Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Scanners vinden niets, maar toch spyware.. + HijackThisLog

Anoniem
juisterr
13 antwoorden
  • Sinds gisteravond heb ik last van pop-ups. Het begon met McAfee die aangaf dat het een trojan had gedetecteerd, namelijk vundo.dll en heeft deze ook gerepareerd. Meteen nadat dat gebeurt was, heb ik McAfee, Spybot S&D en Ad-Aware geupdate. Vervolgens startte ik mijn computer opnieuw op in veilige modus, en heb ik met alledrie de programma’s scans gedaan. Ze hebben behoorlijk wat spyware gevonden, en deze ook verwijderd. Na nog een paar keer scannen vinden ze echter niets meer.

    Nu heb ik dat als ik IE7 opstart, McAfee meteen waarschuwt dat er iets in het register aangepast wordt bij Internet Security Zones, en deze aanpassingen blokkeer ik meteen. Als ik IE afsluit en opnieuw opstart krijg ik de melding weer. Ik heb vervolgens ook nog geprobeerd IE opnieuw te installeren, maar dit heeft niets opgelost.

    Nu weet ik niet meer wat ik moet doen.. De meeste pop-ups zijn van pc-doctor en allemaal andere troep die wil dat ik programma’s installeer, en het begint onderhand behoorlijk frustrerend te worden, vooral omdat ik met McAfee, Spybot en Ad-Aware niets meer kan vinden. Overigens had ik voor gisteravond nooit last van dit soort willekeurige pop-ups, en de pop-ups komen ook voor in Mozilla Firefox.

    Wat me overigens ook is opgevallen is dat bij IE7 de beveiliging van cookies iedere keer vanzelf op laag gezet word.

    Ik heb een HijackThis log gemaakt, zie hieronder. Ik ben echter geen kei in dit soort dingen, dus bedankt voor de hulp alvast ;)

    Logfile of HijackThis v1.99.1
    Scan saved at 13:39:54, on 24-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\DOCUME~1\Ufuk\LOCALS~1\Temp\clclean.0001
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0230Mon.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Documents and Settings\Ufuk\Bureaublad\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114w.bay114.mail.live.com/mail
    esources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

  • Yep vundo besmetting.


    Download [b:989e4dea54]Combofix[/b:989e4dea54] naar je Bureaublad.
    Dubbelklik [b:989e4dea54]Combofix.exe[/b:989e4dea54]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:989e4dea54]NIET[/b:989e4dea54] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:989e4dea54]combofix.txt[/b:989e4dea54] openen.
    Plaats dit log in je volgende post samen met een nieuw HijackThis log.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • [b:e44c18b295]Combofix log:[/b:e44c18b295]

    "Ufuk" - 2007-05-24 16:44:20 Service Pack 2
    ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\Ufuk\Mijn documenten\ComboFix\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\rcqyqmkj.dll
    C:\WINDOWS\system32\dcbeg.bak1
    C:\WINDOWS\system32\dcbeg.ini
    C:\WINDOWS\system32\dcbeg.bak1
    C:\WINDOWS\system32\dcbeg.ini
    C:\WINDOWS\system32\gebcd.dll
    C:\WINDOWS\system32\qomljkl.dll

    [b:e44c18b295]HijackThis Log:[/b:e44c18b295]

    Logfile of HijackThis v1.99.1
    Scan saved at 16:55:16, on 24-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0230Mon.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\DOCUME~1\Ufuk\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ufuk\Bureaublad\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114w.bay114.mail.live.com/mail
    esources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

  • Voor goede controle moet ik toch echt het [b:ba22b0624d]"volledige combofixlogje"[/b:ba22b0624d] zien aub.
  • [b:de7c55d358]Volledige log:[/b:de7c55d358]

    "Ufuk" - 2007-05-24 16:44:20 Service Pack 2
    ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\Ufuk\Mijn documenten\ComboFix\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\rcqyqmkj.dll
    C:\WINDOWS\system32\dcbeg.bak1
    C:\WINDOWS\system32\dcbeg.ini
    C:\WINDOWS\system32\dcbeg.bak1
    C:\WINDOWS\system32\dcbeg.ini
    C:\WINDOWS\system32\gebcd.dll
    C:\WINDOWS\system32\qomljkl.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))


    2007-05-24 11:35 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-05-23 23:15 1,310,720 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-05-23 23:15 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
    2007-05-23 23:15 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
    2007-05-23 23:15 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-05-23 23:15 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
    2007-05-23 23:15 <DIR> d——– C:\DOCUME~1\ADMINI~1\Mijn documenten
    2007-05-23 23:15 <DIR> d——– C:\DOCUME~1\ADMINI~1\Favorieten
    2007-05-23 23:15 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
    2007-05-23 23:15 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
    2007-05-15 11:36 <DIR> d——– C:\DOCUME~1\Ufuk\APPLIC~1\Joost
    2007-05-15 11:35 <DIR> d——– C:\Program Files\Joost
    2007-05-09 16:14 <DIR> d——– C:\DOCUME~1\Zeki\APPLIC~1\GrabIt
    2007-05-03 13:46 <DIR> d——– C:\Program Files\TuneUp Utilities 2007
    2007-05-02 21:58 <DIR> d——– C:\Program Files\TomTom DesktopSuite


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-23 21:05:59 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\uTorrent
    2007-05-23 13:17:26 ——– d—–w C:\Program Files\MSN Messenger
    2007-05-23 13:17:26 ——– d—–w C:\Program Files\Messenger Plus! Live
    2007-05-19 17:45:25 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\LimeWire
    2007-05-13 09:22:44 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-05-13 09:21:42 ——– d—–w C:\Program Files\Common Files\PCSuite
    2007-05-09 13:44:43 ——– d—–w C:\Program Files\NewsLeecher
    2007-05-09 13:38:48 ——– d—–w C:\Program Files\GrabIt
    2007-05-07 19:54:40 ——– d—–w C:\Program Files\Microsoft ActiveSync
    2007-05-03 11:45:31 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-04-27 17:18:25 ——– d—–w C:\Program Files\DVD Shrink
    2007-04-19 18:01:43 ——– d—–w C:\Program Files\iTunes
    2007-04-19 18:01:35 ——– d—–w C:\Program Files\iPod
    2007-04-19 18:00:27 ——– d—–w C:\Program Files\Apple Software Update
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-13 10:50:01 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Command & Conquer 3 Tiberium Wars
    2007-04-12 18:52:46 ——– d—–w C:\Program Files\Electronic Arts
    2007-04-10 17:35:18 ——– d—–w C:\Program Files\Common Files\Knowledge Adventure
    2007-04-10 17:35:18 ——– d—–w C:\Program Files\Barbie(TM)
    2007-03-28 17:42:42 29,704 —-a-w C:\WINDOWS\system32\uxtuneup.dll
    2007-03-28 13:58:24 ——– d—–w C:\Program Files\Skype
    2007-03-28 13:58:13 76,582 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-03-28 13:58:13 455,614 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-03-28 13:55:54 ——– d—–w C:\Program Files\EVEREST Ultimate
    2007-03-27 11:13:33 ——– d—–w C:\Program Files\McAfee
    2007-03-27 10:53:49 ——– d—–w C:\Program Files\McAfee.com
    2007-03-27 10:51:31 ——– d—–w C:\Program Files\Common Files\McAfee
    2007-03-25 17:59:18 ——– d—–w C:\Program Files\Palm
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-16 14:17:29 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\NewsLeecher
    2007-03-13 15:26:46 ——– d—–w C:\Program Files\QuickTime
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
    2007-03-06 19:58:31 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Creative
    2007-03-05 20:56:12 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\muvee Technologies
    2007-03-05 15:39:25 50 —-a-w C:\AUTOEXEC.BAT
    2007-03-05 15:39:16 ——– d—–w C:\Program Files\muvee Technologies
    2007-03-05 15:37:54 ——– d—–w C:\Program Files\SightSpeed
    2007-03-05 15:36:48 ——– d—–w C:\Program Files\Creative
    2007-02-18 18:50:40 3,909 —-a-w C:\WINDOWS\mozver.dat
    2007-02-05 20:20:07 185,344 —-a-w C:\WINDOWS\system32\upnphost.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 16:02]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56]
    "mnu"="C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 19:54]
    "MBMon"="CTMBHA.DLL" [2005-05-19 04:54 C:\WINDOWS\system32\CTMBHA.DLL]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 10:47]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
    "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 02:11]
    "V0230Mon.exe"="C:\WINDOWS\V0230Mon.exe" [2006-09-07 02:01]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mnu"="C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 19:54]
    "SetDefaultMIDI"="MIDIDef.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-02-05 17:40]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "UpdReg"=C:\WINDOWS\UpdReg.EXE
    "SigmatelSysTrayApp"=stsystra.exe
    "VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "MWLExe"=C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
    UxTuneUp


    Contents of the 'Scheduled Tasks' folder
    2007-05-18 15:15:01 C:\WINDOWS\tasks\1-Click Maintenance.job
    2007-03-27 10:50:49 C:\WINDOWS\tasks\McDefragTask.job
    2007-03-27 10:50:48 C:\WINDOWS\tasks\McQcTask.job

    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-24 16:48:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-24 16:51:26 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-05-24 16:51

    — E O F —
    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\rcqyqmkj.dll
    C:\WINDOWS\system32\dcbeg.bak1
    C:\WINDOWS\system32\dcbeg.ini
    C:\WINDOWS\system32\dcbeg.bak1
    C:\WINDOWS\system32\dcbeg.ini
    C:\WINDOWS\system32\gebcd.dll
    C:\WINDOWS\system32\qomljkl.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 24-0-01-07 to 24-05-2007 ))))))))))))))))))))))))))))))))))


    24-05-2007 16:51 49.152 –a—— C:\WINDOWS
    ircmd.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-23 21:05:59 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\uTorrent
    2007-05-23 13:17:26 ——– d—–w C:\Program Files\MSN Messenger
    2007-05-23 13:17:26 ——– d—–w C:\Program Files\Messenger Plus! Live
    2007-05-19 17:45:25 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\LimeWire
    2007-05-13 09:22:44 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-05-13 09:21:42 ——– d—–w C:\Program Files\Common Files\PCSuite
    2007-05-09 13:44:43 ——– d—–w C:\Program Files\NewsLeecher
    2007-05-09 13:38:48 ——– d—–w C:\Program Files\GrabIt
    2007-05-07 19:54:40 ——– d—–w C:\Program Files\Microsoft ActiveSync
    2007-05-03 11:45:31 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-04-27 17:18:25 ——– d—–w C:\Program Files\DVD Shrink
    2007-04-19 18:01:43 ——– d—–w C:\Program Files\iTunes
    2007-04-19 18:01:35 ——– d—–w C:\Program Files\iPod
    2007-04-19 18:00:27 ——– d—–w C:\Program Files\Apple Software Update
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-13 10:50:01 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Command & Conquer 3 Tiberium Wars
    2007-04-12 18:52:46 ——– d—–w C:\Program Files\Electronic Arts
    2007-04-10 17:35:18 ——– d—–w C:\Program Files\Common Files\Knowledge Adventure
    2007-04-10 17:35:18 ——– d—–w C:\Program Files\Barbie(TM)
    2007-03-28 17:42:42 29,704 —-a-w C:\WINDOWS\system32\uxtuneup.dll
    2007-03-28 13:58:24 ——– d—–w C:\Program Files\Skype
    2007-03-28 13:58:13 76,582 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-03-28 13:58:13 455,614 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-03-28 13:55:54 ——– d—–w C:\Program Files\EVEREST Ultimate
    2007-03-27 11:13:33 ——– d—–w C:\Program Files\McAfee
    2007-03-27 10:53:49 ——– d—–w C:\Program Files\McAfee.com
    2007-03-27 10:51:31 ——– d—–w C:\Program Files\Common Files\McAfee
    2007-03-25 17:59:18 ——– d—–w C:\Program Files\Palm
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-16 14:17:29 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\NewsLeecher
    2007-03-13 15:26:46 ——– d—–w C:\Program Files\QuickTime
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
    2007-03-06 19:58:31 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Creative
    2007-03-05 20:56:12 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\muvee Technologies
    2007-03-05 15:39:25 50 —-a-w C:\AUTOEXEC.BAT
    2007-03-05 15:39:16 ——– d—–w C:\Program Files\muvee Technologies
    2007-03-05 15:37:54 ——– d—–w C:\Program Files\SightSpeed
    2007-03-05 15:36:48 ——– d—–w C:\Program Files\Creative
    2007-03-02 12:16:52 109,608 —-a-w C:\WINDOWS\system32\drivers\Mpfp.sys
    2007-03-02 11:08:08 ——– d—–w C:\Program Files\Windows Media Connect 2
    2007-02-18 18:50:40 3,909 —-a-w C:\WINDOWS\mozver.dat
    2007-02-14 13:39:10 ——– d—–w C:\Program Files\DivX
    2007-02-13 17:56:54 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Ahead
    2007-02-09 11:10:35 574,464 —-a-w C:\WINDOWS\system32\drivers
    tfs.sys
    2007-02-05 20:20:07 185,344 —-a-w C:\WINDOWS\system32\upnphost.dll
    2007-02-01 04:56:06 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-02-01 04:56:05 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-02-01 04:56:05 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-02-01 04:56:04 639,066 —-a-w C:\WINDOWS\system32\DivX.dll
    2007-01-31 21:27:01 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2007-01-30 23:15:10 118,784 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-01-30 05:03:40 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-01-30 05:03:26 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-01-30 05:03:26 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-01-30 04:56:56 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-01-30 04:56:56 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-01-30 04:56:54 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-01-30 04:56:52 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-01-30 04:56:52 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-01-30 04:56:52 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-01-30 04:56:52 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-01-30 04:56:52 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-01-26 01:19:00 36,624 ——w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-01-26 01:19:00 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2007-01-26 01:19:00 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2007-01-26 01:19:00 116,472 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2007-01-22 11:55:32 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\AdobeUM
    2007-01-19 11:53:04 51,056 —-a-w C:\WINDOWS\system32\sirenacm.dll
    2007-01-10 15:48:16 ——– d—–w C:\Program Files\Microsoft Works
    2007-01-10 15:43:58 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\OfficeUpdate12
    2007-01-06 14:07:38 ——– d—–w C:\Program Files\Microsoft.NET
    2006-12-22 14:02:40 71,496 —-a-w C:\WINDOWS\system32\drivers\mfeavfk.sys
    2006-12-22 14:02:34 37,480 —-a-w C:\WINDOWS\system32\drivers\mfesmfk.sys
    2006-12-22 14:02:34 34,184 —-a-w C:\WINDOWS\system32\drivers\mfebopk.sys
    2006-12-22 14:02:34 32,008 —-a-w C:\WINDOWS\system32\drivers\mferkdk.sys
    2006-12-22 14:02:34 170,408 —-a-w C:\WINDOWS\system32\drivers\mfehidk.sys
    2006-12-12 16:24:42 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2006-12-04 14:21:50 414,720 —-a-w C:\WINDOWS\system32\msscp.dll
    2006-11-30 16:15:11 ——– d—–w C:\Program Files\PC Connectivity Solution
    2006-11-29 11:06:18 3,426,072 —-a-w C:\WINDOWS\system32\d3dx9_32.dll
    2006-11-19 13:57:45 ——– d—–w C:\Program Files\ATI Technologies
    2006-11-16 18:47:22 524,288 —-a-w C:\WINDOWS\opuc.dll
    2006-11-16 16:03:46 ——– d—–w C:\Program Files\Common Files\NSV
    2006-11-16 14:24:54 ——– d—–w C:\Program Files\DAEMON Tools
    2006-11-16 14:21:36 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\ATI
    2006-11-09 16:30:58 163,644 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2006-11-08 05:07:53 679,424 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:32:17 ——– d–h–r C:\DOCUME~1\Ufuk\APPLIC~1\SecuROM
    2006-11-07 19:03:36 413,696 —-a-w C:\WINDOWS\system32\vbscript.dll
    2006-11-07 19:03:36 156,160 —-a-w C:\WINDOWS\system32\msls31.dll
    2006-11-07 01:26:44 71,680 —-a-w C:\WINDOWS\system32\admparse.dll
    2006-11-07 01:26:42 55,296 —-a-w C:\WINDOWS\system32\iesetup.dll
    2006-11-01 19:19:10 927,504 —-a-w C:\WINDOWS\system32\mfc40u.dll
    2006-10-31 15:19:00 28,104 —-a-w C:\DOCUME~1\Ufuk\APPLIC~1\GDIPFONTCACHEV1.DAT
    2006-10-29 13:26:18 ——– d—–w C:\Program Files\Atomic Clock Sync
    2006-10-26 15:00:41 98,304 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
    2006-10-26 13:34:29 ——– d—–w C:\Program Files\LimeWire
    2006-10-26 13:06:35 ——– d—–w C:\Program Files\Common Files\InstallShield
    2006-10-26 13:00:11 271,360 —-a-w C:\WINDOWS\system32\drivers\atksgt.sys
    2006-10-26 13:00:11 18,048 —-a-w C:\WINDOWS\system32\drivers\lirsgt.sys
    2006-10-22 19:59:18 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Lavasoft
    2006-10-22 19:58:22 ——– d—–w C:\Program Files\Lavasoft RegHance
    2006-10-22 19:57:45 ——– d—–w C:\Program Files\Lavasoft
    2006-10-22 19:24:07 ——– d—–w C:\Program Files\SigmaTel
    2006-10-22 19:03:30 ——– d—–w C:\Program Files\Common Files\Real
    2006-10-22 18:03:06 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Real
    2006-10-20 12:51:48 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Google
    2006-10-20 12:51:18 ——– d—–w C:\Program Files\Google
    2006-10-20 01:39:56 714,752 —-a-w C:\WINDOWS\system32\sxs.dll
    2006-10-19 19:38:28 831,048 —-a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
    2006-10-19 16:15:19 ——– d—–w C:\Program Files\Common Files\Ahead
    2006-10-18 22:04:54 42,496 ——w C:\WINDOWS\system32\wpdshextres.dll
    2006-10-18 21:58:00 8,704 —-a-w C:\WINDOWS\system32\wdfmgr.exe
    2006-10-18 21:58:00 8,704 —-a-w C:\WINDOWS\system32\uwdf.exe
    2006-10-18 21:47:22 767,488 ——w C:\WINDOWS\system32\WMVSENCD.dll
    2006-10-18 21:47:22 656,896 ——w C:\WINDOWS\system32\WMVXENCD.dll
    2006-10-18 21:47:22 63,488 —-a-w C:\WINDOWS\system32\wpdmtpus.dll
    2006-10-18 21:47:22 629,760 —-a-w C:\WINDOWS\system32\wpd_ci.dll
    2006-10-18 21:47:22 603,648 —-a-w C:\WINDOWS\system32\WMSPDMOD.dll
    2006-10-18 21:47:22 4,096 —-a-w C:\WINDOWS\system32\wmvdmoe2.dll
    2006-10-18 21:47:22 4,096 —-a-w C:\WINDOWS\system32\wmvdmod.dll
    2006-10-18 21:47:22 4,096 —-a-w C:\WINDOWS\system32\WMVADVE.DLL
    2006-10-18 21:47:22 4,096 —-a-w C:\WINDOWS\system32\WMVADVD.dll
    2006-10-18 21:47:22 4,096 —-a-w C:\WINDOWS\system32\wmsdmoe2.dll
    2006-10-18 21:47:22 4,096 —-a-w C:\WINDOWS\system32\wmsdmod.dll
    2006-10-18 21:47:22 356,352 —-a-w C:\WINDOWS\system32\wpdsp.dll
    2006-10-18 21:47:22 35,840 —-a-w C:\WINDOWS\system32\wpdconns.dll
    2006-10-18 21:47:22 2,603,008 ——w C:\WINDOWS\system32\WpdShext.dll
    2006-10-18 21:47:22 154,624 —-a-w C:\WINDOWS\system32\wpdmtp.dll
    2006-10-18 21:47:22 133,632 ——w C:\WINDOWS\system32\WPDShServiceObj.dll
    2006-10-18 21:47:22 1,574,912 ——w C:\WINDOWS\system32\WMVENCOD.dll
    2006-10-18 21:47:22 1,543,680 ——w C:\WINDOWS\system32\WMVDECOD.dll
    2006-10-18 21:47:22 1,382,912 ——w C:\WINDOWS\system32\WMVSDECD.dll
    2006-10-18 21:47:22 1,329,152 —-a-w C:\WINDOWS\system32\WMSPDMOE.dll
    2006-10-18 21:47:20 99,840 —-a-w C:\WINDOWS\system32\wmpshell.dll
    2006-10-18 21:47:20 937,984 —-a-w C:\WINDOWS\system32\WMNetMgr.dll
    2006-10-18 21:47:20 8,231,936 —-a-w C:\WINDOWS\system32\wmploc.dll
    2006-10-18 21:47:20 613,376 ——w C:\WINDOWS\system32\wmpmde.dll
    2006-10-18 21:47:20 535,040 ——w C:\WINDOWS\system32\wmdrmsdk.dll
    2006-10-18 21:47:20 348,672 —-a-w C:\WINDOWS\system32\wmdrmnet.dll
    2006-10-18 21:47:20 314,880 —-a-w C:\WINDOWS\system32\wmpdxm.dll
    2006-10-18 21:47:20 295,936 ——w C:\WINDOWS\system32\wmpeffects.dll
    2006-10-18 21:47:20 242,688 —-a-w C:\WINDOWS\system32\wmpasf.dll
    2006-10-18 21:47:20 227,328 —-a-w C:\WINDOWS\system32\wmerror.dll
    2006-10-18 21:47:20 204,288 —-a-w C:\WINDOWS\system32\wmpsrcwp.dll
    2006-10-18 21:47:20 157,184 —-a-w C:\WINDOWS\system32\wmidx.dll
    2006-10-18 21:47:20 130,048 ——w C:\WINDOWS\system32\wmpps.dll
    2006-10-18 21:47:20 1,661,440 —-a-w C:\WINDOWS\system32\wmpencen.dll
    2006-10-18 21:47:18 757,248 —-a-w C:\WINDOWS\system32\wmadmod.dll
    2006-10-18 21:47:18 429,056 —-a-w C:\WINDOWS\system32\wmdrmdev.dll
    2006-10-18 21:47:18 4,096 —-a-w C:\WINDOWS\system32\wdfapi.dll
    2006-10-18 21:47:18 37,376 —-a-w C:\WINDOWS\system32\wmdmps.dll
    2006-10-18 21:47:18 33,792 —-a-w C:\WINDOWS\system32\wmdmlog.dll
    2006-10-18 21:47:18 284,160 ——w C:\WINDOWS\system32\PortableDeviceApi.dll
    2006-10-18 21:47:18 222,208 —-a-w C:\WINDOWS\system32\wmasf.dll
    2006-10-18 21:47:18 211,456 —-a-w C:\WINDOWS\system32\qasf.dll
    2006-10-18 21:47:18 199,168 ——w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
    2006-10-18 21:47:18 166,912 ——w C:\WINDOWS\system32\PortableDeviceTypes.dll
    2006-10-18 21:47:18 132,096 ——w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
    2006-10-18 21:47:18 101,888 ——w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
    2006-10-18 21:47:18 1,117,696 —-a-w C:\WINDOWS\system32\WMADMOE.dll
    2006-10-18 21:47:16 321,536 —-a-w C:\WINDOWS\system32\mswmdm.dll
    2006-10-18 21:47:16 27,136 —-a-w C:\WINDOWS\system32\mspmsnsv.dll
    2006-10-18 21:47:16 179,712 —-a-w C:\WINDOWS\system32\msnetobj.dll
    2006-10-18 21:47:16 175,616 —-a-w C:\WINDOWS\system32\mspmsp.dll
    2006-10-18 21:47:14 4,096 —-a-w C:\WINDOWS\system32\MPG4DMOD.dll
    2006-10-18 21:47:14 4,096 —-a-w C:\WINDOWS\system32\MP4SDMOD.dll
    2006-10-18 21:47:14 4,096 —-a-w C:\WINDOWS\system32\MP43DMOD.dll
    2006-10-18 21:47:14 317,440 ——w C:\WINDOWS\system32\MP4SDECD.dll
    2006-10-18 21:47:14 259,072 ——w C:\WINDOWS\system32\MPG4DECD.dll
    2006-10-18 21:47:14 259,072 ——w C:\WINDOWS\system32\MP43DECD.dll
    2006-10-18 21:47:14 212,992 ——w C:\WINDOWS\system32\MFPLAT.dll
    2006-10-18 21:47:14 11,264 —-a-w C:\WINDOWS\system32\LAPRXY.dll
    2006-10-18 21:47:10 991,744 —-a-w C:\WINDOWS\system32\drmv2clt.dll
    2006-10-18 21:47:10 542,720 —-a-w C:\WINDOWS\system32\blackbox.dll
    2006-10-18 21:47:10 229,376 —-a-w C:\WINDOWS\system32\cewmdm.dll
    2006-10-18 21:47:08 7,168 —-a-w C:\WINDOWS\system32\asferror.dll
    2006-10-18 21:47:08 276,992 —-a-w C:\WINDOWS\system32\audiodev.dll
    2006-10-18 20:03:58 100,864 —-a-w C:\WINDOWS\system32\logagent.exe
    2006-10-18 20:00:46 249,856 ——w C:\WINDOWS\system32\drmupgds.exe
    2006-10-18 20:00:14 17,408 ——w C:\WINDOWS\system32\wpdshextautoplay.exe
    2006-10-18 20:00:00 38,528 —-a-w C:\WINDOWS\system32\drivers\wpdusb.sys
    2006-10-17 10:06:00 78,336 —-a-w C:\WINDOWS\system32\ieencode.dll
    2006-10-17 10:05:10 40,960 —-a-w C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 10:03:56 17,408 —-a-w C:\WINDOWS\system32\corpol.dll
    2006-10-17 09:57:58 36,352 —-a-w C:\WINDOWS\system32\imgutil.dll
    2006-10-17 09:56:10 45,568 —-a-w C:\WINDOWS\system32\mshta.exe
    2006-10-17 09:28:56 48,128 —-a-w C:\WINDOWS\system32\mshtmler.dll
    2006-10-16 16:16:24 124,928 —-a-w C:\WINDOWS\system32\oledlg.dll
    2006-10-14 08:13:25 981,760 —-a-w C:\WINDOWS\system32\mfc42u.dll
    2006-10-13 12:41:32 65,536 —-a-w C:\WINDOWS\system32
    wwks.dll
    2006-10-13 12:41:32 64,000 —-a-w C:\WINDOWS\system32
    wapi32.dll
    2006-10-13 12:41:32 144,384 —-a-w C:\WINDOWS\system32
    wprovau.dll
    2006-10-13 10:34:36 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Apple Computer
    2006-10-13 10:23:15 163,584 —-a-w C:\WINDOWS\system32\drivers
    wrdr.sys
    2006-10-12 22:10:06 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Hamachi
    2006-10-12 16:12:36 15,440 —-a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2006-10-10 07:54:30 50,688 —-a-w C:\WINDOWS\system32
    mwcdcls.dll
    2006-10-04 18:18:15 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\DivX
    2006-10-03 18:47:52 109,360 —-a-w C:\WINDOWS\system32\GEARAspi.dll
    2006-10-03 16:46:25 ——– d—–w C:\Program Files\Common Files\Adobe Systems Shared
    2006-10-02 14:28:42 312,128 ——w C:\WINDOWS\system32\msdelta.dll
    2006-10-01 12:30:59 14 —-a-w C:\WINDOWS\system32\SysEngineDrive1.sys
    2006-10-01 12:27:55 ——– d—–w C:\Program Files\BlazeVideo
    2006-10-01 10:01:06 ——– d—–w C:\Program Files\QuickPar
    2006-09-29 00:01:00 500,480 —-a-w C:\WINDOWS\system32\drivers\V0230VID.sys
    2006-09-29 00:01:00 36,864 —-a-w C:\WINDOWS\system32\V0230Pin.dll
    2006-09-28 18:44:50 ——– d—–w C:\Program Files\SlySoft
    2006-09-28 18:25:22 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\SlySoft
    2006-09-28 18:15:28 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\PC Suite
    2006-09-28 18:10:03 ——– d—–w C:\Program Files\Garmin
    2006-09-28 16:36:37 ——– d—–w C:\Program Files\DIFX
    2006-09-28 15:05:56 237,848 —-a-w C:\WINDOWS\system32\xactengine2_4.dll
    2006-09-28 15:05:20 2,414,360 —-a-w C:\WINDOWS\system32\d3dx9_31.dll
    2006-09-28 15:04:02 68,888 —-a-w C:\WINDOWS\system32\xinput1_3.dll
    2006-09-28 15:03:28 15,128 —-a-w C:\WINDOWS\system32\x3daudio1_1.dll
    2006-09-27 17:01:02 ——– d—–w C:\Program Files\FTDv3.7.3
    2006-09-27 14:24:53 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\TuneUp Software
    2006-09-27 13:19:37 ——– d—–w C:\Program Files\Nero
    2006-09-27 13:05:18 ——– d—–w C:\Program Files\Jasc Software Inc
    2006-09-27 12:47:48 ——– d—–w C:\Program Files\Gabest
    2006-09-26 21:06:49 ——– d—–w C:\Program Files\Messenger
    2006-09-26 20:32:54 ——– d—–w C:\Program Files\Common Files\ODBC
    2006-09-26 20:32:51 ——– d—–w C:\Program Files\Common Files\SpeechEngines
    2006-09-26 20:25:21 ——– d—–w C:\Program Files\Trust
    2006-09-26 20:01:18 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Help
    2006-09-26 19:29:42 ——– d—–w C:\Program Files\Viruz-V
    2006-09-26 19:26:13 611,064 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
    2006-09-26 19:20:20 ——– d—–w C:\Program Files\Orange
    2006-09-26 19:17:47 ——– d—–w C:\Program Files\SAGEM
    2006-09-26 19:12:44 ——– d—–w C:\Program Files\Common Files\Creative Labs Shared
    2006-09-26 19:05:04 ——– d—–w C:\Program Files\Dell Photo Printer 720
    2006-09-26 19:04:30 ——– d—–w C:\Program Files\Dell 720
    2006-09-26 18:50:05 ——– d—–w C:\Program Files\Intel
    2006-09-26 18:47:48 ——– d—–w C:\Program Files\Dell
    2006-09-26 18:41:46 ——– d—–w C:\Program Files\microsoft frontpage
    2006-09-26 18:41:34 0 –sha-r C:\MSDOS.SYS
    2006-09-26 18:41:34 0 –sha-r C:\IO.SYS
    2006-09-26 18:41:34 0 —-a-w C:\CONFIG.SYS
    2006-09-26 18:40:36 ——– d–h–w C:\Program Files\WindowsUpdate
    2006-09-26 18:40:35 ——– d—–w C:\Program Files\Online Services
    2006-09-26 18:39:47 ——– d—–w C:\Program Files\Common Files\MSSoap
    2006-09-26 18:39:38 ——– d—–w C:\Program Files\Movie Maker
    2006-09-26 18:38:54 21,748 —-a-w C:\WINDOWS\system32\emptyregdb.dat
    2006-09-26 18:38:44 ——– d—–w C:\Program Files\MSN Gaming Zone
    2006-09-26 18:38:35 ——– d—–w C:\Program Files\Windows NT
    2006-09-22 00:01:00 294,912 —-a-w C:\WINDOWS\system32\V0230CVW.dll
    2006-09-19 14:44:04 15,664 —-a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2006-09-16 02:02:34 23,856 —-a-w C:\WINDOWS\system32\spupdsvc.exe
    2006-09-15 22:30:16 87,040 ——w C:\WINDOWS\system32\WUDFCoinstaller.dll
    2006-09-15 22:30:16 55,296 ——w C:\WINDOWS\system32\WudfSvc.dll
    2006-09-15 22:30:16 308,224 ——w C:\WINDOWS\system32\WUDFx.dll
    2006-09-15 22:30:06 142,848 ——w C:\WINDOWS\system32\WudfHost.exe
    2006-09-15 21:30:10 82,688 ——w C:\WINDOWS\system32\drivers\WudfRd.sys
    2006-09-15 21:29:54 163,840 ——w C:\WINDOWS\system32\WudfPlatform.dll
    2006-09-15 21:29:52 76,544 ——w C:\WINDOWS\system32\drivers\WudfPf.sys
    2006-09-13 05:07:10 1,084,416 —-a-w C:\WINDOWS\system32\msxml3.dll
    2006-09-13 00:01:00 126,976 —-a-w C:\WINDOWS\system32\V0230Vfw.dll
    2006-09-07 00:01:00 32,768 —-a-w C:\WINDOWS\V0230Mon.exe
    2006-08-25 15:51:55 617,472 —-a-w C:\WINDOWS\system32\comctl32.dll
    2006-08-25 03:47:00 2,560 ——w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2006-08-25 03:47:00 2,432 ——w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2006-08-24 12:19:52 246,814 —-a-w C:\WINDOWS\system32\strmdll.dll
    2006-08-24 12:18:10 499,254 —-a-w C:\WINDOWS\system32\dxmasf.dll
    2006-08-21 12:28:04 16,896 —-a-w C:\WINDOWS\system32\fltlib.dll
    2006-08-21 09:14:58 23,040 —-a-w C:\WINDOWS\system32\fltmc.exe
    2006-08-21 09:14:58 128,896 —-a-w C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-08-17 12:30:16 727,040 —-a-w C:\WINDOWS\system32\lsasrv.dll
    2006-08-17 12:30:16 132,096 —-a-w C:\WINDOWS\system32\wkssvc.dll
    2006-08-16 11:59:42 100,352 —-a-w C:\WINDOWS\system32\6to4svc.dll
    2006-08-16 09:37:30 225,664 —-a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2006-08-14 10:34:41 332,928 —-a-w C:\WINDOWS\system32\drivers\srv.sys
    2006-08-11 00:01:00 32,768 —-a-w C:\WINDOWS\system32\V0230Hwx.dll
    2006-07-28 08:30:32 236,824 —-a-w C:\WINDOWS\system32\xactengine2_3.dll
    2006-07-28 08:30:14 62,744 —-a-w C:\WINDOWS\system32\xinput1_2.dll
    2006-07-21 08:29:40 72,704 —-a-w C:\WINDOWS\system32\hlink.dll
    2006-07-14 15:29:44 966,656 —-a-w C:\WINDOWS\UNRecode.exe
    2006-07-14 15:29:44 966,656 —-a-w C:\WINDOWS\UNNeroShowTime.exe
    2006-07-14 15:29:44 966,656 —-a-w C:\WINDOWS\UNNeroMediaHome.exe
    2006-07-14 15:29:44 966,656 —-a-w C:\WINDOWS\UNNeroBackItUp.exe
    2006-07-13 08:48:58 202,240 —-a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2006-06-29 07:05:44 26,112 ——w C:\WINDOWS\system32\idndl.dll
    2006-06-29 07:05:44 23,552 ——w C:\WINDOWS\system32
    ormaliz.dll
    2006-06-28 16:59:26 24,576 ——w C:\WINDOWS\system32
    lsdl.dll
    2006-06-22 05:17:19 1,440,768 —-a-w C:\WINDOWS\system32\query.dll
    2006-06-22 05:17:18 69,120 —-a-w C:\WINDOWS\system32\ciodm.dll
    2006-06-16 10:30:54 90,112 —-a-w C:\WINDOWS\CtDrvIns.exe
    2006-06-14 09:00:45 82,944 —-a-w C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-06-14 08:47:46 6,400 —-a-w C:\WINDOWS\system32\drivers\splitter.sys
    2006-06-14 08:47:45 172,416 —-a-w C:\WINDOWS\system32\drivers\kmixer.sys
    2006-05-15 14:24:50 86,880 —-a-w C:\WINDOWS\system32\drivers\WscNetDr.sys
    2006-05-05 09:47:57 174,592 —-a-w C:\WINDOWS\system32\drivers\rdbss.sys
    2006-05-05 09:41:45 453,120 —-a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
    2006-04-20 11:51:50 359,808 —-a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2006-04-10 16:05:10 104,576 —-a-w C:\WINDOWS\system32\drivers\wceusbsh.sys
    2006-03-24 04:40:00 49,152 —-a-w C:\WINDOWS\system32\wdigest.dll
    2006-03-24 00:00:00 6,272 —-a-w C:\WINDOWS\system32\drivers\V0230Vfx.sys
    2006-03-17 00:38:01 28,672 ——w C:\WINDOWS\system32\verclsid.exe
    2006-03-17 00:33:10 262,784 —-a-w C:\WINDOWS\system32\drivers\http.sys
    2006-03-16 00:00:00 9,216 —-a-w C:\WINDOWS\V0230Cfg.exe
    2006-03-16 00:00:00 8,192 —-a-w C:\WINDOWS\system32\V0230Srv.exe
    2006-03-01 19:44:36 956,416 —-a-w C:\WINDOWS\system32\msdtctm.dll
    2006-03-01 19:44:36 91,136 —-a-w C:\WINDOWS\system32\mtxoci.dll
    2006-03-01 19:44:36 66,560 —-a-w C:\WINDOWS\system32\mtxclu.dll
    2006-03-01 19:44:36 426,496 —-a-w C:\WINDOWS\system32\msdtcprx.dll
    2006-03-01 19:44:36 161,280 —-a-w C:\WINDOWS\system32\msdtcuiu.dll
    2006-03-01 19:44:36 11,776 —-a-w C:\WINDOWS\system32\xolehlp.dll
    2006-02-15 00:22:26 142,464 —-a-w C:\WINDOWS\system32\drivers\aec.sys
    2006-01-04 03:36:30 68,096 —-a-w C:\WINDOWS\system32\webclnt.dll
    2005-12-01 12:31:38 1,645,320 —-a-w C:\WINDOWS\system32\gdiplus.dll
    2005-10-21 01:47:05 12,800 —-a-w C:\WINDOWS\system32\drivers\usb8023.sys
    2005-10-21 01:47:05 12,800 ——w C:\WINDOWS\system32\drivers\usb8023x.sys
    2005-10-21 01:47:04 30,592 —-a-w C:\WINDOWS\system32\drivers\rndismp.sys
    2005-10-21 01:47:04 30,592 ——w C:\WINDOWS\system32\drivers\rndismpx.sys
    2005-10-20 22:31:13 1,092,096 —-a-w C:\WINDOWS\system32\esent.dll
    2005-10-18 09:08:04 349,760 —-a-w C:\WINDOWS\system32\mcinsctl.dll
    2005-10-17 21:21:57 80,896 —-a-w C:\WINDOWS\system32\fontsub.dll
    2005-10-17 21:21:57 118,272 —-a-w C:\WINDOWS\system32\t2embed.dll
    2005-09-23 05:28:56 32,768 —-a-w C:\WINDOWS\system32
    etfxperf.dll
    2005-09-23 05:28:52 74,240 —-a-w C:\WINDOWS\system32\mscories.dll
    2005-09-23 05:28:52 270,848 —-a-w C:\WINDOWS\system32\mscoree.dll
    2005-09-23 05:28:52 150,016 —-a-w C:\WINDOWS\system32\mscorier.dll
    2005-09-23 05:28:38 83,456 —-a-w C:\WINDOWS\system32\dfshim.dll
    2005-09-21 10:14:32 1,350,784 —-a-w C:\WINDOWS\system32\drivers\sigfilt.sys
    2005-09-10 01:55:37 2,067,968 —-a-w C:\WINDOWS\system32\cdosys.dll
    2005-09-01 02:28:26 19,968 —-a-w C:\WINDOWS\system32\linkinfo.dll
    2005-08-30 03:56:40 1,291,264 —-a-w C:\WINDOWS\system32\quartz.dll
    2005-08-23 03:40:36 124,416 —-a-w C:\WINDOWS\system32\umpnpmgr.dll
    2005-08-22 18:36:16 197,632 —-a-w C:\WINDOWS\system32
    etman.dll
    2005-08-17 06:41:08 1,022,040 —-a-w C:\WINDOWS\system32\drivers\sthda.sys
    2005-08-15 10:08:26 5,888 —-a-w C:\WINDOWS\system32\drivers\imagedrv.sys
    2005-08-15 10:08:26 127,488 —-a-w C:\WINDOWS\system32\drivers\imagesrv.sys
    2005-08-05 20:05:00 516,096 ——w C:\WINDOWS\system32\ati2sgag.exe
    2005-08-04 01:07:56 307,200 —-a-w C:\WINDOWS\system32\atiiiexx.dll
    2005-08-04 00:27:54 249,856 —-a-w C:\WINDOWS\system32\ATIDEMGR.dll
    2005-08-03 23:46:26 6,684,672 —-a-w C:\WINDOWS\system32\atioglx1.dll
    2005-08-03 22:28:52 5,005,312 —-a-w C:\WINDOWS\system32\atioglxx.dll
    2005-08-03 22:10:38 205,312 ——w C:\WINDOWS\system32\ati2dvag.dll
    2005-08-03 22:10:18 1,273,344 —-a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2005-08-03 22:04:56 106,496 —-a-w C:\WINDOWS\system32\atipdlxx.dll
    2005-08-03 22:04:42 73,728 —-a-w C:\WINDOWS\system32\Oemdspif.dll
    2005-08-03 22:04:34 25,088 —-a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2005-08-03 22:04:28 39,936 —-a-w C:\WINDOWS\system32\ati2edxx.dll
    2005-08-03 22:04:18 46,080 —-a-w C:\WINDOWS\system32\ati2evxx.dll
    2005-08-03 22:02:58 380,928 —-a-w C:\WINDOWS\system32\ati2evxx.exe
    2005-08-03 22:02:32 53,248 —-a-w C:\WINDOWS\system32\ATIDDC.DLL
    2005-08-03 21:54:08 2,365,472 ——w C:\WINDOWS\system32\ati3duag.dll
    2005-08-03 21:47:08 639,872 ——w C:\WINDOWS\system32\ativvaxx.dll
    2005-08-03 21:34:12 147,456 —-a-w C:\WINDOWS\system32\atikvmag.dll
    2005-08-03 21:08:22 17,408 —-a-w C:\WINDOWS\system32\atitvo32.dll
    2005-08-03 21:02:26 212,992 ——w C:\WINDOWS\system32\ati2cqag.dll
    2005-07-26 04:42:48 75,264 —-a-w C:\WINDOWS\system32\olecli32.dll
    2005-07-26 04:42:48 540,160 —-a-w C:\WINDOWS\system32\comuid.dll
    2005-07-26 04:42:48 397,824 —-a-w C:\WINDOWS\system32\rpcss.dll
    2005-07-26 04:42:48 37,888 —-a-w C:\WINDOWS\system32\olecnv32.dll
    2005-07-26 04:42:48 243,200 —-a-w C:\WINDOWS\system32\es.dll
    2005-07-26 04:42:48 101,376 —-a-w C:\WINDOWS\system32\txflog.dll
    2005-07-26 04:42:48 1,284,608 —-a-w C:\WINDOWS\system32\ole32.dll
    2005-07-26 04:42:48 1,267,200 —-a-w C:\WINDOWS\system32\comsvcs.dll
    2005-07-26 04:42:47 97,792 —-a-w C:\WINDOWS\system32\comrepl.dll
    2005-07-26 04:42:47 625,152 —-a-w C:\WINDOWS\system32\catsrvut.dll
    2005-07-26 04:42:47 60,416 —-a-w C:\WINDOWS\system32\colbact.dll
    2005-07-26 04:42:47 498,688 —-a-w C:\WINDOWS\system32\clbcatq.dll
    2005-07-26 04:42:47 225,792 —-a-w C:\WINDOWS\system32\catsrv.dll
    2005-07-26 04:42:47 110,080 —-a-w C:\WINDOWS\system32\clbcatex.dll
    2005-07-14 02:26:16 155,648 —-a-w C:\WINDOWS\system32\stacapi.dll
    2005-07-14 02:23:38 109,056 —-a-w C:\WINDOWS\system32\staco.dll
    2005-07-08 16:29:37 249,344 —-a-w C:\WINDOWS\system32\tapisrv.dll
    2005-07-07 00:07:00 36,864 —-a-w C:\WINDOWS\system32\CtCamMgr.dll
    2005-06-29 01:53:10 74,240 —-a-w C:\WINDOWS\system32\mscms.dll
    2005-06-29 01:53:10 254,976 —-a-w C:\WINDOWS\system32\icm32.dll
    2005-06-17 05:33:40 872,064 —-a-w C:\WINDOWS\system32\drivers\iaStor.sys
    2005-06-15 17:51:07 295,936 —-a-w C:\WINDOWS\system32\kerberos.dll
    2005-06-10 23:53:32 57,856 —-a-w C:\WINDOWS\system32\spoolsv.exe
    2005-06-10 15:59:16 95,617 —-a-w C:\WINDOWS\system32\atiicdxx.dat
    2005-06-10 04:11:54 139,528 —-a-w C:\WINDOWS\system32\drivers\rdpwd.sys
    2005-05-27 02:08:56 41,472 —-a-w C:\WINDOWS\system32\hhsetup.dll
    2005-05-27 02:08:56 155,136 —-a-w C:\WINDOWS\system32\itircl.dll
    2005-05-27 02:08:56 137,216 —-a-w C:\WINDOWS\system32\itss.dll
    2005-05-26 23:22:01 10,752 —-a-w C:\WINDOWS\hh.exe
    2005-05-26 14:34:52 2,297,552 —-a-w C:\WINDOWS\system32\d3dx9_26.dll
    2005-05-26 02:16:34 466,200 —-a-w C:\WINDOWS\system32\wuapi.dll
    2005-05-26 02:16:34 194,840 —-a-w C:\WINDOWS\system32\wuaueng1.dll
    2005-05-26 02:16:34 174,360 —-a-w C:\WINDOWS\system32\wuauclt1.exe
    2005-05-26 02:16:34 128,280 —-a-w C:\WINDOWS\system32\wucltui.dll
    2005-05-26 02:16:34 125,208 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2005-05-26 02:16:30 41,240 —-a-w C:\WINDOWS\system32\wups.dll
    2005-05-26 02:16:30 18,200 —-a-w C:\WINDOWS\system32\wups2.dll
    2005-05-26 02:16:30 173,536 —-a-w C:\WINDOWS\system32\wuweb.dll
    2005-05-26 02:16:30 1,343,768 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2005-05-26 02:16:24 75,544 —-a-w C:\WINDOWS\system32\cdm.dll
    2005-05-26 02:16:24 198,424 —-a-w C:\WINDOWS\system32\iuengine.dll
    2005-05-25 09:34:00 158,464 —-a-w C:\WINDOWS\system32\drivers\CTUSFSYN.SYS
    2005-05-24 17:23:32 288,320 —-a-w C:\WINDOWS\system32\mcgdmgr.dll
    2005-05-19 02:54:00 1,345,520 —-a-w C:\WINDOWS\system32\CTMBHA.DLL
    2005-05-11 02:31:47 79,360 —-a-w C:\WINDOWS\system32\telnet.exe
    2005-05-04 12:45:36 884,736 —-a-w C:\WINDOWS\system32\msimsg.dll
    2005-05-04 12:45:36 78,848 —-a-w C:\WINDOWS\system32\msiexec.exe
    2005-05-04 12:45:36 271,360 —-a-w C:\WINDOWS\system32\msihnd.dll
    2005-05-04 12:45:36 15,360 —-a-w C:\WINDOWS\system32\msisip.dll
    2005-03-31 15:04:52 180,736 —-a-w C:\WINDOWS\system32\drivers\e1e5132.sys
    2005-03-30 01:26:44 88,960 —-a-w C:\WINDOWS\system32\drivers\NvAtaBus.sys
    2005-03-30 01:26:44 68,992 —-a-w C:\WINDOWS\system32\drivers
    vraid.sys
    2005-03-30 01:25:51 39,904 —-a-w C:\WINDOWS\system32\drivers\cercsr6.sys
    2005-03-30 01:25:24 4,627 —-a-w C:\WINDOWS\system32\oembios.dat
    2005-03-30 01:25:24 13,107,200 —-a-w C:\WINDOWS\system32\oembios.bin
    2005-03-22 10:20:44 339,968 —-a-w C:\WINDOWS\stsystra.exe
    2005-03-17 21:39:56 1,146,320 —-a-w C:\WINDOWS\system32\FM20.DLL
    2005-03-10 09:49:42 17,408 —-a-w C:\WINDOWS\system32\EtCoInst.dll
    2005-03-09 14:22:52 126,976 —-a-w C:\WINDOWS\system32\Prounstl.exe
    2005-03-09 14:21:40 163,840 —-a-w C:\WINDOWS\system32\e1000msg.dll
    2005-03-09 03:01:00 51,712 —-a-w C:\WINDOWS\system32\CISETUP.DLL
    2005-03-08 16:26:28 23,040 —-a-w C:\WINDOWS\system32\IntelNic.dll
    2005-03-02 18:19:18 56,832 —-a-w C:\WINDOWS\system32\authz.dll
    2005-02-23 06:36:00 132,608 —-a-w C:\WINDOWS\system32\CtDvInst.dll
    2005-02-16 13:18:04 90,184 —-a-w C:\WINDOWS\system32\NeroCo.dll
    2005-02-16 12:41:48 20,480 —-a-w C:\WINDOWS\MBDEF.EXE
    2005-01-28 11:32:44 258,296 —-a-w C:\WINDOWS\system32\drmclien.dll
    2005-01-28 06:53:22 96,768 —-a-w C:\WINDOWS\system32\drmstor.dll
    2005-01-28 06:52:52 20,480 —-a-w C:\WINDOWS\system32\wmpui.dll
    2005-01-28 06:52:52 20,480 —-a-w C:\WINDOWS\system32\wmpcore.dll
    2005-01-28 06:52:52 20,480 —-a-w C:\WINDOWS\system32\wmpcd.dll
    2005-01-27 23:36:26 331,776 —-a-w C:\WINDOWS\system32\wpdmtpdr.dll
    2005-01-27 23:36:16 10,752 —-a-w C:\WINDOWS\system32\wpdtrace.dll
    2005-01-10 10:15:00 20,992 —-a-w C:\WINDOWS\system32\SFMAN32.DLL
    2005-01-10 10:15:00 138,752 —-a-w C:\WINDOWS\system32\drivers\CTSFM2K.SYS
    2005-01-10 10:15:00 115,200 —-a-w C:\WINDOWS\system32\SFMS32.DLL
    2005-01-10 10:15:00 106,496 —-a-w C:\WINDOWS\system32\drivers\CTOSS2K.SYS
    2005-01-06 07:54:24 57,344 —-a-w C:\WINDOWS\system32\dlbccinf.dll
    2005-01-06 07:54:14 49,152 —-a-w C:\WINDOWS\system32\dlbccoin.dll
    2005-01-06 07:20:46 73,728 —-a-w C:\WINDOWS\system32\dlbcpwr.dll
    2004-12-22 10:40:02 24,576 —-a-w C:\WINDOWS\MIDIDEF.EXE
    2004-12-07 19:34:27 96,768 —-a-w C:\WINDOWS\system32\srvsvc.dll
    2004-11-17 17:43:32 352,768 —-a-w C:\WINDOWS\system32\hypertrm.dll
    2004-10-25 19:02:00 21,664 —-a-w C:\WINDOWS\system32\drivers\Entech.sys
    2004-10-19 08:07:22 9,728 ——w C:\WINDOWS\system32\drivers\PfModNT.sys
    2004-09-29 22:28:37 134,912 —-a-w C:\WINDOWS\system32\drivers\ipnat.sys
    2004-08-12 15:45:54 137,728 ——w C:\WINDOWS\system32\drivers\Hdaudbus.sys
    2004-08-12 15:45:52 61,952 ——w C:\WINDOWS\system32\Hdaudpropshortcut.exe
    2004-08-12 15:45:52 24,064 ——w C:\WINDOWS\system32\Hdaudprop.dll
    2004-08-12 15:45:52 113,664 ——w C:\WINDOWS\system32\drivers\Hdaudio.sys
    2004-08-12 15:45:42 5,120 ——w C:\WINDOWS\system32\Hdaudpropres.dll
    2004-08-04 12:00:00 999,936 —-a-w C:\WINDOWS\system32\setupapi.dll
    2004-08-04 12:00:00 999,424 —-a-w C:\WINDOWS\system32\msgina.dll
    2004-08-04 12:00:00 993,280 —-a-w C:\WINDOWS\system32\syssetup.dll
    2004-08-04 12:00:00 99,840 —-a-w C:\WINDOWS\system32\winscard.dll
    2004-08-04 12:00:00 99,328 —-a-w C:\WINDOWS\system32\loadperf.dll
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\slbiop.dll
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\scardsvr.exe
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\rtm.dll
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\psbase.dll
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\odbcint.dll
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\cscript.exe
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\ahui.exe
    2004-08-04 12:00:00 98,278 —-a-w C:\WINDOWS\system32\eventquery.vbs
    2004-08-04 12:00:00 97,280 —-a-w C:\WINDOWS\system32\dpcdll.dll
    2004-08-04 12:00:00 96,256 —-a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
    2004-08-04 12:00:00 96,256 —-a-w C:\WINDOWS\system32\drivers\scsiport.sys
    2004-08-04 12:00:00 95,744 —-a-w C:\WINDOWS\system32\mqsec.dll
    2004-08-04 12:00:00 94,784 —-a-w C:\WINDOWS\twain.dll
    2004-08-04 12:00:00 94,282 —-a-w C:\WINDOWS\system32\msencode.dll
    2004-08-04 12:00:00 94,208 —-a-w C:\WINDOWS\system32\tscfgwmi.dll
    2004-08-04 12:00:00 937,984 —-a-w C:\WINDOWS\system32\winbrand.dll
    2004-08-04 12:00:00 93,696 —-a-w C:\WINDOWS\system32\wlnotify.dll
    2004-08-04 12:00:00 93,184 —-a-w C:\WINDOWS\system32\dskquota.dll
    2004-08-04 12:00:00 924,432 —-a-w C:\WINDOWS\system32\mfc40.dll
    2004-08-04 12:00:00 92,384 —-a-w C:\WINDOWS\system32\krnl386.exe
    2004-08-04 12:00:00 92,168 —-a-w C:\WINDOWS\system32\rdpdd.dll
    2004-08-04 12:00:00 92,160 —-a-w C:\WINDOWS\system32\smlogsvc.exe
    2004-08-04 12:00:00 92,160 —-a-w C:\WINDOWS\system32
    tprint.dll
    2004-08-04 12:00:00 92,032 —-a-w C:\WINDOWS\system32\drivers\ksecdd.sys
    2004-08-04 12:00:00 91,776 —-a-w C:\WINDOWS\system32\drivers
    diswan.sys
    2004-08-04 12:00:00 91,648 —-a-w C:\WINDOWS\system32\xactsrv.dll
    2004-08-04 12:00:00 91,136 —-a-w C:\WINDOWS\system32\mydocs.dll
    2004-08-04 12:00:00 90,624 —-a-w C:\WINDOWS\system32\trkwks.dll
    2004-08-04 12:00:00 90,112 —-a-w C:\WINDOWS\system32\rsvpsp.dll
    2004-08-04 12:00:00 90,112 —-a-w C:\WINDOWS\system32\mycomput.dll
    2004-08-04 12:00:00 9,936 —-a-w C:\WINDOWS\system32\lzexpand.dll
    2004-08-04 12:00:00 9,728 —-a-w C:\WINDOWS\system32\sprestrt.exe
    2004-08-04 12:00:00 9,728 —-a-w C:\WINDOWS\system32\rsvpperf.dll
    2004-08-04 12:00:00 9,728 —-a-w C:\WINDOWS\system32\reset.exe
    2004-08-04 12:00:00 9,728 —-a-w C:\WINDOWS\system32\proxycfg.exe
    2004-08-04 12:00:00 9,728 —-a-w C:\WINDOWS\system32\label.exe
    2004-08-04 12:00:00 9,728 —-a-w C:\WINDOWS\system32\finger.exe
    2004-08-04 12:00:00 9,600 —-a-w C:\WINDOWS\system32\drivers
    distapi.sys
    2004-08-04 12:00:00 9,600 —-a-w C:\WINDOWS\system32\drivers\hidusb.sys
    2004-08-04 12:00:00 9,344 —-a-w C:\WINDOWS\system32\vga.dll
    2004-08-04 12:00:00 9,344 —-a-w C:\WINDOWS\system32\framebuf.dll
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\wshatm.dll
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\winfax.dll
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\wifeman.dll
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\subst.exe
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\scrnsave.scr
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\print.exe
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\lprmonui.dll
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\iissuba.dll
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\find.exe
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\eventvwr.exe
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\diskcomp.com
    2004-08-04 12:00:00 9,040 —-a-w C:\WINDOWS\system32\ver.dll
    2004-08-04 12:00:00 9,029 —-a-w C:\WINDOWS\system32\ansi.sys
    2004-08-04 12:00:00 89,600 —-a-w C:\WINDOWS\system32\langwrbk.dll
    2004-08-04 12:00:00 89,088 —-a-w C:\WINDOWS\system32\rasauto.dll
    2004-08-04 12:00:00 89,088 —-a-w C:\WINDOWS\system32\mqlogmgr.dll
    2004-08-04 12:00:00 882 —-a-w C:\WINDOWS\system32\share.exe
    2004-08-04 12:00:00 882 —-a-w C:\WINDOWS\system32\fastopen.exe
    2004-08-04 12:00:00 881,152 —-a-w C:\WINDOWS\system32
    etplwiz.dll
    2004-08-04 12:00:00 88,576 —-a-w C:\WINDOWS\system32
    etsh.exe
    2004-08-04 12:00:00 88,576 —-a-w C:\WINDOWS\system32\fldrclnr.dll
    2004-08-04 12:00:00 88,448 —-a-w C:\WINDOWS\system32\drivers
    wlnkipx.sys
    2004-08-04 12:00:00 88,064 —-a-w C:\WINDOWS\system32\p2pnetsh.dll
    2004-08-04 12:00:00 87,176 —-a-w C:\WINDOWS\system32\rdpwsx.dll
    2004-08-04 12:00:00 87,040 —-a-w C:\WINDOWS\system32\mprapi.dll
    2004-08-04 12:00:00 86,556 —-a-w C:\WINDOWS\system32\dgsetup.dll
    2004-08-04 12:00:00 86,528 —-a-w C:\WINDOWS\system32\iassam.dll
    2004-08-04 12:00:00 86,073 —-a-w C:\WINDOWS\system32\usrfaxa.dll
    2004-08-04 12:00:00 86,016 —-a-w C:\WINDOWS\system32\p2pgasvc.dll
    2004-08-04 12:00:00 86,016 —-a-w C:\WINDOWS\system32\msapsspc.dll
    2004-08-04 12:00:00 86,016 —-a-w C:\WINDOWS\system32\isign32.dll
    2004-08-04 12:00:00 86,016 —-a-w C:\WINDOWS\system32\ipxmontr.dll
    2004-08-04 12:00:00 859,648 —-a-w C:\WINDOWS\system32\tapi3.dll
    2004-08-04 12:00:00 85,504 —-a-w C:\WINDOWS\system32\makecab.exe
    2004-08-04 12:00:00 85,504 —-a-w C:\WINDOWS\system32\diantz.exe
    2004-08-04 12:00:00 85,504 —-a-w C:\WINDOWS\system32\catsrvps.dll
    2004-08-04 12:00:00 85,504 —-a-w C:\WINDOWS\system32\cabview.dll
    2004-08-04 12:00:00 85,504 —-a-w C:\WINDOWS\system32\avifil32.dll
    2004-08-04 12:00:00 847,872 —-a-w C:\WINDOWS\system32\dbgeng.dll
    2004-08-04 12:00:00 84,992 —-a-w C:\WINDOWS\system32\mciavi32.dll
    2004-08-04 12:00:00 831,519 —-a-w C:\WINDOWS\system32\mswdat10.dll
    2004-08-04 12:00:00 83,456 —-a-w C:\WINDOWS\system32\olepro32.dll
    2004-08-04 12:00:00 83,456 —-a-w C:\WINDOWS\system32\dpvsetup.exe
    2004-08-04 12:00:00 825,344 —-a-w C:\WINDOWS\system32\d3dim700.dll
    2004-08-04 12:00:00 822,784 —-a-w C:\WINDOWS\system32\comres.dll
    2004-08-04 12:00:00 82,944 —-a-w C:\WINDOWS\system32\ws2_32.dll
    2004-08-04 12:00:00 82,944 —-a-w C:\WINDOWS\system32\tapiui.dll
    2004-08-04 12:00:00 82,944 —-a-w C:\WINDOWS\system32\olecli.dll
    2004-08-04 12:00:00 82,432 —-a-w C:\WINDOWS\system32\ufat.dll
    2004-08-04 12:00:00 82,432 —-a-w C:\WINDOWS\system32\dmscript.dll
    2004-08-04 12:00:00 82,432 —-a-w C:\WINDOWS\system32\dfrgfat.exe
    2004-08-04 12:00:00 817 —-a-w C:\WINDOWS\system32\mscdexnt.exe
    2004-08-04 12:00:00 815,104 —-a-w C:\WINDOWS\system32\mmc.exe
    2004-08-04 12:00:00 81,920 —-a-w C:\WINDOWS\system32\ils.dll
    2004-08-04 12:00:00 81,920 —-a-w C:\WINDOWS\system32\fsusd.dll
    2004-08-04 12:00:00 81,408 —-a-w C:\WINDOWS\system32\wscsvc.dll
    2004-08-04 12:00:00 81,408 —-a-w C:\WINDOWS\system32
    etui0.dll
    2004-08-04 12:00:00 800,000 —-a-w C:\WINDOWS\system32\drivers\dmboot.sys
    2004-08-04 12:00:00 80,896 —-a-w C:\WINDOWS\system32\faultrep.dll
    2004-08-04 12:00:00 80,896 —-a-w C:\WINDOWS\system32\charmap.exe
    2004-08-04 12:00:00 80,896 —-a-w C:\WINDOWS\system32\autodisc.dll
    2004-08-04 12:00:00 80,384 —-a-w C:\WINDOWS\system32\iccvid.dll
    2004-08-04 12:00:00 80,384 —-a-w C:\WINDOWS\system32\eventtriggers.exe
    2004-08-04 12:00:00 80,384 —-a-w C:\WINDOWS\system32\drivers\parport.sys
    2004-08-04 12:00:00 8,832 —-a-w C:\WINDOWS\system32\drivers\rasacd.sys
    2004-08-04 12:00:00 8,704 —-a-w C:\WINDOWS\system32\lpr.exe
    2004-08-04 12:00:00 8,704 —-a-w C:\WINDOWS\system32\hostname.exe
    2004-08-04 12:00:00 8,704 —-a-w C:\WINDOWS\system32\dciman32.dll
    2004-08-04 12:00:00 8,704 —-a-w C:\WINDOWS\system32\batt.dll
    2004-08-04 12:00:00 8,488 —-a-w C:\WINDOWS\system32\exe2bin.exe
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\winhlp32.exe
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\streamci.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\smbinst.exe
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\qosname.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\psnppagn.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32
    tlsapi.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\mqperf.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\mountvol.exe
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\mciole16.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\mag_hook.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\igmpagnt.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\d3d8thk.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\control.exe
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\cidaemon.exe
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\bitsprx2.dll
    2004-08-04 12:00:00 8,192 —-a-r C:\WINDOWS\system32\kbdhept.dll
    2004-08-04 12:00:00 79,872 —-a-w C:\WINDOWS\system32\tlntsess.exe
    2004-08-04 12:00:00 79,744 —-a-w C:\WINDOWS\system32\drivers\videoprt.sys
    2004-08-04 12:00:00 78,336 —-a-w C:\WINDOWS\system32\unimdmat.dll
    2004-08-04 12:00:00 78,336 —-a-w C:\WINDOWS\system32\shrpubw.exe
    2004-08-04 12:00:00 78,336 —-a-w C:\WINDOWS\system32\sdbinst.exe
    2004-08-04 12:00:00 78,336 —-a-w C:\WINDOWS\system32\rtcshare.exe
    2004-08-04 12:00:00 78,336 —-a-w C:\WINDOWS\system32\browsewm.dll
    2004-08-04 12:00:00 772,608 —-a-w C:\WINDOWS\system32\winntbbu.dll
    2004-08-04 12:00:00 77,891 —-a-w C:\WINDOWS\system32\usrmlnka.exe
    2004-08-04 12:00:00 77,890 —-a-w C:\WINDOWS\system32\usrdpa.dll
    2004-08-04 12:00:00 77,883 —-a-w C:\WINDOWS\system32\usrrtosa.dll
    2004-08-04 12:00:00 77,824 —-a-w C:\WINDOWS\system32\cliconfg.dll
    2004-08-04 12:00:00 77,312 —-a-w C:\WINDOWS\system32\gcdef.dll
    2004-08-04 12:00:00 77,312 —-a-w C:\WINDOWS\system32\browser.dll
    2004-08-04 12:00:00 76,800 —-a-w C:\WINDOWS\system32
    slookup.exe
    2004-08-04 12:00:00 76,800 —-a-w C:\WINDOWS\system32\dhcpsapi.dll
    2004-08-04 12:00:00 76,288 —-a-w C:\WINDOWS\system32\mmcbase.dll
    2004-08-04 12:00:00 755,200 —-a-w C:\WINDOWS\system32\ir50_32.dll
    2004-08-04 12:00:00 75,776 —-a-w C:\WINDOWS\system32\wiascr.dll
    2004-08-04 12:00:00 75,776 —-a-w C:\WINDOWS\system32\strmfilt.dll
    2004-08-04 12:00:00 75,776 —-a-w C:\WINDOWS\system32\cryptdlg.dll
    2004-08-04 12:00:00 75,264 —-a-w C:\WINDOWS\system32\locator.exe
    2004-08-04 12:00:00 75,264 —-a-w C:\WINDOWS\system32\inetpp.dll
    2004-08-04 12:00:00 741 —-a-w C:\WINDOWS\system32
    oise.dat
    2004-08-04 12:00:00 74,752 —-a-w C:\WINDOWS\system32\tlntsvr.exe
    2004-08-04 12:00:00 74,752 —-a-w C:\WINDOWS\system32\spoolss.dll
    2004-08-04 12:00:00 74,752 —-a-w C:\WINDOWS\system32\fdeploy.dll
    2004-08-04 12:00:00 74,752 —-a-w C:\WINDOWS\system32\drivers\ipsec.sys
    2004-08-04 12:00:00 733,696 —-a-w C:\WINDOWS\system32\qedwipes.dll
    2004-08-04 12:00:00 73,802 —-a-w C:\WINDOWS\system32\msrclr40.dll
    2004-08-04 12:00:00 73,728 —-a-w C:\WINDOWS\system32\tasklist.exe
    2004-08-04 12:00:00 73,728 —-a-w C:\WINDOWS\system32\taskkill.exe
    2004-08-04 12:00:00 73,728 —-a-w C:\WINDOWS\system32\icwdial.dll
    2004-08-04 12:00:00 73,728 —-a-w C:\WINDOWS\system32\csseqchk.dll
    2004-08-04 12:00:00 73,472 —-a-w C:\WINDOWS\system32\drivers\sr.sys
    2004-08-04 12:00:00 73,216 —-a-w C:\WINDOWS\system32\msaudite.dll
    2004-08-04 12:00:00 73,216 —-a-w C:\WINDOWS\system32\magnify.exe
    2004-08-04 12:00:00 73,216 —-a-w C:\WINDOWS\system32\avwav.dll
    2004-08-04 12:00:00 729,088 —-a-w C:\WINDOWS\system32
    tdll.dll
    2004-08-04 12:00:00 728,576 —-a-w C:\WINDOWS\system32\userenv.dll
    2004-08-04 12:00:00 72,960 —-a-w C:\WINDOWS\system32\drivers\mqac.sys
    2004-08-04 12:00:00 72,704 —-a-w C:\WINDOWS\system32\msw3prt.dll
    2004-08-04 12:00:00 72,192 —-a-w C:\WINDOWS\system32\sprio800.dll
    2004-08-04 12:00:00 72,192 —-a-w C:\WINDOWS\system32\dsdmoprp.dll
    2004-08-04 12:00:00 713,728 —-a-w C:\WINDOWS\system32\opengl32.dll
    2004-08-04 12:00:00 71,680 —-a-w C:\WINDOWS\system32\ssdpsrv.dll
    2004-08-04 12:00:00 71,680 —-a-w C:\WINDOWS\system32\msacm32.dll
    2004-08-04 12:00:00 71,680 —-a-w C:\WINDOWS\system32\blastcln.exe
    2004-08-04 12:00:00 71,552 —-a-w C:\WINDOWS\system32\drivers\bridge.sys
    2004-08-04 12:00:00 71,168 —-a-w C:\WINDOWS\system32\sigverif.exe
    2004-08-04 12:00:00 71,040 —-a-w C:\WINDOWS\system32\drivers\dxg.sys
    2004-08-04 12:00:00 71,006 —-a-w C:\WINDOWS\system32\edit.com
    2004-08-04 12:00:00 708,608 —-a-w C:\WINDOWS\system32\ss3dfo.scr
    2004-08-04 12:00:00 707 —-a-w C:\WINDOWS\_default.pif
    2004-08-04 12:00:00 701,440 —-a-w C:\WINDOWS\system32\msxml2.dll
    2004-08-04 12:00:00 70,656 —-a-w C:\WINDOWS\system32\sprio600.dll
    2004-08-04 12:00:00 70,656 —-a-w C:\WINDOWS\system32\scarddlg.dll
    2004-08-04 12:00:00 70,656 —-a-w C:\WINDOWS\system32\ipxpromn.dll
    2004-08-04 12:00:00 70,656 —-a-w C:\WINDOWS\system32\ifsutil.dll
    2004-08-04 12:00:00 70,656 —-a-w C:\WINDOWS\system32\amstream.dll
    2004-08-04 12:00:00 70,192 —-a-w C:\WINDOWS\system32\mmsystem.dll
    2004-08-04 12:00:00 70,144 —-a-w C:\WINDOWS\system32\systeminfo.exe
    2004-08-04 12:00:00 70,144 —-a-w C:\WINDOWS\system32
    otepad.exe
    2004-08-04 12:00:00 70,144 —-a-w C:\WINDOWS\system32\avicap.dll
    2004-08-04 12:00:00 70,144 —-a-w C:\WINDOWS\NOTEPAD.EXE
    2004-08-04 12:00:00 7,936 —-a-w C:\WINDOWS\system32\drivers\fs_rec.sys
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\vcdex.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32
    cxpnt.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\mll_mtf.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\mciole32.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\kbdsmsno.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\kbdsmsfi.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\kbdcan.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\drivers\mcd.sys
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\ckcnv.exe
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\chcp.com
    2004-08-04 12:00:00 7,424 —-a-w C:\WINDOWS\system32\kd1394.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\wshnetbs.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\tlntsvrp.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\recover.exe
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\msr2cenu.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\mscat32.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\kbdukx.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\kbdno1.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\kbdnec.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\kbdfi1.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\hccoin.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\forcedos.exe
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\diskcopy.com
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\bitsprx3.dll
    2004-08-04 12:00:00 7,168 —-a-r C:\WINDOWS\system32\kbdcz.dll
    2004-08-04 12:00:00 7,084 —-a-w C:\WINDOWS\system32
    lsfunc.exe
    2004-08-04 12:00:00 7,040 —-a-w C:\WINDOWS\system32\kdcom.dll
    2004-08-04 12:00:00 69,700 —-a-w C:\WINDOWS\system32\usrshuta.exe
    2004-08-04 12:00:00 69,699 —-a-w C:\WINDOWS\system32\usrcoina.dll
    2004-08-04 12:00:00 69,632 —-a-w C:\WINDOWS\system32\spnike.dll
    2004-08-04 12:00:00 69,632 —-a-w C:\WINDOWS\system32\raschap.dll
    2004-08-04 12:00:00 69,632 —-a-w C:\WINDOWS\system32\openfiles.exe
    2004-08-04 12:00:00 69,632 —-a-w C:\WINDOWS\system32\odbcconf.exe
    2004-08-04 12:00:00 69,632 —-a-w C:\WINDOWS\system32\msr2c.dll
    2004-08-04 12:00:00 69,632 —-a-w C:\WINDOWS\system32\msconf.dll
    2004-08-04 12:00:00 69,120 —-a-w C:\WINDOWS\system32\olethk32.dll
    2004-08-04 12:00:00 69,120 —-a-w C:\WINDOWS\system32\MSCTFP.dll
    2004-08-04 12:00:00 69,120 —-a-w C:\WINDOWS\system32\mprddm.dll
    2004-08-04 12:00:00 69,120 —-a-w C:\WINDOWS\system32\drivers\psched.sys
    2004-08-04 12:00:00 684,032 —-a-w C:\WINDOWS\system32\sstext3d.scr
    2004-08-04 12:00:00 684,032 —-a-w C:\WINDOWS\system32\advapi32.dll
    2004-08-04 12:00:00 68,608 —-a-w C:\WINDOWS\system32\digest.dll
    2004-08-04 12:00:00 68,096 —-a-w C:\WINDOWS\system32\shgina.dll
    2004-08-04 12:00:00 68,096 —-a-w C:\WINDOWS\system32\osuninst.dll
    2004-08-04 12:00:00 68,096 —-a-w C:\WINDOWS\system32\adsmsext.dll
    2004-08-04 12:00:00 676,864 —-a-w C:\WINDOWS\system32\rasdlg.dll
    2004-08-04 12:00:00 673,088 —-a-w C:\WINDOWS\system32\mlang.dat
    2004-08-04 12:00:00 67,584 —-a-w C:\WINDOWS\system32\sti.dll
    2004-08-04 12:00:00 67,584 —-a-w C:\WINDOWS\system32\srclient.dll
    2004-08-04 12:00:00 67,584 —-a-w C:\WINDOWS\system32\drivers\sdbus.sys
    2004-08-04 12:00:00 67,584 —-a-w C:\WINDOWS\system32\browselc.dll
    2004-08-04 12:00:00 67,584 —-a-w C:\WINDOWS\system32\acctres.dll
    2004-08-04 12:00:00 67,072 —-a-w C:\WINDOWS\system32\rdshost.exe
    2004-08-04 12:00:00 67,072 —-a-w C:\WINDOWS\system32
    tdsapi.dll
    2004-08-04 12:00:00 67,072 —-a-w C:\WINDOWS\system32\console.dll
    2004-08-04 12:00:00 662,528 —-a-w C:\WINDOWS\system32\getuname.dll
    2004-08-04 12:00:00 660,992 —-a-w C:\WINDOWS\system32\mqqm.dll
    2004-08-04 12:00:00 66,560 —-a-w C:\WINDOWS\system32\ipxsap.dll
    2004-08-04 12:00:00 66,176 —-a-w C:\WINDOWS\system32\drivers\udfs.sys
    2004-08-04 12:00:00 66,048 —-a-w C:\WINDOWS\system32\wextract.exe
    2004-08-04 12:00:00 655,360 —-a-w C:\WINDOWS\system32\mstscax.dll
    2004-08-04 12:00:00 65,920 —-a-w C:\WINDOWS\system32\drivers\serial.sys
    2004-08-04 12:00:00 65,536 —-a-w C:\WINDOWS\system32\wshext.dll
    2004-08-04 12:00:00 65,536 —-a-w C:\WINDOWS\system32\shimeng.dll
    2004-08-04 12:00:00 65,536 —-a-w C:\WINDOWS\system32\odbccu32.dll
    2004-08-04 12:00:00 65,536 —-a-w C:\WINDOWS\system32\odbccr32.dll
    2004-08-04 12:00:00 65,536 —-a-w C:\WINDOWS\system32\jgsh400.dll
    2004-08-04 12:00:00 65,536 —-a-w C:\WINDOWS\system32\icwphbk.dll
    2004-08-04 12:00:00 65,024 —-a-w C:\WINDOWS\system32\pautoenr.dll
    2004-08-04 12:00:00 65,024 —-a-w C:\WINDOWS\system32\msratelc.dll
    2004-08-04 12:00:00 65,024 —-a-w C:\WINDOWS\system32\cleanmgr.exe
    2004-08-04 12:00:00 65,024 —-a-w C:\WINDOWS\system32\avicap32.dll
    2004-08-04 12:00:00 65,024 —-a-w C:\WINDOWS\system32\asycfilt.dll
    2004-08-04 12:00:00 640,000 —-a-w C:\WINDOWS\system32\dbghelp.dll
    2004-08-04 12:00:00 64,512 —-a-w C:\WINDOWS\system32\cmstp.exe
    2004-08-04 12:00:00 64,000 —-a-w C:\WINDOWS\system32\samlib.dll
    2004-08-04 12:00:00 632,832 —-a-w C:\WINDOWS\system32\autoconv.exe
    2004-08-04 12:00:00 63,744 —-a-w C:\WINDOWS\system32\drivers\mf.sys
    2004-08-04 12:00:00 63,744 —-a-w C:\WINDOWS\system32\drivers\cdfs.sys
    2004-08-04 12:00:00 63,488 —-a-w C:\WINDOWS\system32\cryptnet.dll
    2004-08-04 12:00:00 63,232 —-a-w C:\WINDOWS\system32\drivers
    wlnknb.sys
    2004-08-04 12:00:00 629,248 —-a-w C:\WINDOWS\system32
    etcfgx.dll
    2004-08-04 12:00:00 62,976 —-a-w C:\WINDOWS\system32\tlntadmn.exe
    2004-08-04 12:00:00 62,976 —-a-w C:\WINDOWS\system32\rsopprov.exe
    2004-08-04 12:00:00 62,976 —-a-w C:\WINDOWS\system32\dsauth.dll
    2004-08-04 12:00:00 62,464 —-a-w C:\WINDOWS\system32\rdpclip.exe
    2004-08-04 12:00:00 62,464 —-a-w C:\WINDOWS\system32\iasnap.dll
    2004-08-04 12:00:00 62,464 —-a-w C:\WINDOWS\system32\dpnmodem.dll
    2004-08-04 12:00:00 619,008 —-a-w C:\WINDOWS\system32\dx7vb.dll
    2004-08-04 12:00:00 619,008 —-a-w C:\WINDOWS\system32\autochk.exe
    2004-08-04 12:00:00 614,912 —-a-w C:\WINDOWS\system32\h323msp.dll
    2004-08-04 12:00:00 614,429 —-a-w C:\WINDOWS\system32\mswstr10.dll
    2004-08-04 12:00:00 610,816 —-a-w C:\WINDOWS\system32\autofmt.exe
    2004-08-04 12:00:00 610,304 —-a-w C:\WINDOWS\system32\sspipes.scr
    2004-08-04 12:00:00 61,952 —-a-w C:\WINDOWS\system32\dpnwsock.dll
    2004-08-04 12:00:00 61,824 —-a-w C:\WINDOWS\system32\drivers
    ic1394.sys
    2004-08-04 12:00:00 61,508 —-a-w C:\WINDOWS\system32\usrprbda.exe
    2004-08-04 12:00:00 61,500 —-a-w C:\WINDOWS\system32\usrcntra.dll
    2004-08-04 12:00:00 61,440 —-a-w C:\WINDOWS\system32\remotepg.dll
    2004-08-04 12:00:00 61,440 —-a-w C:\WINDOWS\system32\rasman.dll
    2004-08-04 12:00:00 61,440 —-a-w C:\WINDOWS\system32\ocmanage.dll
    2004-08-04 12:00:00 61,440 —-a-w C:\WINDOWS\system32\msvcrt40.dll
    2004-08-04 12:00:00 61,440 —-a-w C:\WINDOWS\system32\logman.exe
    2004-08-04 12:00:00 61,440 —-a-w C:\WINDOWS\system32\dmcompos.dll
    2004-08-04 12:00:00 61,264 —-a-w C:\WINDOWS\system32\msacm.dll
    2004-08-04 12:00:00 61,056 —-a-w C:\WINDOWS\system32\drivers\ohci1394.sys
    2004-08-04 12:00:00 609,280 —-a-w C:\WINDOWS\system32\wsecedit.dll
    2004-08-04 12:00:00 601,088 —-a-w C:\WINDOWS\system32\crypt32.dll
    2004-08-04 12:00:00 60,928 —-a-w C:\WINDOWS\system32\mqgentr.dll
    2004-08-04 12:00:00 60,928 —-a-w C:\WINDOWS\system32\miglibnt.dll
    2004-08-04 12:00:00 60,928 —-a-w C:\WINDOWS\system32\iassvcs.dll
    2004-08-04 12:00:00 60,928 —-a-w C:\WINDOWS\system32\dpnhupnp.dll
    2004-08-04 12:00:00 60,800 —-a-w C:\WINDOWS\system32\drivers\arp1394.sys
    2004-08-04 12:00:00 60,416 —-a-w C:\WINDOWS\system32\ipv6mon.dll
    2004-08-04 12:00:00 60,416 —-a-w C:\WINDOWS\system32\fwcfg.dll
    2004-08-04 12:00:00 60,416 —-a-w C:\WINDOWS\system32\cryptsvc.dll
    2004-08-04 12:00:00 6,912 —-a-w C:\WINDOWS\system32\drivers\parvdm.sys
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\wuauserv.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\sensapi.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\routetab.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\msswchx.exe
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\msidle.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\kbdsg.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\kbdla.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\kbdinmal.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\kbdinben.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdycl.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdsl1.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdsl.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdpl.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdhu.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdhela3.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdcz2.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdcz1.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdcr.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\KBDAL.DLL
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\svcpack.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32
    wevent.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\msdtc.exe
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\lpq.exe
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdusx.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdusr.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdusl.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdsw.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdsp.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdsf.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdpo.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdno.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdne.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdmlt48.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdmlt47.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdmac.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdinbe1.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdic.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdgr1.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdgr.dll
    2004-08-






























  • ik krijg zo te zien de hele log niet in 1 post, ik heb dan ook geen idee of het genoeg is of te weinig wat ik post.. :-?

    [b:fb4cbb2e5f]Hier verder:[/b:fb4cbb2e5f]

    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdgr1.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdgr.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdfr.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdfo.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdfi.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdfc.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdes.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdda.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdca.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdbr.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdbene.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdbe.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdtuq.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdtuf.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdlv1.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdlv.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdhela2.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdgkl.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdest.dll
    2004-08-04 12:00:00 593,408 —-a-w C:\WINDOWS\system32\wiashext.dll
    2004-08-04 12:00:00 590,336 —-a-w C:\WINDOWS\system32\d3dramp.dll
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\regsvc.dll
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\mpr.dll
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\fsutil.exe
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\drivers\atmarpc.sys
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\driverquery.exe
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\devenum.dll
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\cabinet.dll
    2004-08-04 12:00:00 586,240 —-a-w C:\WINDOWS\system32\mlang.dll
    2004-08-04 12:00:00 581,120 —-a-w C:\WINDOWS\system32\rpcrt4.dll
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\resutils.dll
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\rastapi.dll
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\packager.exe
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32
    tlanui.dll
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\msdtclog.dll
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\licwmi.dll
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\gpupdate.exe
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\atl.dll
    2004-08-04 12:00:00 58,368 —-a-w C:\WINDOWS\system32\dvdplay.exe
    2004-08-04 12:00:00 58,112 —-a-w C:\WINDOWS\system32\drivers\vdmindvd.sys
    2004-08-04 12:00:00 572,928 —-a-w C:\WINDOWS\system32\printui.dll
    2004-08-04 12:00:00 572,928 —-a-w C:\WINDOWS\system32\gpedit.dll
    2004-08-04 12:00:00 57,856 —-a-w C:\WINDOWS\system32\wmerrNLD.dll
    2004-08-04 12:00:00 57,856 —-a-w C:\WINDOWS\system32\synceng.dll
    2004-08-04 12:00:00 57,856 —-a-w C:\WINDOWS\system32\rasphone.exe
    2004-08-04 12:00:00 57,856 —-a-w C:\WINDOWS\system32\dpwsockx.dll
    2004-08-04 12:00:00 57,856 —-a-w C:\WINDOWS\system32\clusapi.dll
    2004-08-04 12:00:00 57,856 —-a-w C:\WINDOWS\system32\cipher.exe
    2004-08-04 12:00:00 57,616 —-a-w C:\WINDOWS\system32\odbcji32.dll
    2004-08-04 12:00:00 57,392 —-a-w C:\WINDOWS\system32\wshnl.dll
    2004-08-04 12:00:00 57,344 —-a-w C:\WINDOWS\system32\sol.exe
    2004-08-04 12:00:00 57,344 —-a-w C:\WINDOWS\system32\msasn1.dll
    2004-08-04 12:00:00 57,344 —-a-w C:\WINDOWS\system32\mfc42loc.dll
    2004-08-04 12:00:00 57,344 —-a-w C:\WINDOWS\system32\ipconfig.exe
    2004-08-04 12:00:00 566,784 —-a-w C:\WINDOWS\system32\shdoclc.dll
    2004-08-04 12:00:00 565,760 —-a-w C:\WINDOWS\system32\msvcp50.dll
    2004-08-04 12:00:00 562,688 —-a-w C:\WINDOWS\system32\qedit.dll
    2004-08-04 12:00:00 56,832 —-a-w C:\WINDOWS\system32\reg.exe
    2004-08-04 12:00:00 56,832 —-a-w C:\WINDOWS\system32\getmac.exe
    2004-08-04 12:00:00 56,320 —-a-w C:\WINDOWS\system32\wmiscmgr.dll
    2004-08-04 12:00:00 56,320 —-a-w C:\WINDOWS\system32\servdeps.dll
    2004-08-04 12:00:00 553,472 —-a-w C:\WINDOWS\system32\oleaut32.dll
    2004-08-04 12:00:00 552,989 —-a-w C:\WINDOWS\system32\msrepl40.dll
    2004-08-04 12:00:00 55,936 —-a-w C:\WINDOWS\system32\drivers
    wlnkspx.sys
    2004-08-04 12:00:00 55,936 —-a-w C:\WINDOWS\system32\drivers\atmlane.sys
    2004-08-04 12:00:00 55,808 —-a-w C:\WINDOWS\system32\secur32.dll
    2004-08-04 12:00:00 55,808 —-a-w C:\WINDOWS\system32\icmui.dll
    2004-08-04 12:00:00 55,808 —-a-w C:\WINDOWS\system32\freecell.exe
    2004-08-04 12:00:00 55,808 —-a-w C:\WINDOWS\system32\eventlog.dll
    2004-08-04 12:00:00 55,296 —-a-w C:\WINDOWS\system32\sendmail.dll
    2004-08-04 12:00:00 55,296 —-a-w C:\WINDOWS\system32
    pptools.dll
    2004-08-04 12:00:00 55,296 —-a-w C:\WINDOWS\system32\dmutil.dll
    2004-08-04 12:00:00 54,784 —-a-w C:\WINDOWS\system32
    arrator.exe
    2004-08-04 12:00:00 54,784 —-a-w C:\WINDOWS\system32\msvcirt.dll
    2004-08-04 12:00:00 54,784 —-a-w C:\WINDOWS\system32\ixsso.dll
    2004-08-04 12:00:00 54,784 —-a-w C:\WINDOWS\system32\dfrgres.dll
    2004-08-04 12:00:00 54,784 —-a-w C:\WINDOWS\system32\dataclen.dll
    2004-08-04 12:00:00 54,784 —-a-w C:\WINDOWS\system32\cryptext.dll
    2004-08-04 12:00:00 54,272 —-a-w C:\WINDOWS\system32\stclient.dll
    2004-08-04 12:00:00 54,272 —-a-w C:\WINDOWS\system32\rsm.exe
    2004-08-04 12:00:00 539,136 —-a-w C:\WINDOWS\system32\spider.exe
    2004-08-04 12:00:00 53,920 —-a-w C:\WINDOWS\system32\dosx.exe
    2004-08-04 12:00:00 53,760 —-a-w C:\WINDOWS\system32\winsta.dll
    2004-08-04 12:00:00 53,760 —-a-w C:\WINDOWS\system32\ipv6.exe
    2004-08-04 12:00:00 53,760 —-a-w C:\WINDOWS\system32\drivers\i8042prt.sys
    2004-08-04 12:00:00 53,632 —-a-w C:\WINDOWS\system32\drivers\volsnap.sys
    2004-08-04 12:00:00 53,520 —-a-w C:\WINDOWS\system32\dpserial.dll
    2004-08-04 12:00:00 53,305 —-a-w C:\WINDOWS\system32\usrlbva.dll
    2004-08-04 12:00:00 53,279 —-a-w C:\WINDOWS\system32\msjter40.dll
    2004-08-04 12:00:00 53,248 —-a-w C:\WINDOWS\system32\mfc40loc.dll
    2004-08-04 12:00:00 53,248 —-a-w C:\WINDOWS\system32\drivers\1394bus.sys
    2004-08-04 12:00:00 527,872 —-a-w C:\WINDOWS\system32\cryptui.dll
    2004-08-04 12:00:00 526,848 —-a-w C:\WINDOWS\system32\p2psvc.dll
    2004-08-04 12:00:00 52,736 —-a-w C:\WINDOWS\system32\migpwd.exe
    2004-08-04 12:00:00 52,736 —-a-w C:\WINDOWS\system32\basesrv.dll
    2004-08-04 12:00:00 52,224 —-a-w C:\WINDOWS\system32\tsappcmp.dll
    2004-08-04 12:00:00 52,224 —-a-w C:\WINDOWS\system32\dssec.dll
    2004-08-04 12:00:00 52,206 —-a-w C:\WINDOWS\system32\command.com
    2004-08-04 12:00:00 517,632 —-a-w C:\WINDOWS\system32\mqsnap.dll
    2004-08-04 12:00:00 515,072 —-a-w C:\WINDOWS\system32\logonui.exe
    2004-08-04 12:00:00 512,029 —-a-w C:\WINDOWS\system32\msexch40.dll
    2004-08-04 12:00:00 51,712 —-a-w C:\WINDOWS\system32\wzcsapi.dll
    2004-08-04 12:00:00 51,712 —-a-w C:\WINDOWS\system32\w32tm.exe
    2004-08-04 12:00:00 51,712 —-a-w C:\WINDOWS\system32\vdmredir.dll
    2004-08-04 12:00:00 51,712 —-a-w C:\WINDOWS\system32\msident.dll
    2004-08-04 12:00:00 51,712 —-a-w C:\WINDOWS\system32\eventcreate.exe
    2004-08-04 12:00:00 51,712 —-a-w C:\WINDOWS\system32\drivers\tosdvd.sys
    2004-08-04 12:00:00 51,456 —-a-w C:\WINDOWS\system32\vga256.dll
    2004-08-04 12:00:00 51,328 —-a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
    2004-08-04 12:00:00 51,200 —-a-w C:\WINDOWS\system32\wstdecod.dll
    2004-08-04 12:00:00 51,200 —-a-w C:\WINDOWS\system32\syncapp.exe
    2004-08-04 12:00:00 506,368 —-a-w C:\WINDOWS\system32\msxml.dll
    2004-08-04 12:00:00 504,832 —-a-w C:\WINDOWS\system32\winlogon.exe
    2004-08-04 12:00:00 504,832 —-a-w C:\WINDOWS\system32\mqutil.dll
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\twain_32.dll
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\system32\smss.exe
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\system32\proquota.exe
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\system32\mmcshext.dll
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\system32\loghours.dll
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\system32\camocx.dll
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\system32\btpanui.dll
    2004-08-04 12:00:00 50,176 —-a-w C:\WINDOWS\system32\xmlprovi.dll
    2004-08-04 12:00:00 50,176 —-a-w C:\WINDOWS\system32\utilman.exe
    2004-08-04 12:00:00 50,176 —-a-w C:\WINDOWS\system32\mdhcp.dll
    2004-08-04 12:00:00 50,176 —-a-w C:\WINDOWS\system32\inetres.dll
    2004-08-04 12:00:00 5,888 —-a-w C:\WINDOWS\system32\drivers\rootmdm.sys
    2004-08-04 12:00:00 5,888 —-a-w C:\WINDOWS\system32\drivers\dmload.sys
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\write.exe
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\wmi.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\winver.exe
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\tapiperf.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\softpub.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\skdll.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\security.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\perfnw.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\mll_qic.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbdus.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbduk.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbdmaori.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbdit142.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbdit.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbdir.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbdgae.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\cisvc.exe
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdro.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdpl1.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdmon.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdlt1.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdlt.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdkyr.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdhu1.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdhe319.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdhe220.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdhe.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdazel.dll
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\winnls.dll
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\shell.dll
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\sfc.dll
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\lodctr.exe
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\kbddv.dll
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\dcomcnfg.exe
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\bootvrfy.exe
    2004-08-04 12:00:00 495,104 —-a-w C:\WINDOWS\system32
    tmsmgr.dll
    2004-08-04 12:00:00 49,680 —-a-w C:\WINDOWS\twunk_16.exe
    2004-08-04 12:00:00 49,664 —-a-w C:\WINDOWS\system32\rsmui.exe
    2004-08-04 12:00:00 49,664 —-a-w C:\WINDOWS\system32\regapi.dll
    2004-08-04 12:00:00 49,664 —-a-w C:\WINDOWS\system32\drivers\classpnp.sys
    2004-08-04 12:00:00 49,536 —-a-w C:\WINDOWS\system32\drivers\cdrom.sys
    2004-08-04 12:00:00 49,211 —-a-w C:\WINDOWS\system32\usrvpa.dll
    2004-08-04 12:00:00 49,211 —-a-w C:\WINDOWS\system32\usrsdpia.dll
    2004-08-04 12:00:00 49,209 —-a-w C:\WINDOWS\system32\usrv80a.dll
    2004-08-04 12:00:00 49,179 —-a-w C:\WINDOWS\system32\sqlwoa.dll
    2004-08-04 12:00:00 49,152 —-a-w C:\WINDOWS\system32\powercfg.exe
    2004-08-04 12:00:00 49,152 —-a-w C:\WINDOWS\system32\mprdim.dll
    2004-08-04 12:00:00 49,152 —-a-w C:\WINDOWS\system32\cnbjmon.dll
    2004-08-04 12:00:00 486 —-a-w C:\WINDOWS\system32\login.cmd
    2004-08-04 12:00:00 48,976 —-a-w C:\WINDOWS\system32\jobexec.dll
    2004-08-04 12:00:00 48,640 —-a-w C:\WINDOWS\system32\pnrpnsp.dll
    2004-08-04 12:00:00 48,640 —-a-w C:\WINDOWS\system32\msxml3r.dll
    2004-08-04 12:00:00 48,640 —-a-w C:\WINDOWS\system32\mqupgrd.dll
    2004-08-04 12:00:00 48,640 —-a-w C:\WINDOWS\system32\docprop2.dll
    2004-08-04 12:00:00 48,384 —-a-w C:\WINDOWS\system32\drivers\raspptp.sys
    2004-08-04 12:00:00 48,128 —-a-w C:\WINDOWS\system32\msprivs.dll
    2004-08-04 12:00:00 47,872 —-a-w C:\WINDOWS\system32\user.exe
    2004-08-04 12:00:00 47,616 —-a-w C:\WINDOWS\system32\ssmypics.scr
    2004-08-04 12:00:00 47,616 —-a-w C:\WINDOWS\system32\mprui.dll
    2004-08-04 12:00:00 47,616 —-a-w C:\WINDOWS\system32\d3dxof.dll
    2004-08-04 12:00:00 47,104 —-a-w C:\WINDOWS\system32\mqdscli.dll
    2004-08-04 12:00:00 47,104 —-a-w C:\WINDOWS\system32\docprop.dll
    2004-08-04 12:00:00 47,104 —-a-w C:\WINDOWS\system32\cmdl32.exe
    2004-08-04 12:00:00 464,896 —-a-w C:\WINDOWS\system32\wiadefui.dll
    2004-08-04 12:00:00 464,896 —-a-w C:\WINDOWS\system32\certmgr.dll
    2004-08-04 12:00:00 46,592 —-a-w C:\WINDOWS\system32\tcpmonui.dll
    2004-08-04 12:00:00 46,592 —-a-w C:\WINDOWS\system32\pmspl.dll
    2004-08-04 12:00:00 46,592 —-a-w C:\WINDOWS\system32\drwtsn32.exe
    2004-08-04 12:00:00 46,592 —-a-w C:\WINDOWS\system32\drivers\p3.sys
    2004-08-04 12:00:00 46,258 —-a-w C:\WINDOWS\system32\mib.bin
    2004-08-04 12:00:00 46,080 —-a-w C:\WINDOWS\system32\tcpmon.dll
    2004-08-04 12:00:00 46,080 —-a-w C:\WINDOWS\system32\ipsec6.exe
    2004-08-04 12:00:00 450,560 —-a-w C:\WINDOWS\system32\infosoft.dll
    2004-08-04 12:00:00 45,568 —-a-w C:\WINDOWS\system32\safrslv.dll
    2004-08-04 12:00:00 45,568 —-a-w C:\WINDOWS\system32\jgsd400.dll
    2004-08-04 12:00:00 45,568 —-a-w C:\WINDOWS\system32\extrac32.exe
    2004-08-04 12:00:00 45,568 —-a-w C:\WINDOWS\system32\dnsrslvr.dll
    2004-08-04 12:00:00 45,116 —-a-w C:\WINDOWS\system32\usrvoica.dll
    2004-08-04 12:00:00 45,083 —-a-w C:\WINDOWS\system32\dispex.dll
    2004-08-04 12:00:00 45,056 —-a-w C:\WINDOWS\system32\ftp.exe
    2004-08-04 12:00:00 442,368 —-a-w C:\WINDOWS\system32\sqlsrv32.dll
    2004-08-04 12:00:00 440,320 —-a-w C:\WINDOWS\system32\shimgvw.dll
    2004-08-04 12:00:00 44,544 —-a-w C:\WINDOWS\system32\tscupgrd.exe
    2004-08-04 12:00:00 44,544 —-a-w C:\WINDOWS\system32\jgaw400.dll
    2004-08-04 12:00:00 44,544 —-a-w C:\WINDOWS\system32\hticons.dll
    2004-08-04 12:00:00 44,544 —-a-w C:\WINDOWS\system32\alg.exe
    2004-08-04 12:00:00 44,032 —-a-w C:\WINDOWS\system32\twext.dll
    2004-08-04 12:00:00 44,032 —-a-w C:\WINDOWS\system32\rtutils.dll
    2004-08-04 12:00:00 44,032 —-a-w C:\WINDOWS\system32\dimap.dll
    2004-08-04 12:00:00 437,248 —-a-w C:\WINDOWS\system32\xpob2res.dll
    2004-08-04 12:00:00 437,248 —-a-w C:\WINDOWS\system32
    tmssvc.dll
    2004-08-04 12:00:00 436,736 —-a-w C:\WINDOWS\system32\wiaacmgr.exe
    2004-08-04 12:00:00 436,224 —-a-w C:\WINDOWS\system32\d3dim.dll
    2004-08-04 12:00:00 435,712 —-a-w C:\WINDOWS\system32\shellstyle.dll
    2004-08-04 12:00:00 430,592 —-a-w C:\WINDOWS\system32\vssapi.dll
    2004-08-04 12:00:00 43,520 —-a-w C:\WINDOWS\system32\safrcdlg.dll
    2004-08-04 12:00:00 43,520 —-a-w C:\WINDOWS\system32\racpldlg.dll
    2004-08-04 12:00:00 43,520 —-a-w C:\WINDOWS\system32\pstorec.dll
    2004-08-04 12:00:00 43,520 —-a-w C:\WINDOWS\system32
    tlanman.dll
    2004-08-04 12:00:00 43,008 —-a-w C:\WINDOWS\system32\msports.dll
    2004-08-04 12:00:00 429,056 —-a-w C:\WINDOWS\system32\samsrv.dll
    2004-08-04 12:00:00 424,448 —-a-w C:\WINDOWS\system32\licdll.dll
    2004-08-04 12:00:00 421,919 —-a-w C:\WINDOWS\system32\msrd2x40.dll
    2004-08-04 12:00:00 420,864 —-a-w C:\WINDOWS\system32
    tvdm.exe
    2004-08-04 12:00:00 42,809 —-a-w C:\WINDOWS\system32\key01.sys
    2004-08-04 12:00:00 42,768 —-a-w C:\WINDOWS\system32\dpwsock.dll
    2004-08-04 12:00:00 42,537 —-a-w C:\WINDOWS\system32\keyboard.sys
    2004-08-04 12:00:00 42,496 —-a-w C:\WINDOWS\system32\wsnmp32.dll
    2004-08-04 12:00:00 42,496 —-a-w C:\WINDOWS\system32\shmgrate.exe
    2004-08-04 12:00:00 42,496 —-a-w C:\WINDOWS\system32
    et.exe
    2004-08-04 12:00:00 42,496 —-a-w C:\WINDOWS\system32\htui.dll
    2004-08-04 12:00:00 42,496 —-a-w C:\WINDOWS\system32\audiosrv.dll
    2004-08-04 12:00:00 42,240 —-a-w C:\WINDOWS\system32\drivers\mountmgr.sys
    2004-08-04 12:00:00 416,768 —-a-w C:\WINDOWS\system32\setupdll.dll
    2004-08-04 12:00:00 413,696 ——w C:\WINDOWS\system32\msvcp60.dll
    2004-08-04 12:00:00 412,160 —-a-w C:\WINDOWS\system32\mstsc.exe
    2004-08-04 12:00:00 41,984 —-a-w C:\WINDOWS\system32\osuninst.exe
    2004-08-04 12:00:00 41,856 —-a-w C:\WINDOWS\system32\drivers\imapi.sys
    2004-08-04 12:00:00 41,472 —-a-w C:\WINDOWS\system32\perfctrs.dll
    2004-08-04 12:00:00 41,472 —-a-w C:\WINDOWS\system32
    tmsevt.dll
    2004-08-04 12:00:00 41,472 —-a-w C:\WINDOWS\system32\iasads.dll
    2004-08-04 12:00:00 41,472 —-a-w C:\WINDOWS\system32\drivers\raspppoe.sys
    2004-08-04 12:00:00 41,472 —-a-w C:\WINDOWS\system32\drivers\amdk7.sys
    2004-08-04 12:00:00 41,232 —-a-w C:\WINDOWS\system32\msxml2r.dll
    2004-08-04 12:00:00 41,088 —-a-w C:\WINDOWS\system32\drivers\amdk6.sys
    2004-08-04 12:00:00 41,019 —-a-w C:\WINDOWS\system32\usrsvpia.dll
    2004-08-04 12:00:00 407,040 —-a-w C:\WINDOWS\system32
    etlogon.dll
    2004-08-04 12:00:00 406,528 —-a-w C:\WINDOWS\system32\usp10.dll
    2004-08-04 12:00:00 40,960 —-a-w C:\WINDOWS\system32\webhits.dll
    2004-08-04 12:00:00 40,960 —-a-w C:\WINDOWS\system32
    tmsapi.dll
    2004-08-04 12:00:00 40,576 —-a-w C:\WINDOWS\system32\drivers\crusoe.sys
    2004-08-04 12:00:00 40,448 —-a-w C:\WINDOWS\system32\rshx32.dll
    2004-08-04 12:00:00 40,448 —-a-w C:\WINDOWS\system32\cmutil.dll
    2004-08-04 12:00:00 40,448 —-a-w C:\WINDOWS\system32\cmmon32.exe
    2004-08-04 12:00:00 40,320 —-a-w C:\WINDOWS\system32\drivers
    mnt.sys
    2004-08-04 12:00:00 40,192 —-a-w C:\WINDOWS\system32\drivers\intelppm.sys
    2004-08-04 12:00:00 4,952 –sha-r C:\Bootfont.bin
    2004-08-04 12:00:00 4,864 —-a-w C:\WINDOWS\system32\himem.sys
    2004-08-04 12:00:00 4,736 —-a-w C:\WINDOWS\system32\drivers\usbd.sys
    2004-08-04 12:00:00 4,656 —-a-w C:\WINDOWS\system32\ds16gt.dLL
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\vjoy.dll
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\regwiz.exe
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\rdpcfgex.dll
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\mssip32.dll
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\msimg32.dll
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\mqsvc.exe
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\mchgrcoi.dll
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\dllhst3g.exe
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\bootok.exe
    2004-08-04 12:00:00 4,569 —-a-w C:\WINDOWS\system32\secupd.dat
    2004-08-04 12:00:00 4,352 —-a-w C:\WINDOWS\system32\drivers\wmilib.sys
    2004-08-04 12:00:00 4,352 —-a-w C:\WINDOWS\system32\drivers\swenum.sys
    2004-08-04 12:00:00 4,224 —-a-w C:\WINDOWS\system32\drivers\rdpcdd.sys
    2004-08-04 12:00:00 4,224 —-a-w C:\WINDOWS\system32\drivers\mnmdd.sys
    2004-08-04 12:00:00 4,224 —-a-w C:\WINDOWS\system32\drivers\beep.sys
    2004-08-04 12:00:00 4,208 —-a-w C:\WINDOWS\system32\storage.dll
    2004-08-04 12:00:00 4,126 —-a-w C:\WINDOWS\system32\msdxmlc.dll
    2004-08-04 12:00:00 4,096 —-a-w C:\WINDOWS\system32\unlodctr.exe
    2004-08-04 12:00:00 4,096 —-a-w C:\WINDOWS\system32
    ddeapir.exe
    2004-08-04 12:00:00 4,096 —-a-w C:\WINDOWS\system32\mtxex.dll
    2004-08-04 12:00:00 4,096 —-a-w C:\WINDOWS\system32\iprtprio.dll
    2004-08-04 12:00:00 4,096 —-a-w C:\WINDOWS\system32\dsprpres.dll
    2004-08-04 12:00:00 4,096 —-a-w C:\WINDOWS\system32\actmovie.exe
    2004-08-04 12:00:00 399,872 —-a-w C:\WINDOWS\system32\lmrt.dll
    2004-08-04 12:00:00 399,360 —-a-w C:\WINDOWS\system32\regwizc.dll
    2004-08-04 12:00:00 399,360 —-a-w C:\WINDOWS\system32\cmd.exe
    2004-08-04 12:00:00 395,264 —-a-w C:\WINDOWS\system32\diactfrm.dll
    2004-08-04 12:00:00 393,216 —-a-w C:\WINDOWS\system32\ssflwbox.scr
    2004-08-04 12:00:00 390,144 —-a-w C:\WINDOWS\system32\themeui.dll
    2004-08-04 12:00:00 39,936 —-a-w C:\WINDOWS\system32\ipxrtmgr.dll
    2004-08-04 12:00:00 39,744 —-a-w C:\WINDOWS\system32\ole2.dll
    2004-08-04 12:00:00 39,424 —-a-w C:\WINDOWS\system32\msobjs.dll
    2004-08-04 12:00:00 39,424 —-a-w C:\WINDOWS\system32\grpconv.exe
    2004-08-04 12:00:00 39,424 —-a-w C:\WINDOWS\system32\esentutl.exe
    2004-08-04 12:00:00 39,424 —-a-w C:\WINDOWS\system32\drivers\processr.sys
    2004-08-04 12:00:00 39,424 —-a-w C:\WINDOWS\system32\ddeml.dll
    2004-08-04 12:00:00 39,424 —-a-w C:\WINDOWS\system32\cfgbkend.dll
    2004-08-04 12:00:00 39,386 —-a-w C:\WINDOWS\system32\mem.exe
    2004-08-04 12:00:00 39,178 —-a-w C:\WINDOWS\system32\perfd013.dat
    2004-08-04 12:00:00 387,072 —-a-w C:\WINDOWS\system32\dhcpmon.dll
    2004-08-04 12:00:00 386,048 —-a-w C:\WINDOWS\system32\ipsmsnap.dll
    2004-08-04 12:00:00 386,048 —-a-w C:\WINDOWS\system32\fontext.dll
    2004-08-04 12:00:00 385,536 —-a-w C:\WINDOWS\system32\qdvd.dll
    2004-08-04 12:00:00 382,464 —-a-w C:\WINDOWS\system32\qmgr.dll
    2004-08-04 12:00:00 380,957 —-a-w C:\WINDOWS\system32\expsrv.dll
    2004-08-04 12:00:00 38,912 —-a-w C:\WINDOWS\system32\sens.dll
    2004-08-04 12:00:00 38,912 —-a-w C:\WINDOWS\system32\dfrgsnap.dll
    2004-08-04 12:00:00 38,016 —-a-w C:\WINDOWS\system32\drivers
    dproxy.sys
    2004-08-04 12:00:00 379,392 —-a-w C:\WINDOWS\system32\wzcdlg.dll
    2004-08-04 12:00:00 375,296 —-a-w C:\WINDOWS\system32\dpnet.dll
    2004-08-04 12:00:00 37,888 —-a-w C:\WINDOWS\system32\syskey.exe
    2004-08-04 12:00:00 37,888 —-a-w C:\WINDOWS\system32
    etstat.exe
    2004-08-04 12:00:00 37,376 —-a-w C:\WINDOWS\system32\typeperf.exe
    2004-08-04 12:00:00 368,128 —-a-w C:\WINDOWS\system32\smlogcfg.dll
    2004-08-04 12:00:00 367,616 —-a-w C:\WINDOWS\system32\dsound.dll
    2004-08-04 12:00:00 362,496 —-a-w C:\WINDOWS\system32\jet500.dll
    2004-08-04 12:00:00 36,921 —-a-w C:\WINDOWS\system32\imeshare.dll
    2004-08-04 12:00:00 36,864 —-a-w C:\WINDOWS\system32
    tsdexts.dll
    2004-08-04 12:00:00 36,864 —-a-w C:\WINDOWS\system32\mscpxl32.dLL
    2004-08-04 12:00:00 36,352 —-a-w C:\WINDOWS\system32\umandlg.dll
    2004-08-04 12:00:00 36,352 —-a-w C:\WINDOWS\system32
    cobjapi.dll
    2004-08-04 12:00:00 36,352 —-a-w C:\WINDOWS\system32
    arrhook.dll
    2004-08-04 12:00:00 36,352 —-a-w C:\WINDOWS\system32\mssign32.dll
    2004-08-04 12:00:00 36,352 —-a-w C:\WINDOWS\system32\drivers\disk.sys
    2004-08-04 12:00:00 36,224 —-a-w C:\WINDOWS\system32\drivers\hidclass.sys
    2004-08-04 12:00:00 359,936 —-a-w C:\WINDOWS\system32\wzcsvc.dll
    2004-08-04 12:00:00 359,936 —-a-w C:\WINDOWS\system32\cards.dll
    2004-08-04 12:00:00 358,976 —-a-w C:\WINDOWS\system32\msjetoledb40.dll
    2004-08-04 12:00:00 358,912 —-a-w C:\WINDOWS\system32\termmgr.dll
    2004-08-04 12:00:00 356,352 —-a-w C:\WINDOWS\system32\ipsecsnp.dll
    2004-08-04 12:00:00 352,256 —-a-w C:\WINDOWS\system32\drivers\atmuni.sys
    2004-08-04 12:00:00 351,232 —-a-w C:\WINDOWS\system32\winhttp.dll
    2004-08-04 12:00:00 350,208 —-a-w C:\WINDOWS\system32\d3drm.dll
    2004-08-04 12:00:00 35,915 —-a-w C:\WINDOWS\system32\prncnfg.vbs
    2004-08-04 12:00:00 35,840 —-a-w C:\WINDOWS\system32\winchat.exe
    2004-08-04 12:00:00 35,840 —-a-w C:\WINDOWS\system32\rcimlby.exe
    2004-08-04 12:00:00 35,840 —-a-w C:\WINDOWS\system32\jgmd400.dll
    2004-08-04 12:00:00 35,840 —-a-w C:\WINDOWS\system32\dmloader.dll
    2004-08-04 12:00:00 35,648 —-a-w C:\WINDOWS\system32
    tio411.sys
    2004-08-04 12:00:00 35,424 —-a-w C:\WINDOWS\system32
    tio412.sys
    2004-08-04 12:00:00 35,328 —-a-w C:\WINDOWS\system32\pifmgr.dll
    2004-08-04 12:00:00 35,328 —-a-w C:\WINDOWS\system32\pid.dll
    2004-08-04 12:00:00 35,328 —-a-w C:\WINDOWS\system32\perfproc.dll
    2004-08-04 12:00:00 35,328 —-a-w C:\WINDOWS\system32\mciqtz32.dll
    2004-08-04 12:00:00 35,328 —-a-w C:\WINDOWS\system32\iologmsg.dll
    2004-08-04 12:00:00 35,328 —-a-w C:\WINDOWS\system32\dpnhpast.dll
    2004-08-04 12:00:00 35,072 —-a-w C:\WINDOWS\system32\drivers\msgpc.sys
    2004-08-04 12:00:00 35,072 —-a-w C:\WINDOWS\system32\drivers\fips.sys
    2004-08-04 12:00:00 349,184 —-a-w C:\WINDOWS\system32\ippromon.dll
    2004-08-04 12:00:00 349,184 —-a-w C:\WINDOWS\system32\cmdial32.dll
    2004-08-04 12:00:00 348,189 —-a-w C:\WINDOWS\system32\msxbde40.dll
    2004-08-04 12:00:00 348,189 —-a-w C:\WINDOWS\system32\mspbde40.dll
    2004-08-04 12:00:00 347,648 —-a-w C:\WINDOWS\system32\tourstart.exe
    2004-08-04 12:00:00 347,648 —-a-w C:\WINDOWS\system32\hnetcfg.dll
    2004-08-04 12:00:00 346,112 —-a-w C:\WINDOWS\system32\confmsp.dll
    2004-08-04 12:00:00 345,600 —-a-w C:\WINDOWS\system32\mspaint.exe
    2004-08-04 12:00:00 344,064 —-a-w C:\WINDOWS\system32\filemgmt.dll
    2004-08-04 12:00:00 343,040 —-a-w C:\WINDOWS\system32\msvcrt.dll
    2004-08-04 12:00:00 343,040 —-a-w C:\WINDOWS\system32\localspl.dll
    2004-08-04 12:00:00 340,480 —-a-w C:\WINDOWS\system32\zipfldr.dll
    2004-08-04 12:00:00 34,816 —-a-w C:\WINDOWS\system32\ssdpapi.dll
    2004-08-04 12:00:00 34,816 —-a-w C:\WINDOWS\system32\d3dpmesh.dll
    2004-08-04 12:00:00 34,816 —-a-w C:\WINDOWS\system32\atmpvcno.dll
    2004-08-04 12:00:00 34,816 —-a-w C:\WINDOWS\system32\asr_ldm.exe
    2004-08-04 12:00:00 34,560 —-a-w C:\WINDOWS\system32
    tio804.sys
    2004-08-04 12:00:00 34,560 —-a-w C:\WINDOWS\system32
    tio404.sys
    2004-08-04 12:00:00 34,560 —-a-w C:\WINDOWS\system32\mnmdd.dll
    2004-08-04 12:00:00 34,560 —-a-w C:\WINDOWS\system32\drivers\wanarp.sys
    2004-08-04 12:00:00 34,560 —-a-w C:\WINDOWS\system32\drivers
    etbios.sys
    2004-08-04 12:00:00 34,432 —-a-w C:\WINDOWS\system32\drivers\rawwan.sys
    2004-08-04 12:00:00 34,304 —-a-w C:\WINDOWS\system32\pstorsvc.dll
    2004-08-04 12:00:00 338,432 —-a-w C:\WINDOWS\system32\ir41_qcx.dll
    2004-08-04 12:00:00 335,360 —-a-w C:\WINDOWS\system32\hnetwiz.dll
    2004-08-04 12:00:00 334,848 —-a-w C:\WINDOWS\system32\cscui.dll
    2004-08-04 12:00:00 332,800 —-a-w C:\WINDOWS\system32
    etsetup.exe
    2004-08-04 12:00:00 332,288 —-a-w C:\WINDOWS\system32\ipnathlp.dll
    2004-08-04 12:00:00 330,752 —-a-w C:\WINDOWS\system32\dmconfig.dll
    2004-08-04 12:00:00 33,920 —-a-w C:\WINDOWS\system32
    tio.sys
    2004-08-04 12:00:00 33,792 —-a-w C:\WINDOWS\system32\vssadmin.exe
    2004-08-04 12:00:00 33,792 —-a-w C:\WINDOWS\system32\rundll32.exe
    2004-08-04 12:00:00 33,792 —-a-w C:\WINDOWS\system32\relog.exe
    2004-08-04 12:00:00 33,792 —-a-w C:\WINDOWS\system32\regini.exe
    2004-08-04 12:00:00 33,792 —-a-w C:\WINDOWS\system32\ping6.exe
    2004-08-04 12:00:00 33,792 —-a-w C:\WINDOWS\system32\msgsvc.dll
    2004-08-04 12:00:00 33,696 —-a-w C:\WINDOWS\system32\commdlg.dll
    2004-08-04 12:00:00 33,280 —-a-w C:\WINDOWS\system32\inetmib1.dll
    2004-08-04 12:00:00 33,280 —-a-w C:\WINDOWS\system32\eventcls.dll
    2004-08-04 12:00:00 33,280 —-a-w C:\WINDOWS\system32\cryptdll.dll
    2004-08-04 12:00:00 33,280 —-a-w C:\WINDOWS\system32\clipsrv.exe
    2004-08-04 12:00:00 33,040 —-a-w C:\WINDOWS\system32\dplay.dll
    2004-08-04 12:00:00 324,096 —-a-w C:\WINDOWS\system32\scesrv.dll
    2004-08-04 12:00:00 323,641 —-a-w C:\WINDOWS\system32\usrdtea.dll
    2004-08-04 12:00:00 32,896 —-a-w C:\WINDOWS\system32\drivers\ipfltdrv.sys
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\wpnpinst.exe
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\winipsec.dll
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\sethc.exe
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\odbcad32.exe
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\mnmsrvc.exe
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\isrdbg32.dll
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\csrsrv.dll
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\cnetcfg.dll
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\asr_pfu.exe
    2004-08-04 12:00:00 32,712 —-a-w C:\WINDOWS\system32\prnmngr.vbs
    2004-08-04 12:00:00 32,512 —-a-w C:\WINDOWS\system32\drivers
    wlnkfwd.sys
    2004-08-04 12:00:00 32,256 —-a-w C:\WINDOWS\system32\wupdmgr.exe
    2004-08-04 12:00:00 32,256 —-a-w C:\WINDOWS\system32\wpabaln.exe
    2004-08-04 12:00:00 32,256 —-a-w C:\WINDOWS\system32\tracert6.exe
    2004-08-04 12:00:00 32,256 —-a-w C:\WINDOWS\system32\iashlpr.dll
    2004-08-04 12:00:00 319,517 —-a-w C:\WINDOWS\system32\msexcl40.dll
    2004-08-04 12:00:00 318,670 —-a-w C:\WINDOWS\system32\perfi013.dat
    2004-08-04 12:00:00 316,416 —-a-w C:\WINDOWS\system32\untfs.dll
    2004-08-04 12:00:00 315,423 —-a-w C:\WINDOWS\system32\msrd3x40.dll
    2004-08-04 12:00:00 312,320 —-a-w C:\WINDOWS\system32\p2pgraph.dll
    2004-08-04 12:00:00 31,744 —-a-w C:\WINDOWS\system32\rtipxmib.dll
    2004-08-04 12:00:00 31,744 —-a-w C:\WINDOWS\system32
    tsd.exe
    2004-08-04 12:00:00 31,360 —-a-w C:\WINDOWS\system32\drivers\atmepvc.sys
    2004-08-04 12:00:00 31,232 —-a-w C:\WINDOWS\system32\traffic.dll
    2004-08-04 12:00:00 31,232 —-a-w C:\WINDOWS\system32\sc.exe
    2004-08-04 12:00:00 31,232 —-a-w C:\WINDOWS\system32\ddeshare.exe
    2004-08-04 12:00:00 309,760 —-a-w C:\WINDOWS\system32
    etui2.dll
    2004-08-04 12:00:00 306,176 —-a-w C:\WINDOWS\system32\slbcsp.dll
    2004-08-04 12:00:00 305,664 —-a-w C:\WINDOWS\system32\ulib.dll
    2004-08-04 12:00:00 304,128 —-a-w C:\WINDOWS\system32\duser.dll
    2004-08-04 12:00:00 303,616 —-a-w C:\WINDOWS\system32\wmstream.dll
    2004-08-04 12:00:00 300,032 —-a-w C:\WINDOWS\system32\appmgr.dll
    2004-08-04 12:00:00 30,848 —-a-w C:\WINDOWS\system32\drivers
    pfs.sys
    2004-08-04 12:00:00 30,749 —-a-w C:\WINDOWS\system32\vbajet32.dll
    2004-08-04 12:00:00 30,720 —-a-w C:\WINDOWS\system32\xcopy.exe
    2004-08-04 12:00:00 30,720 —-a-w C:\WINDOWS\system32\plustab.dll
    2004-08-04 12:00:00 30,720 —-a-w C:\WINDOWS\system32\asr_fmt.exe
    2004-08-04 12:00:00 30,336 —-a-w C:\WINDOWS\system32\drivers\modem.sys
    2004-08-04 12:00:00 30,208 —-a-w C:\WINDOWS\system32\mspatcha.dll
    2004-08-04 12:00:00 30,208 —-a-w C:\WINDOWS\system32\lights.exe
    2004-08-04 12:00:00 30,208 —-a-w C:\WINDOWS\system32\dplaysvr.exe
    2004-08-04 12:00:00 30,208 —-a-w C:\WINDOWS\system32\bthserv.dll
    2004-08-04 12:00:00 30,208 —-a-w C:\WINDOWS\system32\atmlib.dll
    2004-08-04 12:00:00 30,160 —-a-w C:\WINDOWS\system32\compobj.dll
    2004-08-04 12:00:00 3,732 —-a-w C:\WINDOWS\system32\pubprn.vbs
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\riched32.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\regedt32.exe
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\msafd.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\mll_hp.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\iprop.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\icmp.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\dpnlobby.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\dpnaddr.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\comcat.dll
    2004-08-04 12:00:00 3,456 —-a-w C:\WINDOWS\system32\drivers\oprghdlr.sys
    2004-08-04 12:00:00 3,352 —-a-w C:\WINDOWS\system32\redir.exe
    2004-08-04 12:00:00 3,328 —-a-w C:\WINDOWS\system32\drivers\dxgthk.sys
    2004-08-04 12:00:00 3,242 —-a-w C:\WINDOWS\system32
    w16.exe
    2004-08-04 12:00:00 3,200 —-a-w C:\WINDOWS\system32\wowfax.dll
    2004-08-04 12:00:00 3,072 —-a-w C:\WINDOWS\system32\systray.exe
    2004-08-04 12:00:00 3,072 —-a-w C:\WINDOWS\system32\rnr20.dll
    2004-08-04 12:00:00 3,072 —-a-w C:\WINDOWS\system32\fixmapi.exe
    2004-08-04 12:00:00 297,472 —-a-w C:\WINDOWS\system32\termsrv.dll
    2004-08-04 12:00:00 294,400 —-a-w C:\WINDOWS\system32\MSCTF.dll
    2004-08-04 12:00:00 292,864 —-a-w C:\WINDOWS\system32\vssvc.exe
    2004-08-04 12:00:00 290,816 —-a-w C:\WINDOWS\system32\msnsspc.dll
    2004-08-04 12:00:00 29,752 —-a-w C:\WINDOWS\system32\prnport.vbs
    2004-08-04 12:00:00 29,696 —-a-w C:\WINDOWS\system32\sendcmsg.dll
    2004-08-04 12:00:00 29,696 —-a-w C:\WINDOWS\system32\safrdm.dll
    2004-08-04 12:00:00 29,370 —-a-w C:\WINDOWS\system32
    tdos411.sys
    2004-08-04 12:00:00 29,274 —-a-w C:\WINDOWS\system32
    tdos412.sys
    2004-08-04 12:00:00 29,184 —-a-w C:\WINDOWS\system32\sdhcinst.dll
    2004-08-04 12:00:00 29,146 —-a-w C:\WINDOWS\system32
    tdos804.sys
    2004-08-04 12:00:00 29,146 —-a-w C:\WINDOWS\system32
    tdos404.sys
    2004-08-04 12:00:00 29,056 —-a-w C:\WINDOWS\system32\drivers\ip6fw.sys
    2004-08-04 12:00:00 287,744 —-a-w C:\WINDOWS\system32\objsel.dll
    2004-08-04 12:00:00 287,744 —-a-w C:\WINDOWS\system32\devmgr.dll
    2004-08-04 12:00:00 287,232 —-a-w C:\WINDOWS\winhlp32.exe
    2004-08-04 12:00:00 285,696 —-a-w C:\WINDOWS\system32\atmfd.dll
    2004-08-04 12:00:00 285,184 —-a-w C:\WINDOWS\system32\pdh.dll
    2004-08-04 12:00:00 285,184 —-a-w C:\WINDOWS\system32\glmf32.dll
    2004-08-04 12:00:00 281,088 —-a-w C:\WINDOWS\system32\comdlg32.dll
    2004-08-04 12:00:00 28,746 —-a-w C:\WINDOWS\system32\msrecr40.dll
    2004-08-04 12:00:00 28,719 —-a-w C:\WINDOWS\system32\jsnl.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\wshcon.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\rsfsaps.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32
    mmkcert.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\msxmlr.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\findstr.exe
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\dmband.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\dfsshlex.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\dbnmpntw.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\batmeter.dll
    2004-08-04 12:00:00 28,626 —-a-w C:\WINDOWS\system32\perfd009.dat
    2004-08-04 12:00:00 28,224 —-a-w C:\WINDOWS\system32\drwatson.exe
    2004-08-04 12:00:00 28,160 —-a-w C:\WINDOWS\system32\shscrap.dll
    2004-08-04 12:00:00 279,040 —-a-w C:\WINDOWS\system32\qdv.dll
    2004-08-04 12:00:00 278,559 —-a-w C:\WINDOWS\system32\odbcjt32.dll
    2004-08-04 12:00:00 278,528 —-a-w C:\WINDOWS\system32\mstask.dll
    2004-08-04 12:00:00 278,528 —-a-w C:\WINDOWS\system32\inetcfg.dll
    2004-08-04 12:00:00 274,944 —-a-w C:\WINDOWS\system32
    eth.dll
    2004-08-04 12:00:00 273,920 —-a-w C:\WINDOWS\system32\dmdlgs.dll
    2004-08-04 12:00:00 272,128 —-a-w C:\WINDOWS\system32\perfi009.dat
    2004-08-04 12:00:00 270,848 —-a-w C:\WINDOWS\system32\sbe.dll
    2004-08-04 12:00:00 27,928 —-a-w C:\WINDOWS\system32
    tdos.sys
    2004-08-04 12:00:00 27,648 —-a-w C:\WINDOWS\system32\profmap.dll
    2004-08-04 12:00:00 27,648 —-a-w C:\WINDOWS\system32\conime.exe
    2004-08-04 12:00:00 27,648 —-a-w C:\WINDOWS\system32\ccfgnt.dll
    2004-08-04 12:00:00 27,392 —-a-w C:\WINDOWS\system32\drivers\fdc.sys
    2004-08-04 12:00:00 27,200 —-a-r C:\WINDOWS\system32\ctl3dv2.dll
    2004-08-04 12:00:00 27,136 —-a-w C:\WINDOWS\system32\rsvpmsg.dll
    2004-08-04 12:00:00 27,136 —-a-w C:\WINDOWS\system32\perfdisk.dll
    2004-08-04 12:00:00 27,136 —-a-w C:\WINDOWS\system32\efsadu.dll
    2004-08-04 12:00:00 27,136 —-a-w C:\WINDOWS\system32\ddrawex.dll
    2004-08-04 12:00:00 27,136 —-a-w C:\WINDOWS\system32\ctl3d32.dll
    2004-08-04 12:00:00 27,097 —-a-w C:\WINDOWS\system32\country.sys
    2004-08-04 12:00:00 267,264 —-a-w C:\WINDOWS\system32\oakley.dll
    2004-08-04 12:00:00 266,240 —-a-w C:\WINDOWS\system32\ddraw.dll
    2004-08-04 12:00:00 264,704 —-a-w C:\WINDOWS\system32\wow32.dll
    2004-08-04 12:00:00 263,680 —-a-w C:\WINDOWS\system32\adsnt.dll
    2004-08-04 12:00:00 262,528 —-a-w C:\WINDOWS\system32\drivers\cinemst2.sys
    2004-08-04 12:00:00 260,096 —-a-w C:\WINDOWS\system32\tracerpt.exe
    2004-08-04 12:00:00 26,624 —-a-w C:\WINDOWS\system32\scredir.dll
    2004-08-04 12:00:00 26,624 —-a-w C:\WINDOWS\system32\cnvfat.dll
    2004-08-04 12:00:00 26,224 —-a-w C:\WINDOWS\system32\odbc16gt.dll
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\vdmdbg.dll
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\utildll.dll
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\skeys.exe
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\perfos.dll
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32
    tdsbcli.dll
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\lnkstub.exe
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\graftabl.com
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\at.exe
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\adptif.dll
    2004-08-04 12:00:00 258,077 —-a-w C:\WINDOWS\system32\mstext40.dll
    2004-08-04 12:00:00 257,072 —-a-w C:\WINDOWS\winhelp.exe
    2004-08-04 12:00:00 253,952 —-a-w C:\WINDOWS\system32\msvcrt20.dll
    2004-08-04 12:00:00 253,440 —-a-w C:\WINDOWS\system32\compatUI.dll
    2004-08-04 12:00:00 252,928 —-a-w C:\WINDOWS\system32\msoeacct.dll
    2004-08-04 12:00:00 252,928 —-a-w C:\WINDOWS\system32\iassdo.dll
    2004-08-04 12:00:00 251,904 —-a-w C:\WINDOWS\system32\msieftp.dll
    2004-08-04 12:00:00 250,368 —-a-w C:\WINDOWS\system32
    ewdev.dll
    2004-08-04 12:00:00 25,706 —-a-w C:\WINDOWS\system32\prndrvr.vbs
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\twunk_32.exe
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\udhisapi.dll
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\slayerxp.dll
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\routemon.exe
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\msvidc32.dll
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\mslbui.dll
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\format.com
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\comaddin.dll
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\aaaamon.dll
    2004-08-04 12:00:00 25,472 —-a-w C:\WINDOWS\system32\drivers\sonydcam.sys
    2004-08-04 12:00:00 25,216 —-a-w C:\WINDOWS\system32\drivers\kbdclass.sys
    2004-08-04 12:00:00 25,088 —-a-w C:\WINDOWS\system32\sort.exe
    2004-08-04 12:00:00 25,088 —-a-w C:\WINDOWS\system32\shfolder.dll
    2004-08-04 12:00:00 25,088 —-a-w C:\WINDOWS\system32\mtxlegih.dll
    2004-08-04 12:00:00 25,088 —-a-w C:\WINDOWS\system32\defrag.exe
    2004-08-04 12:00:00 25,088 —-a-w C:\WINDOWS\system32\davclnt.dll
    2004-08-04 12:00:00 249,856 —-a-w C:\WINDOWS\system32\odbc32.dll
    2004-08-04 12:00:00 247,296 —-a-w C:\WINDOWS\system32\mswsock.dll
    2004-08-04 12:00:00 245,760 —-a-w C:\WINDOWS\system32
    etui1.dll
    2004-08-04 12:00:00 241,693 —-a-w C:\WINDOWS\system32\msjtes40.dll
    2004-08-04 12:00:00 241,152 —-a-w C:\WINDOWS\system32\srrstr.dll
    2004-08-04 12:00:00 240,128 —-a-w C:\WINDOWS\system32\dsquery.dll
    2004-08-04 12:00:00 24,960 —-a-w C:\WINDOWS\system32\drivers\hidparse.sys
    2004-08-04 12:00:00 24,661 —-a-w C:\WINDOWS\system32\spxcoins.dll
    2004-08-04 12:00:00 24,626 —-a-w C:\WINDOWS\system32\scrrnnl.dll
    2004-08-04 12:00:00 24,624 —-a-w C:\WINDOWS\system32\vbsnl.dll
    2004-08-04 12:00:00 24,624 —-a-w C:\WINDOWS\system32\sconl.dll
    2004-08-04 12:00:00 24,603 —-a-w C:\WINDOWS\system32\sqlwid.dll
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\wsock32.dll
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\userinit.exe
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\rsmsink.exe
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\odbcbcp.dll
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\msorc32r.dll
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\httpapi.dll
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\gdi.exe
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\dbmsrpcn.dll
    2004-08-04 12:00:00 24,064 —-a-w C:\WINDOWS\system32\pidgen.dll
    2004-08-04 12:00:00 24,064 —-a-w C:\WINDOWS\system32\olesvr.dll
    2004-08-04 12:00:00 24,064 —-a-w C:\WINDOWS\system32\ipxroute.exe
    2004-08-04 12:00:00 24,064 —-a-w C:\WINDOWS\system32\dpmodemx.dll
    2004-08-04 12:00:00 24,064 —-a-w C:\WINDOWS\system32\dmserver.dll
    2004-08-04 12:00:00 239,616 —-a-w C:\WINDOWS\system32\upnpui.dll
    2004-08-04 12:00:00 236,544 —-a-w C:\WINDOWS\system32\rasapi32.dll
    2004-08-04 12:00:00 233,984 —-a-w C:\WINDOWS\system32
    etevent.dll
    2004-08-04 12:00:00 233,472 —-a-w C:\WINDOWS\system32\avtapi.dll
    2004-08-04 12:00:00 230,400 —-a-w C:\WINDOWS\system32\compstui.dll
    2004-08-04 12:00:00 23,936 —-a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
    2004-08-04 12:00:00 23,808 —-a-w C:\WINDOWS\system32\drivers\usbcamd.sys
    2004-08-04 12:00:00 23,552 —-a-w C:\WINDOWS\system32\sfmapi.dll
    2004-08-04 12:00:00 23,552 —-a-w C:\WINDOWS\system32\rasrad.dll
    2004-08-04 12:00:00 23,552 —-a-w C:\WINDOWS\system32\mciwave.dll
    2004-08-04 12:00:00 23,552 —-a-w C:\WINDOWS\system32\iasacct.dll
    2004-08-04 12:00:00 23,552 —-a-w C:\WINDOWS\system32\drivers\mouclass.sys
    2004-08-04 12:00:00 23,040 —-a-w C:\WINDOWS\system32\setup.exe
    2004-08-04 12:00:00 23,040 —-a-w C:\WINDOWS\system32\qwinsta.exe
    2004-08-04 12:00:00 23,040 —-a-w C:\WINDOWS\system32\psapi.dll
    2004-08-04 12:00:00 23,040 —-a-w C:\WINDOWS\system32\mciseq.dll
    2004-08-04 12:00:00 23,040 —-a-w C:\WINDOWS\system32\ersvc.dll
    2004-08-04 12:00:00 229,888 —-a-w C:\WINDOWS\system32\dplayx.dll
    2004-08-04 12:00:00 225,792 —-a-w C:\WINDOWS\system32\localsec.dll
    2004-08-04 12:00:00 225,280 —-a-w C:\WINDOWS\system32\mqoa.dll
    2004-08-04 12:00:00 225,280 —-a-w C:\WINDOWS\system32\dmadmin.exe
    2004-08-04 12:00:00 221,184 —-a-w C:\WINDOWS\system32\wmpns.dll
    2004-08-04 12:00:00 220,672 —-a-w C:\WINDOWS\system32\logon.scr
    2004-08-04 12:00:00 22,528 —-a-w C:\WINDOWS\system32\rasmxs.dll
    2004-08-04 12:00:00 22,528 —-a-w C:\WINDOWS\system32\pathping.exe
    2004-08-04 12:00:00 22,528 —-a-w C:\WINDOWS\system32
    btstat.exe
    2004-08-04 12:00:00 22,528 —-a-w C:\WINDOWS\system32\mfcsubs.dll
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\w32topl.dll
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\rpcns4.dll
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\rcp.exe
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\olesvr32.dll
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\msg.exe
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\mpnotify.exe
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\lpk.dll
    2004-08-04 12:00:00 219,136 —-a-w C:\WINDOWS\system32\uxtheme.dll
    2004-08-04 12:00:00 218,003 —-a-w C:\WINDOWS\system32\dssec.dat
    2004-08-04 12:00:00 216,064 —-a-w C:\WINDOWS\system32\osk.exe
    2004-08-04 12:00:00 216,064 —-a-w C:\WINDOWS\system32\moricons.dll
    2004-08-04 12:00:00 213,023 —-a-w C:\WINDOWS\system32\msltus40.dll
    2004-08-04 12:00:00 212,480 —-a-w C:\WINDOWS\system32\dpvoice.dll
    2004-08-04 12:00:00 21,896 —-a-w C:\WINDOWS\system32\drivers\tdtcp.sys
    2004-08-04 12:00:00 21,691 —-a-w C:\WINDOWS\system32\prnjobs.vbs
    2004-08-04 12:00:00 21,504 —-a-w C:\WINDOWS\system32\sclgntfy.dll
    2004-08-04 12:00:00 21,504 —-a-w C:\WINDOWS\system32\route.exe
    2004-08-04 12:00:00 21,504 —-a-w C:\WINDOWS\system32\ipxrip.dll
    2004-08-04 12:00:00 21,504 —-a-w C:\WINDOWS\system32\fontview.exe
    2004-08-04 12:00:00 21,504 —-a-w C:\WINDOWS\system32\feclient.dll
    2004-08-04 12:00:00 21,504 —-a-w C:\WINDOWS\system32\dpvacm.dll
    2004-08-04 12:00:00 21,376 —-a-w C:\WINDOWS\system32\drivers\tsbvcap.sys
    2004-08-04 12:00:00 209,408 —-a-w C:\WINDOWS\system32\drivers\update.sys
    2004-08-04 12:00:00 208,896 —-a-w C:\WINDOWS\system32\wavemsp.dll
    2004-08-04 12:00:00 208,896 —-a-w C:\WINDOWS\system32\mobsync.dll
    2004-08-04 12:00:00 206,336 —-a-w C:\WINDOWS\system32\rasppp.dll
    2004-08-04 12:00:00 204,800 —-a-w C:\WINDOWS\system32\mswebdvd.dll
    2004-08-04 12:00:00 200,704 —-a-w C:\WINDOWS\system32\dmdskmgr.dll
    2004-08-04 12:00:00 200,192 —-a-w C:\WINDOWS\system32\ir50_qc.dll
    2004-08-04 12:00:00 200,192 —-a-w C:\WINDOWS\system32\gptext.dll
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\ssmarque.scr
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\shutdown.exe
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\ipxwan.dll
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\hid.dll
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\drivers\vga.sys
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\drivers\ipinip.sys
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\bthci.dll
    2004-08-04 12:00:00 20,970 —-a-w C:\WINDOWS\system32\debug.exe
    2004-08-04 12:00:00 20,535 —-a-w C:\WINDOWS\system32\vfpodbc.dll
    2004-08-04 12:00:00 20,511 —-a-w C:\WINDOWS\system32\odtext32.dll
    2004-08-04 12:00:00 20,511 —-a-w C:\WINDOWS\system32\oddbse32.dll
    2004-08-04 12:00:00 20,510 —-a-w C:\WINDOWS\system32\odpdx32.dll
    2004-08-04 12:00:00 20,510 —-a-w C:\WINDOWS\system32\odfox32.dll
    2004-08-04 12:00:00 20,510 —-a-w C:\WINDOWS\system32\odexl32.dll
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\winstrm.dll
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\qprocess.exe
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32
    wcfg.dll
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\mtxdm.dll
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\encapi.dll
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\drivers\flpydisk.sys
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\cliconfg.exe
    2004-08-04 12:00:00 2,962,432 —-a-w C:\WINDOWS\system32\xpsp2res.dll
    2004-08-04 12:00:00 2,944 —-a-w C:\WINDOWS\system32\drivers
    ull.sys
    2004-08-04 12:00:00 2,864 —-a-w C:\WINDOWS\system32\winsock.dll
    2004-08-04 12:00:00 2,736 —-a-w C:\WINDOWS\system32\wowdeb.exe
    2004-08-04 12:00:00 2,560 —-a-w C:\WINDOWS\system32\lz32.dll
    2004-08-04 12:00:00 2,113,536 —-a-w C:\WINDOWS\system32\dxdiagn.dll
    2004-08-04 12:00:00 2,112 —-a-w C:\WINDOWS\system32\winspool.exe
    2004-08-04 12:00:00 199,168 —-a-w C:\WINDOWS\system32\ir32_32.dll
    2004-08-04 12:00:00 197,632 —-a-w C:\WINDOWS\system32\certcli.dll
    2004-08-04 12:00:00 196,096 —-a-w C:\WINDOWS\system32\xpsp1res.dll
    2004-08-04 12:00:00 195,584 —-a-w C:\WINDOWS\system32\msutb.dll
    2004-08-04 12:00:00 195,072 —-a-w C:\WINDOWS\system32\syncui.dll
    2004-08-04 12:00:00 194,560 —-a-w C:\WINDOWS\system32\eudcedit.exe
    2004-08-04 12:00:00 194,048 —-a-w C:\WINDOWS\system32\activeds.dll
    2004-08-04 12:00:00 193,024 —-a-w C:\WINDOWS\system32\fsquirt.exe
    2004-08-04 12:00:00 192,512 —-a-w C:\WINDOWS\system32\qcap.dll
    2004-08-04 12:00:00 192,000 —-a-w C:\WINDOWS\system32\schedsvc.dll
    2004-08-04 12:00:00 19,968 —-a-w C:\WINDOWS\system32\wshtcpip.dll
    2004-08-04 12:00:00 19,968 —-a-w C:\WINDOWS\system32\ws2help.dll
    2004-08-04 12:00:00 19,968 —-a-w C:\WINDOWS\system32\ssbezier.scr
    2004-08-04 12:00:00 19,968 —-a-w C:\WINDOWS\system32\rdpsnd.dll
    2004-08-04 12:00:00 19,968 —-a-w C:\WINDOWS\system32\mqbkup.exe
    2004-08-04 12:00:00 19,968 —-a-w C:\WINDOWS\system32\arp.exe
    2004-08-04 12:00:00 19,806 —-a-w C:\WINDOWS\system32\graphics.com
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\wmiprop.dll
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\vwipxspx.dll
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\tcpsvcs.exe
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\oleaccrc.dll
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32
    ddenb32.dll
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\mode.com
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\dswave.dll
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\dmocx.dll
    2004-08-04 12:00:00 19,200 —-a-w C:\WINDOWS\system32\tapi.dll
    2004-08-04 12:00:00 19,088 —-a-w C:\WINDOWS\system32\sysedit.exe
    2004-08-04 12:00:00 19,072 —-a-w C:\WINDOWS\system32\drivers\msfs.sys
    2004-08-04 12:00:00 188,928 —-a-w C:\WINDOWS\system32\cmprops.dll
    2004-08-04 12:00:00 188,544 —-a-w C:\WINDOWS\system32\drivers\acpi.sys
    2004-08-04 12:00:00 187,392 —-a-w C:\WINDOWS\system32\accwiz.exe
    2004-08-04 12:00:00 186,880 —-a-w C:\WINDOWS\system32\mqtrig.dll
    2004-08-04 12:00:00 186,880 —-a-w C:\WINDOWS\system32\dinput8.dll
    2004-08-04 12:00:00 186,368 —-a-w C:\WINDOWS\system32\encdec.dll
    2004-08-04 12:00:00 186,368 —-a-w C:\WINDOWS\system32\els.dll
    2004-08-04 12:00:00 185,344 —-a-w C:\WINDOWS\system32
    etmsg.dll
    2004-08-04 12:00:00 184,832 —-a-w C:\WINDOWS\system32\scecli.dll
    2004-08-04 12:00:00 184,320 —-a-w C:\WINDOWS\system32\ipsecsvc.dll
    2004-08-04 12:00:00 183,808 —-a-w C:\WINDOWS\system32\ir50_qcx.dll
    2004-08-04 12:00:00 183,296 —-a-w C:\WINDOWS\system32\snmpsnap.dll
    2004-08-04 12:00:00 182,912 —-a-w C:\WINDOWS\system32\drivers
    dis.sys
    2004-08-04 12:00:00 181,760 —-a-w C:\WINDOWS\system32\tapi32.dll
    2004-08-04 12:00:00 181,760 —-a-w C:\WINDOWS\system32\dsdmo.dll
    2004-08-04 12:00:00 181,248 —-a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2004-08-04 12:00:00 181,248 —-a-w C:\WINDOWS\system32\dmime.dll
    2004-08-04 12:00:00 180,800 —-a-w C:\WINDOWS\system32\sqlunirl.dll
    2004-08-04 12:00:00 180,224 —-a-w C:\WINDOWS\system32\dwwin.exe
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\vmmreg32.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\version.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\ssmyst.scr
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\snmpapi.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\seclogon.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\secedit.exe
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\rsmps.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\qmgrprxy.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\ping.exe
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\mimefilt.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\midimap.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\diskperf.exe
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\deskperf.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\cacls.exe
    2004-08-04 12:00:00 18,688 —-a-w C:\WINDOWS\system32\drivers\partmgr.sys
    2004-08-04 12:00:00 18,688 —-a-w C:\WINDOWS\system32\drivers\cdaudio.sys
    2004-08-04 12:00:00 18,560 —-a-w C:\WINDOWS\system32\drivers\tdi.sys
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\wtsapi32.dll
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\win.com
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\ups.exe
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\prflbmsg.dll
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\dpnsvr.exe
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\dmintf.dll
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\compact.exe
    2004-08-04 12:00:00 18,176 —-a-w C:\WINDOWS\system32\vga64k.dll
    2004-08-04 12:00:00 179,712 —-a-w C:\WINDOWS\system32
    tmsdba.dll
    2004-08-04 12:00:00 179,200 —-a-w C:\WINDOWS\system32\winmm.dll
    2004-08-04 12:00:00 177,856 —-a-w C:\WINDOWS\system32\typelib.dll
    2004-08-04 12:00:00 177,152 —-a-w C:\WINDOWS\system32\mqrt.dll
    2004-08-04 12:00:00 176,640 —-a-w C:\WINDOWS\system32\wintrust.dll
    2004-08-04 12:00:00 176,640 —-a-w C:\WINDOWS\system32\ftsrch.dll
    2004-08-04 12:00:00 176,159 —-a-w C:\WINDOWS\system32\msjint40.dll
    2004-08-04 12:00:00 176,157 —-a-w C:\WINDOWS\system32\dgrpsetu.dll
    2004-08-04 12:00:00 175,736 —-a-w C:\WINDOWS\system32\xenroll.dll
    2004-08-04 12:00:00 175,616 —-a-w C:\WINDOWS\system32\w32time.dll
    2004-08-04 12:00:00 175,616 —-a-w C:\WINDOWS\system32\appmgmts.dll
    2004-08-04 12:00:00 175,616 —-a-w C:\WINDOWS\system32\adsldp.dll
    2004-08-04 12:00:00 172,544 —-a-w C:\WINDOWS\system32\wldap32.dll
    2004-08-04 12:00:00 172,032 —-a-w C:\WINDOWS\system32\photowiz.dll
    2004-08-04 12:00:00 171,008 —-a-w C:\WINDOWS\system32\sccsccp.dll
    2004-08-04 12:00:00 170,496 —-a-w C:\WINDOWS\system32\srsvc.dll
    2004-08-04 12:00:00 17,920 —-a-w C:\WINDOWS\system32\ureg.dll
    2004-08-04 12:00:00 17,920 —-a-w C:\WINDOWS\system32\tsshutdn.exe
    2004-08-04 12:00:00 17,920 —-a-w C:\WINDOWS\system32
    ddeapi.dll
    2004-08-04 12:00:00 17,920 —-a-w C:\WINDOWS\system32\mmfutil.dll
    2004-08-04 12:00:00 17,920 —-a-w C:\WINDOWS\system32\iaspolcy.dll
    2004-08-04 12:00:00 17,920 —-a-w C:\WINDOWS\system32\dvdupgrd.exe
    2004-08-04 12:00:00 17,792 —-a-w C:\WINDOWS\system32\drivers\ptilink.sys
    2004-08-04 12:00:00 17,664 —-a-w C:\WINDOWS\system32\watchdog.sys
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\winshfhc.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\tftp.exe
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\qappsrv.exe
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\powrprof.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\perfnet.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32
    wapi16.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\mcicda.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\esentprf.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\bidispl.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\alrsvc.dll
    2004-08-04 12:00:00 169,984 —-a-w C:\WINDOWS\system32\sccbase.dll
    2004-08-04 12:00:00 169,984 —-a-w C:\WINDOWS\system32\iprtrmgr.dll
    2004-08-04 12:00:00 169,520 —-a-w C:\WINDOWS\system32\ole2disp.dll
    2004-08-04 12:00:00 167,868 —-a-w C:\WINDOWS\system32\pagefileconfig.vbs
    2004-08-04 12:00:00 167,424 —-a-w C:\WINDOWS\system32\diskpart.exe
    2004-08-04 12:00:00 165,376 —-a-w C:\WINDOWS\system32\ciadmin.dll
    2004-08-04 12:00:00 164,864 —-a-w C:\WINDOWS\system32\credui.dll
    2004-08-04 12:00:00 164,352 —-a-w C:\WINDOWS\system32\dinput.dll
    2004-08-04 12:00:00 163,328 —-a-w C:\WINDOWS\system32\oleacc.dll
    2004-08-04 12:00:00 162,816 —-a-w C:\WINDOWS\system32\drivers
    etbt.sys
    2004-08-04 12:00:00 162,304 —-a-w C:\WINDOWS\system32\adsnds.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\winrnr.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\vss_ps.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\usbmon.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\upnpcont.exe
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\runas.exe
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\rassapi.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\msidntld.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\mqise.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\expand.exe
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\deskmon.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\deskadp.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\cfgmgr32.dll
    2004-08-04 12:00:00 16,512 —-a-w C:\WINDOWS\system32\drivers\raspti.sys
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\tskill.exe
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\rwinsta.exe
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\odbc32gt.dll
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\icfgnt5.dll
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\fmifs.dll
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\ds32gt.dll
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\avmeter.dll
    2004-08-04 12:00:00 16,000 —-a-w C:\WINDOWS\system32\drivers\usbintel.sys
    2004-08-04 12:00:00 159,744 —-a-w C:\WINDOWS\system32\scrobj.dll
    2004-08-04 12:00:00 159,232 —-a-w C:\WINDOWS\system32\sbeio.dll
    2004-08-04 12:00:00 159,232 —-a-w C:\WINDOWS\system32\MSIMTF.dll
    2004-08-04 12:00:00 157,696 —-a-w C:\WINDOWS\system32\paqsp.dll
    2004-08-04 12:00:00 156,160 —-a-w C:\WINDOWS\system32\ipmontr.dll
    2004-08-04 12:00:00 154,624 —-a-w C:\WINDOWS\system32\shmedia.dll
    2004-08-04 12:00:00 154,112 —-a-w C:\WINDOWS\system32\keymgr.dll
    2004-08-04 12:00:00 153,856 —-a-w C:\WINDOWS\system32\drivers\dmio.sys
    2004-08-04 12:00:00 153,088 —-a-w C:\WINDOWS\regedit.exe
    2004-08-04 12:00:00 153,008 —-a-w C:\WINDOWS\system32\ole2nls.dll
    2004-08-04 12:00:00 152,576 —-a-w C:\WINDOWS\system32\rsaenh.dll
    2004-08-04 12:00:00 152,064 —-a-w C:\WINDOWS\system32\datime.dll
    2004-08-04 12:00:00 152,064 —-a-w C:\WINDOWS\system32\bootcfg.exe
    2004-08-04 12:00:00 151,552 —-a-w C:\WINDOWS\system32\scrrun.dll
    2004-08-04 12:00:00 151,552 —-a-w C:\WINDOWS\system32\msdart.dll
    2004-08-04 12:00:00 150,016 —-a-w C:\WINDOWS\system32\imapi.exe
    2004-08-04 12:00:00 15,984 —-a-w C:\WINDOWS\system32\prnqctl.vbs
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\TASKMAN.EXE
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\w3ssl.dll
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\taskman.exe
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\sysinv.dll
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\rsh.exe
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\perfmon.exe
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\more.com
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\inetppui.dll
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\dmremote.exe
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\comp.exe
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\cmcfg32.dll
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\cdmodem.dll
    2004-08-04 12:00:00 15,488 —-a-w C:\WINDOWS\system32\drivers\serenum.sys
    2004-08-04 12:00:00 15,488 —-a-w C:\WINDOWS\system32\drivers\mssmbios.sys
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\tsdiscon.exe
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\tsd32.dll
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\tscon.exe
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\slbrccsp.dll
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\shadow.exe
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\pjlmon.dll
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\pentnt.exe
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\logoff.exe
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\hnetmon.dll
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\help.exe
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\ctfmon.exe
    2004-08-04 12:00:00 149,019 —-a-w C:\WINDOWS\system32\crtdll.dll
    2004-08-04 12:00:00 147,968 —-a-w C:\WINDOWS\system32\rdchost.dll
    2004-08-04 12:00:00 147,968 —-a-w C:\WINDOWS\system32\mdwmdmsp.dll
    2004-08-04 12:00:00 147,968 —-a-w C:\WINDOWS\system32\dskquoui.dll
    2004-08-04 12:00:00 147,456 —-a-w C:\WINDOWS\system32\odbctrac.dll
    2004-08-04 12:00:00 147,456 —-a-w C:\WINDOWS\system32\initpki.dll
    2004-08-04 12:00:00 147,456 —-a-w C:\WINDOWS\system32\comsnap.dll
    2004-08-04 12:00:00 146,944 —-a-w C:\WINDOWS\system32\hotplug.dll
    2004-08-04 12:00:00 145,920 —-a-w C:\WINDOWS\system32\modemui.dll
    2004-08-04 12:00:00 145,408 —-a-w C:\WINDOWS\system32\wiavusd.dll
    2004-08-04 12:00:00 145,408 —-a-w C:\WINDOWS\system32
    tshrui.dll
    2004-08-04 12:00:00 145,408 —-a-w C:\WINDOWS\system32\dsprop.dll
    2004-08-04 12:00:00 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
    2004-08-04 12:00:00 144,384 —-a-w C:\WINDOWS\system32\mobsync.exe
    2004-08-04 12:00:00 144,384 —-a-w C:\WINDOWS\system32\imagehlp.dll
    2004-08-04 12:00:00 144,384 —-a-w C:\WINDOWS\system32\capesnpn.dll
    2004-08-04 12:00:00 143,360 —-a-w C:\WINDOWS\system32\rasmontr.dll
    2004-08-04 12:00:00 143,360 —-a-w C:\WINDOWS\system32\msorcl32.dll
    2004-08-04 12:00:00 143,360 —-a-w C:\WINDOWS\system32\drivers\fastfat.sys
    2004-08-04 12:00:00 143,360 —-a-w C:\WINDOWS\system32\adsldpc.dll
    2004-08-04 12:00:00 142,848 —-a-w C:\WINDOWS\system32
    etid.dll
    2004-08-04 12:00:00 142,336 —-a-w C:\WINDOWS\system32\sessmgr.exe
    2004-08-04 12:00:00 141,824 —-a-w C:\WINDOWS\system32\sfc_os.dll
    2004-08-04 12:00:00 141,312 —-a-w C:\WINDOWS\system32\iasrecst.dll
    2004-08-04 12:00:00 140,800 —-a-w C:\WINDOWS\system32\taskmgr.exe
    2004-08-04 12:00:00 14,976 —-a-w C:\WINDOWS\system32\drivers\tape.sys
    2004-08-04 12:00:00 14,850 —-a-w C:\WINDOWS\system32\kb16.com
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\tcpmib.dll
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\stimon.exe
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\serwvdrv.dll
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\serialui.dll
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\rexec.exe
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32
    tlanui2.dll
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\mgmtapi.dll
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\mcastmib.dll
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\fc.exe
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\drivers\kbdhid.sys
    2004-08-04 12:00:00 14,592 —-a-w C:\WINDOWS\system32\drivers\smclib.sys
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\wship6.dll
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\wowfaxui.dll
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\svchost.exe
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\ssstars.scr
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\runonce.exe
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\msdmo.dll
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\drprov.dll
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\drivers\asyncmac.sys
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\cmpbk32.dll
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\auditusr.exe
    2004-08-04 12:00:00 14,208 —-a-w C:\WINDOWS\system32\drivers\diskdump.sys
    2004-08-04 12:00:00 139,264 —-a-w C:\WINDOWS\system32\sndvol32.exe
    2004-08-04 12:00:00 138,752 —-a-w C:\WINDOWS\system32\swprv.dll
    2004-08-04 12:00:00 138,496 —-a-w C:\WINDOWS\system32\drivers\afd.sys
    2004-08-04 12:00:00 138,240 —-a-w C:\WINDOWS\system32\mqad.dll
    2004-08-04 12:00:00 138,240 —-a-w C:\WINDOWS\system32\ifmon.dll
    2004-08-04 12:00:00 137,216 —-a-w C:\WINDOWS\system32\sti_ci.dll
    2004-08-04 12:00:00 137,216 —-a-w C:\WINDOWS\system32\dssenh.dll
    2004-08-04 12:00:00 136,192 —-a-w C:\WINDOWS\system32\webvw.dll
    2004-08-04 12:00:00 135,168 —-a-w C:\WINDOWS\system32\odbcconf.dll
    2004-08-04 12:00:00 134,656 —-a-w C:\WINDOWS\system32\mssap.dll
    2004-08-04 12:00:00 132,608 —-a-w C:\WINDOWS\system32\upnp.dll
    2004-08-04 12:00:00 132,608 —-a-w C:\WINDOWS\system32\sndrec32.exe
    2004-08-04 12:00:00 132,608 —-a-w C:\WINDOWS\system32\rsvp.exe
    2004-08-04 12:00:00 132,096 —-a-w C:\WINDOWS\system32\acledit.dll
    2004-08-04 12:00:00 130,560 —-a-w C:\WINDOWS\system32\dmdskres.dll
    2004-08-04 12:00:00 130,048 —-a-w C:\WINDOWS\system32\sdpblb.dll
    2004-08-04 12:00:00 13,952 —-a-w C:\WINDOWS\system32\drivers\cbidf2k.sys
    2004-08-04 12:00:00 13,888 —-a-w C:\WINDOWS\system32\toolhelp.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\wscntfy.exe
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\uniplat.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\sisbkup.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\sigtab.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\senscfg.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\savedump.exe
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\rdsaddin.exe
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\mrinfo.exe
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\lmhsvc.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\convert.exe
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\cmsetACL.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\atkctrs.dll
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\win87em.dll
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\verifier.dll
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\umdmxfrm.dll
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\tcmsetup.exe
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32
    tvdmd.dll
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\msswch.dll
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\lsass.exe
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\irclass.dll
    2004-08-04 12:00:00 129,536 —-a-w C:\WINDOWS\system32\xmlprov.dll
    2004-08-04 12:00:00 129,536 —-a-w C:\WINDOWS\system32\msv1_0.dll
    2004-08-04 12:00:00 129,024 —-a-w C:\WINDOWS\system32
    wscript.exe
    2004-08-04 12:00:00 128,000 —-a-w C:\WINDOWS\system32\mshearts.exe
    2004-08-04 12:00:00 126,976 —-a-w C:\WINDOWS\system32\msvideo.dll
    2004-08-04 12:00:00 126,976 —-a-w C:\WINDOWS\system32\apphelp.dll
    2004-08-04 12:00:00 125,952 —-a-w C:\WINDOWS\system32\schtasks.exe
    2004-08-04 12:00:00 125,952 —-a-w C:\WINDOWS\system32\input.dll
    2004-08-04 12:00:00 125,696 —-a-w C:\WINDOWS\system32\drivers\ftdisk.sys
    2004-08-04 12:00:00 124,928 —-a-w C:\WINDOWS\system32\wiadss.dll
    2004-08-04 12:00:00 124,928 —-a-w C:\WINDOWS\system32
    et1.exe
    2004-08-04 12:00:00 124,416 —-a-w C:\WINDOWS\system32\mplay32.exe
    2004-08-04 12:00:00 123,904 —-a-w C:\WINDOWS\system32\dfrgui.dll
    2004-08-04 12:00:00 123,392 —-a-w C:\WINDOWS\system32\mqrtdep.dll
    2004-08-04 12:00:00 123,392 —-a-w C:\WINDOWS\system32\glu32.dll
    2004-08-04 12:00:00 122,368 —-a-w C:\WINDOWS\system32\stobject.dll
    2004-08-04 12:00:00 121,856 —-a-w C:\WINDOWS\system32\idq.dll
    2004-08-04 12:00:00 121,856 —-a-w C:\WINDOWS\system32\gpresult.exe
    2004-08-04 12:00:00 121,856 —-a-w C:\WINDOWS\system32\exts.dll
    2004-08-04 12:00:00 121,344 —-a-w C:\WINDOWS\syst

























































  • En weer niet… Ik wacht je antwoord eerst wel af voordat ik de rest ook nog post, sorry :wink:
  • Heel lijstje.

    1. Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:2d6ccc3928]Select All[/b:2d6ccc3928].
    Klik op de knop [b:2d6ccc3928]Empty Selected[/b:2d6ccc3928].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:2d6ccc3928]Select All[/b:2d6ccc3928].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:2d6ccc3928]Empty Selected[/b:2d6ccc3928].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:2d6ccc3928]Select All[/b:2d6ccc3928].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:2d6ccc3928]Empty Selected[/b:2d6ccc3928].
    Ga naar het tabblad "Main" en klik op de knop [b:2d6ccc3928]Exit[/b:2d6ccc3928] om het programma af te sluiten.

    2. Download [b:2d6ccc3928]Dr.Web CureIt[/b:2d6ccc3928] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    3. Start de computer in veilige modus.

    4. Dubbelklik [b:2d6ccc3928]drweb-cureit.exe[/b:2d6ccc3928] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:2d6ccc3928]Options[/b:2d6ccc3928] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:2d6ccc3928]groene pijl[/b:2d6ccc3928] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:2d6ccc3928]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:2d6ccc3928]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:2d6ccc3928]Move incurable[/b:2d6ccc3928] zoals je zal zien in volgende afbeelding:
    [img:2d6ccc3928]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:2d6ccc3928]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:2d6ccc3928]file[/b:2d6ccc3928] en kies [b:2d6ccc3928]save report list[/b:2d6ccc3928]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    5. [b:2d6ccc3928]Herstart[/b:2d6ccc3928] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis
  • Done. Wat ik wel raar vond is dat DrWeb het update programma van McAfee aanmerkt als potentiële downloader, Mcupdmgr.exe. Na het opnieuw opstarten geeft McAfee dan ook meteen de melding dat ik niet meer beschermd ben. Aangezien ik dit ook niet veilig vind, ga ik zo dadelijk trachten McAfee te herstellen, en mocht het dan op weerstand stuiten van uw kant doe ik weer hetzelfde met DrWeb :roll: (Edit: Hoe doe ik dat overigens? * Edit2: Ah nevermind, dat is al gelukt ;) )

    [b:57a0581b7e]log van HijackThis:[/b:57a0581b7e]

    Logfile of HijackThis v1.99.1
    Scan saved at 21:02:35, on 24-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0230Mon.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\DOCUME~1\Ufuk\LOCALS~1\Temp\clclean.0001
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Documents and Settings\Ufuk\Bureaublad\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114w.bay114.mail.live.com/mail
    esources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    [b:57a0581b7e]log van DrWeb:[/b:57a0581b7e]

    mcupdmgr.exe c:\program files\mcafee\msc Probably DLOADER.Trojan Incurable.Moved.
    VBAOL11.CHM\html/olobjAddressEntries.htm C:\Program Files\Microsoft Office\OFFICE11\1043\VBAOL11.CHM Modification of VBS.Petik
    VBAOL11.CHM C:\Program Files\Microsoft Office\OFFICE11\1043 Archive contains infected objects Moved.
    rcqyqmkj.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    A0062750.dll C:\System Volume Information\_restore{C6047249-B8FE-4F02-AAF1-9B17FBAA739B}\RP375 Trojan.Virtumod Deleted.

  • Voor Yep vundo besmetting bestaat een removal tool:

    http://securityresponse.symantec.com/avcenter/FixVundo.exe

    Kun je die dan niet beter gebruiken?
  • [quote:471ddc679e="Tweaky"]Voor Yep vundo besmetting bestaat een removal tool:

    http://securityresponse.symantec.com/avcenter/FixVundo.exe

    Kun je die dan niet beter gebruiken?[/quote:471ddc679e]

    Niet beter, want de combofix is beter omdat hij de bestanden unlocked(automatisch) en verwijderd. Combo laat nog meer zien en dat is ook handig, maar soms wissel ik wel eens af,

    die van symantec , :-?
    VIRTUMONDO_BEGONE Virtumundo Begone http://hicheckthis.dyndns.org/hjt/ncslist.php?lang=NL&view=118
    ———————
    VUNDO VundoFix
    http://hicheckthis.dyndns.org/hjt/ncslist.php?lang=NL&view=103
    ————————
    en natuurlijk de combofix.

    die van symantec gebruik ik nooit.
  • Logje ziet er al weer terug schoon uit, hoe is het met je problemen?
  • De problemen zijn helemaal weg, bedankt voor de hulp ;)
    En voor in de toekomst, mocht ik weer last hebben van spyware, is het dan aan te raden om bijvoorbeeld Combofix te gebruiken in combinatie met Dr. Web? Of is Combofix alleen voor vundo besmettingen?

    Wat ik ook wel raar vind is dat een (toch hoog aangeschreven) programma als McAfee niet gewoon om kan gaan met dergelijke trojans.. Je zou toch denken dat die antivirusprogramma's daar speciaal voor geschreven worden.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.