Vraag & Antwoord

Beveiliging & privacy

TROJAN VUNDO virus (met gegevens)

12 antwoorden
  • Hallo, Ik heb al een tijdje een probleem met trojan vundo. Toen ik op deze site keek zag ik een goede verhelper. Hier zijn mij logjes. Log van VundoFix VundoFix V7.0.3 Scan started at 18:01:38 15-3-2008 Listing files found while scanning.... C:\WINDOWS\system32\hggeedb.dll C:\WINDOWS\system32\iifgdbb.dll C:\WINDOWS\system32\oncqcboc.dll C:\windows\system32\oncqcboc.dllbox C:\WINDOWS\system32\velhhugd.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\oncqcboc.dll C:\WINDOWS\system32\oncqcboc.dll Has been deleted! Attempting to delete C:\windows\system32\oncqcboc.dllbox C:\windows\system32\oncqcboc.dllbox Has been deleted! Attempting to delete C:\WINDOWS\system32\velhhugd.dll C:\WINDOWS\system32\velhhugd.dll Has been deleted! Performing Repairs to the registry. Done! Logje van Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:35:13, on 15-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\ehome\ehtray.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\regsvr32.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\dwwin.exe D:\Documents and Settings\Erwin\Mijn documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Zpcaloci\hzjukowh.dll O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll (file missing) O2 - BHO: (no name) - {316B6BFD-AE4C-6AF6-21B0-0B58D034C3C3} - C:\Program Files\Nwyzdeqi\tgyperse.dll (file missing) O2 - BHO: (no name) - {4873A11A-4E3E-4932-B0EF-73B109666D62} - C:\WINDOWS\system32\velhhugd.dll (file missing) O2 - BHO: SysApp - {4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D} - C:\Program Files\ApplePie\ie-improver.dll (file missing) O2 - BHO: (no name) - {72B1FA38-546B-4F8E-AF83-069EFA3B07A8} - C:\WINDOWS\system32\velhhugd.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {9D3C95D5-D508-4625-9446-4FEDFDE126D7} - C:\WINDOWS\system32\velhhugd.dll (file missing) O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: {35861c72-9a8d-679a-4414-35707d5e3bda} - {adb3e5d7-0753-4144-a976-d8a927c16853} - C:\WINDOWS\system32\hgysnjwf.dll (file missing) O2 - BHO: (no name) - {B2A1EC68-D7DC-40CF-825D-5945CC3AD977} - C:\WINDOWS\system32\mljjh.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [tgjotsnw] rundll32.exe "C:\Program Files\tgjotsnw\fcrydeti.dll",Init O4 - HKLM\..\Run: [ctctqbkn] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\ctctqbkn.dll" O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvbeg.dll,startup O4 - HKLM\..\Run: [lmvknqzw] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\lmvknqzw.dll" O4 - HKLM\..\Run: [julsxctg] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\julsxctg.dll" O4 - HKLM\..\Run: [rsnazabi] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\rsnazabi.dll" O4 - HKLM\..\Run: [dc438d2c] rundll32.exe "C:\WINDOWS\system32\wwggixce.dll",b O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: .protected O4 - Global Startup: .protected O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://distefano1034.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast.info/objects/NpFp415.dll O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) - http://80.237.209.20/objects/NpFp41629.dll O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O20 - Winlogon Notify: hggeedb - hggeedb.dll (file missing) O20 - Winlogon Notify: iifgdbb - iifgdbb.dll (file missing) O20 - Winlogon Notify: winfmy32 - C:\WINDOWS\SYSTEM32\winfmy32.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\filezillaftp\filezillaserver.exe (file missing) O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 13762 bytes Ik hoop dat iemand mij kan helpen! Alvast bedankt!
  • Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels: [b:9b18c57ae3]R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Zpcaloci\hzjukowh.dll O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll (file missing) O2 - BHO: (no name) - {316B6BFD-AE4C-6AF6-21B0-0B58D034C3C3} - C:\Program Files\Nwyzdeqi\tgyperse.dll (file missing) O2 - BHO: (no name) - {4873A11A-4E3E-4932-B0EF-73B109666D62} - C:\WINDOWS\system32\velhhugd.dll (file missing) O2 - BHO: SysApp - {4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D} - C:\Program Files\ApplePie\ie-improver.dll (file missing) O2 - BHO: (no name) - {72B1FA38-546B-4F8E-AF83-069EFA3B07A8} - C:\WINDOWS\system32\velhhugd.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {9D3C95D5-D508-4625-9446-4FEDFDE126D7} - C:\WINDOWS\system32\velhhugd.dll (file missing) O2 - BHO: {35861c72-9a8d-679a-4414-35707d5e3bda} - {adb3e5d7-0753-4144-a976-d8a927c16853} - C:\WINDOWS\system32\hgysnjwf.dll (file missing) O2 - BHO: (no name) - {B2A1EC68-D7DC-40CF-825D-5945CC3AD977} - C:\WINDOWS\system32\mljjh.dll O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll (file missing) O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [tgjotsnw] rundll32.exe "C:\Program Files\tgjotsnw\fcrydeti.dll",Init O4 - HKLM\..\Run: [ctctqbkn] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\ctctqbkn.dll" O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvbeg.dll,startup O4 - HKLM\..\Run: [lmvknqzw] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\lmvknqzw.dll" O4 - HKLM\..\Run: [julsxctg] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\julsxctg.dll" O4 - HKLM\..\Run: [rsnazabi] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\rsnazabi.dll" O4 - HKLM\..\Run: [dc438d2c] rundll32.exe "C:\WINDOWS\system32\wwggixce.dll",b O4 - Startup: .protected O4 - Global Startup: .protected O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O20 - Winlogon Notify: hggeedb - hggeedb.dll (file missing) O20 - Winlogon Notify: iifgdbb - iifgdbb.dll (file missing)[/b:9b18c57ae3] Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af. Download: [url=http://home.hetnet.nl/~stefsmeenk/RVAXO.exe][color=blue:9b18c57ae3][b:9b18c57ae3]RVAXO.exe[/b:9b18c57ae3][/color:9b18c57ae3][/url][list:9b18c57ae3][*:9b18c57ae3]Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken. [*:9b18c57ae3]Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm][color=red:9b18c57ae3][b:9b18c57ae3]veilige modus[/b:9b18c57ae3][/color:9b18c57ae3][/url]. [*:9b18c57ae3]Open nu de map [b:9b18c57ae3]RVAXO[/b:9b18c57ae3] op je bureaublad en dubbeklik [b:9b18c57ae3]RunMe[/b:9b18c57ae3].cmd Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal. [*:9b18c57ae3][b:9b18c57ae3]Mogelijk[/b:9b18c57ae3] start er ook een uninstaller van een rogue scanner op, [b:9b18c57ae3]sluit deze niet af[/b:9b18c57ae3] maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen. [*:9b18c57ae3]Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw. Laat deze lopen en wacht tot er een logfile opent: C:\[b:9b18c57ae3]RVAXO-results.log[/b:9b18c57ae3] [*:9b18c57ae3]Herstart je computer niet vanzelf, of start de tool niet na de reboot, [b:9b18c57ae3]doe dit dan handmatig[/b:9b18c57ae3]. [*:9b18c57ae3]Post de inhoud van de logfile in je volgende bericht.[/list:u:9b18c57ae3] Download [url=http://www.regnow.com/trialware/download/Download_mbam-setup.exe?item=12128-1&affiliate=34290][b:9b18c57ae3][color=blue:9b18c57ae3]Malwarebytes' Anti-Malware[/color:9b18c57ae3][/b:9b18c57ae3][/url] op je bureaublad. Dubbelklik [b:9b18c57ae3]mbam-setup.exe[/b:9b18c57ae3] en kies voor "[b:9b18c57ae3]Next[/b:9b18c57ae3]" om de tool te installeren. Als de installatie voltooid is zet je vinkjes bij "[b:9b18c57ae3]Update MalwareBytes' Anti-Malware[/b:9b18c57ae3]" en bij "[b:9b18c57ae3]Launch MalwareBytes' Anti-Malware[/b:9b18c57ae3]". Druk daarna op "[b:9b18c57ae3]Finish[/b:9b18c57ae3]". Kies in het hoofdscherm voor de tab "[b:9b18c57ae3]Scanner[/b:9b18c57ae3]" en selecteer het keuzerondje "[b:9b18c57ae3]Perform full scan[/b:9b18c57ae3]". Druk op de knop "[b:9b18c57ae3]Scan[/b:9b18c57ae3]" en zorg dat al je harde schijven/partities aangevinkt staan. Druk dan op de knop "[b:9b18c57ae3]Start Scan[/b:9b18c57ae3]". Wanneer de scan voltooid is klik je op OK, daarna op "[b:9b18c57ae3]Show Results[/b:9b18c57ae3]" om de resultaten te zien. Zorg ervoor dat alles aangevinkt is, klik daarna op "[b:9b18c57ae3]Remove Selected[/b:9b18c57ae3]". Als het programma je computer wil laten herstarten, sta je dit toe. Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt) Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis :)
  • Hiervan volgen de 3tal logjes. Als 1e van RVAXO, als 2e van Malware en als laatste nog een logje van de nieuwe hijackthis. Ik hoop dat iemand me nu weer verder kan helpen. Alvast bedankt! RVAXO: ---RVAXO.exe Updated: [b:9d0e02e552]2008-03-14[/b:9d0e02e552]---first run--- [b:9d0e02e552]Uninstallers:[/b:9d0e02e552] [b:9d0e02e552]Files found:[/b:9d0e02e552] C:\WINDOWS\system32\winfmy32.dll C:\WINDOWS\system32\hjjlm.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\windows C:\WINDOWS\F0538_jpg.zip C:\WINDOWS\system32\actskn45.ocx [b:9d0e02e552]Folders Found:[/b:9d0e02e552] C:\Program Files\ApplePie C:\Program Files\SecCenter C:\Program Files\Video Add-on D:\Documents and Settings\Erwin\Application Data\Ultimate Cleaner Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- [b:9d0e02e552]Not deleted items:[/b:9d0e02e552] C:\WINDOWS\system32\winfmy32.dll D:\Documents and Settings\Erwin\Mijn documenten\Mijn ontvangen bestanden\stand.zip D:\Documents and Settings\Erwin\Application Data\Ultimate Cleaner --------------RVAXO.exe finished---------------- Malware: Malwarebytes' Anti-Malware 1.08 Database versie: 493 Scan type: Volledige Scan (C:\|D:\|F:\|I:\|J:\|K:\|L:\|) Objecten gescand: 367757 Verstreken tijd: 1 hour(s), 3 minute(s), 55 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 2 Registersleutels geïnfecteerd: 31 Registerwaarden geïnfecteerd: 2 Registerdata bestanden geïnfecteerd: 2 Mappen geïnfecteerd: 6 Bestanden geïnfecteerd: 27 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\mljjh.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\winfmy32.dll (Dialer) -> Unloaded module successfully. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9142ed2-24ce-4527-9c8f-32d9c4c57828} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{e9142ed2-24ce-4527-9c8f-32d9c4c57828} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{183807b8-bc07-48a2-8dad-abc96fa6c7a8} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2c80ead3-74cd-4700-83a4-aa878cd1c03c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{d28cd14c-50be-4cfa-951e-b37f25da3472} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\saix.installercaller (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\saix.installercaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winfit32 (Dialer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\MsSC2 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Ultimate Defender (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\UCSecureDelete (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\UCSecureDelete (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{183807b8-bc07-48a2-8dad-abc96fa6c7a8} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2c80ead3-74cd-4700-83a4-aa878cd1c03c} (Trojan.Vundo) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljjh.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljjh.dll -> Delete on reboot. Mappen geïnfecteerd: C:\WINDOWS\PerfInfo (Rogue.WinPerformance) -> Quarantined and deleted successfully. D:\Documents and Settings\Johan\Application Data\Ultimate Defender (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully. D:\Documents and Settings\Johan\Application Data\Ultimate Defender\logs (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully. D:\Documents and Settings\Erwin\Application Data\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. D:\Documents and Settings\Erwin\Application Data\Ultimate Cleaner\backup (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. D:\Documents and Settings\Erwin\Application Data\Ultimate Cleaner\logs (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\ageqlmtu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\utmlqega.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dddypyqh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hqypyddd.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ifwehajf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fjahewfi.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lggmfeqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tqefmggl.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mljjh.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\hjjlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hjjlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\obkrxllu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ullxrkbo.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\okyedgmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jmgdeyko.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tpxoxliw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wilxoxpt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yegfjyeq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qeyjfgey.ini (Trojan.Vundo) -> Quarantined and deleted successfully. D:\Documents and Settings\Erwin\Local Settings\Temp\outerinfo.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\PerfInfo\Dt3QYE1xA0uc.exe (Rogue.WinPerformance) -> Quarantined and deleted successfully. C:\WINDOWS\PerfInfo\Dt3QYE1xA0ud.exe (Rogue.WinPerformance) -> Quarantined and deleted successfully. D:\Documents and Settings\Erwin\Application Data\Ultimate Cleaner\settings.dat (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winfit32.dll (Dialer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winfmy32.dll (Dialer) -> Delete on reboot. D:\Documents and Settings\Stephan_2\Bureaublad\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully. D:\Documents and Settings\Johan\Bureaublad\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully. Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:36:37, on 15-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe D:\Documents and Settings\Erwin\Mijn documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://distefano1034.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast.info/objects/NpFp415.dll O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) - http://80.237.209.20/objects/NpFp41629.dll O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\filezillaftp\filezillaserver.exe (file missing) O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 11124 bytes
  • Lijkt allemaal goed gelukt te zijn :) Download dit bestand: [url=http://home.hetnet.nl/~stefsmeenk/zoek.exe]zoek.exe[/url] Dubbelklik het, na een tijdje opent er een logje. Post de inhoud van dit logje in je volgende bericht ;)
  • Ok hier is het logje van zoek.exe ----a-w 0 2008-03-16 13:03:29 C:\WINDOWS\0.log --s-a-w 2,048 2008-03-16 13:02:28 C:\WINDOWS\bootstat.dat ----a-w 338,179 2008-03-15 15:31:30 C:\WINDOWS\comsetup.log ----a-w 54,654 2008-03-15 15:31:30 C:\WINDOWS\ehOCGen.log ----a-w 988,838 2008-03-15 15:31:30 C:\WINDOWS\FaxSetup.log ----a-w 30 2008-03-05 17:46:00 C:\WINDOWS\Iedit.INI ----a-w 1,099,454 2008-03-15 15:31:30 C:\WINDOWS\iis6.log ----a-w 1,917 2008-03-15 15:31:30 C:\WINDOWS\imsins.log ----a-w 817,391 2008-03-15 16:08:37 C:\WINDOWS\KB873339.log ----a-w 856,775 2008-03-15 16:10:13 C:\WINDOWS\KB885835.log ----a-w 786,228 2008-03-15 16:10:09 C:\WINDOWS\KB885836.log ----a-w 835,213 2008-03-15 16:06:20 C:\WINDOWS\KB888302.log ----a-w 775,033 2008-03-15 16:07:36 C:\WINDOWS\KB890046.log ----a-w 1,852,565 2008-03-15 16:04:08 C:\WINDOWS\KB890859.log ----a-w 790,966 2008-03-15 16:07:58 C:\WINDOWS\KB891781.log ----a-w 832,032 2008-03-15 16:09:32 C:\WINDOWS\KB893756.log ----a-w 700,861 2008-03-15 18:20:52 C:\WINDOWS\KB894391.log ----a-w 824,362 2008-03-15 16:08:16 C:\WINDOWS\KB896358.log ----a-w 730,048 2008-03-15 16:09:03 C:\WINDOWS\KB896423.log ----a-w 1,750,915 2008-03-15 16:04:41 C:\WINDOWS\KB896428.log ----a-w 817,295 2008-03-15 16:10:34 C:\WINDOWS\KB899587.log ----a-w 807,313 2008-03-15 16:09:39 C:\WINDOWS\KB899591.log ----a-w 909,816 2008-03-15 16:08:56 C:\WINDOWS\KB900485.log ----a-w 798,054 2008-03-15 16:05:48 C:\WINDOWS\KB900725.log ----a-w 833,254 2008-03-15 16:09:43 C:\WINDOWS\KB901017.log ----a-w 1,743,483 2008-03-15 16:05:11 C:\WINDOWS\KB901190.log ----a-w 701,531 2008-03-15 16:06:42 C:\WINDOWS\KB901214.log ----a-w 841,038 2008-03-15 16:07:47 C:\WINDOWS\KB902400.log ----a-w 809,677 2008-03-15 16:06:46 C:\WINDOWS\KB905414.log ----a-w 1,742,493 2008-03-15 16:04:57 C:\WINDOWS\KB905749.log ----a-w 1,743,094 2008-03-15 16:04:27 C:\WINDOWS\KB908519.log ----a-w 1,723,153 2008-03-15 16:05:06 C:\WINDOWS\KB908531.log ----a-w 814,745 2008-03-15 16:09:23 C:\WINDOWS\KB911280.log ----a-w 778,269 2008-03-15 16:09:16 C:\WINDOWS\KB911562.log ----a-w 831,122 2008-03-15 16:09:48 C:\WINDOWS\KB911927.log ----a-w 1,746,782 2008-03-15 16:04:50 C:\WINDOWS\KB913580.log ----a-w 828,861 2008-03-15 16:06:53 C:\WINDOWS\KB914388.log ----a-w 1,781,160 2008-03-15 16:04:20 C:\WINDOWS\KB914389.log ----a-w 859,382 2008-03-15 18:21:01 C:\WINDOWS\KB916595.log ----a-w 799,612 2008-03-15 16:06:28 C:\WINDOWS\KB918118.log ----a-w 815,978 2008-03-15 16:07:54 C:\WINDOWS\KB918439.log ----a-w 816,150 2008-03-15 16:06:56 C:\WINDOWS\KB919007.log ----a-w 770,147 2008-03-15 16:05:36 C:\WINDOWS\KB920213.log ----a-w 791,910 2008-03-15 18:21:21 C:\WINDOWS\KB920670.log ----a-w 1,742,906 2008-03-15 16:04:24 C:\WINDOWS\KB920683.log ----a-w 705,486 2008-03-15 18:22:43 C:\WINDOWS\KB920685.log ----a-w 922,405 2008-03-15 16:07:24 C:\WINDOWS\KB920872.log ----a-w 813,332 2008-03-15 16:10:17 C:\WINDOWS\KB922819.log ----a-w 724,714 2008-03-15 16:06:38 C:\WINDOWS\KB923191.log ----a-w 814,244 2008-03-15 16:10:04 C:\WINDOWS\KB923414.log ----a-w 827,706 2008-03-15 16:09:27 C:\WINDOWS\KB923980.log ----a-w 825,426 2008-03-15 16:08:46 C:\WINDOWS\KB924270.log ----a-w 804,063 2008-03-15 16:09:07 C:\WINDOWS\KB924667.log ----a-w 816,268 2008-03-15 16:08:08 C:\WINDOWS\KB925902.log ----a-w 802,713 2008-03-15 16:06:25 C:\WINDOWS\KB926255.log ----a-w 813,060 2008-03-15 16:07:32 C:\WINDOWS\KB926436.log ----a-w 795,331 2008-03-15 16:10:29 C:\WINDOWS\KB927779.log ----a-w 779,407 2008-03-15 18:24:21 C:\WINDOWS\KB927802.log ----a-w 774,605 2008-03-15 18:23:53 C:\WINDOWS\KB928255.log ----a-w 1,751,732 2008-03-15 16:03:52 C:\WINDOWS\KB928843.log ----a-w 831,123 2008-03-15 16:08:03 C:\WINDOWS\KB929123.log ----a-w 794,767 2008-03-15 16:07:01 C:\WINDOWS\KB930178.log ----a-w 829,588 2008-03-15 16:05:22 C:\WINDOWS\KB930916.log ----a-w 776,132 2008-03-15 16:08:42 C:\WINDOWS\KB931261.log ----a-w 923,739 2008-03-15 16:09:55 C:\WINDOWS\KB931784.log ----a-w 749,786 2008-03-15 18:21:13 C:\WINDOWS\KB932168.log ----a-w 1,703,033 2008-03-15 16:04:37 C:\WINDOWS\KB935839.log ----a-w 817,717 2008-03-15 16:05:31 C:\WINDOWS\KB935840.log ----a-w 792,864 2008-03-15 16:09:19 C:\WINDOWS\KB936021.log ----a-w 792,947 2008-03-15 18:22:10 C:\WINDOWS\KB936357.log ----a-w 444,417 2008-03-15 16:10:01 C:\WINDOWS\KB937894.log ----a-w 1,693,111 2008-03-15 16:05:18 C:\WINDOWS\KB938127-IE7.log ----a-w 745,471 2008-03-15 16:09:11 C:\WINDOWS\KB938828.log ----a-w 801,113 2008-03-15 16:08:22 C:\WINDOWS\KB938829.log ----a-w 815,050 2008-03-15 16:06:33 C:\WINDOWS\KB941202.log ----a-w 498,821 2008-03-15 18:21:07 C:\WINDOWS\KB941568.log ----a-w 341,070 2008-03-15 16:08:33 C:\WINDOWS\KB941644.log ----a-w 529,940 2008-03-15 18:21:16 C:\WINDOWS\KB942763.log ----a-w 179,510 2008-03-15 16:04:31 C:\WINDOWS\KB943055.log ----a-w 321,434 2008-03-15 16:05:27 C:\WINDOWS\KB943485.log ----a-w 202,777 2008-03-15 16:06:17 C:\WINDOWS\KB944533-IE7.log ----a-w 1,420,676 2008-03-15 16:04:15 C:\WINDOWS\KB944653.log ----a-w 183,285 2008-03-15 16:08:26 C:\WINDOWS\KB946026.log ----a-w 98,164 2008-03-15 15:31:30 C:\WINDOWS\MedCtrOC.log ----a-w 47,561 2008-03-15 15:31:30 C:\WINDOWS\msgsocm.log ----a-w 299,558 2008-03-15 15:31:18 C:\WINDOWS\msmqinst.log ----a-w 191,984 2008-03-15 15:31:30 C:\WINDOWS\netfxocm.log ----a-w 318,058 2008-03-15 18:04:27 C:\WINDOWS\ntbtlog.txt ----a-w 202,782 2008-03-15 15:31:30 C:\WINDOWS\ntdtcsetup.log ----a-w 463,836 2008-03-15 15:31:30 C:\WINDOWS\ocgen.log ----a-w 58,292 2008-03-15 15:31:30 C:\WINDOWS\ocmsn.log ----a-w 4,205 2008-03-15 13:55:04 C:\WINDOWS\ODBCINST.INI ----a-w 111,083 2008-03-15 15:31:30 C:\WINDOWS\plusoc.log ----a-w 32,632 2008-03-15 19:32:39 C:\WINDOWS\SchedLgU.Txt ----a-w 470,582 2008-03-15 13:49:02 C:\WINDOWS\setupact.log ----a-w 683,957 2008-03-15 16:08:53 C:\WINDOWS\setupapi.log ----a-w 48,305 2008-03-15 15:31:30 C:\WINDOWS\tabletoc.log ----a-w 441,930 2008-03-15 15:31:30 C:\WINDOWS\tsoc.log ----a-w 582 2008-03-16 13:03:03 C:\WINDOWS\wiadebug.log ----a-w 49 2008-03-16 13:03:00 C:\WINDOWS\wiaservc.log ----a-w 1,131 2008-03-02 21:15:08 C:\WINDOWS\win.ini ----a-w 1,469,481 2008-03-16 13:06:41 C:\WINDOWS\WindowsUpdate.log ----a-w 95,380 2008-03-10 15:14:10 C:\WINDOWS\wmsetup.log ----a-w 294,963 2008-03-08 15:09:24 C:\WINDOWS\.file_store_32\runescape\main_file_cache.dat0 ----a-w 51,364,614 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.dat2 ----a-w 13,104 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx0 ----a-w 11,802 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx1 ----a-w 12 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx10 ----a-w 1,836 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx11 ----a-w 5,358 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx12 ----a-w 4,920 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx13 ----a-w 3,432 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx14 ----a-w 1,560 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx15 ----a-w 702 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx16 ----a-w 36 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx17 ----a-w 342 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx18 ----a-w 300 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx19 ----a-w 162 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx2 ----a-w 420 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx20 ----a-w 42 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx21 ----a-w 30 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx22 ----a-w 138 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx255 ----a-w 4,290 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx3 ----a-w 27,402 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx4 ----a-w 12,324 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx5 ----a-w 3,690 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx6 ----a-w 195,606 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx7 ----a-w 7,464 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx8 ----a-w 6 2008-03-15 22:36:46 C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx9 ----a-w 24 2008-03-15 22:36:46 C:\WINDOWS\.jagex_cache_32\random.dat ----a-w 432,560 2008-03-11 21:06:32 C:\WINDOWS\.jagex_cache_32\rsmap\main_file_cache.dat0 ----a-w 9,985 2008-03-11 21:06:22 C:\WINDOWS\.jagex_cache_32\rsmap\main_file_cache.idx0 ----a-w 164 2008-03-11 21:06:23 C:\WINDOWS\.jagex_cache_32\rsmap\main_file_cache.idx1 ----a-w 111,492 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla.dll ----a-w 141,755 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla1.dll ----a-w 111,283 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla10.dll ----a-w 111,159 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla12.dll ----a-w 111,159 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla13.dll ----a-w 111,283 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla14.dll ----a-w 141,755 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla19.dll ----a-w 172,825 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla2.dll ----a-w 111,492 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla22.dll ----a-w 141,755 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla24.dll ----a-w 111,492 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla25.dll ----a-w 111,492 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla26.dll ----a-w 145,494 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla29.dll ----a-w 111,083 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla30.dll ----a-w 111,492 2008-03-15 19:35:50 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla32.dll ----a-w 111,131 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla33.dll ----a-w 111,132 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla34.dll ----a-w 111,133 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla35.dll ----a-w 111,131 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla36.dll ----a-w 111,131 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla37.dll ----a-w 111,131 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla38.dll ----a-w 111,129 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla39.dll ----a-w 111,492 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla4.dll ----a-w 145,494 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla41.dll ----a-w 149,273 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla42.dll ----a-w 111,083 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla44.dll ----a-w 170,902 2008-03-15 19:35:50 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla45.dll ----a-w 110,746 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla46.dll ----a-w 120,905 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla47.dll ----a-w 111,326 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla48.dll ----a-w 111,180 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla49.dll ----a-w 170,902 2008-03-15 19:35:50 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla50.dll ----a-w 111,129 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla51.dll ----a-w 145,494 2008-03-15 19:35:50 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla52.dll ----a-w 111,129 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla53.dll ----a-w 111,159 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla6.dll ----a-w 111,155 2008-03-15 19:35:51 C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla7.dll ----a-w 0 2008-03-16 13:02:28 C:\WINDOWS\Debug\PASSWD.LOG ----a-w 164,894 2008-03-16 13:02:48 C:\WINDOWS\Debug\UserMode\userenv.log ----a-w 1,458,208 2008-03-02 21:29:23 C:\WINDOWS\inf\INFCACHE.1 ----a-w 17,098 2008-03-02 21:25:30 C:\WINDOWS\inf\oem10.PNF ----a-w 9,618 2008-03-02 21:25:30 C:\WINDOWS\inf\oem11.PNF ----a-w 9,194 2008-03-02 21:25:30 C:\WINDOWS\inf\oem12.PNF ----a-w 8,898 2008-03-02 21:25:30 C:\WINDOWS\inf\oem13.PNF ----a-w 6,290 2008-03-02 21:25:30 C:\WINDOWS\inf\oem14.PNF ----a-w 120,914 2008-03-02 21:27:39 C:\WINDOWS\inf\oem28.PNF ----a-w 60,018 2008-03-02 21:29:18 C:\WINDOWS\inf\oem29.PNF ----a-w 34,610 2008-03-02 21:25:30 C:\WINDOWS\inf\oem9.PNF ----a-w 190,464 2008-03-08 15:07:28 C:\WINDOWS\Installer\783f64.msi ----a-w 289,792 2008-03-10 20:20:24 C:\WINDOWS\Installer\9dad8.msi ----a-w 2,145,792 2008-03-02 16:41:56 C:\WINDOWS\Installer\fbb265.msi ----a-w 172,032 2008-03-07 20:03:52 C:\WINDOWS\Installer\MSI5F87.tmp ----a-w 172,032 2008-03-07 20:04:02 C:\WINDOWS\Installer\MSI5F92.tmp ----a-w 172,032 2008-03-10 20:19:11 C:\WINDOWS\Installer\MSI6021.tmp ----a-w 172,032 2008-03-10 20:19:21 C:\WINDOWS\Installer\MSI6031.tmp ----a-w 71,633 2008-03-13 07:47:03 C:\WINDOWS\Installer\MSI6241.tmp ----a-w 135,168 2008-03-08 15:06:02 C:\WINDOWS\Installer\MSI6AEF.tmp ----a-w 135,168 2008-03-08 15:06:21 C:\WINDOWS\Installer\MSI6AFF.tmp ----a-r 135,168 2008-03-08 15:07:30 C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150120}\sp1033.MST ----a-r 172,032 2008-03-10 20:20:28 C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0160050}\sp1033.MST ----a-r 703,488 2008-03-02 16:41:59 C:\WINDOWS\Installer\{ED93995E-8BF2-480F-8EA4-7D29E29A7052}\1043D.MST ----a-r 766 2008-03-02 21:24:04 C:\WINDOWS\Installer\{ED93995E-8BF2-480F-8EA4-7D29E29A7052}\setup.exe ----a-w 320 2008-03-08 20:24:24 C:\WINDOWS\pchealth\helpctr\Config\NewsSet.xml ----a-w 190,564 2008-03-08 20:25:57 C:\WINDOWS\pchealth\helpctr\Config\Cache\Professional_32_1043.dat.bak ----a-w 264 2008-03-08 20:24:29 C:\WINDOWS\pchealth\helpctr\Config\News\NewsHeadlines_1043_Professional.xml ----a-w 70,714 2008-03-08 20:24:23 C:\WINDOWS\pchealth\helpctr\Config\News\newsver.xml ----a-w 11,322 2008-03-15 13:33:28 C:\WINDOWS\Prefetch\ALCMTR.EXE-01A7139B.pf ----a-w 16,858 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf ----a-w 11,364 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\ATIPTAXX.EXE-1C085A4D.pf ----a-w 36,536 2008-03-16 13:08:08 C:\WINDOWS\Prefetch\AUPDATE.EXE-223E3682.pf ----a-w 10,938 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\AZMIXERSEL.EXE-0057985F.pf ----a-w 28,972 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\CCAPP.EXE-10E11A7C.pf ----a-w 62,266 2008-03-15 19:35:21 C:\WINDOWS\Prefetch\CCEVTMGR.EXE-2847280A.pf ----a-w 19,738 2008-03-15 15:31:13 C:\WINDOWS\Prefetch\CONTROL.EXE-24FBF8B3.pf ----a-w 18,224 2008-03-15 18:13:24 C:\WINDOWS\Prefetch\DAEMON.EXE-08505009.pf ----a-w 101,050 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\DLLHOST.EXE-474D72E6.pf ----a-w 29,666 2008-03-15 16:53:36 C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf ----a-w 24,242 2008-03-15 16:43:22 C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf ----a-w 30,382 2008-03-15 17:33:51 C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf ----a-w 20,826 2008-03-15 18:13:22 C:\WINDOWS\Prefetch\ECH.EXE-04A853FF.pf ----a-w 36,312 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\EHMSAS.EXE-1E4CE886.pf ----a-w 70,398 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\EHREC.EXE-2365F918.pf ----a-w 19,744 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\EHTRAY.EXE-337AC592.pf ----a-w 112,798 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf ----a-w 53,890 2008-03-15 16:47:48 C:\WINDOWS\Prefetch\FIFA08.EXE-016DDC75.pf ----a-w 46,608 2008-03-15 15:31:44 C:\WINDOWS\Prefetch\FILEZILLA.EXE-38E8D6A2.pf ----a-w 12,922 2008-03-15 15:29:28 C:\WINDOWS\Prefetch\GLB1A2B.EXE-135A1E80.pf ----a-w 33,470 2008-03-15 20:24:24 C:\WINDOWS\Prefetch\HAMACHI.EXE-01C1F118.pf ----a-w 13,604 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\HDASHCUT.EXE-2D2D5319.pf ----a-w 26,924 2008-03-15 19:36:36 C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-0229DDB8.pf ----a-w 17,410 2008-03-15 17:57:35 C:\WINDOWS\Prefetch\HPZENG05.EXE-221F2969.pf ----a-w 14,376 2008-03-15 17:33:22 C:\WINDOWS\Prefetch\IEDW.EXE-0F1DF43F.pf ----a-w 90,560 2008-03-16 13:06:08 C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf ----a-w 400,276 2008-03-15 14:59:10 C:\WINDOWS\Prefetch\Layout.ini ----a-w 43,344 2008-03-15 19:32:01 C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf ----a-w 42,946 2008-03-16 13:08:13 C:\WINDOWS\Prefetch\LUCALLBACKPROXY.EXE-29128DB6.pf ----a-w 38,666 2008-03-16 13:08:08 C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf ----a-w 15,490 2008-03-15 18:13:22 C:\WINDOWS\Prefetch\MONITOR.EXE-17ECCCDE.pf ----a-w 99,860 2008-03-15 19:35:32 C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf ----a-w 33,282 2008-03-16 13:06:38 C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf ----a-w 89,964 2008-03-15 17:35:52 C:\WINDOWS\Prefetch\MSNMSGR.EXE-0EBDBC56.pf ----a-w 54,700 2008-03-15 17:56:24 C:\WINDOWS\Prefetch\NAVW32.EXE-32139521.pf ----a-w 23,168 2008-03-16 13:07:19 C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf ----a-w 1,040,874 2008-03-16 13:04:09 C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf ----a-w 12,394 2008-03-15 13:33:33 C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf ----a-w 2,968 2008-03-15 15:29:18 C:\WINDOWS\Prefetch\QUITRE~1.EXE-00E8A675.pf ----a-w 13,088 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\REALSCHED.EXE-0948A6AF.pf ----a-w 15,218 2008-03-15 19:31:19 C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf ----a-w 27,936 2008-03-15 18:25:25 C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf ----a-w 17,934 2008-03-15 18:13:24 C:\WINDOWS\Prefetch\RTHDCPL.EXE-005A6E31.pf ----a-w 13,494 2008-03-15 15:32:09 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf ----a-w 45,254 2008-03-15 15:31:13 C:\WINDOWS\Prefetch\RUNDLL32.EXE-6704CAE6.pf ----a-w 14,712 2008-03-15 15:22:36 C:\WINDOWS\Prefetch\RUNDLL32.EXE-712F5CEC.pf ----a-w 84,784 2008-03-15 20:13:06 C:\WINDOWS\Prefetch\RUNESCAPE.EXE-2834571F.pf ----a-w 12,002 2008-03-15 17:25:53 C:\WINDOWS\Prefetch\SHUTDOWN.EXE-00AD91B0.pf ----a-w 7,700 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\SNDMON.EXE-1C89C7E1.pf ----a-w 22,334 2008-03-15 15:11:26 C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-1709A272.pf ----a-w 37,602 2008-03-15 20:02:40 C:\WINDOWS\Prefetch\SWHELP~3.EXE-10B944B9.pf ----a-w 54,436 2008-03-15 15:31:19 C:\WINDOWS\Prefetch\SYSOCMGR.EXE-07A918BD.pf ----a-w 31,160 2008-03-15 18:13:20 C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf ----a-w 31,374 2008-03-15 15:23:27 C:\WINDOWS\Prefetch\UNINSTALL.EXE-317A2AB4.pf ----a-w 16,026 2008-03-15 15:29:24 C:\WINDOWS\Prefetch\UNWISE.EXE-20EE4040.pf ----a-w 71,664 2008-03-15 16:06:53 C:\WINDOWS\Prefetch\UPDATE.EXE-012A9EF5.pf ----a-w 73,920 2008-03-15 16:06:38 C:\WINDOWS\Prefetch\UPDATE.EXE-03B6367F.pf ----a-w 71,818 2008-03-15 16:08:16 C:\WINDOWS\Prefetch\UPDATE.EXE-040EFA8F.pf ----a-w 69,190 2008-03-15 16:03:49 C:\WINDOWS\Prefetch\UPDATE.EXE-043873A2.pf ----a-w 73,192 2008-03-15 16:10:01 C:\WINDOWS\Prefetch\UPDATE.EXE-0481357A.pf ----a-w 72,274 2008-03-15 16:06:42 C:\WINDOWS\Prefetch\UPDATE.EXE-04BB9664.pf ----a-w 71,438 2008-03-15 16:07:32 C:\WINDOWS\Prefetch\UPDATE.EXE-05122C1A.pf ----a-w 72,042 2008-03-15 16:05:36 C:\WINDOWS\Prefetch\UPDATE.EXE-06A8C6B9.pf ----a-w 81,202 2008-03-15 16:09:42 C:\WINDOWS\Prefetch\UPDATE.EXE-06BD1380.pf ----a-w 71,784 2008-03-15 16:09:39 C:\WINDOWS\Prefetch\UPDATE.EXE-076C390D.pf ----a-w 73,370 2008-03-15 16:10:34 C:\WINDOWS\Prefetch\UPDATE.EXE-08692650.pf ----a-w 70,484 2008-03-15 16:04:24 C:\WINDOWS\Prefetch\UPDATE.EXE-08B6B907.pf ----a-w 76,308 2008-03-15 16:06:28 C:\WINDOWS\Prefetch\UPDATE.EXE-0983D518.pf ----a-w 73,190 2008-03-15 16:10:05 C:\WINDOWS\Prefetch\UPDATE.EXE-0A41FE6E.pf ----a-w 71,336 2008-03-15 16:05:12 C:\WINDOWS\Prefetch\UPDATE.EXE-0A5DBB66.pf ----a-w 79,172 2008-03-15 16:09:07 C:\WINDOWS\Prefetch\UPDATE.EXE-0B1E4D8C.pf ----a-w 72,192 2008-03-15 16:06:57 C:\WINDOWS\Prefetch\UPDATE.EXE-0C80E0A4.pf ----a-w 70,282 2008-03-15 16:06:21 C:\WINDOWS\Prefetch\UPDATE.EXE-0CF66055.pf ----a-w 70,756 2008-03-15 16:09:03 C:\WINDOWS\Prefetch\UPDATE.EXE-0EA9EDB6.pf ----a-w 72,758 2008-03-15 16:08:33 C:\WINDOWS\Prefetch\UPDATE.EXE-0ECC4B5E.pf ----a-w 75,982 2008-03-15 16:05:22 C:\WINDOWS\Prefetch\UPDATE.EXE-0FBB0B41.pf ----a-w 71,104 2008-03-15 16:04:50 C:\WINDOWS\Prefetch\UPDATE.EXE-103A3570.pf ----a-w 68,394 2008-03-15 16:09:53 C:\WINDOWS\Prefetch\UPDATE.EXE-125E88F8.pf ----a-w 69,092 2008-03-15 16:07:09 C:\WINDOWS\Prefetch\UPDATE.EXE-1392A19F.pf ----a-w 79,896 2008-03-15 16:09:19 C:\WINDOWS\Prefetch\UPDATE.EXE-155B6FF4.pf ----a-w 71,850 2008-03-15 16:09:16 C:\WINDOWS\Prefetch\UPDATE.EXE-169FFC7F.pf ----a-w 68,492 2008-03-15 16:09:28 C:\WINDOWS\Prefetch\UPDATE.EXE-1736CC7D.pf ----a-w 74,062 2008-03-15 16:10:13 C:\WINDOWS\Prefetch\UPDATE.EXE-173B88C9.pf ----a-w 73,478 2008-03-15 16:04:31 C:\WINDOWS\Prefetch\UPDATE.EXE-19CC5B4A.pf ----a-w 77,186 2008-03-15 16:06:33 C:\WINDOWS\Prefetch\UPDATE.EXE-19DBD6B5.pf ----a-w 71,006 2008-03-15 16:09:48 C:\WINDOWS\Prefetch\UPDATE.EXE-1CA3E0D0.pf ----a-w 71,742 2008-03-15 16:08:26 C:\WINDOWS\Prefetch\UPDATE.EXE-1D1475A6.pf ----a-w 78,624 2008-03-15 16:07:46 C:\WINDOWS\Prefetch\UPDATE.EXE-1E4F54C2.pf ----a-w 79,290 2008-03-15 16:09:11 C:\WINDOWS\Prefetch\UPDATE.EXE-1E976F79.pf ----a-w 71,994 2008-03-15 16:04:57 C:\WINDOWS\Prefetch\UPDATE.EXE-1F2E4C2F.pf ----a-w 72,614 2008-03-15 16:08:42 C:\WINDOWS\Prefetch\UPDATE.EXE-1F6E1B42.pf ----a-w 72,218 2008-03-15 16:04:16 C:\WINDOWS\Prefetch\UPDATE.EXE-1F752228.pf ----a-w 79,586 2008-03-15 16:05:44 C:\WINDOWS\Prefetch\UPDATE.EXE-1FAB4AA1.pf ----a-w 74,754 2008-03-15 16:06:07 C:\WINDOWS\Prefetch\UPDATE.EXE-204C0BCE.pf ----a-w 72,840 2008-03-15 16:08:22 C:\WINDOWS\Prefetch\UPDATE.EXE-205B1010.pf ----a-w 79,348 2008-03-15 16:04:37 C:\WINDOWS\Prefetch\UPDATE.EXE-215FF784.pf ----a-w 78,212 2008-03-15 16:08:04 C:\WINDOWS\Prefetch\UPDATE.EXE-241DED6E.pf ----a-w 71,778 2008-03-15 16:10:09 C:\WINDOWS\Prefetch\UPDATE.EXE-24ED8335.pf ----a-w 72,452 2008-03-15 16:07:36 C:\WINDOWS\Prefetch\UPDATE.EXE-25EC8EEA.pf ----a-w 69,134 2008-03-15 16:08:50 C:\WINDOWS\Prefetch\UPDATE.EXE-277577E1.pf ----a-w 70,642 2008-03-15 16:07:55 C:\WINDOWS\Prefetch\UPDATE.EXE-28436173.pf ----a-w 79,756 2008-03-15 16:05:03 C:\WINDOWS\Prefetch\UPDATE.EXE-29F8B3CE.pf ----a-w 71,648 2008-03-15 16:04:41 C:\WINDOWS\Prefetch\UPDATE.EXE-2B80F0B1.pf ----a-w 71,696 2008-03-15 16:05:31 C:\WINDOWS\Prefetch\UPDATE.EXE-2B9C3E00.pf ----a-w 77,472 2008-03-15 16:05:18 C:\WINDOWS\Prefetch\UPDATE.EXE-2C9EA55E.pf ----a-w 72,968 2008-03-15 16:09:32 C:\WINDOWS\Prefetch\UPDATE.EXE-2CF41D54.pf ----a-w 71,996 2008-03-15 16:09:23 C:\WINDOWS\Prefetch\UPDATE.EXE-2DA25C44.pf ----a-w 72,480 2008-03-15 16:08:37 C:\WINDOWS\Prefetch\UPDATE.EXE-2DCF5294.pf ----a-w 74,028 2008-03-15 16:04:20 C:\WINDOWS\Prefetch\UPDATE.EXE-31C14BB7.pf ----a-w 74,634 2008-03-15 16:05:27 C:\WINDOWS\Prefetch\UPDATE.EXE-331742D6.pf ----a-w 73,460 2008-03-15 16:10:30 C:\WINDOWS\Prefetch\UPDATE.EXE-33CF6300.pf ----a-w 73,412 2008-03-15 16:07:02 C:\WINDOWS\Prefetch\UPDATE.EXE-353B5709.pf ----a-w 73,156 2008-03-15 16:10:18 C:\WINDOWS\Prefetch\UPDATE.EXE-36AEDA71.pf ----a-w 75,784 2008-03-15 16:08:47 C:\WINDOWS\Prefetch\UPDATE.EXE-380A2EB7.pf ----a-w 72,930 2008-03-15 16:06:46 C:\WINDOWS\Prefetch\UPDATE.EXE-389AF440.pf ----a-w 66,590 2008-03-15 16:04:05 C:\WINDOWS\Prefetch\UPDATE.EXE-38EF45AF.pf ----a-w 70,204 2008-03-15 16:07:58 C:\WINDOWS\Prefetch\UPDATE.EXE-39094ED0.pf ----a-w 80,390 2008-03-15 16:08:07 C:\WINDOWS\Prefetch\UPDATE.EXE-39D388A2.pf ----a-w 76,844 2008-03-15 16:06:25 C:\WINDOWS\Prefetch\UPDATE.EXE-3A971CF8.pf ----a-w 71,786 2008-03-15 16:04:28 C:\WINDOWS\Prefetch\UPDATE.EXE-3B73FD03.pf ----a-w 54,844 2008-03-15 17:36:18 C:\WINDOWS\Prefetch\USNSVC.EXE-05B86444.pf ----a-w 18,852 2008-03-15 17:01:40 C:\WINDOWS\Prefetch\VUNDOFIX.EXE-39BFF013.pf ----a-w 9,636 2008-03-15 17:25:53 C:\WINDOWS\Prefetch\VUNDOFIXSVC.EXE-29341334.pf ----a-w 41,044 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf ----a-w 53,696 2008-03-15 21:13:19 C:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf ----a-w 21,786 2008-03-15 17:56:25 C:\WINDOWS\Prefetch\WINWORD.EXE-06A29943.pf ----a-w 39,114 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf ----a-w 82,972 2008-03-15 21:12:58 C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF804.pf ----a-w 65,082 2008-03-16 13:04:10 C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf ----a-w 1,048,576 2008-03-16 13:03:20 C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{75D13B91-AD78-4454-B1DA-0A67E252B8D8}.crmlog ----a-w 6,856 2008-03-11 19:15:19 C:\WINDOWS\REPAIR\asr.sif ----a-w 38,677 2008-03-11 19:12:45 C:\WINDOWS\REPAIR\asrpnp.sif ----a-w 729,088 2008-03-11 19:12:51 C:\WINDOWS\REPAIR\ntdll.ASR ----a-w 50,688 2008-03-11 19:12:51 C:\WINDOWS\REPAIR\smss.ASR ----a-w 555,560 2008-03-16 13:06:41 C:\WINDOWS\SoftwareDistribution\ReportingEvents.log ----a-w 25,174,016 2008-03-16 13:03:52 C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb ----a-w 8,192 2008-03-16 13:07:51 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk ----a-w 131,072 2008-03-16 13:03:51 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log ----a-w 131,072 2008-03-15 18:24:23 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb03E24.log ----a-w 65,536 2008-03-16 13:03:52 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb ----a-w 4,238,901 2008-03-06 21:59:31 C:\WINDOWS\SoftwareDistribution\Download\3a9f21d0e9f2239bce78827bf925e5c0\OUTLOOK.CAB ----a-w 13,865,277 2008-03-06 21:53:06 C:\WINDOWS\SoftwareDistribution\Download\daf6edb1b125f6c481e8b4146a13cc3b\EXCEL.CAB ----a-w 4,856,887 2008-03-06 21:57:58 C:\WINDOWS\SoftwareDistribution\Download\df0916d32eee488e972730b4ad3fb59f\SHARED.CAB ----a-w 10,006,305 2008-03-06 22:03:03 C:\WINDOWS\SoftwareDistribution\Download\f93bed1282f03492c78185749178ed6b\OWC10.CAB ----a-w 8 2008-03-15 18:20:10 C:\WINDOWS\SoftwareDistribution\EventCache\{361735B8-DD6A-4DBA-BE45-61961C67298C}.bin ----a-w 8 2008-03-10 20:16:30 C:\WINDOWS\SoftwareDistribution\EventCache\{42DD30E0-E67E-4C81-A5AD-3509853E75C1}.bin ----a-w 8 2008-03-05 06:01:22 C:\WINDOWS\SoftwareDistribution\EventCache\{6893E253-4B3A-4227-B1A0-F9488D6677CE}.bin ----a-w 646 2008-03-16 13:06:41 C:\WINDOWS\SoftwareDistribution\EventCache\{6A94CFA1-D4AB-4B85-B39B-8A6B122BD5DE}.bin ----a-w 8 2008-03-06 14:30:56 C:\WINDOWS\SoftwareDistribution\EventCache\{7C1E5032-912E-4683-B05D-8245FDB95BC1}.bin ----a-w 8 2008-03-03 06:01:04 C:\WINDOWS\SoftwareDistribution\EventCache\{7DE24FAB-676B-49DD-BA48-8C9D751D1DE0}.bin ----a-w 8 2008-03-13 21:45:08 C:\WINDOWS\SoftwareDistribution\EventCache\{8101A792-580D-4B1E-9EC4-DC8B4104990D}.bin ----a-w 8 2008-03-05 14:12:02 C:\WINDOWS\SoftwareDistribution\EventCache\{98172A8A-BDB3-4AA4-B272-58E7D890EDBC}.bin ----a-w 8 2008-03-04 17:55:54 C:\WINDOWS\SoftwareDistribution\EventCache\{A2B8D757-D76E-4982-B354-8CD366A0286B}.bin ----a-w 8 2008-03-09 13:17:45 C:\WINDOWS\SoftwareDistribution\EventCache\{A6FD4598-DCBB-434C-B7CB-CC7E52997F7F}.bin ----a-w 8 2008-03-03 06:01:04 C:\WINDOWS\SoftwareDistribution\EventCache\{EB6B88A9-351B-4691-8851-9C4B76824C9B}.bin ----a-w 8 2008-03-08 13:01:50 C:\WINDOWS\SoftwareDistribution\EventCache\{EBD88051-6B3E-4125-97B1-590852C8E57F}.bin ----a-w 8 2008-03-10 13:02:00 C:\WINDOWS\SoftwareDistribution\EventCache\{EE8EECC5-735F-4DF6-8B71-A819A54D7829}.bin ----a-w 8 2008-03-01 09:11:23 C:\WINDOWS\SoftwareDistribution\EventCache\{F2EFCE6D-28C6-4D83-99BF-A2756BADB710}.bin ----a-w 25,384 2008-03-16 13:04:58 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab ----a-w 17,836 2008-03-16 13:04:58 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\musetup.cab --sha-w 169,455 2008-03-15 19:31:56 C:\WINDOWS\system32\hjjlm.ini ----a-w 9,795 2008-03-08 15:08:35 C:\WINDOWS\system32\jupdate-1.5.0_12-b04.log ----a-w 6,242 2008-03-10 20:22:00 C:\WINDOWS\system32\jupdate-1.6.0_05-b13.log ------w 308,320 2008-03-15 19:31:25 C:\WINDOWS\system32\mljjh.dll ----a-w 6 2008-03-02 21:11:58 C:\WINDOWS\system32\reboot.txt ----a-w 744,674 2008-03-14 18:26:36 C:\WINDOWS\system32\RVAXO.bat ----a-w 24,576 2008-03-15 17:25:34 C:\WINDOWS\system32\VundoFixSVC.exe ------w 24,576 2008-03-15 19:31:25 C:\WINDOWS\system32\winfmy32.dll ----a-w 1,374 2008-03-16 13:03:46 C:\WINDOWS\system32\wpa.dbl ----a-w 92,060 2008-03-15 18:24:14 C:\WINDOWS\system32\CatRoot2\dberr.txt ----a-w 8,192 2008-03-15 19:32:33 C:\WINDOWS\system32\CatRoot2\edb.chk ----a-w 131,072 2008-03-15 19:32:34 C:\WINDOWS\system32\CatRoot2\edb.log ----a-w 131,072 2008-03-15 16:03:46 C:\WINDOWS\system32\CatRoot2\edb002FC.log ----a-w 131,072 2008-03-15 16:06:56 C:\WINDOWS\system32\CatRoot2\edb002FD.log ----a-w 131,072 2008-03-15 16:10:17 C:\WINDOWS\system32\CatRoot2\edb002FE.log ----a-w 524,288 2008-03-15 19:32:29 C:\WINDOWS\system32\config\AppEvent.Evt ---ha-w 45,056 2008-03-16 13:08:27 C:\WINDOWS\system32\config\DEFAULT.LOG ---ha-w 1,024 2008-03-16 13:03:28 C:\WINDOWS\system32\config\SAM.LOG ---ha-w 1,024 2008-03-16 13:04:37 C:\WINDOWS\system32\config\SECURITY.LOG ---ha-w 32,768 2008-03-16 13:08:30 C:\WINDOWS\system32\config\SOFTWARE.LOG ----a-w 524,288 2008-03-15 17:59:56 C:\WINDOWS\system32\config\SysEvent.Evt ---ha-w 1,024 2008-03-16 13:07:04 C:\WINDOWS\system32\config\SYSTEM.LOG ---ha-w 1,024 2008-03-07 22:16:54 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ----a-w 12,528 2008-03-01 09:23:06 C:\WINDOWS\system32\drivers\secdrv.sys ----a-w 2,097,152 2008-03-02 16:22:26 C:\WINDOWS\system32\FxsTmp\fxs6DC0.tmp ----a-w 24,576 2008-03-11 22:52:59 C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log ----a-w 204,800 2008-03-11 19:22:19 C:\WINDOWS\system32\NtmsData\NTMSDATA.BAK ----a-w 74,830,200 2008-03-15 13:27:55 C:\WINDOWS\system32\Restore\rstrlog.dat ----a-w 82,028 2008-03-02 13:19:31 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPOJ950.BUD ----a-w 42,504 2008-03-02 13:33:07 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPWM5220.BUD ----a-w 34,184 2008-03-16 13:03:45 C:\WINDOWS\system32\wbem\Logs\FrameWork.log ----a-w 65,559 2008-03-13 18:27:33 C:\WINDOWS\system32\wbem\Logs\FrameWork.lo_ ----a-w 18,816 2008-03-16 13:07:58 C:\WINDOWS\system32\wbem\Logs\wbemess.log ----a-w 65,561 2008-03-15 19:34:50 C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ ----a-w 3,556 2008-03-16 13:07:03 C:\WINDOWS\system32\wbem\Logs\wmiprov.log ----a-w 65,563 2008-03-12 10:20:20 C:\WINDOWS\system32\wbem\Logs\wmiprov.lo_ ----a-w 20 2008-03-16 13:03:04 C:\WINDOWS\system32\wbem\Repository\$WinMgmt.CFG ----a-w 2,441,216 2008-03-16 13:07:02 C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR ----a-w 1,240 2008-03-16 13:07:02 C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP ----a-w 4 2008-03-16 13:07:02 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER ----a-w 6,376 2008-03-16 13:06:54 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP ----a-w 6,376 2008-03-16 13:07:02 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP ----a-w 10,403,840 2008-03-16 13:07:02 C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA ----a-w 5,136 2008-03-16 13:07:02 C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP ----a-w 528 2008-03-14 19:03:49 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Erwin.job ---ha-w 6 2008-03-16 13:02:38 C:\WINDOWS\Tasks\SA.DAT ----a-w 3,048,845 2008-03-10 21:41:37 C:\WINDOWS\Temp\HP00D000.IDX ----a-w 596 2008-03-02 21:26:04 C:\WINDOWS\Temp\hpzcoi23.log ----a-w 596 2008-03-02 21:26:10 C:\WINDOWS\Temp\hpzcoi24.log ----a-w 925 2008-03-02 21:26:12 C:\WINDOWS\Temp\hpzcoi25.log ----a-w 678 2008-03-02 21:26:12 C:\WINDOWS\Temp\hpzcoi26.log ----a-w 255 2008-03-16 13:03:37 C:\WINDOWS\Temp\WGAErrLog.txt ----a-w 409 2008-03-16 13:03:50 C:\WINDOWS\Temp\WGANotify.settings ----a-w 0 2008-03-01 08:02:20 C:\WINDOWS\Temp\win483C.tmp ----a-w 0 2008-03-01 08:02:21 C:\WINDOWS\Temp\win489C.tmp ----a-w 0 2008-03-01 08:02:21 C:\WINDOWS\Temp\win48A9.tmp ----a-w 0 2008-03-01 08:02:21 C:\WINDOWS\Temp\win48AB.tmp ----a-w 0 2008-03-01 09:09:49 C:\WINDOWS\Temp\win48AD.tmp ----a-w 0 2008-03-01 09:09:50 C:\WINDOWS\Temp\win48B6.tmp ----a-w 0 2008-03-01 09:09:50 C:\WINDOWS\Temp\win48B7.tmp ----a-w 0 2008-03-01 09:09:50 C:\WINDOWS\Temp\win48B8.tmp ----a-w 0 2008-03-02 11:50:18 C:\WINDOWS\Temp\win48B9.tmp ----a-w 0 2008-03-02 11:50:18 C:\WINDOWS\Temp\win48BB.tmp ----a-w 0 2008-03-02 11:50:18 C:\WINDOWS\Temp\win48BC.tmp ----a-w 0 2008-03-02 11:50:18 C:\WINDOWS\Temp\win48BD.tmp ----a-w 0 2008-03-02 20:59:18 C:\WINDOWS\Temp\win48BE.tmp ----a-w 0 2008-03-02 20:59:18 C:\WINDOWS\Temp\win48BF.tmp ----a-w 0 2008-03-01 09:11:50 C:\WINDOWS\Temp\win48C9.tmp ----a-w 0 2008-03-01 09:11:50 C:\WINDOWS\Temp\win48CA.tmp ----a-w 0 2008-03-01 08:04:21 C:\WINDOWS\Temp\win48CB.tmp ----a-w 0 2008-03-01 08:04:21 C:\WINDOWS\Temp\win48DF.tmp ----a-w 0 2008-03-01 08:04:21 C:\WINDOWS\Temp\win48E0.tmp ----a-w 0 2008-03-01 08:04:21 C:\WINDOWS\Temp\win48E1.tmp ----a-w 0 2008-03-01 09:11:50 C:\WINDOWS\Temp\win48E2.tmp ----a-w 0 2008-03-01 09:11:50 C:\WINDOWS\Temp\win48E3.tmp ----a-w 0 2008-03-02 20:59:18 C:\WINDOWS\Temp\win48E4.tmp ----a-w 0 2008-03-02 20:59:18 C:\WINDOWS\Temp\win48E9.tmp ----a-w 0 2008-03-03 05:58:35 C:\WINDOWS\Temp\win48EB.tmp ----a-w 0 2008-03-03 05:58:35 C:\WINDOWS\Temp\win48EC.tmp ----a-w 0 2008-03-03 05:58:35 C:\WINDOWS\Temp\win48ED.tmp ----a-w 0 2008-03-03 05:58:35 C:\WINDOWS\Temp\win48EE.tmp ----a-w 0 2008-03-03 19:40:33 C:\WINDOWS\Temp\win48EF.tmp ----a-w 0 2008-03-03 19:40:34 C:\WINDOWS\Temp\win48F0.tmp ----a-w 0 2008-03-03 19:40:34 C:\WINDOWS\Temp\win48F6.tmp ----a-w 0 2008-03-03 19:40:34 C:\WINDOWS\Temp\win48F7.tmp ----a-w 0 2008-03-01 09:13:50 C:\WINDOWS\Temp\win4918.tmp ----a-w 0 2008-03-01 09:13:50 C:\WINDOWS\Temp\win491D.tmp ----a-w 0 2008-03-01 09:13:50 C:\WINDOWS\Temp\win491E.tmp ----a-w 0 2008-03-01 09:13:50 C:\WINDOWS\Temp\win4930.tmp ----a-w 0 2008-03-02 21:01:18 C:\WINDOWS\Temp\win4932.tmp ----a-w 0 2008-03-02 21:01:19 C:\WINDOWS\Temp\win4933.tmp ----a-w 0 2008-03-02 21:01:19 C:\WINDOWS\Temp\win4934.tmp ----a-w 0 2008-03-02 21:01:19 C:\WINDOWS\Temp\win4935.tmp ----a-w 0 2008-03-03 19:42:34 C:\WINDOWS\Temp\win4936.tmp ----a-w 0 2008-03-03 19:42:34 C:\WINDOWS\Temp\win4937.tmp ----a-w 0 2008-03-03 19:42:34 C:\WINDOWS\Temp\win4938.tmp ----a-w 0 2008-03-03 19:42:34 C:\WINDOWS\Temp\win4939.tmp ----a-w 0 2008-03-04 14:26:44 C:\WINDOWS\Temp\win493A.tmp ----a-w 0 2008-03-04 14:26:44 C:\WINDOWS\Temp\win493B.tmp ----a-w 0 2008-03-04 14:26:44 C:\WINDOWS\Temp\win493C.tmp ----a-w 0 2008-03-04 14:26:44 C:\WINDOWS\Temp\win493D.tmp ----a-w 0 2008-03-04 17:51:17 C:\WINDOWS\Temp\win493E.tmp ----a-w 0 2008-03-04 14:28:44 C:\WINDOWS\Temp\win4960.tmp ----a-w 0 2008-03-04 14:28:44 C:\WINDOWS\Temp\win4961.tmp ----a-w 0 2008-03-01 09:15:51 C:\WINDOWS\Temp\win4962.tmp ----a-w 0 2008-03-01 09:15:51 C:\WINDOWS\Temp\win4963.tmp ----a-w 0 2008-03-01 09:15:51 C:\WINDOWS\Temp\win4964.tmp ----a-w 0 2008-03-01 09:15:51 C:\WINDOWS\Temp\win4965.tmp ----a-w 0 2008-03-04 14:28:45 C:\WINDOWS\Temp\win4966.tmp ----a-w 0 2008-03-04 14:28:45 C:\WINDOWS\Temp\win4967.tmp ----a-w 0 2008-03-04 17:51:18 C:\WINDOWS\Temp\win4968.tmp ----a-w 0 2008-03-01 09:17:53 C:\WINDOWS\Temp\win4969.tmp ----a-w 0 2008-03-01 09:17:53 C:\WINDOWS\Temp\win496A.tmp ----a-w 0 2008-03-01 09:17:54 C:\WINDOWS\Temp\win496B.tmp ----a-w 0 2008-03-01 09:17:55 C:\WINDOWS\Temp\win496C.tmp ----a-w 0 2008-03-04 17:51:18 C:\WINDOWS\Temp\win496D.tmp ----a-w 0 2008-03-04 17:51:18 C:\WINDOWS\Temp\win496E.tmp ----a-w 0 2008-03-01 09:19:56 C:\WINDOWS\Temp\win496F.tmp ----a-w 0 2008-03-01 09:19:56 C:\WINDOWS\Temp\win4970.tmp ----a-w 0 2008-03-01 09:19:56 C:\WINDOWS\Temp\win4971.tmp ----a-w 0 2008-03-01 09:19:56 C:\WINDOWS\Temp\win4972.tmp ----a-w 0 2008-03-01 09:21:58 C:\WINDOWS\Temp\win49B8.tmp ----a-w 0 2008-03-01 09:21:58 C:\WINDOWS\Temp\win49B9.tmp ----a-w 0 2008-03-01 09:21:58 C:\WINDOWS\Temp\win49DB.tmp ----a-w 0 2008-03-01 09:21:58 C:\WINDOWS\Temp\win49DC.tmp ----a-w 0 2008-03-02 21:03:20 C:\WINDOWS\Temp\win49DD.tmp ----a-w 0 2008-03-02 21:03:20 C:\WINDOWS\Temp\win49DE.tmp ----a-w 0 2008-03-02 21:03:20 C:\WINDOWS\Temp\win49DF.tmp ----a-w 0 2008-03-02 21:03:21 C:\WINDOWS\Temp\win49E0.tmp ----a-w 0 2008-03-02 21:05:21 C:\WINDOWS\Temp\win49FE.tmp ----a-w 0 2008-03-02 21:05:22 C:\WINDOWS\Temp\win4A06.tmp ----a-w 0 2008-03-01 09:23:59 C:\WINDOWS\Temp\win4A07.tmp ----a-w 0 2008-03-01 09:23:59 C:\WINDOWS\Temp\win4A08.tmp ----a-w 0 2008-03-01 09:24:00 C:\WINDOWS\Temp\win4A35.tmp ----a-w 0 2008-03-01 09:24:00 C:\WINDOWS\Temp\win4A3A.tmp ----a-w 0 2008-03-02 21:05:23 C:\WINDOWS\Temp\win4A47.tmp ----a-w 0 2008-03-02 21:05:23 C:\WINDOWS\Temp\win4A48.tmp ----a-w 0 2008-03-03 06:00:36 C:\WINDOWS\Temp\win4A59.tmp ----a-w 0 2008-03-02 21:07:24 C:\WINDOWS\Temp\win4A5A.tmp ----a-w 0 2008-03-02 21:07:24 C:\WINDOWS\Temp\win4A5B.tmp ----a-w 0 2008-03-02 21:07:24 C:\WINDOWS\Temp\win4A5C.tmp ----a-w 0 2008-03-01 09:26:00 C:\WINDOWS\Temp\win4A87.tmp ----a-w 0 2008-03-01 09:26:00 C:\WINDOWS\Temp\win4A8F.tmp ----a-w 0 2008-03-01 09:26:00 C:\WINDOWS\Temp\win4A90.tmp ----a-w 0 2008-03-01 09:26:00 C:\WINDOWS\Temp\win4A91.tmp ----a-w 0 2008-03-02 11:52:19 C:\WINDOWS\Temp\win4A97.tmp ----a-w 0 2008-03-02 11:52:19 C:\WINDOWS\Temp\win4A98.tmp ----a-w 0 2008-03-02 11:52:19 C:\WINDOWS\Temp\win4A99.tmp ----a-w 0 2008-03-02 11:52:19 C:\WINDOWS\Temp\win4A9A.tmp ----a-w 0 2008-03-02 21:07:26 C:\WINDOWS\Temp\win4A9B.tmp ----a-w 0 2008-03-03 06:00:36 C:\WINDOWS\Temp\win4A9C.tmp ----a-w 0 2008-03-03 06:00:36 C:\WINDOWS\Temp\win4A9D.tmp ----a-w 0 2008-03-01 09:28:01 C:\WINDOWS\Temp\win4B36.tmp ----a-w 0 2008-03-01 09:28:01 C:\WINDOWS\Temp\win4B37.tmp ----a-w 0 2008-03-01 09:28:01 C:\WINDOWS\Temp\win4B38.tmp ----a-w 0 2008-03-01 09:28:01 C:\WINDOWS\Temp\win4B39.tmp ----a-w 0 2008-03-02 11:54:19 C:\WINDOWS\Temp\win4B3A.tmp ----a-w 0 2008-03-02 11:54:19 C:\WINDOWS\Temp\win4B3B.tmp ----a-w 0 2008-03-02 11:54:19 C:\WINDOWS\Temp\win4B3D.tmp ----a-w 0 2008-03-02 11:54:19 C:\WINDOWS\Temp\win4B3E.tmp ----a-w 0 2008-03-02 21:09:29 C:\WINDOWS\Temp\win4B3F.tmp ----a-w 0 2008-03-02 21:09:29 C:\WINDOWS\Temp\win4B40.tmp ----a-w 0 2008-03-02 21:09:29 C:\WINDOWS\Temp\win4B41.tmp ----a-w 0 2008-03-02 21:09:29 C:\WINDOWS\Temp\win4B46.tmp ----a-w 0 2008-03-03 06:00:36 C:\WINDOWS\Temp\win4B47.tmp ----a-w 0 2008-03-03 19:44:38 C:\WINDOWS\Temp\win4B4C.tmp ----a-w 0 2008-03-03 19:44:38 C:\WINDOWS\Temp\win4B4D.tmp ----a-w 0 2008-03-03 19:44:38 C:\WINDOWS\Temp\win4B4E.tmp ----a-w 0 2008-03-01 09:30:01 C:\WINDOWS\Temp\win4B72.tmp ----a-w 0 2008-03-01 09:30:01 C:\WINDOWS\Temp\win4B73.tmp ----a-w 0 2008-03-01 09:30:01 C:\WINDOWS\Temp\win4B7F.tmp ----a-w 0 2008-03-01 09:30:01 C:\WINDOWS\Temp\win4B80.tmp ----a-w 0 2008-03-02 11:56:20 C:\WINDOWS\Temp\win4B81.tmp ----a-w 0 2008-03-02 11:56:20 C:\WINDOWS\Temp\win4B82.tmp ----a-w 0 2008-03-02 11:56:20 C:\WINDOWS\Temp\win4B83.tmp ----a-w 0 2008-03-02 11:56:20 C:\WINDOWS\Temp\win4B88.tmp ----a-w 0 2008-03-02 21:11:35 C:\WINDOWS\Temp\win4B89.tmp ----a-w 0 2008-03-02 21:11:36 C:\WINDOWS\Temp\win4B9B.tmp ----a-w 0 2008-03-02 21:11:37 C:\WINDOWS\Temp\win4B9C.tmp ----a-w 0 2008-03-02 21:11:37 C:\WINDOWS\Temp\win4B9D.tmp ----a-w 0 2008-03-02 11:58:20 C:\WINDOWS\Temp\win4B9E.tmp ----a-w 0 2008-03-02 11:58:20 C:\WINDOWS\Temp\win4B9F.tmp ----a-w 0 2008-03-02 11:58:20 C:\WINDOWS\Temp\win4BA0.tmp ----a-w 0 2008-03-02 11:58:20 C:\WINDOWS\Temp\win4BA1.tmp ----a-w 0 2008-03-01 09:32:02 C:\WINDOWS\Temp\win4BD3.tmp ----a-w 0 2008-03-02 12:00:20 C:\WINDOWS\Temp\win4BD4.tmp ----a-w 0 2008-03-02 12:00:20 C:\WINDOWS\Temp\win4BDB.tmp ----a-w 0 2008-03-02 12:00:20 C:\WINDOWS\Temp\win4BF5.tmp ----a-w 0 2008-03-02 12:00:20 C:\WINDOWS\Temp\win4BF6.tmp ----a-w 0 2008-03-02 12:02:23 C:\WINDOWS\Temp\win4CEE.tmp ----a-w 0 2008-03-02 12:02:23 C:\WINDOWS\Temp\win4D71.tmp ----a-w 0 2008-03-02 12:02:23 C:\WINDOWS\Temp\win4D72.tmp ----a-w 0 2008-03-02 12:02:23 C:\WINDOWS\Temp\win4D73.tmp ----a-w 0 2008-03-02 21:13:40 C:\WINDOWS\Temp\win4D74.tmp ----a-w 0 2008-03-02 21:13:40 C:\WINDOWS\Temp\win4D7D.tmp ----a-w 0 2008-03-02 21:13:40 C:\WINDOWS\Temp\win4D7E.tmp ----a-w 0 2008-03-02 21:13:40 C:\WINDOWS\Temp\win4D7F.tmp ----a-w 0 2008-03-03 06:02:47 C:\WINDOWS\Temp\win4D89.tmp ----a-w 0 2008-03-03 06:02:47 C:\WINDOWS\Temp\win4D8A.tmp ----a-w 0 2008-03-03 06:02:47 C:\WINDOWS\Temp\win4D8B.tmp ----a-w 0 2008-03-03 06:02:47 C:\WINDOWS\Temp\win4D8C.tmp ----a-w 0 2008-03-03 19:44:47 C:\WINDOWS\Temp\win4D9A.tmp ----a-w 0 2008-03-03 19:46:48 C:\WINDOWS\Temp\win4DA7.tmp ----a-w 0 2008-03-03 19:46:49 C:\WINDOWS\Temp\win4DA8.tmp ----a-w 0 2008-03-02 12:04:24 C:\WINDOWS\Temp\win4DB1.tmp ----a-w 0 2008-03-02 21:15:41 C:\WINDOWS\Temp\win4DB2.tmp ----a-w 0 2008-03-02 21:15:41 C:\WINDOWS\Temp\win4DB3.tmp ----a-w 0 2008-03-02 21:15:41 C:\WINDOWS\Temp\win4DB4.tmp ----a-w 0 2008-03-02 21:15:41 C:\WINDOWS\Temp\win4DC0.tmp ----a-w 0 2008-03-03 06:04:47 C:\WINDOWS\Temp\win4DC1.tmp ----a-w 0 2008-03-03 06:04:47 C:\WINDOWS\Temp\win4DC2.tmp ----a-w 0 2008-03-03 06:04:48 C:\WINDOWS\Temp\win4DD7.tmp ----a-w 0 2008-03-03 06:04:48 C:\WINDOWS\Temp\win4DD8.tmp ----a-w 0 2008-03-03 19:46:49 C:\WINDOWS\Temp\win4DD9.tmp ----a-w 0 2008-03-03 19:46:49 C:\WINDOWS\Temp\win4DDA.tmp ----a-w 0 2008-03-04 14:30:46 C:\WINDOWS\Temp\win4DDB.tmp ----a-w 0 2008-03-04 14:30:46 C:\WINDOWS\Temp\win4DDC.tmp ----a-w 0 2008-03-03 06:06:48 C:\WINDOWS\Temp\win4DE8.tmp ----a-w 0 2008-03-03 06:06:48 C:\WINDOWS\Temp\win4DED.tmp ----a-w 0 2008-03-03 06:06:48 C:\WINDOWS\Temp\win4DEF.tmp ----a-w 0 2008-03-03 06:06:48 C:\WINDOWS\Temp\win4DF4.tmp ----a-w 0 2008-03-03 19:48:50 C:\WINDOWS\Temp\win4DF5.tmp ----a-w 0 2008-03-03 19:48:50 C:\WINDOWS\Temp\win4DF6.tmp ----a-w 0 2008-03-03 19:48:50 C:\WINDOWS\Temp\win4DF7.tmp ----a-w 0 2008-03-02 21:17:41 C:\WINDOWS\Temp\win4E14.tmp ----a-w 0 2008-03-03 19:48:50 C:\WINDOWS\Temp\win4E16.tmp ----a-w 0 2008-03-03 06:08:49 C:\WINDOWS\Temp\win4E29.tmp ----a-w 0 2008-03-04 14:30:46 C:\WINDOWS\Temp\win4E2A.tmp ----a-w 0 2008-03-04 14:30:46 C:\WINDOWS\Temp\win4E2F.tmp ----a-w 0 2008-03-04 18:31:12 C:\WINDOWS\Temp\win4E30.tmp ----a-w 0 2008-03-04 18:31:12 C:\WINDOWS\Temp\win4E31.tmp ----a-w 0 2008-03-04 18:31:12 C:\WINDOWS\Temp\win4E32.tmp ----a-w 0 2008-03-04 18:31:12 C:\WINDOWS\Temp\win4E33.tmp ----a-w 0 2008-03-02 21:19:36 C:\WINDOWS\Temp\win4E34.tmp ----a-w 0 2008-03-02 21:19:36 C:\WINDOWS\Temp\win4E35.tmp ----a-w 0 2008-03-02 21:19:37 C:\WINDOWS\Temp\win4E69.tmp ----a-w 0 2008-03-03 06:11:27 C:\WINDOWS\Temp\win4E7C.tmp ----a-w 0 2008-03-03 06:11:27 C:\WINDOWS\Temp\win4E7D.tmp ----a-w 0 2008-03-03 06:11:27 C:\WINDOWS\Temp\win4E7E.tmp ----a-w 0 2008-03-03 19:50:51 C:\WINDOWS\Temp\win4E7F.tmp ----a-w 0 2008-03-03 19:50:51 C:\WINDOWS\Temp\win4E80.tmp ----a-w 0 2008-03-03 19:50:51 C:\WINDOWS\Temp\win4E81.tmp ----a-w 0 2008-03-03 19:50:51 C:\WINDOWS\Temp\win4E87.tmp ----a-w 0 2008-03-04 14:32:46 C:\WINDOWS\Temp\win4E90.tmp ----a-w 0 2008-03-04 14:32:46 C:\WINDOWS\Temp\win4E91.tmp ----a-w 0 2008-03-04 14:32:46 C:\WINDOWS\Temp\win4E92.tmp ----a-w 0 2008-03-02 21:21:37 C:\WINDOWS\Temp\win4EB3.tmp ----a-w 0 2008-03-02 21:21:37 C:\WINDOWS\Temp\win4EB4.tmp ----a-w 0 2008-03-02 21:21:37 C:\WINDOWS\Temp\win4EB8.tmp ----a-w 0 2008-03-02 21:21:37 C:\WINDOWS\Temp\win4EB9.tmp ----a-w 0 2008-03-03 06:13:27 C:\WINDOWS\Temp\win4EBA.tmp ----a-w 0 2008-03-03 19:52:51 C:\WINDOWS\Temp\win4EBB.tmp ----a-w 0 2008-03-03 19:52:51 C:\WINDOWS\Temp\win4EC5.tmp ----a-w 0 2008-03-03 19:52:51 C:\WINDOWS\Temp\win4EC6.tmp ----a-w 0 2008-03-03 19:52:52 C:\WINDOWS\Temp\win4ED9.tmp ----a-w 0 2008-03-04 14:32:46 C:\WINDOWS\Temp\win4EDA.tmp ----a-w 0 2008-03-04 17:53:19 C:\WINDOWS\Temp\win4EDB.tmp ----a-w 0 2008-03-02 12:17:31 C:\WINDOWS\Temp\win4EF0.tmp ----a-w 0 2008-03-02 12:17:31 C:\WINDOWS\Temp\win4F03.tmp ----a-w 0 2008-03-02 12:17:31 C:\WINDOWS\Temp\win4F04.tmp ----a-w 0 2008-03-02 21:23:37 C:\WINDOWS\Temp\win4F05.tmp ----a-w 0 2008-03-02 21:23:38 C:\WINDOWS\Temp\win4F06.tmp ----a-w 0 2008-03-02 21:23:38 C:\WINDOWS\Temp\win4F0F.tmp ----a-w 0 2008-03-02 21:23:38 C:\WINDOWS\Temp\win4F10.tmp ----a-w 0 2008-03-03 19:54:52 C:\WINDOWS\Temp\win4F11.tmp ----a-w 0 2008-03-03 19:54:52 C:\WINDOWS\Temp\win4F13.tmp ----a-w 0 2008-03-03 19:54:52 C:\WINDOWS\Temp\win4F14.tmp ----a-w 0 2008-03-03 19:54:52 C:\WINDOWS\Temp\win4F15.tmp ----a-w 0 2008-03-01 08:06:21 C:\WINDOWS\Temp\win4F16.tmp ----a-w 0 2008-03-01 08:06:21 C:\WINDOWS\Temp\win4F18.tmp ----a-w 0 2008-03-04 14:34:46 C:\WINDOWS\Temp\win4F19.tmp ----a-w 0 2008-03-04 14:34:46 C:\WINDOWS\Temp\win4F1A.tmp ----a-w 0 2008-03-04 14:34:46 C:\WINDOWS\Temp\win4F1C.tmp ----a-w 0 2008-03-04 14:34:46 C:\WINDOWS\Temp\win4F1D.tmp ----a-w 0 2008-03-01 08:06:22 C:\WINDOWS\Temp\win4F1E.tmp ----a-w 0 2008-03-01 08:06:22 C:\WINDOWS\Temp\win4F1F.tmp ----a-w 0 2008-03-02 12:19:31 C:\WINDOWS\Temp\win4F38.tmp ----a-w 0 2008-03-02 12:19:31 C:\WINDOWS\Temp\win4F3D.tmp ----a-w 0 2008-03-01 10:08:08 C:\WINDOWS\Temp\win4F42.tmp ----a-w 0 2008-03-01 10:08:08 C:\WINDOWS\Temp\win4F43.tmp ----a-w 0 2008-03-01 10:08:08 C:\WINDOWS\Temp\win4F44.tmp ----a-w 0 2008-03-02 12:19:31 C:\WINDOWS\Temp\win4F48.tmp ----a-w 0 2008-03-02 12:19:31 C:\WINDOWS\Temp\win4F49.tmp ----a-w 0 2008-03-02 21:25:38 C:\WINDOWS\Temp\win4F4A.tmp ----a-w 0 2008-03-02 21:25:38 C:\WINDOWS\Temp\win4F4B.tmp ----a-w 0 2008-03-02 21:25:38 C:\WINDOWS\Temp\win4F4C.tmp ----a-w 0 2008-03-02 21:25:38 C:\WINDOWS\Temp\win4F4D.tmp ----a-w 0 2008-03-03 19:56:53 C:\WINDOWS\Temp\win4F4E.tmp ----a-w 0 2008-03-04 14:36:46 C:\WINDOWS\Temp\win4F4F.tmp ----a-w 0 2008-03-04 14:36:46 C:\WINDOWS\Temp\win4F50.tmp ----a-w 0 2008-03-04 14:36:46 C:\WINDOWS\Temp\win4F51.tmp ----a-w 0 2008-03-04 14:36:46 C:\WINDOWS\Temp\win4F52.tmp ----a-w 0 2008-03-04 17:53:19 C:\WINDOWS\Temp\win4F53.tmp ----a-w 0 2008-03-04 17:53:21 C:\WINDOWS\Temp\win4F58.tmp ----a-w 0 2008-03-04 17:53:22 C:\WINDOWS\Temp\win4F59.tmp ----a-w 0 2008-03-04 18:46:51 C:\WINDOWS\Temp\win4F5A.tmp ----a-w 0 2008-03-01 10:10:08 C:\WINDOWS\Temp\win4F7B.tmp ----a-w 0 2008-03-02 12:21:31 C:\WINDOWS\Temp\win4F7C.tmp ----a-w 0 2008-03-02 12:21:31 C:\WINDOWS\Temp\win4F7D.tmp ----a-w 0 2008-03-02 12:21:31 C:\WINDOWS\Temp\win4F7E.tmp ----a-w 0 2008-03-02 12:21:31 C:\WINDOWS\Temp\win4F7F.tmp ----a-w 0 2008-03-02 21:27:38 C:\WINDOWS\Temp\win4F80.tmp ----a-w 0 2008-03-02 21:27:38 C:\WINDOWS\Temp\win4F81.tmp ----a-w 0 2008-03-02 21:27:38 C:\WINDOWS\Temp\win4F82.tmp ----a-w 0 2008-03-02 21:27:38 C:\WINDOWS\Temp\win4F83.tmp ----a-w 0 2008-03-03 06:18:03 C:\WINDOWS\Temp\win4F84.tmp ----a-w 0 2008-03-03 06:18:03 C:\WINDOWS\Temp\win4F85.tmp ----a-w 0 2008-03-03 06:18:03 C:\WINDOWS\Temp\win4F86.tmp ----a-w 0 2008-03-04 14:38:46 C:\WINDOWS\Temp\win4F87.tmp ----a-w 0 2008-03-04 14:38:46 C:\WINDOWS\Temp\win4F8C.tmp ----a-w 0 2008-03-04 14:38:46 C:\WINDOWS\Temp\win4F8D.tmp ----a-w 0 2008-03-04 14:38:46 C:\WINDOWS\Temp\win4F8E.tmp ----a-w 0 2008-03-04 17:55:22 C:\WINDOWS\Temp\win4F8F.tmp ----a-w 0 2008-03-04 17:55:22 C:\WINDOWS\Temp\win4F90.tmp ----a-w 0 2008-03-04 17:55:22 C:\WINDOWS\Temp\win4F92.tmp ----a-w 0 2008-03-04 17:55:22 C:\WINDOWS\Temp\win4F93.tmp ----a-w 0 2008-03-04 18:46:52 C:\WINDOWS\Temp\win4F94.tmp ----a-w 0 2008-03-04 18:46:52 C:\WINDOWS\Temp\win4FAD.tmp ----a-w 0 2008-03-04 18:46:52 C:\WINDOWS\Temp\win4FAE.tmp ----a-w 0 2008-03-04 20:56:49 C:\WINDOWS\Temp\win4FAF.tmp ----a-w 0 2008-03-02 12:23:31 C:\WINDOWS\Temp\win4FB1.tmp ----a-w 0 2008-03-02 12:23:31 C:\WINDOWS\Temp\win4FB2.tmp ----a-w 0 2008-03-02 12:23:31 C:\WINDOWS\Temp\win4FB3.tmp ----a-w 0 2008-03-02 12:23:31 C:\WINDOWS\Temp\win4FB4.tmp ----a-w 0 2008-03-04 20:56:49 C:\WINDOWS\Temp\win4FB5.tmp ----a-w 0 2008-03-04 19:23:44 C:\WINDOWS\Temp\win4FB6.tmp ----a-w 0 2008-03-04 20:56:49 C:\WINDOWS\Temp\win4FB7.tmp ----a-w 0 2008-03-04 20:56:49 C:\WINDOWS\Temp\win4FB9.tmp ----a-w 0 2008-03-04 21:18:50 C:\WINDOWS\Temp\win4FBA.tmp ----a-w 0 2008-03-04 21:18:50 C:\WINDOWS\Temp\win4FBB.tmp ----a-w 0 2008-03-02 21:29:38 C:\WINDOWS\Temp\win4FBC.tmp ----a-w 0 2008-03-02 21:29:38 C:\WINDOWS\Temp\win4FBD.tmp ----a-w 0 2008-03-02 21:29:38 C:\WINDOWS\Temp\win4FC4.tmp ----a-w 0 2008-03-02 21:29:38 C:\WINDOWS\Temp\win4FC5.tmp ----a-w 0 2008-03-04 14:40:46 C:\WINDOWS\Temp\win4FC6.tmp ----a-w 0 2008-03-04 14:40:46 C:\WINDOWS\Temp\win4FC7.tmp ----a-w 0 2008-03-04 14:40:46 C:\WINDOWS\Temp\win4FC8.tmp ----a-w 0 2008-03-02 12:25:31 C:\WINDOWS\Temp\win4FE5.tmp ----a-w 0 2008-03-02 12:25:31 C:\WINDOWS\Temp\win4FE6.tmp ----a-w 0 2008-03-02 12:25:31 C:\WINDOWS\Temp\win4FE7.tmp ----a-w 0 2008-03-02 12:25:31 C:\WINDOWS\Temp\win4FE9.tmp ----a-w 0 2008-03-04 14:40:46 C:\WINDOWS\Temp\win4FEA.tmp ----a-w 0 2008-03-04 17:57:22 C:\WINDOWS\Temp\win4FEB.tmp ----a-w 0 2008-03-04 17:57:22 C:\WINDOWS\Temp\win4FEC.tmp ----a-w 0 2008-03-04 17:57:22 C:\WINDOWS\Temp\win4FEE.tmp ----a-w 0 2008-03-04 17:57:22 C:\WINDOWS\Temp\win4FEF.tmp ----a-w 0 2008-03-04 19:23:45 C:\WINDOWS\Temp\win4FF0.tmp ----a-w 0 2008-03-04 21:18:51 C:\WINDOWS\Temp\win4FF1.tmp ----a-w 0 2008-03-04 21:18:51 C:\WINDOWS\Temp\win4FF3.tmp ----a-w 0 2008-03-04 21:32:39 C:\WINDOWS\Temp\win4FF8.tmp ----a-w 0 2008-03-04 21:32:39 C:\WINDOWS\Temp\win4FF9.tmp ----a-w 0 2008-03-04 21:32:39 C:\WINDOWS\Temp\win4FFA.tmp ----a-w 0 2008-03-04 21:32:39 C:\WINDOWS\Temp\win4FFB.tmp ----a-w 0 2008-03-05 05:58:33 C:\WINDOWS\Temp\win4FFC.tmp ----a-w 0 2008-03-05 05:58:33 C:\WINDOWS\Temp\win5002.tmp ----a-w 0 2008-03-01 10:17:15 C:\WINDOWS\Temp\win501C.tmp ----a-w 0 2008-03-01 10:17:15 C:\WINDOWS\Temp\win501D.tmp ----a-w 0 2008-03-01 10:17:15 C:\WINDOWS\Temp\win501E.tmp ----a-w 0 2008-03-02 12:27:31 C:\WINDOWS\Temp\win501F.tmp ----a-w 0 2008-03-02 12:27:31 C:\WINDOWS\Temp\win5020.tmp ----a-w 0 2008-03-02 12:27:31 C:\WINDOWS\Temp\win5021.tmp ----a-w 0 2008-03-02 12:27:31 C:\WINDOWS\Temp\win5022.tmp ----a-w 0 2008-03-02 21:31:38 C:\WINDOWS\Temp\win5023.tmp ----a-w 0 2008-03-04 14:42:46 C:\WINDOWS\Temp\win5024.tmp ----a-w 0 2008-03-04 14:42:46 C:\WINDOWS\Temp\win5025.tmp ----a-w 0 2008-03-04 14:42:46 C:\WINDOWS\Temp\win5026.tmp ----a-w 0 2008-03-04 14:42:46 C:\WINDOWS\Temp\win5027.tmp ----a-w 0 2008-03-04 17:59:22 C:\WINDOWS\Temp\win502C.tmp ----a-w 0 2008-03-04 17:59:22 C:\WINDOWS\Temp\win502D.tmp ----a-w 0 2008-03-04 17:59:22 C:\WINDOWS\Temp\win502E.tmp ----a-w 0 2008-03-04 17:59:22 C:\WINDOWS\Temp\win502F.tmp ----a-w 0 2008-03-04 18:33:12 C:\WINDOWS\Temp\win5030.tmp ----a-w 0 2008-03-05 05:58:33 C:\WINDOWS\Temp\win5035.tmp ----a-w 0 2008-03-05 05:58:34 C:\WINDOWS\Temp\win5036.tmp ----a-w 0 2008-03-04 19:23:45 C:\WINDOWS\Temp\win5038.tmp ----a-w 0 2008-03-05 07:09:47 C:\WINDOWS\Temp\win5041.tmp ----a-w 0 2008-03-01 10:19:15 C:\WINDOWS\Temp\win5053.tmp ----a-w 0 2008-03-01 10:19:15 C:\WINDOWS\Temp\win5054.tmp ----a-w 0 2008-03-01 10:19:15 C:\WINDOWS\Temp\win5055.tmp ----a-w 0 2008-03-01 10:19:15 C:\WINDOWS\Temp\win5056.tmp ----a-w 0 2008-03-02 12:29:31 C:\WINDOWS\Temp\win5057.tmp ----a-w 0 2008-03-02 12:29:31 C:\WINDOWS\Temp\win5058.tmp ----a-w 0 2008-03-02 12:29:31 C:\WINDOWS\Temp\win5059.tmp ----a-w 0 2008-03-02 12:29:31 C:\WINDOWS\Temp\win505A.tmp ----a-w 0 2008-03-05 07:09:47 C:\WINDOWS\Temp\win505B.tmp ----a-w 0 2008-03-05 07:09:48 C:\WINDOWS\Temp\win505C.tmp ----a-w 0 2008-03-05 07:09:48 C:\WINDOWS\Temp\win505D.tmp ----a-w 0 2008-03-04 14:44:46 C:\WINDOWS\Temp\win5062.tmp ----a-w 0 2008-03-04 14:44:46 C:\WINDOWS\Temp\win5063.tmp ----a-w 0 2008-03-04 14:44:46 C:\WINDOWS\Temp\win5064.tmp ----a-w 0 2008-03-04 14:44:47 C:\WINDOWS\Temp\win5069.tmp ----a-w 0 2008-03-04 18:01:22 C:\WINDOWS\Temp\win506A.tmp ----a-w 0 2008-03-05 14:10:18 C:\WINDOWS\Temp\win506B.tmp ----a-w 0 2008-03-04 19:23:46 C:\WINDOWS\Temp\win506C.tmp ----a-w 0 2008-03-05 14:10:18 C:\WINDOWS\Temp\win5075.tmp ----a-w 0 2008-03-05 14:10:19 C:\WINDOWS\Temp\win5076.tmp ----a-w 0 2008-03-05 14:10:19 C:\WINDOWS\Temp\win5077.tmp ----a-w 0 2008-03-06 14:29:24 C:\WINDOWS\Temp\win5078.tmp ----a-w 0 2008-03-01 10:21:15 C:\WINDOWS\Temp\win5088.tmp ----a-w 0 2008-03-01 10:21:15 C:\WINDOWS\Temp\win5089.tmp ----a-w 0 2008-03-01 10:21:15 C:\WINDOWS\Temp\win508D.tmp ----a-w 0 2008-03-01 10:21:15 C:\WINDOWS\Temp\win508E.tmp ----a-w 0 2008-03-02 12:31:31 C:\WINDOWS\Temp\win508F.tmp ----a-w 0 2008-03-02 12:31:31 C:\WINDOWS\Temp\win5090.tmp ----a-w 0 2008-03-02 12:31:31 C:\WINDOWS\Temp\win5091.tmp ----a-w 0 2008-03-02 12:31:31 C:\WINDOWS\Temp\win5096.tmp ----a-w 0 2008-03-06 14:29:24 C:\WINDOWS\Temp\win5097.tmp ----a-w 0 2008-03-06 14:29:24 C:\WINDOWS\Temp\win5098.tmp ----a-w 0 2008-03-04 14:46:47 C:\WINDOWS\Temp\win50A0.tmp ----a-w 0 2008-03-04 14:46:47 C:\WINDOWS\Temp\win50A9.tmp ----a-w 0 2008-03-04 14:46:47 C:\WINDOWS\Temp\win50AA.tmp ----a-w 0 2008-03-04 14:46:47 C:\WINDOWS\Temp\win50AB.tmp ----a-w 0 2008-03-05 14:12:19 C:\WINDOWS\Temp\win50AC.tmp ----a-w 0 2008-03-05 14:12:19 C:\WINDOWS\Temp\win50AD.tmp ----a-w 0 2008-03-05 14:12:19 C:\WINDOWS\Temp\win50AE.tmp ----a-w 0 2008-03-05 14:12:19 C:\WINDOWS\Temp\win50BC.tmp ----a-w 0 2008-03-06 14:29:25 C:\WINDOWS\Temp\win50BD.tmp ----a-w 0 2008-03-07
  • Open een kladblokbestand. Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand. [b:d5f86bcf65]@ECHO OFF IF EXIST log.txt DEL log.txt ren C:\WINDOWS\system32\winfmy32.dll winfmy32.bak del /q C:\WINDOWS\Temp\win*.tmp ECHO Deleting files>>log.txt FOR %%g in ( C:\WINDOWS\system32\hjjlm.ini C:\WINDOWS\system32\mljjh.dll C:\WINDOWS\system32\winfmy32.bak C:\WINDOWS\system32\VundoFixSVC.exe C:\WINDOWS\system32\winfmy32.dll) DO ( IF EXIST %%g ( ATTRIB -r -s -h %%g DEL %%g IF EXIST %%g ( ECHO %%g not deleted>>log.txt ) ELSE ( ECHO %%g deleted>>log.txt) ) ELSE ( ECHO %%g not found>>log.txt)) START NOTEPAD.EXE log.txt [/b:d5f86bcf65] Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: del.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. Dubbelklik op del.bat en post de inhoud van de logfile die opent. Zijn er nog problemen?
  • Dit logje opende nadat ik het bestand: del.bat geopend had Deleting files C:\WINDOWS\system32\hjjlm.ini deleted C:\WINDOWS\system32\mljjh.dll deleted C:\WINDOWS\system32\winfmy32.bak deleted C:\WINDOWS\system32\VundoFixSVC.exe deleted C:\WINDOWS\system32\winfmy32.dll not found
  • Open de map RVAXO op je bureaublad en dubbelklik [b:bab1471edc]Uninstall[/b:bab1471edc].cmd Dit zal alles van RVAXO doen verwijderen. Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] ([url=http://www.majorgeeks.com/ATF_Cleaner_d4949.html]mirror[/url])(gemaakt door Atribune) [b:bab1471edc]Belangrijk:[/b:bab1471edc] Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken. Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij [b:bab1471edc]Select All[/b:bab1471edc]. Klik op de knop [b:bab1471edc]Empty Selected[/b:bab1471edc]. Het volgende doen als je ook FireFox als browser hebt: Klik op tabblad "Firefox", plaats een vinkje bij [b:bab1471edc]Select All[/b:bab1471edc]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:bab1471edc]Empty Selected[/b:bab1471edc]. Het volgende doen als je ook Opera als browser hebt: Klik op tabblad "Opera", plaats een vinkje bij [b:bab1471edc]Select All[/b:bab1471edc]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:bab1471edc]Empty Selected[/b:bab1471edc]. Ga naar het tabblad "Main" en klik op de knop [b:bab1471edc]Exit[/b:bab1471edc] om het programma af te sluiten. Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in. [url=http://users.pandora.be/marcvn/spyware/1852808.htm]Kijk hier hoe je je systeemherstel moet uitschakelen[/url]. Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel. Post als laatste nog een nieuw logje van Hijackthis ter controle en vertel of er nog problemen zijn ;)
  • Ik denk dat de problemen vrijwel zeker opgelost zijn. Ik krijg geen virusmelding meer. Ook werkt mijn pc weer een stuk sneller. Hier het logje van Hijackthis dan nog: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:43:13, on 18-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\ehome\ehtray.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe D:\Documents and Settings\Erwin\Mijn documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://distefano1034.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast.info/objects/NpFp415.dll O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) - http://80.237.209.20/objects/NpFp41629.dll O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\filezillaftp\filezillaserver.exe (file missing) O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 11058 bytes
  • Je logje ziet er weer prima uit :)
  • Ok mooi! Bedankt dat je me geholpen hebt. Zonder jou hulp was ik nergens! :D
  • Graag gedaan hoor :D

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.