:\temp\atmp8
2009-03-05 17:06 . 2009-03-06 22:00 <DIR> d-------- C:\Temp
2009-03-05 17:06 . 2009-03-05 17:06 <DIR> d-------- c:\documents and settings\Sarah\Application Data\nidle
2009-03-05 16:56 . 2009-03-05 16:56 244 --ah----- C:\sqmnoopt16.sqm
2009-03-05 16:56 . 2009-03-05 16:56 232 --ah----- C:\sqmdata16.sqm
2009-03-05 16:44 . 2009-03-05 16:44 244 --ah----- C:\sqmnoopt15.sqm
2009-03-05 16:44 . 2009-03-05 16:44 232 --ah----- C:\sqmdata15.sqm
2009-03-05 16:42 . 2009-03-05 16:42 244 --ah----- C:\sqmnoopt14.sqm
2009-03-05 16:42 . 2009-03-05 16:42 232 --ah----- C:\sqmdata14.sqm
2009-03-05 16:29 . 2009-03-05 16:29 244 --ah----- C:\sqmnoopt13.sqm
2009-03-05 16:29 . 2009-03-05 16:29 232 --ah----- C:\sqmdata13.sqm
2009-03-05 16:21 . 2009-03-05 16:21 244 --ah----- C:\sqmnoopt12.sqm
2009-03-05 16:21 . 2009-03-05 16:21 244 --ah----- C:\sqmnoopt11.sqm
2009-03-05 16:21 . 2009-03-05 16:21 232 --ah----- C:\sqmdata12.sqm
2009-03-05 16:21 . 2009-03-05 16:21 232 --ah----- C:\sqmdata11.sqm
2009-03-05 16:15 . 2009-03-05 16:15 244 --ah----- C:\sqmnoopt10.sqm
2009-03-05 16:15 . 2009-03-05 16:15 232 --ah----- C:\sqmdata10.sqm
2009-03-05 16:04 . 2009-03-05 16:04 244 --ah----- C:\sqmnoopt09.sqm
2009-03-05 16:04 . 2009-03-05 16:04 232 --ah----- C:\sqmdata09.sqm
2009-03-05 16:01 . 2009-03-05 16:01 <DIR> d-------- c:\program files\MSECache
2009-03-05 15:42 . 2009-03-05 15:42 244 --ah----- C:\sqmnoopt08.sqm
2009-03-05 15:42 . 2009-03-05 15:42 232 --ah----- C:\sqmdata08.sqm
2009-03-05 14:53 . 2009-03-05 14:53 244 --ah----- C:\sqmnoopt07.sqm
2009-03-05 14:53 . 2009-03-05 14:53 244 --ah----- C:\sqmnoopt06.sqm
2009-03-05 14:53 . 2009-03-05 14:53 232 --ah----- C:\sqmdata07.sqm
2009-03-05 14:53 . 2009-03-05 14:53 232 --ah----- C:\sqmdata06.sqm
2009-03-05 14:33 . 2009-03-05 17:24 <DIR> d-------- c:\documents and settings\Sarah\Application Data\LimeWire
2009-03-05 14:32 . 2009-03-05 14:32 <DIR> d-------- c:\windows\Sun
2009-03-05 14:32 . 2009-03-05 14:32 <DIR> d-------- c:\program files\Java
2009-03-05 14:32 . 2009-03-05 14:32 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-05 14:32 . 2009-03-05 14:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-05 14:27 . 2009-03-05 14:27 244 --ah----- C:\sqmnoopt05.sqm
2009-03-05 14:27 . 2009-03-05 14:27 232 --ah----- C:\sqmdata05.sqm
2009-03-04 22:54 . 2009-03-04 22:54 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-03-04 22:54 . 2009-03-04 22:54 <DIR> d-------- c:\program files\Samsung
2009-03-04 22:54 . 2009-03-04 22:54 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-04 22:54 . 2003-02-21 18:42 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-03-04 22:54 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-04 22:54 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-03-04 22:54 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2009-03-04 22:53 . 2009-03-04 22:53 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-04 22:53 . 2009-03-04 22:53 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-04 16:18 . 2009-03-04 16:18 244 --ah----- C:\sqmnoopt04.sqm
2009-03-04 16:18 . 2009-03-04 16:18 244 --ah----- C:\sqmnoopt03.sqm
2009-03-04 16:18 . 2009-03-04 16:18 232 --ah----- C:\sqmdata04.sqm
2009-03-04 16:18 . 2009-03-04 16:18 232 --ah----- C:\sqmdata03.sqm
2009-03-04 16:17 . 2009-03-04 16:17 244 --ah----- C:\sqmnoopt02.sqm
2009-03-04 16:17 . 2009-03-04 16:17 232 --ah----- C:\sqmdata02.sqm
2009-03-04 15:53 . 2009-03-04 15:53 244 --ah----- C:\sqmnoopt01.sqm
2009-03-04 15:53 . 2009-03-04 15:53 232 --ah----- C:\sqmdata01.sqm
2009-03-04 15:52 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-04 15:52 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-04 15:52 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-04 00:19 . 2009-03-04 00:19 268 --ah----- C:\sqmdata00.sqm
2009-03-04 00:19 . 2009-03-04 00:19 244 --ah----- C:\sqmnoopt00.sqm
2009-03-03 13:53 . 2009-03-03 13:53 <DIR> d-------- c:\documents and settings\Sarah\Contacts
2009-03-03 13:50 . 2009-03-03 13:53 <DIR> d-------- c:\program files\Windows Live
2009-03-03 13:50 . 2009-03-03 13:52 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-03-03 13:50 . 2009-03-03 13:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2009-03-02 22:50 . 2007-05-23 22:26 49,904 -ra------ c:\windows\system32\drivers\BVRPMPR5.SYS
2009-03-02 22:49 . 2009-03-03 14:08 <DIR> d-------- C:\Netgear
2009-02-28 01:49 . 2009-02-28 01:49 <DIR> d-------- c:\windows\system32\Lang
2009-02-28 01:49 . 2009-02-28 01:49 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-02-28 01:49 . 2009-02-28 01:49 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-02-28 01:27 . 2009-02-28 01:27 <DIR> d--hs---- C:\$RECYCLE.BIN
2009-02-28 01:16 . 2009-02-28 01:16 <DIR> d--hs---- C:\Boot
2009-02-28 01:16 . 2006-11-02 10:53 438,840 -rahs---- C:\bootmgr
2009-02-28 01:16 . 2009-02-28 01:16 8,192 -ra-s---- C:\BOOTSECT.BAK

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-05 14:56 --------- d-----w c:\program files\microsoft frontpage
2009-02-26 23:08 376,832 ----a-w c:\windows\system32\AegisI5Installer.exe
2009-02-26 23:08 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-26 23:08 21,361 ----a-w c:\windows\AegisP.sys
2009-02-26 23:08 --------- d-----w c:\windows\system32\config\systemprofile\Applicati on Data\Intel
2009-02-26 23:08 --------- d-----w c:\program files\Intel
2009-02-26 23:08 --------- d-----w c:\documents and settings\Sarah\Application Data\Intel
2009-02-26 23:08 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2009-02-26 23:08 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2009-02-26 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2009-02-26 23:06 --------- d-----w c:\program files\Fingerprint Sensor
2009-02-26 22:37 --------- d-----w c:\program files\Reference Assemblies
2009-02-26 22:37 --------- d-----w c:\program files\MSBuild
2009-02-26 22:32 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-26 21:10 308,248 ----a-w c:\windows\system32\drivers\iaStor.sys
2009-02-26 21:10 1,571,840 ----a-w c:\windows\system32\sfcfiles.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"nidle"="c:\documents and settings\Sarah\Application Data\nidle\nidle.exe" [2009-03-05 56832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 86016]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-06-30 2376928]
"SkyTel"="SkyTel.EXE" [2007-11-20 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-02-26 210736]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2009-03-05 20560]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 22:01:00
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2009-03-06 22:01:37
ComboFix-quarantined-files.txt 2009-03-06 21:01:35

Pre-Run: 119.875.915.776 bytes beschikbaar
Post-Run: 119,947,489,280 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

199 --- E O F --- 2009-03-05 13:26:30

Ieder zijn vak, petje af!

quido64
6 maart 2009, 22:12
Afgekeken van een andere post werdt er na deze stap gevraagd om een nieuw hijackthis logje dus hoop ik een stap voor te zijn.
Het probleem van de verschijnende system32 map is er nog steeds.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:13, on 6-3-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\windows\SOUNDMAN.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\wuauclt.exe
C:\windows\SoftwareDistribution\Download\76b43df31 d74adc0fd3d9eb1a112ccd4\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google (http://www.google.nl/)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com (http://go.microsoft.com/fwlink/?LinkId=69157)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com (http://go.microsoft.com/fwlink/?LinkId=69157)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings (http://go.microsoft.com/fwlink/?LinkId=74005)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Sarah\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236260016486&h=c933d2111bf99587c698035ab326d0d2/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6253 bytes

Juisterr
7 maart 2009, 16:05
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nltide_2"=-



Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://home.hetnet.nl/~stefsmeenk/CFScript.gif



Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van log.txt in je volgende antwoord.


sla je al je msn berichten op soms ??

quido64
7 maart 2009, 17:33
Wederom gelukt:

ComboFix 09-03-04.01 - Sarah 2009-03-07 17:27:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.3070.2607 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Sarah\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Sarah\Bureaublad\CFScript.txt
AV: avast! antivirus 4.7.1335 [VPS 090306-0] *On-access scanning disabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-02-07 to 2009-03-07 ))))))))))))))))))))))))))))))
.

2009-03-07 17:18 . 2009-03-07 17:18 <DIR> d-------- c:\windows\LastGood
2009-03-06 22:09 . 2009-03-06 22:09 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-06 22:09 . 2008-04-14 20:32 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-06 14:42 . 2009-03-06 14:42 <DIR> d-------- c:\program files\Trend Micro
2009-03-06 00:29 . 2009-03-06 00:29 <DIR> d-------- c:\program files\Sygate
2009-03-06 00:29 . 2009-03-06 00:29 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-06 00:29 . 2004-06-30 15:06 83,096 --a------ c:\windows\system32\SSSensor.dll
2009-03-06 00:29 . 2004-06-30 14:49 59,472 --a------ c:\windows\system32\drivers\Teefer.sys
2009-03-06 00:29 . 2004-06-30 14:51 21,075 --a------ c:\windows\system32\drivers\wpsdrvnt.sys
2009-03-06 00:29 . 2004-06-30 15:06 14,320 --a------ c:\windows\system32\drivers\wg6n.sys
2009-03-06 00:29 . 2004-06-30 15:06 14,320 --a------ c:\windows\system32\drivers\wg5n.sys
2009-03-06 00:29 . 2004-06-30 15:06 14,320 --a------ c:\windows\system32\drivers\wg4n.sys
2009-03-06 00:29 . 2004-06-30 15:06 14,320 --a------ c:\windows\system32\drivers\wg3n.sys
2009-03-05 19:53 . 2009-03-05 19:53 <DIR> d-------- c:\documents and settings\Sarah\.housecall6.6
2009-03-05 19:51 . 2009-03-05 19:51 <DIR> d-------- c:\program files\Lavasoft
2009-03-05 19:22 . 2009-03-05 19:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 19:22 . 2009-03-05 19:22 <DIR> d-------- c:\documents and settings\Sarah\Application Data\Malwarebytes
2009-03-05 19:22 . 2009-03-05 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-05 19:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 19:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-05 19:21 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll
2009-03-05 19:21 . 2009-03-05 19:21 395 --a------ c:\windows\ODBC.INI
2009-03-05 19:20 . 2009-03-05 19:21 <DIR> d-------- c:\windows\SHELLNEW
2009-03-05 19:20 . 2009-03-05 19:20 <DIR> d-------- c:\program files\Microsoft.NET
2009-03-05 19:15 . 2001-09-06 19:04 12,288 --a------ c:\windows\system32\drivers\mouhid.sys
2009-03-05 19:15 . 2001-09-06 19:04 12,288 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-03-05 19:15 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-05 19:15 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-03-05 18:48 . 2009-03-05 18:48 <DIR> d-------- c:\program files\Alwil Software
2009-03-05 18:48 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-03-05 18:48 . 2003-03-18 20:14 499,712 --a------ c:\windows\system32\MSVCP71.dll
2009-03-05 17:20 . 2009-03-05 17:20 244 --ah----- C:\sqmnoopt17.sqm
2009-03-05 17:20 . 2009-03-05 17:20 232 --ah----- C:\sqmdata17.sqm
2009-03-05 17:06 . 2009-03-05 17:06 <DIR> d-------- c:\windows\system32\MR
2009-03-05 17:06 . 2009-03-06 13:30 <DIR> d-------- c:\windows\system32\aNI02
2009-03-05 17:06 . 2009-03-05 17:06 <DIR> d-------- c:\temp\atmp8
2009-03-05 17:06 . 2009-03-06 22:00 <DIR> d-------- C:\Temp
2009-03-05 17:06 . 2009-03-05 17:06 <DIR> d-------- c:\documents and settings\Sarah\Application Data\nidle
2009-03-05 16:56 . 2009-03-05 16:56 244 --ah----- C:\sqmnoopt16.sqm
2009-03-05 16:56 . 2009-03-05 16:56 232 --ah----- C:\sqmdata16.sqm
2009-03-05 16:44 . 2009-03-05 16:44 244 --ah----- C:\sqmnoopt15.sqm
2009-03-05 16:44 . 2009-03-05 16:44 232 --ah----- C:\sqmdata15.sqm
2009-03-05 16:42 . 2009-03-05 16:42 244 --ah----- C:\sqmnoopt14.sqm
2009-03-05 16:42 . 2009-03-05 16:42 232 --ah----- C:\sqmdata14.sqm
2009-03-05 16:29 . 2009-03-05 16:29 244 --ah----- C:\sqmnoopt13.sqm
2009-03-05 16:29 . 2009-03-05 16:29 232 --ah----- C:\sqmdata13.sqm
2009-03-05 16:21 . 2009-03-05 16:21 244 --ah----- C:\sqmnoopt12.sqm
2009-03-05 16:21 . 2009-03-05 16:21 244 --ah----- C:\sqmnoopt11.sqm
2009-03-05 16:21 . 2009-03-05 16:21 232 --ah----- C:\sqmdata12.sqm
2009-03-05 16:21 . 2009-03-05 16:21 232 --ah----- C:\sqmdata11.sqm
2009-03-05 16:15 . 2009-03-05 16:15 244 --ah----- C:\sqmnoopt10.sqm
2009-03-05 16:15 . 2009-03-05 16:15 232 --ah----- C:\sqmdata10.sqm
2009-03-05 16:04 . 2009-03-05 16:04 244 --ah----- C:\sqmnoopt09.sqm
2009-03-05 16:04 . 2009-03-05 16:04 232 --ah----- C:\sqmdata09.sqm
2009-03-05 16:01 . 2009-03-05 16:01 <DIR> d-------- c:\program files\MSECache
2009-03-05 15:42 . 2009-03-05 15:42 244 --ah----- C:\sqmnoopt08.sqm
2009-03-05 15:42 . 2009-03-05 15:42 232 --ah----- C:\sqmdata08.sqm
2009-03-05 14:53 . 2009-03-05 14:53 244 --ah----- C:\sqmnoopt07.sqm
2009-03-05 14:53 . 2009-03-05 14:53 244 --ah----- C:\sqmnoopt06.sqm
2009-03-05 14:53 . 2009-03-05 14:53 232 --ah----- C:\sqmdata07.sqm
2009-03-05 14:53 . 2009-03-05 14:53 232 --ah----- C:\sqmdata06.sqm
2009-03-05 14:33 . 2009-03-05 17:24 <DIR> d-------- c:\documents and settings\Sarah\Application Data\LimeWire
2009-03-05 14:32 . 2009-03-05 14:32 <DIR> d-------- c:\windows\Sun
2009-03-05 14:32 . 2009-03-05 14:32 <DIR> d-------- c:\program files\Java
2009-03-05 14:32 . 2009-03-05 14:32 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-05 14:32 . 2009-03-05 14:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-05 14:28 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-05 14:28 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-05 14:28 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-05 14:28 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-05 14:28 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-05 14:28 . 2008-06-14 18:36 272,640 --------- c:\windows\system32\drivers\bthport.sys
2009-03-05 14:28 . 2008-06-14 18:36 272,640 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-05 14:27 . 2009-03-05 14:27 244 --ah----- C:\sqmnoopt05.sqm
2009-03-05 14:27 . 2009-03-05 14:27 232 --ah----- C:\sqmdata05.sqm
2009-03-04 22:54 . 2009-03-04 22:54 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-03-04 22:54 . 2009-03-04 22:54 <DIR> d-------- c:\program files\Samsung
2009-03-04 22:54 . 2009-03-04 22:54 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-04 22:54 . 2003-02-21 18:42 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-03-04 22:54 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-04 22:54 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-03-04 22:54 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2009-03-04 22:53 . 2009-03-04 22:53 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-04 22:53 . 2009-03-04 22:53 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-04 16:18 . 2009-03-04 16:18 244 --ah----- C:\sqmnoopt04.sqm
2009-03-04 16:18 . 2009-03-04 16:18 244 --ah----- C:\sqmnoopt03.sqm
2009-03-04 16:18 . 2009-03-04 16:18 232 --ah----- C:\sqmdata04.sqm
2009-03-04 16:18 . 2009-03-04 16:18 232 --ah----- C:\sqmdata03.sqm
2009-03-04 16:17 . 2009-03-04 16:17 244 --ah----- C:\sqmnoopt02.sqm
2009-03-04 16:17 . 2009-03-04 16:17 232 --ah----- C:\sqmdata02.sqm
2009-03-04 15:53 . 2009-03-04 15:53 244 --ah----- C:\sqmnoopt01.sqm
2009-03-04 15:53 . 2009-03-04 15:53 232 --ah----- C:\sqmdata01.sqm
2009-03-04 15:52 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-04 15:52 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-04 15:52 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-04 00:19 . 2009-03-04 00:19 268 --ah----- C:\sqmdata00.sqm
2009-03-04 00:19 . 2009-03-04 00:19 244 --ah----- C:\sqmnoopt00.sqm
2009-03-03 13:53 . 2009-03-03 13:53 <DIR> d-------- c:\documents and settings\Sarah\Contacts
2009-03-03 13:50 . 2009-03-03 13:53 <DIR> d-------- c:\program files\Windows Live
2009-03-03 13:50 . 2009-03-03 13:52 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-03-03 13:50 . 2009-03-03 13:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2009-03-02 22:50 . 2007-05-23 22:26 49,904 -ra------ c:\windows\system32\drivers\BVRPMPR5.SYS
2009-03-02 22:49 . 2009-03-03 14:08 <DIR> d-------- C:\Netgear
2009-02-28 01:49 . 2009-02-28 01:49 <DIR> d-------- c:\windows\system32\Lang
2009-02-28 01:49 . 2009-02-28 01:49 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-02-28 01:49 . 2009-02-28 01:49 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-02-28 01:27 . 2009-02-28 01:27 <DIR> d--hs---- C:\$RECYCLE.BIN
2009-02-28 01:16 . 2009-02-28 01:16 <DIR> d--hs---- C:\Boot
2009-02-28 01:16 . 2006-11-02 10:53 438,840 -rahs---- C:\bootmgr
2009-02-28 01:16 . 2009-02-28 01:16 8,192 -ra-s---- C:\BOOTSECT.BAK

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-05 14:56 --------- d-----w c:\program files\microsoft frontpage
2009-02-26 23:08 376,832 ----a-w c:\windows\system32\AegisI5Installer.exe
2009-02-26 23:08 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-26 23:08 21,361 ----a-w c:\windows\AegisP.sys
2009-02-26 23:08 --------- d-----w c:\windows\system32\config\systemprofile\Applicati on Data\Intel
2009-02-26 23:08 --------- d-----w c:\program files\Intel
2009-02-26 23:08 --------- d-----w c:\documents and settings\Sarah\Application Data\Intel
2009-02-26 23:08 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2009-02-26 23:08 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2009-02-26 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2009-02-26 23:06 --------- d-----w c:\program files\Fingerprint Sensor
2009-02-26 22:37 --------- d-----w c:\program files\Reference Assemblies
2009-02-26 22:37 --------- d-----w c:\program files\MSBuild
2009-02-26 22:32 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-26 21:10 308,248 ----a-w c:\windows\system32\drivers\iaStor.sys
2009-02-26 21:10 1,571,840 ----a-w c:\windows\system32\sfcfiles.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-06_22.01.13,62 )))))))))))))))))))))))))))))))))))))))))

quido64
7 maart 2009, 17:37
DEEL 2:

((((((((((((((((((((((((((((( SnapShot@2009-03-06_22.01.13,62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:26:08 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:46 18,808 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:46 234,872 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:46 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:44 765,304 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:44 401,272 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-05-07 05:09:20 1,292,288 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:19:43 18,808 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:19:43 234,872 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:19:43 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:46 765,304 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:47 401,272 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll
+ 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:45:12 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:45:12 247,296 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:46 18,808 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:46 234,872 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:46 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:44 765,304 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:44 401,272 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:52:39 512,000 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:52:39 180,224 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:52:39 172,032 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:52:40 430,080 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:52:40 90,112 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:46 18,808 ----a-w c:\windows\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:46 234,872 ----a-w c:\windows\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:46 26,488 ----a-w c:\windows\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:44 765,304 ----a-w c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:44 401,272 ----a-w c:\windows\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-06-24 16:54:31 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:46 18,808 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:46 234,872 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:46 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:46 765,304 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:47 401,272 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-09-10 01:13:06 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:46 18,808 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:46 234,872 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:46 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:46 765,304 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:47 401,272 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:46 18,808 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:46 234,872 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:46 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:46 765,304 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:47 401,272 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:45:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:07:36 18,808 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:07:36 234,872 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:07:36 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:44:11 765,304 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:44:19 401,272 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-06-17 19:05:17 8,508,928 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:44:08 18,808 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:44:09 234,872 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:44:08 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:44:11 765,304 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:44:19 401,272 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2009-03-05 18:20:59 64,088 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0 .0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-03-07 16:19:24 66,936 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0 .0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2009-03-05 18:20:59 223,800 ----a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce11 1e9429c\OFFICE.DLL
+ 2009-03-07 16:19:22 226,656 ----a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce11 1e9429c\OFFICE.DLL
+ 2008-06-14 17:36:45 272,640 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 13:27:30 2,149,888 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:27:33 2,070,400 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:27:28 2,028,544 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:27:31 2,193,536 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2007-03-06 01:58:27 216,800 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:59:37 389,856 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2008-05-05 19:32:34 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
- 2008-05-05 19:31:42 316,416 ----a-w c:\windows\inf\unregmp2.exe
+ 2007-06-27 14:57:10 317,952 ----a-w c:\windows\inf\unregmp2.exe
+ 2006-10-26 19:12:56 396,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6021\MOC.EXE
+ 2007-05-08 10:10:18 16,874,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6021\MSO.DLL
+ 2007-03-21 17:56:50 8,425,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6021\OARTCONV.DLL
+ 2006-10-27 14:18:34 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6021\OGL.DLL
+ 2007-05-10 08:04:28 846,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6021\OICE.EXE
+ 2007-05-10 09:11:42 1,767,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6021\PPCNV.DLL
+ 2007-03-21 18:00:06 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6021\PXBCOM.EXE
+ 2007-03-21 17:58:40 4,145,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6021\WRD12CNV.DLL
+ 2007-03-21 17:58:46 24,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6021\WRD12EXE.EXE
+ 2007-05-10 09:25:40 14,677,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6021\XL12CNV.EXE
+ 2007-09-14 20:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 23:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-24 04:00:34 1,767,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6215\PPCNV.DLL
+ 2007-08-24 04:00:48 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6215\PXBCOM.EXE
+ 2007-10-02 19:00:06 14,708,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109 020031400000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2003-07-15 05:57:34 38,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 05:53:06 94,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 02:14:28 350,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 10:18:12 47,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-15 05:56:54 14,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 05:57:14 98,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-08-13 09:34:38 10,073,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2003-08-03 17:56:16 1,146,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2003-07-24 06:01:40 1,949,240 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-07-15 06:36:14 186,424 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-15 05:40:12 179,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-26 02:00:16 1,157,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-26 02:14:50 799,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-15 06:11:42 2,139,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-14 21:57:44 87,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-15 05:53:50 161,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-05-28 22:42:48 514,680 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\INTLNAME.DLL
+ 2003-06-19 00:31:44 758,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-06-18 16:31:10 252,928 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-19 00:31:48 17,920 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-06-19 00:31:48 18,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-19 00:31:46 35,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 16:31:34 443,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-05-28 22:42:50 342,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\METCONV.DLL
+ 2003-07-14 21:58:04 230,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-15 05:51:50 116,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
+ 2002-12-18 02:08:50 359,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2002-12-18 02:08:54 1,383,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-15 05:51:44 87,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2002-04-10 03:14:36 187,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2003-07-15 05:52:52 17,464 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-08-08 07:23:16 12,172,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-07-14 21:57:16 120,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 02:14:18 106,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-23 21:35:26 127,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 05:52:52 27,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 05:44:06 25,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 05:52:56 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2002-12-18 02:09:24 2,071,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2003-07-11 09:15:48 1,292,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 10:18:52 376,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\

quido64
7 maart 2009, 17:37
DEEL 3:

3140110900063D11C8EF10054038389C\11.0.5614\MSORUN. DLL
+ 2003-07-14 21:52:54 28,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 05:52:52 35,896 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 05:46:16 42,040 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 05:45:12 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 05:45:12 39,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-18 16:31:24 1,033,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-06-18 16:31:50 16,384 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 15:05:50 364,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 05:52:58 41,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-15 06:02:14 627,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-15 05:56:24 124,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-24 05:40:00 482,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 06:00:54 145,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 05:57:10 56,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 05:56:52 13,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2009-03-05 18:20:59 223,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 10:14:26 283,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 10:14:26 828,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 10:14:26 27,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 10:14:26 242,240 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 06:05:24 1,054,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-08-01 22:09:04 8,086,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-07-30 19:40:40 6,133,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-07-15 10:18:54 430,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 10:18:44 93,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-31 22:21:08 1,782,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-05-09 04:54:00 77,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 05:57:08 40,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-07-14 21:57:08 58,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 05:53:14 11,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL .EXE
+ 2003-08-03 17:52:32 2,808,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-03 14:19:36 2,502,656 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2009-03-05 18:20:59 64,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-08-06 20:24:20 12,037,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\31401109 00063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2009-03-06 21:09:23 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2009-03-05 18:21:24 593,920 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-07 16:20:23 593,920 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-03-05 18:21:24 12,288 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-07 16:20:23 12,288 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-03-05 18:21:24 86,016 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-03-07 16:20:23 86,016 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-03-05 18:21:24 135,168 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-07 16:20:23 135,168 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-03-05 18:21:24 11,264 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-07 16:20:23 11,264 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-03-05 18:21:24 27,136 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-07 16:20:23 27,136 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-03-05 18:21:24 4,096 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-07 16:20:23 4,096 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-03-05 18:21:24 794,624 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-07 16:20:23 794,624 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-05 18:21:24 249,856 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-07 16:20:23 249,856 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-03-05 18:21:24 61,440 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-07 16:20:23 61,440 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-03-05 18:21:24 23,040 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-07 16:20:23 23,040 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-03-05 18:21:24 286,720 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-07 16:20:23 286,720 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-03-05 18:21:24 409,600 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-07 16:20:23 409,600 ----a-r c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-03-05 15:01:32 38,240 ----a-r c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-03-07 16:20:31 38,240 ----a-r c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-04-14 19:32:54 139,264 ----a-w c:\windows\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\system32\cscript.exe
- 2008-04-13 21:49:24 138,112 -c--a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 -c----w c:\windows\system32\dllcache\afd.sys
- 2008-04-14 19:32:54 139,264 -c--a-w c:\windows\system32\dllcache\cscript.exe
+ 2008-05-07 09:07:23 135,168 -c--a-w c:\windows\system32\dllcache\cscript.exe
- 2008-04-14 19:32:26 147,968 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:49:21 147,968 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
- 2008-04-14 19:32:26 246,272 -c--a-w c:\windows\system32\dllcache\es.dll
+ 2008-07-07 20:30:07 253,952 -c--a-w c:\windows\system32\dllcache\es.dll
- 2008-04-14 19:32:28 285,184 -c--a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 12:43:45 286,720 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2008-04-14 19:32:30 691,712 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 19:06:47 691,712 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
- 2008-04-14 19:32:30 512,000 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:56:23 512,000 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2008-05-05 19:31:39 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-04-14 19:32:30 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:37:01 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
- 2008-04-14 19:32:30 73,728 -c--a-w c:\windows\system32\dllcache\mscms.dll
+ 2008-06-24 16:46:42 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll
- 2008-05-05 19:31:40 414,208 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2006-12-04 15:21:50 414,720 -c--a-w c:\windows\system32\dllcache\msscp.dll
- 2008-04-14 19:32:34 247,296 -c--a-w c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:49:21 247,296 -c--a-w c:\windows\system32\dllcache\mswsock.dll
- 2008-04-14 19:32:34 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 17:17:14 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2008-04-14 19:32:34 1,306,624 -c--a-w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:16:18 1,307,648 -c--a-w c:\windows\system32\dllcache\msxml6.dll
- 2008-04-14 19:32:34 337,408 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:37:40 337,408 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2008-04-14 19:32:40 1,292,288 -c--a-w c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:12:31 1,292,288 -c--a-w c:\windows\system32\dllcache\quartz.dll
- 2008-04-13 21:25:10 202,624 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 14:02:52 203,136 -c--a-w c:\windows\system32\dllcache\rmcast.sys
- 2008-04-14 19:32:40 180,224 -c--a-w c:\windows\system32\dllcache\scrobj.dll
+ 2008-05-09 10:56:23 180,224 -c--a-w c:\windows\system32\dllcache\scrobj.dll
- 2008-04-14 19:32:40 172,032 -c--a-w c:\windows\system32\dllcache\scrrun.dll
+ 2008-05-09 10:56:23 172,032 -c--a-w c:\windows\system32\dllcache\scrrun.dll
- 2008-04-14 19:32:40 8,508,416 -c--a-w c:\windows\system32\dllcache\shell32.dll
+ 2008-06-17 19:03:19 8,508,416 -c--a-w c:\windows\system32\dllcache\shell32.dll
- 2008-04-13 21:45:12 334,848 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2008-04-14 19:32:46 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:05:08 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-04-13 21:50:18 361,344 -c--a-w c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 11:51:12 361,600 -c--a-w c:\windows\system32\dllcache\tcpip.sys
- 2008-04-13 21:30:04 225,664 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 11:08:27 225,856 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
- 2008-05-05 19:31:42 316,416 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
+ 2007-06-27 14:57:10 317,952 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
- 2008-04-14 19:32:46 434,176 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2008-05-09 10:56:23 430,080 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2008-05-05 19:32:34 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2008-05-27 17:30:36 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
- 2008-04-14 19:05:10 1,845,760 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 15:28:42 1,846,528 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2008-05-05 19:31:43 222,208 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2007-10-25 08:28:30 222,720 -c--a-w c:\windows\system32\dllcache\wmasf.dll
- 2008-05-05 19:31:45 937,984 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2008-05-05 19:31:54 10,834,432 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2007-06-11 22:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2008-05-05 19:32:03 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-04-14 19:33:22 155,648 -c--a-w c:\windows\system32\dllcache\wscript.exe
+ 2008-05-08 11:24:44 155,648 -c--a-w c:\windows\system32\dllcache\wscript.exe
- 2008-04-14 19:32:46 90,112 -c--a-w c:\windows\system32\dllcache\wshext.dll
+ 2008-05-09 10:56:23 90,112 -c--a-w c:\windows\system32\dllcache\wshext.dll
- 2008-04-14 19:32:26 147,968 ----a-w c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:49:21 147,968 ----a-w c:\windows\system32\dnsapi.dll
- 2008-04-13 21:49:24 138,112 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\system32\drivers\afd.sys
- 2008-04-13 21:47:02 456,576 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2008-04-13 21:25:10 202,624 ----a-w c:\windows\system32\drivers\RMCast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2008-04-13 21:45:12 334,848 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 10:57:09 333,952 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-04-13 21:50:18 361,344 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2008-04-13 21:30:04 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\system32\drivers\tcpip6.sys
- 2008-04-14 19:32:26 246,272 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:30:07 253,952 ----a-w c:\windows\system32\es.dll
- 2003-08-03 17:56:16 1,146,184 ----a-w c:\windows\system32\FM20.DLL
+ 2007-06-06 09:53:34 1,195,888 ----a-w c:\windows\system32\FM20.DLL
+ 2007-03-22 18:17:04 35,440 ----a-w c:\windows\system32\FM20ENU.DLL
- 2003-08-18 11:31:16 42,640 ----a-w c:\windows\system32\FM20NLD.DLL
+ 2007-04-12 12:51:08 48,352 ----a-w c:\windows\system32\FM20NLD.DLL
- 2009-03-05 18:44:31 133,280 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-06 21:15:36 133,280 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 19:32:28 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:43:45 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2008-04-14 19:32:30 691,712 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 19:06:47 691,712 ----a-w c:\windows\system32\inetcomm.dll
- 2008-04-14 19:32:30 512,000 ----a-w c:\windows\system32\jscript.dll
+ 2008-05-09 10:56:23 512,000 ----a-w c:\windows\system32\jscript.dll
- 2008-05-05 19:31:39 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-04-14 19:32:30 73,728 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:46:42 74,240 ----a-w c:\windows\system32\mscms.dll
- 2008-05-05 19:31:40 414,208 ----a-w c:\windows\system32\msscp.dll
+ 2006-12-04 15:21:50 414,720 ----a-w c:\windows\system32\msscp.dll
- 2008-04-14 19:32:34 247,296 ----a-w c:\windows\system32\mswsock.dll
+ 2008-06-20 17:49:21 247,296 ----a-w c:\windows\system32\mswsock.dll
- 2008-04-14 19:32:34 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:17:14 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2003-04-18 15:46:22 1,233,920 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 15:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2008-04-14 19:32:34 1,306,624 ----a-w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:16:18 1,307,648 ----a-w c:\windows\system32\msxml6.dll
- 2008-04-14 19:32:34 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:37:40 337,408 ----a-w c:\windows\system32\netapi32.dll
- 2008-04-14 19:46:08 2,028,544 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 13:27:28 2,028,544 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2008-04-14 19:11:24 2,149,888 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 13:27:30 2,149,888 ----a-w c:\windows\system32\ntoskrnl.exe
- 2009-03-06 20:50:14 71,584 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-07 16:20:35 71,584 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-06 20:50:14 91,494 ----a-w c:\windows\system32\perfc013.dat
+ 2009-03-07 16:20:35 91,494 ----a-w c:\windows\system32\perfc013.dat
- 2009-03-06 20:50:14 441,518 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-07 16:20:35 441,518 ----a-w c:\windows\system32\perfh009.dat
- 2009-03-06 20:50:14 509,666 ----a-w c:\windows\system32\perfh013.dat
+ 2009-03-07 16:20:35 509,666 ----a-w c:\windows\system32\perfh013.dat
- 2008-04-14 19:32:40 1,292,288 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 05:12:31 1,292,288 ----a-w c:\windows\system32\quartz.dll
- 2008-04-14 19:32:40 180,224 ----a-w c:\windows\system32\scrobj.dll
+ 2008-05-09 10:56:23 180,224 ----a-w c:\windows\system32\scrobj.dll
- 2008-04-14 19:32:40 172,032 ----a-w c:\windows\system32\scrrun.dll
+ 2008-05-09 10:56:23 172,032 ----a-w c:\windows\system32\scrrun.dll
- 2008-04-14 19:32:40 8,508,416 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:03:19 8,508,416 ----a-w c:\windows\system32\shell32.dll
- 2005-10-12 23:12:25 14,048 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:43 18,808 ------w c:\windows\system32\spmsg.dll
- 2003-06-19 00:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigrap h.dll
+ 2007-04-09 12:24:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigrap h.dll
- 2003-06-19 00:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.d ll
+ 2007-04-09 12:23:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.d ll
- 2003-06-19 00:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph. dll
+ 2007-04-09 12:24:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph. dll
- 2003-06-19 00:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 12:23:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
- 2003-06-19 00:31:48 18,944 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.d ll
+ 2007-04-09 12:23:54 28,552 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.d ll
- 2007-12-31 00:56:17 22,752 ----a-w c:\windows\system32\spupdsvc.exe
+ 2005-06-28 09:21:34 22,752 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-04-14 19:32:46 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:05:08 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-04-14 19:33:18 60,416 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-04-14 19:32:46 434,176 ----a-w c:\windows\system32\vbscript.dll
+ 2008-05-09 10:56:23 430,080 ----a-w c:\windows\system32\vbscript.dll
- 2008-04-14 19:05:10 1,845,760 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 15:28:42 1,846,528 ----a-w c:\windows\system32\win32k.sys
- 2008-05-05 19:31:43 222,208 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-25 08:28:30 222,720 ----a-w c:\windows\system32\wmasf.dll
- 2008-05-05 19:31:45 937,984 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2008-05-05 19:31:54 10,834,432 ----a-w c:\windows\system32\wmp.dll
+ 2007-06-11 22:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
- 2008-05-05 19:31:27 295,936 ----a-w c:\windows\system32\wmpeffects.dll
+ 2008-06-24 17:12:58 295,936 ----a-w c:\windows\system32\wmpeffects.dll
- 2008-05-05 19:32:03 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
- 2008-04-14 19:33:22 155,648 ----a-w c:\windows\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\system32\wscript.exe
- 2008-04-14 19:32:46 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2008-05-09 10:56:23 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2009-03-07 16:16:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_64c.dat
+ 2009-03-07 16:16:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_e0.dat
+ 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2007-08-22 23:18:08 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2007-08-22 23:18:08 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2007-08-22 23:18:08 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2008-04-15 17:51:53 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"nidle"="c:\documents and settings\Sarah\Application Data\nidle\nidle.exe" [2009-03-05 56832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 86016]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-06-30 2376928]
"SkyTel"="SkyTel.EXE" [2007-11-20 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-02-26 210736]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2009-03-05 20560]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 17:28:01
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-03-07 17:28:40
ComboFix-quarantined-files.txt 2009-03-07 16:28:38
ComboFix2.txt 2009-03-06 21:01:38

Pre-Run: 118.791.098.368 bytes beschikbaar
Post-Run: 118,778,957,824 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

591 --- E O F --- 2009-03-07 16:20:31

Voor zover ik weet worden de berichten van msn altijd opgeslagen?

Bedankt alvast voor al je moeite !!!

Juisterr
8 maart 2009, 12:39
vertel ook even hoe het nu gaat aub.

quido64
8 maart 2009, 14:09
Hallo Eric,

er is nog niks veranderd, de system 32map wordt bij opstart nog steeds geopend...

Groeten Guido

Juisterr
8 maart 2009, 18:50
Iets anders proberen.
Ga naar,
start > uitvoeren type daar sfc /scannow (denk om de spatie). cd van XP bij de hand houden, als er om gevraagd word in de speler stoppen en laten draaien.

Laat even weten of het geholpen heeft.

quido64
9 maart 2009, 19:07
Ik heb dat gedaan met een CD van windows xp met service pack 2 dit is niet de cd waarmee xp is geinstalleerd op deze laptop.

Dit heeft niet geholpen. Maar hij vroeg ook om een CD met windows XP service pack 3.

Misschien ligt het daar aan. Deze CD heb ik nu niet binnen handbereik.

Juisterr
9 maart 2009, 20:20
Download dial-a-fix van hier:
http://wiki.djlizard.net/Dial-a-fix#Download_Dial-a-fix
Unzip het en plaats het op je bureaublad.
Het kan zijn dat er meteen een venster opgaat met de naam: "restrictive policies" bovenaan.
Sluit dit venster terug. Zo kom je in het hoofdvenster van dialafix.
Daar vink aan onder het Registration Center : Explorer/IE/OE/shell/wmp
en klik je op de 'Go' knop onderaan.

quido64
10 maart 2009, 17:03
uitgevoerd zoals beschreven, geen resultaat.

Je bent een doorzetter zeg!

Super!

Juisterr
10 maart 2009, 19:20
Absoluut maar mijn hutkoffer met oplossingen is nu toch wel leeg ben ik bang.

volgens mij kan je het beter even vragen bij software.

quido64
12 maart 2009, 13:01
Ontzettend bedankt voor al je hulp en tijd!

Dan windows er maar even op nieuw op, de eigenaar heeft toch liever een singel boot met xp dan een dual met xp en vista.

Nogmaals bedankt!

Guido

quido64
12 maart 2009, 20:31
Bij nader inzien ga ik toch nog even bij 'software' langs...!

We gaan hier dus verder! (http://www.9lives.be/forum/software/634099-system32-opent-bij-opstarten.html)

Juisterr
13 maart 2009, 20:01
Sluiten we het hier af. :niceone: