Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32 / Remos.jm

Started by bosschenaren , Oct 11 2009 10:08 AM

  • Please log in to reply

#1
bosschenaren
Posted 11 October 2009 - 10:08 AM

bosschenaren

    New Member

  • Member
  • Pip
  • 1 posts
Hello,
I got infected with this [bleep]. I ran Combo-fix like recommended in another topic and this is the log:

ComboFix 09-10-10.02 - Lex 11-10-2009 17:34.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.374 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Lex\Bureaublad\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Lex\LOCALS~1\Temp\0.EXE
c:\documents and settings\Lex\Application Data\inst.exe
c:\documents and settings\Lex\Local Settings\Application Data\calc.exe
c:\recycler\S-1-5-21-1209760696-4633796459-972041481-5428
c:\recycler\S-1-5-21-2108275671-7168137574-841602518-6257
c:\recycler\S-1-5-21-2108275671-7168137574-841602518-6257\Desktop.ini
c:\recycler\S-1-5-21-2108275671-7168137574-841602518-6257\twain_x86.exe
c:\windows\Installer\1d7a9a1.msp
c:\windows\Installer\1d7a9a2.msp
c:\windows\Installer\1d7a9a3.msp
c:\windows\Installer\1d7a9a4.msp
c:\windows\Installer\1d7a9a5.msp
c:\windows\Installer\1d7a9a6.msp
c:\windows\Installer\1d7a9a7.msp
c:\windows\Installer\1d7a9a8.msp
c:\windows\Installer\1d7a9a9.msp
c:\windows\Installer\3a5cd6c.msp
c:\windows\Installer\3a5cd86.msp
c:\windows\kb913800.exe
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\msc.exe
c:\windows\msd.exe
c:\windows\mse.exe
c:\windows\system32\autorun.ini
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


(((((((((((((((((((( Bestanden Gemaakt van 2009-09-11 to 2009-10-11 ))))))))))))))))))))))))))))))
.

2009-10-11 09:19 . 2009-10-11 09:31 -------- d-----w- c:\program files\True Sword 5
2009-10-11 00:39 . 2009-10-11 00:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-11 00:26 . 2009-10-11 00:55 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-11 00:22 . 2009-10-11 00:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-11 00:15 . 2009-10-11 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-11 00:15 . 2009-10-11 00:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-11 00:15 . 2009-10-11 00:15 -------- d-----w- c:\documents and settings\Lex\Application Data\SUPERAntiSpyware.com
2009-10-11 00:14 . 2009-10-11 00:14 -------- d-----w- c:\documents and settings\Lex\Application Data\Malwarebytes
2009-10-11 00:14 . 2009-10-11 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-10 23:02 . 2009-10-11 00:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-10 19:36 . 2009-10-10 19:36 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-10-10 19:36 . 2009-10-10 19:36 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-10-10 17:09 . 2009-10-11 09:14 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-10 12:49 . 2009-10-03 21:16 16384 ----a-w- c:\windows\fileextract.exe
2009-10-10 12:49 . 2009-07-15 11:22 633398 ----a-w- c:\windows\run_setup.exe
2009-10-03 08:27 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 15:03 . 2009-10-01 15:03 -------- d-----w- c:\program files\Microsoft

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 14:50 . 2008-07-17 17:28 -------- d-----w- c:\program files\VSO
2009-10-11 10:00 . 2007-01-04 15:44 -------- d-----w- c:\program files\EasyStart
2009-10-11 09:59 . 2006-09-28 13:10 -------- d-----w- c:\program files\EA SPORTS
2009-10-11 09:58 . 2007-11-13 16:27 -------- d-----w- c:\program files\EA GAMES
2009-10-11 09:56 . 2006-10-25 17:44 -------- d-----w- c:\program files\cache
2009-10-11 09:38 . 2007-04-23 08:44 -------- d-----w- c:\program files\Ultra DVD Creator
2009-10-11 00:14 . 2008-10-04 12:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 21:09 . 2006-11-27 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-10 20:05 . 2006-11-27 21:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-10 19:36 . 2009-05-29 17:59 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-10-05 19:09 . 2009-06-02 17:50 -------- d-----w- c:\documents and settings\Lex\Application Data\U3
2009-10-04 15:26 . 2007-08-20 11:12 -------- d-----w- c:\program files\WMR11
2009-09-10 19:21 . 2007-06-07 10:47 -------- d-----w- c:\documents and settings\Lex\Application Data\Azureus
2009-09-10 19:19 . 2007-06-07 10:47 -------- d-----w- c:\program files\Azureus
2009-09-10 12:23 . 2007-09-09 11:03 -------- d-----w- c:\program files\Google
2009-09-09 06:44 . 2007-12-18 13:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 11:43 . 2007-04-22 15:27 -------- d-----w- c:\documents and settings\Lex\Application Data\Vso
2009-08-27 10:42 . 2009-03-31 20:13 -------- d-----w- c:\documents and settings\Lex\Application Data\Belastingdienst
2009-08-19 23:55 . 2007-01-26 13:26 -------- d-----w- c:\documents and settings\Lex\Application Data\Microgaming
2009-08-17 22:55 . 2009-07-23 12:31 -------- d-----w- c:\documents and settings\Lex\Application Data\gtk-2.0
2009-08-16 09:41 . 2009-01-31 10:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 09:41 . 2007-01-01 10:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-16 09:41 . 2008-05-30 20:02 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 09:37 . 2008-02-09 12:58 93264 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-15 22:40 . 2005-09-02 01:05 530876 ----a-w- c:\windows\system32\perfh013.dat
2009-08-15 22:40 . 2005-09-02 01:05 100652 ----a-w- c:\windows\system32\perfc013.dat
2009-08-15 22:35 . 2009-08-15 22:35 -------- d-----w- c:\program files\MSBuild
2009-08-15 22:35 . 2009-08-15 22:35 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2005-09-02 01:05 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-19 08:25 . 2009-07-19 08:20 118135 ----a-w- c:\windows\hpqins00.dat
2009-07-17 19:04 . 2005-09-02 01:04 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2005-09-02 01:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2006-02-13 09:07 . 2006-10-25 17:44 1125376 ----a-w- c:\program files\FTDv3.exe
2008-03-30 17:39 . 2006-06-03 16:28 88 --sh--r- c:\windows\system32\574572B699.sys
2007-09-29 18:17 . 2006-06-03 19:39 56 --sh--r- c:\windows\system32\99B6724557.sys
2005-06-22 06:37 . 2006-05-24 18:37 45568 --sha-r- c:\windows\system32\cygz.dll
2008-03-30 17:39 . 2006-06-03 16:28 6060 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 69EAA7501F53A40E8C04C69F2391224F . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 69EAA7501F53A40E8C04C69F2391224F . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-09-02 . 195B1255D9383AEFFBDFA8A11AE4D282 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . EFD9660AF9177D90018AC9A9AA42310F . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . EFD9660AF9177D90018AC9A9AA42310F . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 1EAA8CD46BFB33307ACAF10EFF80E8BD . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2006-08-25 . F67AE54BCA3873D48A1AC722A9CA70BF . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . F567148940C1F5D93070822C0F3C0C34 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-09-02 . 8A473F553E9E45DB4EF6FF11AB54E4E1 . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-09-02 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-09-02 . FBCF5EF8A261632D1CB45B20ACEDE4B1 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2008-04-14 . 0A9CF5D3CF63A8699F28C814EF821C7E . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 0A9CF5D3CF63A8699F28C814EF821C7E . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-09-02 . 5F321535D399516B6D780FF9EF8D8B7A . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-09-02 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-09-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 380397621E94B32C744E7B2CC1330390 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 380397621E94B32C744E7B2CC1330390 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-03 . 59549E9180CE29D832289E1A1D9E3C60 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-09-02 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-09-02 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-09-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-09-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB913446$\tcpip.sys

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 17:02 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 17:02 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:42 . 094ECC4FB57ABA154F840C8414867E90 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:36 . 3732BE0811CE6E15A56AD1CEC02CF532 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-09-02 11:00 . 3F59BCDFAC47550F43001C4CE8CB0B91 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 58211BB9D2F5C761BFB504C2BBBA8D99 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 58211BB9D2F5C761BFB504C2BBBA8D99 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-09-02 . 7ADE4584ED6657CAE3D523CF101992BD . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-14 . 9234F9A97016954CC67C01DA9C4F39C2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 9234F9A97016954CC67C01DA9C4F39C2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . BDF49EB509B446650A752F751634AA1C . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . 74B59D2B62583D3932FCE6CBB6EB5F77 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-09-02 . 5B42639BE48C8E84FD52C66958A44427 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . FE6417AB01E9A5B124A58BE2B5DB663B . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . FE6417AB01E9A5B124A58BE2B5DB663B . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-09-02 . 8DF7AC820F9B3FD5E713E9A74827931C . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . 8754210A3399D19610CE2D71E0C3E5D9 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . 8754210A3399D19610CE2D71E0C3E5D9 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-09-02 . 34A82DEBEFB057FCCCBE15F619FC98A7 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-06-20 . 74816260AECBE87C473962A359007EEB . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 74816260AECBE87C473962A359007EEB . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 74816260AECBE87C473962A359007EEB . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 18740E8EC5BE4B6D66FA0E4CBFD3B9C6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . FF59588E31F864FED9D0258969559A4B . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 71AB52C70B9436C0A0B704FDE9D1A7CD . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . 6BBC05038DF477F12E930A0F99F7D219 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . 6BBC05038DF477F12E930A0F99F7D219 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-09-02 . 0C53DB0671AB5A93D169DAFFC8DA11CF . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . E6A7071DF6855AB7CCCC220AC3AAD087 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . E6A7071DF6855AB7CCCC220AC3AAD087 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-09-02 . B3FDAC7A518B6B684BEFE792DC1DC560 . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 5431FB616ECAE0D587C5B97D0B86CBD8 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 5431FB616ECAE0D587C5B97D0B86CBD8 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . F32049792BCBF64954FF964508E47AFB . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 269182FF03F1FDD0EF803AEB63C01080 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-09-02 . B2665A1B502EC037388B7919CBD58C28 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 32167CE0150DC2A269D99689A143FB67 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 32167CE0150DC2A269D99689A143FB67 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-09-02 . D5A792DB732622A393A0469FE6EAA728 . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 5C0073A51C4873430FA8B262E92183FF . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 5C0073A51C4873430FA8B262E92183FF . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 5C0073A51C4873430FA8B262E92183FF . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-09-02 . 772027CC5FFAEA3E7D10AF2691EE7095 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2008-04-14 . 0E3B585761E23C1E35442E972B7E45F9 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 0E3B585761E23C1E35442E972B7E45F9 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-09-02 . 5AE934F6837B5A583DED535C4BE5A804 . 184832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . E6DCF5DD55AC2655971A478718307D18 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . E6DCF5DD55AC2655971A478718307D18 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-09-02 . 0B10A3122527910CE60D23A7F29C28B1 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . DB454135DE1A09FE7FEDA7B554B5CCA2 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . DB454135DE1A09FE7FEDA7B554B5CCA2 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . E410EC73E2BE2A41D923B006F51C8427 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . E410EC73E2BE2A41D923B006F51C8427 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-09-02 . AB8C6D89A897BACBA4657FDF00E344A6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 2BC9FB448F0C2394FF53C83A7BB04731 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 2BC9FB448F0C2394FF53C83A7BB04731 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 5A145DBF2916F583921BB27B91B2DC0B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . C2A4E29888F45E7FC1FD64C83D5EA669 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-09-02 . F38C48EE55AD051BF5474F5BDD69C846 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . 4CF588D2F2363B73EB4AF57967D46DFF . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 4CF588D2F2363B73EB4AF57967D46DFF . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . FA35431E333943F4B2A6D33FA4EE3CE9 . 579584 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . CB18F701A5D55A6308FAB8D18322C060 . 579072 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 0B62745CE93E8C6F56547F70269DBABC . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . A9F2EBFC6EF9C1FB38CEDCF747162B6C . 578560 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-09-02 . 8E5D344FD717D35EE7ED1C8E0AD0CBE6 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . 6818A533ED3B2FA9936DF3DAF45352DF . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 6818A533ED3B2FA9936DF3DAF45352DF . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-09-02 . DE7A0EE4A6A28E6DFE3118EB22468DA6 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-09-02 . 732ED791711DF9C9DD15E5515BC681B8 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 520391367546218929749612ABFE840C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 520391367546218929749612ABFE840C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-09-02 . 06EBCBE58321E924980148B7E3DBD753 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 147E95A42A58CE99E403F7F57656BBEB . 1036800 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 1D6245AFBD3FAABC16A885116BE1874D . 1036800 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-09-02 . A1D7304A87FC3093150F5E3CC7B0F338 . 1035776 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 074C38B50CE71E3EC6DD3F6DAABF4EEF . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 074C38B50CE71E3EC6DD3F6DAABF4EEF . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 61E70054981A2F9E64CEA7CA9479C0AA . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-09-02 . 687ABDBF4790F907FB0D3A50B8D9FE3A . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-09-02 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-09-02 . 40AC9CE966A05B05C9A4DB5B306A26C3 . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2008-04-14 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-09-02 . 0B96A1E4252F663222C9C3BAC89F596C . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-09-02 . D6381A7C1704BE7A8FD5EFDFD9F1463B . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . FD3C38635808920F8235BF2FED642F54 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . FD3C38635808920F8235BF2FED642F54 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-09-02 . F4C8D4B0A294AAF37FE50C407B6E03F9 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . CA64B9406EEDA4FFA2DAEAE1DABCCE42 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . CA64B9406EEDA4FFA2DAEAE1DABCCE42 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-09-02 . F1720914CAB06FDE4BE250E3767713CF . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-09-02 . 486594A19F7AEDEBEA600855FFD5E914 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . E98A8C802CDB31FCF4121D9DFBEA3677 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . E98A8C802CDB31FCF4121D9DFBEA3677 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-09-02 . 7DE46C9C40ABB58C8FDFE0212A3BF2B4 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-09-02 . D01BB100558945178E4BCB33B0FE9364 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-09-02 . D245B3E32F8AB3B2FB576AFCFDEC105E . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . CFB406497D9CF95DFFE17594899FD367 . 135680 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . CFB406497D9CF95DFFE17594899FD367 . 135680 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . D6F2B8963663F2014FAFCD8E15E4E778 . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 20A1DFA416579DACEE28E15E331C3930 . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-09-02 . 394FD6CE1AC84BB318B806A6F8D90F66 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B9D0DE64BE96A806819516440FD211C . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 5B9D0DE64BE96A806819516440FD211C . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-09-02 . B02FDCE64F64CDE3AA809D28D25D2A12 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . E0AEF86A594C9990D6321C5CA239C5B7 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . E0AEF86A594C9990D6321C5CA239C5B7 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2005-03-09 . C066674CB15B3B6F8A1D210D603091B6 . 297472 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-09-02 . E2CE999886A4636026F157DEB886AA94 . 297472 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll

[-] 2008-04-14 . 434A70FA278EB3C42140E3755C2FA4F8 . 175616 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . 434A70FA278EB3C42140E3755C2FA4F8 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-09-02 . CC888653E0DEC81B525B956C77960F88 . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2004-09-02 . 63F517B1A87DABF3F5ACB8A7952FC1D1 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-09-02 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 17:02 . 2407EADA5E2E146AB51E925F151DDAA5 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 17:02 . 2407EADA5E2E146AB51E925F151DDAA5 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:19 . 13E52326F0F19A1A8D34681E3444E8D1 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-09-02 11:00 . 8EED1D71C14C356684E586B0A7DB6BCE . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . C56A45A03DCA11712DE9FDF98224230B . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . C56A45A03DCA11712DE9FDF98224230B . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-09-02 . 1405B1431F51CAB25FE9B2ECF13CB198 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2005-08-03 17:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-03 17:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-09-02 11:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-14 17:02 . AC1A78237B53044735693633F8235468 . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 17:02 . AC1A78237B53044735693633F8235468 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-09-02 11:00 . AC75E028773CBBD7D8B1313F382E7C05 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 01653D6C9604F1FB31A76EC94E08954F . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 01653D6C9604F1FB31A76EC94E08954F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 063B30C37E3902760919D3E5D98CC7C9 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . DE0A3D72D98A08A115300E2B2DC4374B . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-09-02 . 348B60067B10EFA7D7763EE44674108C . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144]
"FTD Watchdog Monitor"="c:\program files\FTD Watchdog\FtdMonitor.exe" [2009-03-14 176640]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-09 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-09 40960]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-03 2023704]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Lex\Menu Start\Programma's\Opstarten\
Snelkoppeling naar mount.lnk - c:\documents and settings\Lex\Bureaublad\mount.bat [2007-12-24 17]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 09:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\FlashFXP\\flashfxp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30-5-2008 22:02 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15-9-2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15-9-2009 11:42 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31-1-2009 12:14 297752]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [7-8-2009 16:31 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15-9-2009 11:42 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10-9-2009 14:23 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map

2009-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 12:23]

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 12:23]

2009-10-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2008-03-12 c:\windows\Tasks\shutdown -f -s.job
- c:\windows\system32\shutdown.exe [2005-09-02 17:03]

2009-10-11 c:\windows\Tasks\User_Feed_Synchronization-{36B2CD0B-369D-4B1E-B14C-10378A16BF68}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 81.0.247.125:80
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp07.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-dxlock - (no file)
HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
HKLM-Run-LaunchList - c:\program files\Pinnacle\Studio 9\LaunchList.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files\DivX\DivXPlayerUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 17:51
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1489817247-1799332235-3958359037-1005\Software\SecuROM\License information*]
"datasecu"=hex:53,7f,38,45,a8,b1,d8,0d,f9,c4,bf,f6,af,9a,7c,74,f0,f8,f8,1c,0d,
b6,78,d9,48,d0,52,90,03,4a,f9,2c,d3,c3,e7,04,78,6b,9b,ed,4d,ae,30,04,0c,73,\
"rkeysecu"=hex:92,e0,85,94,60,44,31,49,52,78,b5,9d,fa,d8,ce,e6

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•9~*]
"3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3852)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Voltooingstijd: 2009-10-11 17:59 - machine werd herstart
ComboFix-quarantined-files.txt 2009-10-11 15:59

Pre-Run: 42.883.100.672 bytes beschikbaar
Post-Run: 49.930.022.912 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

503 --- E O F --- 2009-10-09 06:02


What do I have to do now? Thanx in advance!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP