Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Last van Pop ups, en kan sommige handelingen niet uitvoeren

None
41 antwoorden
  • Zojuist heb ik bij "windows" dit gepost: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1440354#1440354
    klacht is dat ik niet alleen spontane popups krijg, maar ook allerlei zaken niet kan regelen, een gedownloade exe niet kan installeren , maar ook niet vanaf een cd.bijvoorbeeld. Hierbij alvast een HJT:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:49:05, on 16-12-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Ngefaa.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKCU\..\Run: [MailWasher] C:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.google.nl
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286181227125
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 6690 bytes

    ik hoop dat er een aanwijzing te vinden is. Inmiddels wel al Ccleaner, MBAM, Advanced Systemcare gedaan. Helaas had ik geen oude systeemherstelpunten meer.
  • Hallo f.j.stols, ik lees in dat andere topic van jou dat je ook Advanced Systen Care gebruikt.

    Dat tool gebruikt bestanden van Malwarebytes en gerenommeerde Westerse antivirusmakers.

    Het is aan jouw dit frauduleuze tool te blijven gebruiken - inclusief de spyware toolbars die meegeïnstalleerd worden!

    In ieder geval zal je eigen antivirus blij zijn, indien dit tool verwijderd wordt.
    Bijgevolg: doordat daardoor conflicten met de gebruikte antivirus worden opgehevn, stijgt ook weer het beveiligingsniveau van de door jou ingezette antivirus naar normaal niveau!


    Jouw log ziet er verder overigens goed uit, geen spoor van malware.
    Dus waar nu die popups vandaan komen, vereist verder onderzoek.
    Dat installatie probleem - heb je dat ook met andere software?


    Doe dus het e volgende: [b:30ff695025]download LopSD of LOPSD naar je Bureaublad.[/b:30ff695025]
    [list:30ff695025][*:30ff695025] [b:30ff695025]De-activeer bij dit tooltje je antispyware en virusscanner.[/b:30ff695025]
    [*:30ff695025][b:30ff695025]Vista- en Windows 7 gebruikers: rechtsklik op LopSD en kies voor "Als Administrator uitvoeren"!
    [*:30ff695025] Kies Optie N en Enter
    [*:30ff695025] Klik OK bij het informatie venter
    [*:30ff695025] Kies Optie 2 en Enter
    [*:30ff695025] Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord[/b:30ff695025][/list:u:30ff695025]
  • Fijn dat ik zo snel een reactie krijg: Om maar meteen met deze vraag te beginnen : "Dat installatie probleem - heb je dat ook met andere software? ",
    já. Bijvoorbeeld al als ik FF wil openen, dan komt er eerst een melding dat ik geen toestemming heb. Vervolgens lukt het dan wel.
    [img:c7a1ca199b]http://i56.tinypic.com/eio7pc.jpg[/img:c7a1ca199b]
    en bij het openen van LopSD zie ik:
    [img:c7a1ca199b]http://i53.tinypic.com/wtysn.jpg[/img:c7a1ca199b]
    Ook zag ik dat mijn Nod 32 wilde analyseren:
    [img:c7a1ca199b]http://i51.tinypic.com/2ekry38.jpg[/img:c7a1ca199b]

    kortom ik zit behoorlijk in de puree
    Advanced S.C. heb ik direct verwijderd (was niet te vinden in geïnstalleerde software, maar er was wel een uninstall-tool. Overigens had ik dat ooit een keer op aanraden ergens in het Forum opgehaald, jaar geleden of zo.
    Voorts merk ik op dat na dat mailwasher (een soort spam-selector) zijn werk gedaan heeft er m.o.m. automatisch overgeschakeld wordt naar mijn emailprogramma (I.E.), en dat moet ik "handmatig"doen.
  • Hoi, zo te zien is jouw Windows behoorlijk beschadigd.


    Begin ermee, ServicePack 3 voor Windows XP opnieuw te installeren!
    Deaktiveer voordat je met de installatie begint wel je antivirus!

    http://www.microsoft.com/downloads/nl-nl/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&DisplayLang=nl
  • Vóór ik begin: ik heb een engelstalige XP, zal ik eerst zelf zoeken naar een engelstalige XP3, of maakt het niet uit?
  • inmddels een héél stuk verder (durf nog niet te zeggen dat alles goed is?) Heb eerst de engelse SP3 binnengehaald. Vervolgens de oorspronkelijke SP3 gede-installeerd (kon niet via software, maar wel via Ccleaner!) en toen de nieuwe SP3 uitgepakt. Dat duurde dus "even", vandaar. Mijn eerste controle is dat een bijv. installatie van een exe weer gaat. Moet ik die LopSD nog uitpakken en laten draaien? Ik wacht even af. Merk ook dat mijn grafische kaart nog wat downloads of zo nodig heeft.
  • Laat LOP.sd inderdaad maar draaien, want de besmetting zal er nog wel zitten!
  • ik neem aan dat ik dat log moet posten hier?
  • en ik zie nu dat mijn emailprogramma (O.E. maar ook Live mail) niet goed werkt: geen cursor in het schrijfgedeelte… Ook de hyperlink die ik van C!T per email krijg doet het niet.
  • ik ga nog even verder met het melden van problemen - tenzij dat voorbarig is - maar ondanks ophalen update ATI-driver gaat scrollen nog schokkerig. En bij openen van Internet Explorer (N.B.) komen er meldingen:
    [img:ecd91594ad]http://i56.tinypic.com/4q0h2g.jpg[/img:ecd91594ad]
    vervolgens
    [img:ecd91594ad]http://i56.tinypic.com/24m7psp.jpg[/img:ecd91594ad]
    en dan
    [img:ecd91594ad]http://i55.tinypic.com/2vmu8pg.jpg[/img:ecd91594ad]
    want het "debug"doet verder niets.
    Ook "systeemherstel"van Windows levert geen oude herstelpunten (meer) op.
  • Je mag inderdaad het log posten!

    Wat betreft IE8 - gewoon opnieuw installeren!


    http://www.microsoft.com/downloads/en/details.aspx?FamilyID=341c2ad5-8c3d-4347-8c03-08cdecd8852b
  • tussentijdse mededeling:
    na hetopnieuw ophalen van I.E. (gelukkig deed FF het wel) doet die het weer. Ook de noodzakelijke updates voor de grafische kaart komen weer binnen (via Hippo). En: ik heb weer een cursor in Outlook Express!
    Hier is de log:

    ——————–\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : AMD Athlon™ II X3 440 Processor )
    BIOS : Default System BIOS
    USER : Administrator ( Administrator )
    BOOT : Normal boot
    Antivirus : ESET NOD32 Antivirus 4.2 4.2 (Activated)
    Firewall : ZoneAlarm Firewall 9.2.076.000 (Activated)
    C:\ (Local Disk) - NTFS - Total:232 Go (Free:207 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    Y:\ (Local Disk) - NTFS - Total:931 Go (Free:894 Go)
    Z:\ (Local Disk) - NTFS - Total:298 Go (Free:275 Go)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( vr 17-12-2010|18:11 )

    ——————–\\ Listing folders in APPLIC~1

    [07-12-2010|19:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\ACD Systems
    [07-12-2010|15:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [28-09-2010|07:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft
    [27-08-2010|13:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
    [08-10-2010|15:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Auslogics
    [16-12-2010|10:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Avanquest
    [12-11-2010|15:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\BinarySense
    [30-10-2010|11:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canon
    [26-08-2010|17:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Carambis
    [21-08-2010|11:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\CD-LabelPrint
    [22-07-2010|17:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\CheckPoint
    [27-10-2010|11:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\DeviceDoctorSoftware
    [22-10-2010|09:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Downloaded Installations
    [17-12-2010|15:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Easeware
    [28-09-2010|08:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\ePaperPress
    [05-11-2010|16:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\EXIF Date Changer
    [08-12-2010|09:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\FastStone
    [16-10-2010|07:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Foxit
    [16-10-2010|07:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Foxit Software
    [23-10-2010|09:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\GemistDownloader
    [05-11-2010|16:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\GeoSetter
    [27-07-2010|09:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
    [01-08-2010|15:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\HD Tune Pro
    [10-12-2010|11:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
    [26-07-2010|09:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\InfraRecorder
    [02-12-2010|17:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\IObit
    [29-11-2010|10:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Kalender
    [27-08-2010|11:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\log
    [23-10-2010|11:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [17-12-2010|15:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\MailWasherPro
    [28-09-2010|19:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
    [11-11-2010|10:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
    [26-11-2010|12:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [27-08-2010|13:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
    [06-08-2010|11:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla(2)
    [23-10-2010|18:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\NetSpeedMonitor
    [22-10-2010|09:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Nitro PDF
    [04-10-2010|12:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Office Genuine Advantage
    [26-07-2010|18:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\OpenOffice.org
    [16-12-2010|09:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Registry Mechanic
    [21-11-2010|12:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
    [21-11-2010|12:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\skypePM
    [26-07-2010|18:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
    [13-12-2010|12:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\TeamViewer
    [23-07-2010|15:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\TomTom
    [12-11-2010|10:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\UltraVNC
    [30-11-2010|08:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
    [27-08-2010|14:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Search
    [01-09-2010|19:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Youtube Downloader HD

    [07-12-2010|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
    [07-12-2010|15:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [15-12-2010|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [16-12-2010|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avanquest
    [22-07-2010|14:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
    [01-08-2010|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Driver Whiz
    [22-07-2010|14:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
    [10-12-2010|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
    [25-07-2010|15:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    [30-07-2010|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hps
    [15-10-2010|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Innovative Solutions
    [21-11-2010|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IObit
    [30-07-2010|18:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [10-11-2010|14:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Maxtor
    [25-07-2010|10:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    [30-11-2010|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [15-10-2010|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
    [22-10-2010|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nitro PDF
    [25-07-2010|14:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
    [04-10-2010|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
    [30-08-2010|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Paragon
    [04-10-2010|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [28-10-2010|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Soluto
    [26-07-2010|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sun
    [13-10-2010|08:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    [12-11-2010|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tarma Installer
    [16-12-2010|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [23-07-2010|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
    [20-07-2010|15:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

    [21-07-2010|08:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [24-08-2010|15:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [16-04-2010|00:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    ——————–\\ Scheduled Tasks located in C:\WINDOWS\Tasks

    [17-12-2010 17:25][–ah—–] C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    [17-12-2010 15:48][–a——] C:\WINDOWS\tasks\OGALogon.job
    [17-12-2010 15:48][–ah—–] C:\WINDOWS\tasks\SA.DAT
    [28-02-2006 13:00][-r-h—–] C:\WINDOWS\tasks\desktop.ini

    ——————–\\ Listing Folders in C:\Program Files

    [05-11-2010|09:46] C:\Program Files\7-Zip
    [12-12-2010|13:27] C:\Program Files\ACD
    [22-07-2010|15:23] C:\Program Files\Acro Software
    [16-12-2010|14:54] C:\Program Files\Adobe
    [11-11-2010|19:56] C:\Program Files\Adres 2000
    [30-07-2010|14:17] C:\Program Files\AH
    [22-07-2010|14:57] C:\Program Files\Ahead
    [25-08-2010|08:04] C:\Program Files\Albert Heijn Fotoservice
    [28-09-2010|07:01] C:\Program Files\ArcSoft
    [21-07-2010|08:45] C:\Program Files\ATI
    [15-12-2010|10:42] C:\Program Files\ATI Technologies
    [14-12-2010|09:11] C:\Program Files\Auslogics
    [02-12-2010|19:36] C:\Program Files\Bibble Labs
    [26-11-2010|19:35] C:\Program Files\bin
    [11-10-2010|07:46] C:\Program Files\Canon
    [11-10-2010|07:46] C:\Program Files\CanonBJ
    [29-11-2010|12:06] C:\Program Files\CCleaner
    [22-07-2010|17:44] C:\Program Files\CheckPoint=ZoneAlarm
    [16-12-2010|16:01] C:\Program Files\Common Files
    [16-04-2010|00:22] C:\Program Files\ComPlus Applications
    [28-09-2010|06:18] C:\Program Files\Conduit
    [23-10-2010|14:13] C:\Program Files\CPUID
    [12-11-2010|13:13] C:\Program Files\Easy Rolodex 3.1
    [08-12-2010|09:40] C:\Program Files\ePaperPress
    [07-10-2010|19:45] C:\Program Files\ESET
    [23-08-2010|10:07] C:\Program Files\Eusing Free Registry Cleaner
    [05-11-2010|16:46] C:\Program Files\EXIF Date Changer
    [08-12-2010|09:23] C:\Program Files\FastStone Image Viewer
    [13-11-2010|09:44] C:\Program Files\FastStone Photo Resizer
    [17-12-2010|15:53] C:\Program Files\filehippo.com
    [11-10-2010|09:53] C:\Program Files\Foxit Software
    [22-07-2010|17:40] C:\Program Files\Gadwin Systems
    [23-10-2010|09:40] C:\Program Files\GemistDownloader
    [31-10-2010|20:45] C:\Program Files\GeoSetter
    [01-10-2010|15:19] C:\Program Files\Google
    [22-07-2010|15:23] C:\Program Files\GPLGS
    [12-11-2010|09:08] C:\Program Files\HD Tune Pro
    [29-08-2010|17:16] C:\Program Files\HP
    [05-11-2010|13:18] C:\Program Files\InstallShield Installation Information
    [17-12-2010|14:23] C:\Program Files\Internet Explorer
    [14-11-2010|12:44] C:\Program Files\IObit
    [26-11-2010|19:35] C:\Program Files\Java
    [20-08-2010|13:35] C:\Program Files\Lang
    [24-07-2010|13:50] C:\Program Files\Lavalys Everest
    [13-10-2010|14:01] C:\Program Files\lib
    [26-07-2010|18:47] C:\Program Files\licenses
    [22-07-2010|15:26] C:\Program Files\MailWasher Pro
    [02-12-2010|15:58] C:\Program Files\Malwarebytes' Anti-Malware
    [17-12-2010|14:28] C:\Program Files\Messenger
    [04-10-2010|08:29] C:\Program Files\Microsoft
    [16-04-2010|00:25] C:\Program Files\microsoft frontpage
    [26-11-2010|12:57] C:\Program Files\Microsoft Office
    [16-12-2010|14:42] C:\Program Files\Microsoft Silverlight
    [26-11-2010|12:11] C:\Program Files\Microsoft Visual Studio
    [26-11-2010|13:00] C:\Program Files\Microsoft Works
    [26-11-2010|12:10] C:\Program Files\Microsoft.NET
    [17-12-2010|15:32] C:\Program Files\Movie Maker
    [11-12-2010|15:32] C:\Program Files\Mozilla Firefox
    [03-11-2010|14:55] C:\Program Files\Mozilla Firefox(2)
    [20-07-2010|16:06] C:\Program Files\MSBuild
    [15-10-2010|12:17] C:\Program Files\MSECache
    [17-12-2010|13:44] C:\Program Files\msn
    [16-04-2010|00:22] C:\Program Files\MSN Gaming Zone
    [20-07-2010|16:05] C:\Program Files\MSXML 6.0
    [14-10-2010|13:57] C:\Program Files\NCH Software
    [17-12-2010|14:22] C:\Program Files\NetMeeting
    [10-11-2010|16:10] C:\Program Files\NirSoft
    [08-10-2010|15:04] C:\Program Files\NT Registry Optimizer
    [22-07-2010|17:38] C:\Program Files\Online Services
    [28-11-2010|13:53] C:\Program Files\OpenOffice.org 3
    [17-12-2010|15:31] C:\Program Files\Outlook Express
    [30-08-2010|11:26] C:\Program Files\Paragon Software
    [28-09-2010|08:24] C:\Program Files\PTlens
    [26-07-2010|18:47] C:\Program Files\readmes
    [21-07-2010|08:49] C:\Program Files\Realtek
    [26-07-2010|18:47] C:\Program Files\redist
    [20-07-2010|16:06] C:\Program Files\Reference Assemblies
    [14-12-2010|09:13] C:\Program Files\Skype
    [13-12-2010|11:59] C:\Program Files\TeamViewer
    [26-09-2010|16:38] C:\Program Files\TomTom DesktopSuite
    [26-09-2010|16:39] C:\Program Files\TomTom HOME 2
    [26-09-2010|16:39] C:\Program Files\TomTom International B.V
    [03-11-2010|14:46] C:\Program Files\ToniArts
    [30-09-2010|14:41] C:\Program Files\Trend Micro
    [16-04-2010|00:29] C:\Program Files\Uninstall Information
    [23-07-2010|15:43] C:\Program Files\VideoLAN
    [10-10-2010|17:00] C:\Program Files\VS Revo Group
    [01-11-2010|22:26] C:\Program Files\Windows Desktop Search
    [15-10-2010|15:58] C:\Program Files\Windows Live
    [04-10-2010|08:29] C:\Program Files\Windows Live SkyDrive
    [15-10-2010|16:12] C:\Program Files\Windows Media Connect 2
    [17-12-2010|14:22] C:\Program Files\Windows Media Player
    [17-12-2010|14:22] C:\Program Files\Windows NT
    [16-04-2010|00:24] C:\Program Files\WindowsUpdate
    [16-04-2010|00:25] C:\Program Files\xerox
    [17-10-2010|12:29] C:\Program Files\YouTube Downloader
    [22-07-2010|17:44] C:\Program Files\Zone Labs

    ——————–\\ Listing Folders in C:\Program Files\Common Files

    [11-12-2010|19:23] C:\Program Files\Common Files\ACD Systems
    [16-12-2010|14:54] C:\Program Files\Common Files\Adobe
    [22-07-2010|14:56] C:\Program Files\Common Files\Ahead
    [22-07-2010|14:36] C:\Program Files\Common Files\CANON
    [26-11-2010|12:11] C:\Program Files\Common Files\DESIGNER
    [29-08-2010|17:17] C:\Program Files\Common Files\Hewlett-Packard
    [28-09-2010|07:01] C:\Program Files\Common Files\InstallShield
    [26-07-2010|18:34] C:\Program Files\Common Files\Java
    [22-07-2010|14:49] C:\Program Files\Common Files\Macrovision Shared
    [10-11-2010|16:09] C:\Program Files\Common Files\Maxtor
    [26-11-2010|13:09] C:\Program Files\Common Files\Microsoft Shared
    [16-04-2010|00:23] C:\Program Files\Common Files\MSSoap
    [22-07-2010|14:58] C:\Program Files\Common Files\Nero
    [15-04-2010|17:12] C:\Program Files\Common Files\ODBC
    [16-04-2010|00:23] C:\Program Files\Common Files\Services
    [14-12-2010|09:13] C:\Program Files\Common Files\Skype
    [15-04-2010|17:12] C:\Program Files\Common Files\SpeechEngines
    [17-12-2010|15:05] C:\Program Files\Common Files\System
    [04-10-2010|08:25] C:\Program Files\Common Files\Windows Live

    ——————–\\ Process

    ( 42 Processes )

    … OK !

    ——————–\\ Searching with S_Lop

    No Lop folder found !

    ——————–\\ Searching for Lop Files - Folders

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4

    ——————–\\ Searching within the Registry

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ….. OK !

    ——————–\\ Checking the Hosts file

    Hosts file CLEAN


    ——————–\\ Searching for hidden files with Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-17 18:12:38
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes …
    scanning hidden files …
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    ——————–\\ Searching for other infections


    No other infections found !

    [F:56][D:10]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    [F:107][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
    [F:4024][D:8]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - vr 17-12-2010|18:13 - Option : [1]

    ——————–\\ Scan completed at 18:13:37
    Ik zu nu zelf nog wat onbekende termen in dit log, en
    het scrollen van het beeld geeft nog wat golvende bewegingen, hoop dat het na een update van NVidia beter wordt.
  • helaas herkent Outlook Express de op een externe harde schijf ingestelde archiefmap niet meer. Adresboek is er wel nog, maar toch een beetje lastig met het afhandelen van lopende zaken, waarvan nog geen emailadres was opgeslagen.
  • Je rammelt van het ene in het andere probleem.
    En dat je nog steeds dat onderwijl antieke OutlookExpress gebruikt!

    Maar alles op zijn tijd: ik denk dat het nu tijd is voor ComboFix!

    Want waarom Lop de twee besmettingen niet heeft verwijderd, is mij een raadsel!


    Download ComboFix van één van deze locaties:

    [b:4a4015631c]Bleepingcomputer[/b:4a4015631c]

    [b:4a4015631c]ForoSpyware[/b:4a4015631c]


  • helaas, maar hier word ik ook heel verdrietig van: Combofix wil sowieso niet opstarten, met de mededeling:
    [img:8527221555]http://i56.tinypic.com/zup0l5.jpg[/img:8527221555]
    maar na enige keren Ctrl Alt Del leek het wel te lukken. helaas: ook na lang wachten alleen de eerste regel. In het verleden dit wel vaker laten lopen zonder problemen.
    Ook heb ik Windows Live Mail wel eens bekeken, maar dat beviel me niet; Outlook evenmin. Licht waarschijnlijk aan mijn leeftijd?
  • op één of andere manier lukte het posten niet, nu nog eens:
    ComboFix 10-12-18.01 - Administrator 18-12-2010 19:48:25.8.3 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.3327.2788 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2010-11-18 to 2010-12-18 ))))))))))))))))))))))))))))))
    .

    2010-12-18 09:43 . 2010-12-18 09:43 ——– d—–w- C:\NVIDIA
    2010-12-17 14:39 . 2010-12-17 14:39 ——– d—–w- c:\documents and settings\Administrator\Application Data\Easeware
    2010-12-17 13:56 . 2010-09-18 06:53 974848 -c—-w- c:\windows\system32\dllcache\mfc42.dll
    2010-12-17 13:56 . 2010-09-18 06:53 953856 -c—-w- c:\windows\system32\dllcache\mfc40u.dll
    2010-12-17 13:56 . 2010-08-23 16:12 617472 -c—-w- c:\windows\system32\dllcache\comctl32.dll
    2010-12-17 13:56 . 2010-02-24 13:11 455680 -c—-w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-12-17 13:52 . 2009-12-09 05:53 726528 -c–a-w- c:\windows\system32\dllcache\jscript.dll
    2010-12-17 13:24 . 2009-07-31 08:05 1372672 -c—-w- c:\windows\system32\dllcache\msxml6.dll
    2010-12-17 13:24 . 2008-04-13 21:57 79872 -c—-w- c:\windows\system32\dllcache\msxml6r.dll
    2010-12-17 13:21 . 2010-11-26 04:17 5555712 -c–a-w- c:\windows\system32\dllcache\ati2mtag.sys
    2010-12-17 13:19 . 2006-12-28 23:31 19569 —-a-w- c:\windows\003033_.tmp
    2010-12-17 08:08 . 2010-12-17 17:13 ——– d—–w- C:\Lop SD
    2010-12-16 09:04 . 2010-12-16 09:06 ——– d—–w- c:\documents and settings\All Users\Application Data\Avanquest
    2010-12-16 09:04 . 2010-12-16 09:06 ——– d—–w- c:\documents and settings\Administrator\Application Data\Avanquest
    2010-12-16 08:59 . 2010-12-16 08:59 ——– d—–w- c:\documents and settings\Administrator\Application Data\Registry Mechanic
    2010-12-15 11:43 . 2010-12-15 11:43 ——– d—–w- c:\documents and settings\All Users\Application Data\ATI
    2010-12-14 19:30 . 2010-11-02 15:17 40960 -c—-w- c:\windows\system32\dllcache
    dproxy.sys
    2010-12-14 19:29 . 2010-10-11 14:59 45568 -c—-w- c:\windows\system32\dllcache\wab.exe
    2010-12-14 08:13 . 2010-12-14 08:13 ——– d—–w- c:\program files\Common Files\Skype
    2010-12-14 08:11 . 2010-12-14 08:11 ——– d—–w- c:\program files\Auslogics
    2010-12-13 10:59 . 2010-12-13 11:07 ——– d—–w- c:\documents and settings\Administrator\Application Data\TeamViewer
    2010-12-13 10:59 . 2010-12-13 10:59 ——– d—–w- c:\program files\TeamViewer
    2010-12-12 12:27 . 2010-12-12 12:27 ——– d—–w- c:\program files\ACD
    2010-12-10 10:25 . 2010-12-10 10:25 ——– d—–w- c:\documents and settings\All Users\Application Data\espionServerData
    2010-12-09 17:49 . 2010-12-09 17:49 ——– d—–w- c:\windows\system32\Adobe
    2010-12-08 12:45 . 2001-08-17 21:36 53760 -c–a-w- c:\windows\system32\dllcache\wiamsmud.dll
    2010-12-08 12:44 . 2001-08-17 12:28 794654 -c–a-w- c:\windows\system32\dllcache\usr1801.sys
    2010-12-08 12:43 . 2001-08-17 12:51 4992 -c–a-w- c:\windows\system32\dllcache\toside.sys
    2010-12-08 12:42 . 2001-08-17 21:36 53248 -c–a-w- c:\windows\system32\dllcache\stlncoin.dll
    2010-12-08 12:41 . 2001-08-17 21:36 28672 -c–a-w- c:\windows\system32\dllcache\sma0w.dll
    2010-12-08 12:40 . 2001-08-17 12:51 23936 -c–a-w- c:\windows\system32\dllcache\sccmn50m.sys
    2010-12-08 12:39 . 2001-08-17 12:28 899146 -c–a-w- c:\windows\system32\dllcache\r2mdkxga.sys
    2010-12-08 12:38 . 2001-08-17 13:07 27296 -c–a-w- c:\windows\system32\dllcache\perc2.sys
    2010-12-08 12:37 . 2001-08-17 11:50 39264 -c–a-w- c:\windows\system32\dllcache
    eo20xx.sys
    2010-12-08 12:36 . 2008-04-13 19:46 15232 -c–a-w- c:\windows\system32\dllcache\mpe.sys
    2010-12-08 12:35 . 2001-08-17 21:36 8192 -c–a-w- c:\windows\system32\dllcache\kbdkor.dll
    2010-12-08 12:34 . 2001-08-17 21:36 26624 -c–a-w- c:\windows\system32\dllcache\icam3ext.dll
    2010-12-08 12:33 . 2001-08-17 21:36 93696 -c–a-w- c:\windows\system32\dllcache\hpgt42.dll
    2010-12-08 12:32 . 2001-08-17 21:36 45568 -c–a-w- c:\windows\system32\dllcache\esunib.dll
    2010-12-08 12:31 . 2001-08-17 21:36 6729 -c–a-w- c:\windows\system32\dllcache\disrvci.dll
    2010-12-08 12:30 . 2001-08-17 11:13 164923 -c–a-w- c:\windows\system32\dllcache\diapi2.sys
    2010-12-08 12:29 . 2001-08-17 13:56 66048 -c–a-w- c:\windows\system32\dllcache\s3legacy.dll
    2010-12-08 08:40 . 2010-12-08 08:40 ——– d—–w- c:\program files\ePaperPress
    2010-12-08 08:23 . 2010-12-08 08:23 ——– d—–w- c:\program files\FastStone Image Viewer
    2010-12-07 18:19 . 2010-12-07 18:19 ——– d—–w- c:\documents and settings\All Users\Application Data\ACD Systems
    2010-12-07 13:52 . 2010-12-07 13:52 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\ACDSee
    2010-12-02 18:38 . 2010-12-02 18:38 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\Bibble Labs
    2010-12-02 18:36 . 2010-12-02 18:36 ——– d—–w- c:\program files\Bibble Labs
    2010-12-02 03:35 . 2010-12-02 03:35 4280320 —-a-w- c:\windows\system32\GPhotos.scr
    2010-11-30 08:06 . 2009-06-25 12:20 1446264 —-a-w- c:\program files\Mozilla Firefox\plugins
    pLegitCheckPlugin.dll
    2010-11-29 09:01 . 2010-11-29 09:01 ——– d—–w- c:\documents and settings\Administrator\Application Data\Kalender
    2010-11-26 18:35 . 2010-11-26 18:35 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2010-11-26 18:35 . 2010-11-26 18:35 ——– d—–w- c:\program files\Java
    2010-11-26 11:11 . 2010-11-26 12:00 ——– d—–w- c:\program files\Microsoft Works
    2010-11-26 11:11 . 2010-11-26 11:11 ——– d—–w- c:\windows\SHELLNEW
    2010-11-26 11:10 . 2010-11-26 11:10 ——– d—–w- c:\program files\Microsoft.NET
    2010-11-26 11:08 . 2010-11-26 11:08 ——– d—–r- C:\MSOCache
    2010-11-25 18:09 . 2010-11-29 12:00 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\Hema Fotoalbum
    2010-11-24 12:03 . 2010-11-28 12:53 ——– d—–w- c:\program files\OpenOffice.org 3
    2010-11-21 09:02 . 2010-11-21 09:02 ——– d—–w- c:\documents and settings\All Users\Application Data\IObit

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-13 16:31 . 2010-08-25 07:08 8605 —-a-w- c:\documents and settings\Administrator\Application Data\mdb.bin
    2010-11-29 16:42 . 2010-09-28 18:47 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 16:42 . 2010-09-28 18:47 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-26 18:35 . 2010-07-26 17:34 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2010-11-26 03:57 . 2010-07-21 07:45 16748544 —-a-w- c:\windows\system32\atioglxx.dll
    2010-11-26 03:23 . 2010-07-21 07:45 471040 —-a-w- c:\windows\system32\atiok3x2.dll
    2010-11-26 03:12 . 2010-07-21 07:45 311296 —-a-w- c:\windows\system32\atiiiexx.dll
    2010-11-26 03:07 . 2010-07-21 07:45 57344 —-a-w- c:\windows\system32\aticalrt.dll
    2010-11-26 03:07 . 2010-07-21 07:45 53248 —-a-w- c:\windows\system32\aticalcl.dll
    2010-11-26 03:06 . 2010-07-21 07:45 4489216 —-a-w- c:\windows\system32\aticaldd.dll
    2010-11-26 02:55 . 2010-07-21 07:45 462848 —-a-w- c:\windows\system32\ATIDEMGX.dll
    2010-11-26 02:39 . 2010-07-21 07:45 53248 —-a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-11-26 02:34 . 2010-07-21 07:45 212992 —-a-w- c:\windows\system32\atipdlxx.dll
    2010-11-26 02:34 . 2010-07-21 07:45 155648 —-a-w- c:\windows\system32\Oemdspif.dll
    2010-11-26 02:34 . 2010-07-21 07:45 26112 —-a-w- c:\windows\system32\Ati2mdxx.exe
    2010-11-26 02:34 . 2010-07-21 07:45 43520 —-a-w- c:\windows\system32\ati2edxx.dll
    2010-11-26 02:34 . 2010-07-21 07:45 159744 —-a-w- c:\windows\system32\ati2evxx.dll
    2010-11-26 02:32 . 2010-07-21 07:45 614400 —-a-w- c:\windows\system32\ati2evxx.exe
    2010-11-26 02:31 . 2010-07-21 07:45 53248 —-a-w- c:\windows\system32\ATIDDC.DLL
    2010-11-26 02:30 . 2010-07-21 07:45 143360 —-a-w- c:\windows\system32\atiapfxx.exe
    2010-11-26 02:26 . 2010-07-21 07:45 651264 —-a-w- c:\windows\system32\atikvmag.dll
    2010-11-26 02:24 . 2010-07-21 07:45 196608 —-a-w- c:\windows\system32\atiadlxx.dll
    2010-11-26 02:24 . 2010-07-21 07:45 17408 —-a-w- c:\windows\system32\atitvo32.dll
    2010-11-26 02:16 . 2010-07-21 07:45 64512 —-a-w- c:\windows\system32\atimpc32.dll
    2010-11-26 02:16 . 2010-07-21 07:45 64512 —-a-w- c:\windows\system32\amdpcom32.dll
    2010-11-18 18:12 . 2010-04-15 23:22 81920 —-a-w- c:\windows\system32\isign32.dll
    2010-11-10 15:08 . 2010-11-10 15:08 121080 —-a-w- c:\program files\uninst.exe
    2010-11-10 15:06 . 2010-11-10 15:06 779576 —-a-w- c:\program files\df.exe
    2010-11-10 15:06 . 2010-11-10 15:06 2110776 —-a-w- c:\program files\Defraggler.exe
    2010-11-10 13:54 . 2010-11-10 13:54 400864 —-a-w- c:\windows\system32\drivers\timntr.sys
    2010-11-10 13:54 . 2010-11-10 13:54 32768 —-a-w- c:\windows\system32\drivers\tifsfilt.sys
    2010-11-10 13:54 . 2010-11-10 13:54 120992 —-a-w- c:\windows\system32\drivers\snapman.sys
    2010-11-06 00:26 . 2006-02-28 12:00 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2006-02-28 12:00 43520 ——w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2006-02-28 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2006-02-28 12:00 385024 ——w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2010-07-21 06:59 40960 —-a-w- c:\windows\system32\drivers
    dproxy.sys
    2010-10-28 13:13 . 2006-02-28 12:00 290048 —-a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2010-07-21 06:59 1853312 —-a-w- c:\windows\system32\win32k.sys
    2010-09-30 13:41 . 2010-09-30 13:41 388096 ——r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-09-30 12:01 . 2010-10-22 08:36 17712 —-a-w- c:\windows\system32
    itrolocalui.dll
    2010-09-30 12:01 . 2010-10-22 08:36 26416 —-a-w- c:\windows\system32
    itrolocalmon.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-11-22_10.20.42 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-14 00:12 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
    + 2008-04-14 04:42 . 2008-04-14 04:42 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    - 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    - 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    - 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    - 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    - 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    - 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    - 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    - 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    - 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    - 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    - 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    - 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2007-11-07 00:19 . 2007-11-07 00:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
    + 2007-11-07 00:19 . 2007-11-07 00:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
    + 2007-11-07 00:19 . 2007-11-07 00:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
    + 2007-11-07 00:19 . 2007-11-07 00:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
    + 2007-11-07 00:19 . 2007-11-07 00:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
    + 2007-11-07 00:19 . 2007-11-07 00:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
    + 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
    + 2007-11-07 00:19 . 2007-11-07 00:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
    + 2007-11-07 00:19 . 2007-11-07 00:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
    + 2007-11-07 00:19 . 2007-11-07 00:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
    - 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    + 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    + 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    - 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2007-11-06 21:51 . 2007-11-06 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
    + 2007-11-06 21:51 . 2007-11-06 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
    + 2008-04-14 04:42 . 2008-04-14 04:42 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
    - 2008-04-14 00:12 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 50688 c:\windows\twain_32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 50688 c:\windows\twain_32.dll
    + 2010-12-18 18:37 . 2010-12-18 18:37 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat
    + 2010-04-15 23:21 . 2008-04-14 04:42 11776 c:\windows\system32\xolehlp.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 11776 c:\windows\system32\xolehlp.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 50176 c:\windows\system32\xmlprovi.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\xmlprovi.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 30720 c:\windows\system32\xcopy.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 30720 c:\windows\system32\xcopy.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 91648 c:\windows\system32\xactsrv.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 91648 c:\windows\system32\xactsrv.dll
    + 2004-08-04 00:56 . 2008-04-14 04:42 52736 c:\windows\system32\wzcsapi.dll
    - 2004-08-04 00:56 . 2008-04-14 00:12 52736 c:\windows\system32\wzcsapi.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 18432 c:\windows\system32\wtsapi32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 18432 c:\windows\system32\wtsapi32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 50688 c:\windows\system32\wstdecod.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 50688 c:\windows\system32\wstdecod.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 22528 c:\windows\system32\wsock32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 22528 c:\windows\system32\wsock32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 41984 c:\windows\system32\wsnmp32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 41984 c:\windows\system32\wsnmp32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 19456 c:\windows\system32\wshtcpip.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 19456 c:\windows\system32\wshtcpip.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 11264 c:\windows\system32\wshrm.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\wshrm.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 14336 c:\windows\system32\wship6.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\wship6.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 36864 c:\windows\system32\wshcon.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 36864 c:\windows\system32\wshcon.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 80896 c:\windows\system32\wscsvc.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 80896 c:\windows\system32\wscsvc.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 13824 c:\windows\system32\wscntfy.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 13824 c:\windows\system32\wscntfy.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 19968 c:\windows\system32\ws2help.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 19968 c:\windows\system32\ws2help.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 82432 c:\windows\system32\ws2_32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 82432 c:\windows\system32\ws2_32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 11264 c:\windows\system32\wpnpinst.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\wpnpinst.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 32256 c:\windows\system32\wpabaln.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 32256 c:\windows\system32\wpabaln.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpui.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 20480 c:\windows\system32\wmpui.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 20480 c:\windows\system32\wmpcore.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpcore.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 20480 c:\windows\system32\wmpcd.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpcd.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 92672 c:\windows\system32\wlnotify.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 92672 c:\windows\system32\wlnotify.dll
    - 2008-04-14 00:12 . 2008-04-14 00:12 69120 c:\windows\system32\wlanapi.dll
    + 2010-12-17 13:23 . 2008-04-14 04:42 69120 c:\windows\system32\wlanapi.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 53760 c:\windows\system32\winsta.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 53760 c:\windows\system32\winsta.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 17408 c:\windows\system32\winshfhc.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 17408 c:\windows\system32\winshfhc.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 99328 c:\windows\system32\winscard.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 99328 c:\windows\system32\winscard.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 16896 c:\windows\system32\winrnr.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 16896 c:\windows\system32\winrnr.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 32256 c:\windows\system32\winipsec.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 32256 c:\windows\system32\winipsec.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 75776 c:\windows\system32\wiascr.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 75776 c:\windows\system32\wiascr.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 65024 c:\windows\system32\wextract.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 65024 c:\windows\system32\wextract.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 68096 c:\windows\system32\webclnt.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 68096 c:\windows\system32\webclnt.dll
    - 2004-08-04 00:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv
    + 2004-08-04 00:56 . 2008-04-14 04:42 23552 c:\windows\system32\wdmaud.drv
    + 2010-04-15 23:21 . 2008-04-14 04:42 95232 c:\windows\system32\wbem\wmiutils.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 95232 c:\windows\system32\wbem\wmiutils.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 41472 c:\windows\system32\wbem\wmipsess.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 41472 c:\windows\system32\wbem\wmipsess.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 62464 c:\windows\system32\wbem\wmipjobj.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 62464 c:\windows\system32\wbem\wmipjobj.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 61952 c:\windows\system32\wbem\wmipiprt.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 61952 c:\windows\system32\wbem\wmipiprt.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 60928 c:\windows\system32\wbem\wmicookr.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 60928 c:\windows\system32\wbem\wmicookr.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 88576 c:\windows\system32\wbem\wmiaprpl.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 88576 c:\windows\system32\wbem\wmiaprpl.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 43520 c:\windows\system32\wbem\wbemsvc.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 43520 c:\windows\system32\wbem\wbemsvc.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 18944 c:\windows\system32\wbem\wbemprox.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 18944 c:\windows\system32\wbem\wbemprox.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 43008 c:\windows\system32\wbem\wbemperf.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 43008 c:\windows\system32\wbem\wbemperf.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 71680 c:\windows\system32\wbem\wbemcons.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 71680 c:\windows\system32\wbem\wbemcons.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 86528 c:\windows\system32\wbem\stdprov.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 86528 c:\windows\system32\wbem\stdprov.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 36352 c:\windows\system32\wbem\scrcons.exe
    - 2010-04-15 23:21 . 2008-04-14 00:12 36352 c:\windows\system32\wbem\scrcons.exe
    + 2010-04-15 23:21 . 2008-04-14 04:42 92672 c:\windows\system32\wbem\policman.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 92672 c:\windows\system32\wbem\policman.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 47104 c:\windows\system32\wbem
    cprov.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 47104 c:\windows\system32\wbem
    cprov.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 16384 c:\windows\system32\wbem\mofcomp.exe
    + 2010-04-15 23:21 . 2008-04-14 04:42 16384 c:\windows\system32\wbem\mofcomp.exe
    + 2010-04-15 23:21 . 2008-04-14 04:41 24576 c:\windows\system32\wbem\krnlprov.dll
    - 2010-04-15 23:21 . 2008-04-14 00:11 24576 c:\windows\system32\wbem\krnlprov.dll
    + 2006-02-28 12:00 . 2008-04-14 04:41 21504 c:\windows\system32\wbem\evntrprv.dll
    - 2006-02-28 12:00 . 2008-04-14 00:11 21504 c:\windows\system32\wbem\evntrprv.dll
    + 2006-02-28 12:00 . 2008-04-14 04:41 45056 c:\windows\system32\wbem\cmdevtgprov.dll
    - 2006-02-28 12:00 . 2008-04-14 00:11 45056 c:\windows\system32\wbem\cmdevtgprov.dll
    + 2006-02-28 12:00 . 2008-04-13 23:15 17664 c:\windows\system32\watchdog.sys
    - 2006-02-28 12:00 . 2008-04-13 18:44 17664 c:\windows\system32\watchdog.sys
    + 2006-02-28 12:00 . 2008-04-14 04:42 15872 c:\windows\system32\w3ssl.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 15872 c:\windows\system32\w3ssl.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\version.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 18944 c:\windows\system32\version.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 26624 c:\windows\system32\verifier.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 26624 c:\windows\system32\verifier.dll
    - 2008-04-14 00:12 . 2008-04-14 00:12 28672 c:\windows\system32\verclsid.exe
    + 2010-12-17 13:23 . 2008-04-14 04:42 28672 c:\windows\system32\verclsid.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 51712 c:\windows\system32\vdmredir.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 51712 c:\windows\system32\vdmredir.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 26112 c:\windows\system32\vdmdbg.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 26112 c:\windows\system32\vdmdbg.dll
    - 1999-11-24 16:40 . 1999-11-24 16:40 40960 c:\windows\system32\VBAME.DLL
    + 1999-11-24 17:40 . 1999-11-24 17:40 40960 c:\windows\system32\VBAME.DLL
    - 2006-02-28 12:00 . 2008-04-14 00:12 30749 c:\windows\system32\vbajet32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 30749 c:\windows\system32\vbajet32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\utilman.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 50176 c:\windows\system32\utilman.exe
    + 2006-02-28 12:00 . 2008-04-14 04:41 19968 c:\windows\system32\usmt\log.dll
    - 2006-02-28 12:00 . 2008-04-14 00:11 19968 c:\windows\system32\usmt\log.dll
    + 2010-12-17 13:23 . 2008-04-13 21:14 17920 c:\windows\system32\usmt\cobramsg.dll
    - 2008-04-13 16:44 . 2008-04-13 16:44 17920 c:\windows\system32\usmt\cobramsg.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 26112 c:\windows\system32\userinit.exe
    + 2010-07-21 06:59 . 2008-04-14 04:42 26112 c:\windows\system32\userinit.exe
    + 2010-04-15 16:13 . 2008-04-14 04:42 74240 c:\windows\system32\usbui.dll
    - 2010-04-15 16:13 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 16896 c:\windows\system32\usbmon.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 16896 c:\windows\system32\usbmon.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 18432 c:\windows\system32\ups.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 18432 c:\windows\system32\ups.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 16896 c:\windows\system32\upnpcont.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 16896 c:\windows\system32\upnpcont.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 13824 c:\windows\system32\uniplat.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 13824 c:\windows\system32\uniplat.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 74240 c:\windows\system32\unimdmat.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 74240 c:\windows\system32\unimdmat.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 35840 c:\windows\system32\umandlg.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 35840 c:\windows\system32\umandlg.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 26624 c:\windows\system32\udhisapi.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 26624 c:\windows\system32\udhisapi.dll
    + 2010-07-20 14:54 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
    - 2010-07-20 14:54 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 57856 c:\windows\system32\twext.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 57856 c:\windows\system32\twext.dll
    + 2010-12-17 13:23 . 2008-04-14 04:42 50688 c:\windows\system32\tspkg.dll
    - 2008-04-14 00:12 . 2008-04-14 00:12 50688 c:\windows\system32\tspkg.dll
    + 2010-12-17 13:23 . 2008-04-14 04:42 53248 c:\windows\system32\tsgqec.dll
    - 2008-04-14 00:12 . 2008-04-14 00:12 53248 c:\windows\system32\tsgqec.dll
    + 2006-02-28 12:00 . 2008-04-14 04:43 12168 c:\windows\system32\tsddd.dll
    - 2006-02-28 12:00 . 2008-04-14 00:13 12168 c:\windows\system32\tsddd.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 93696 c:\windows\system32\tscfgwmi.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 93696 c:\windows\system32\tscfgwmi.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 90112 c:\windows\system32\trkwks.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 90112 c:\windows\system32\trkwks.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 12800 c:\windows\system32\tree.com
    + 2006-02-28 12:00 . 2008-04-14 04:42 12800 c:\windows\system32\tree.com
    + 2002-03-20 20:00 . 2002-03-20 20:00 49152 c:\windows\system32\TransportUSB.dll
    + 2002-03-20 20:00 . 2002-03-20 20:00 49152 c:\windows\system32\TransportSerial.dll
    + 2002-03-20 20:00 . 2002-03-20 20:00 49152 c:\windows\system32\TransportIrDA.dll
    + 2002-03-20 20:00 . 2002-03-20 20:00 49152 c:\windows\system32\TransportIrCOMM.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 12288 c:\windows\system32\tracert.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 12288 c:\windows\system32\tracert.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 73216 c:\windows\system32\tlntsvr.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 73216 c:\windows\system32\tlntsvr.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 61440 c:\windows\system32\tlntadmn.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 61440 c:\windows\system32\tlntadmn.exe
    + 2010-07-21 06:59 . 2008-04-14 04:42 45568 c:\windows\system32\tcpmonui.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmonui.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 45568 c:\windows\system32\tcpmon.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmon.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 14848 c:\windows\system32\tcpmib.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 14848 c:\windows\system32\tcpmib.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 77824 c:\windows\system32\tasklist.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 77824 c:\windows\system32\tasklist.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 76288 c:\windows\system32\taskkill.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 76288 c:\windows\system32\taskkill.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 71680 c:\windows\system32\systeminfo.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 71680 c:\windows\system32\systeminfo.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 57856 c:\windows\system32\synceng.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 57856 c:\windows\system32\synceng.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\svchost.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 14336 c:\windows\system32\svchost.exe
    + 2010-04-15 16:12 . 2008-04-14 04:42 74752 c:\windows\system32\storprop.dll
    - 2010-04-15 16:12 . 2008-04-14 00:12 74752 c:\windows\system32\storprop.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 14848 c:\windows\system32\stimon.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 14848 c:\windows\system32\stimon.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 68096 c:\windows\system32\sti.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 68096 c:\windows\system32\sti.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 59392 c:\windows\system32\stclient.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 59392 c:\windows\system32\stclient.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\ssstars.scr
    + 2006-02-28 12:00 . 2008-04-14 04:42 14336 c:\windows\system32\ssstars.scr
    - 2006-02-28 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\ssmyst.scr
    + 2006-02-28 12:00 . 2008-04-14 04:42 18944 c:\windows\system32\ssmyst.scr
    + 2006-02-28 12:00 . 2008-04-14 04:42 47104 c:\windows\system32\ssmypics.scr
    - 2006-02-28 12:00 . 2008-04-14 00:12 47104 c:\windows\system32\ssmypics.scr
    + 2006-02-28 12:00 . 2008-04-14 04:42 20992 c:\windows\system32\ssmarque.scr
    - 2006-02-28 12:00 . 2008-04-14 00:12 20992 c:\windows\system32\ssmarque.scr
    - 2006-02-28 12:00 . 2008-04-14 00:12 71680 c:\windows\system32\ssdpsrv.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 71680 c:\windows\system32\ssdpsrv.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 34816 c:\windows\system32\ssdpapi.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 34816 c:\windows\system32\ssdpapi.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 19968 c:\windows\system32\ssbezier.scr
    + 2006-02-28 12:00 . 2008-04-14 04:42 19968 c:\windows\system32\ssbezier.scr
    + 2010-07-21 06:59 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
    - 2006-02-28 12:00 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
    + 2010-04-15 23:22 . 2008-04-14 04:42 67584 c:\windows\system32\srclient.dll
    - 2010-04-15 23:22 . 2008-04-14 00:12 67584 c:\windows\system32\srclient.dll
    - 2008-04-14 00:12 . 2008-04-14 00:12 20992 c:\windows\system32\spupdwxp.exe
    + 2008-04-14 04:42 . 2008-04-14 04:42 20992 c:\windows\system32\spupdwxp.exe
    + 2010-07-20 14:47 . 2009-01-07 17:21 26144 c:\windows\system32\spupdsvc.exe
    - 2010-07-20 14:47 . 2009-01-07 16:21 26144 c:\windows\system32\spupdsvc.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 75264 c:\windows\system32\spoolss.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 75264 c:\windows\system32\spoolss.dll
    + 2010-07-22 13:32 . 2007-04-09 12:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
    - 2010-07-22 13:32 . 2007-04-09 11:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
    - 2010-07-22 13:32 . 2007-04-09 11:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
    + 2010-11-26 11:12 . 2007-04-09 12:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
    + 2010-11-26 11:12 . 2007-04-09 12:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
    - 2010-07-22 13:32 . 2007-04-09 11:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 11264 c:\windows\system32\spnpinst.exe
    - 2006-02-28 12:00 . 2008-04-14 03:42 11264 c:\windows\system32\spnpinst.exe
    + 2010-10-15 15:12 . 2009-01-07 17:20 16928 c:\windows\system32\spmsg.dll
    - 2010-10-15 15:12 . 2009-01-07 16:20 16928 c:\windows\system32\spmsg.dll
    - 2006-02-28 12:00 . 2008-04-13 18:43 12800 c:\windows\system32\spiisupd.exe
    + 2006-02-28 12:00 . 2008-04-13 23:13 12800 c:\windows\system32\spiisupd.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 24576 c:\windows\system32\sort.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 24576 c:\windows\system32\sort.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 18944 c:\windows\system32\snmpapi.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\snmpapi.dll
    + 2010-07-21 06:59 . 2008-04-14 04:42 50688 c:\windows\system32\smss.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 50688 c:\windows\system32\smss.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 89600 c:\windows\system32\smlogsvc.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 89600 c:\windows\system32\smlogsvc.exe
    - 2008-04-14 00:12 . 2008-04-14 00:12 73796 c:\windows\system32\slserv.exe
    + 2010-12-17 13:23 . 2008-04-14 04:42 73796 c:\windows\system32\slserv.exe
    - 2008-04-14 00:12 . 2008-04-14 00:12 32866 c:\windows\system32\slrundll.exe
    + 2010-12-17 13:23 . 2008-04-14 04:42 32866 c:\windows\system32\slrundll.exe
    + 2010-12-17 13:23 . 2008-04-14 04:42 73832 c:\windows\system32\slcoinst.dll
    - 2008-04-14 00:12 . 2008-04-14 00:12 73832 c:\windows\system32\slcoinst.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 98304 c:\windows\system32\slbiop.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 98304 c:\windows\system32\slbiop.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 25088 c:\windows\system32\slayerxp.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\slayerxp.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 26112 c:\windows\system32\skeys.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 26112 c:\windows\system32\skeys.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 70144 c:\windows\system32\sigverif.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 70144 c:\windows\system32\sigverif.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 13312 c:\windows\system32\sigtab.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 13312 c:\windows\system32\sigtab.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 19456 c:\windows\system32\shutdown.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 19456 c:\windows\system32\shutdown.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 27648 c:\windows\system32\shscrap.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 27648 c:\windows\system32\shscrap.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 77824 c:\windows\system32\shrpubw.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 77824 c:\windows\system32\shrpubw.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 45056 c:\windows\system32\shmgrate.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 45056 c:\windows\system32\shmgrate.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 65024 c:\windows\system32\shimeng.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 65024 c:\windows\system32\shimeng.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 68096 c:\windows\system32\shgina.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 68096 c:\windows\system32\shgina.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\shfolder.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 25088 c:\windows\system32\shfolder.dll
    - 2008-04-14 00:12 . 2008-04-14 00:12 32768 c:\windows\system32\setupn.exe
    + 2010-12-17 13:23 . 2008-04-14 04:42 32768 c:\windows\system32\setupn.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 33792 c:\windows\system32\Setup\tabletoc.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 33792 c:\windows\system32\Setup\tabletoc.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 17408 c:\windows\system32\Setup\ocmsn.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 17408 c:\windows\system32\Setup\ocmsn.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 15360 c:\windows\system32\Setup\ocgen.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 15360 c:\windows\system32\Setup\ocgen.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 62976 c:\windows\system32\Setup
    toc.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 62976 c:\windows\system32\Setup
    toc.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 77312 c:\windows\system32\Setup
    etoc.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 77312 c:\windows\system32\Setup
    etoc.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 15360 c:\windows\system32\Setup\msgrocm.dll
    - 2006-02-28 12:00 . 2008-04-14 00:11 15360 c:\windows\system32\Setup\msgrocm.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 90112 c:\windows\system32\Setup\msdtcstp.dll
    - 2006-02-28 12:00 . 2008-04-14 00:11 90112 c:\windows\system32\Setup\msdtcstp.dll
    + 2006-02-28 12:00 . 2008-04-14 04:41 16896 c:\windows\system32\Setup\medctroc.dll
    - 2006-02-28 12:00 . 2008-04-14 00:11 16896 c:\windows\system32\Setup\medctroc.dll
    + 2006-02-28 12:00 . 2008-04-14 04:41 32828 c:\windows\system32\Setup\fp40ext.dll
    - 2006-02-28 12:00 . 2008-04-14 00:11 32828 c:\windows\system32\Setup\fp40ext.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 23040 c:\windows\system32\setup.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 23040 c:\windows\system32\setup.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 31232 c:\windows\system32\sethc.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 31232 c:\windows\system32\sethc.exe
    - 2010-04-15 23:21 . 2008-04-14 00:12 56320 c:\windows\system32\servdeps.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 56320 c:\windows\system32\servdeps.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 39424 c:\windows\system32\sens.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 39424 c:\windows\system32\sens.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 54784 c:\windows\system32\sendmail.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 54784 c:\windows\system32\sendmail.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 29184 c:\windows\system32\sendcmsg.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 29184 c:\windows\system32\sendcmsg.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\seclogon.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 18944 c:\windows\system32\seclogon.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\secedit.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 18944 c:\windows\system32\secedit.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 29184 c:\windows\system32\sdhcinst.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 29184 c:\windows\system32\sdhcinst.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 77312 c:\windows\system32\sdbinst.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 77312 c:\windows\system32\sdbinst.exe
    + 1998-03-24 20:54 . 1998-03-24 20:54 15872 c:\windows\system32\SCP32.DLL
    - 1998-03-24 19:54 . 1998-03-24 19:54 15872 c:\windows\system32\SCP32.DLL
    + 2006-02-28 12:00 . 2008-04-14 04:42 20480 c:\windows\system32\sclgntfy.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\sclgntfy.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 95744 c:\windows\system32\scardsvr.exe
    + 2010-07-21 06:59 . 2008-04-14 04:42 95744 c:\windows\system32\scardsvr.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 69632 c:\windows\system32\scarddlg.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 69632 c:\windows\system32\scarddlg.dll
    + 2010-07-21 06:59 . 2008-04-14 04:42 13312 c:\windows\system32\savedump.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 13312 c:\windows\system32\savedump.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 64000 c:\windows\system32\samlib.dll
    + 2010-07-21 06:59 . 2008-04-14 04:42 64000 c:\windows\system32\samlib.dll
    - 2010-04-15 23:23 . 2008-04-14 00:12 45568 c:\windows\system32\safrslv.dll
    + 2010-04-15 23:23 . 2008-04-14 04:42 45568 c:\windows\system32\safrslv.dll
    - 2010-04-15 23:23 . 2008-04-14 00:12 29696 c:\windows\system32\safrdm.dll
    + 2010-04-15 23:23 . 2008-04-14 04:42 29696 c:\windows\system32\safrdm.dll
    - 2010-04-15 23:23 . 2008-04-14 00:12 43520 c:\windows\system32\safrcdlg.dll
    + 2010-04-15 23:23 . 2008-04-14 04:42 43520 c:\windows\system32\safrcdlg.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 14336 c:\windows\system32\runonce.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\runonce.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 33280 c:\windows\system32\rundll32.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 33280 c:\windows\system32\rundll32.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 44032 c:\windows\system32\rtutils.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 44032 c:\windows\system32\rtutils.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 31744 c:\windows\system32\rtipxmib.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 31744 c:\windows\system32\rtipxmib.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 77312 c:\windows\system32\rtcshare.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 77312 c:\windows\system32\rtcshare.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 92672 c:\windows\system32\rsvpsp.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 92672 c:\windows\system32\rsvpsp.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 18944 c:\windows\system32\rsmps.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\rsmps.dll
    + 2010-07-21 06:59 . 2008-04-14 04:42 39936 c:\windows\system32\rshx32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 39936 c:\windows\system32\rshx32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 14848 c:\windows\system32\rsh.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 14848 c:\windows\system32\rsh.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 13824 c:\windows\system32\rexec.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 13824 c:\windows\system32\rexec.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 58880 c:\windows\system32\resutils.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 58880 c:\windows\system32\resutils.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 60416 c:\windows\system32\remotepg.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 60416 c:\windows\system32\remotepg.dll
    + 2010-12-17 13:19 . 2006-02-28 12:00 35328 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\processr.sys
    + 2010-12-15 09:41 . 2001-11-09 15:01 24064 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B107327\ativcoxx.dll
    + 2010-12-15 09:41 . 2010-10-27 02:20 17408 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B107327\atitvo32.dll
    + 2010-12-15 09:41 . 2009-06-22 15:34 45056 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B107327\ATIODCLI.exe
    + 2010-12-15 09:41 . 2010-10-27 02:20 64512 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B107327\atimpc32.dll
    + 2010-12-15 09:41 . 2010-10-27 02:27 53248 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B107327\ATIDDC.DLL
    + 2010-12-15 09:41 . 2010-10-27 03:10 57344 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B107327\aticalrt.dll
    + 2010-12-15 09:41 . 2010-10-27 03:10 53248 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B107327\aticalcl.dll
    + 2010-12-15 09:41 . 2010-10-27 02:30 26112 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B107327\Ati2mdxx.exe
    + 2010-12-15 09:41 . 2010-10-27 02:19 53248 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B107327\ati2erec.dll
    + 2010-12-15 09:41 . 2010-10-27 02:30 43520 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B107327\ati2edxx.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 11776 c:\windows\system32\regsvr32.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 11776 c:\windows\system32\regsvr32.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 59904 c:\windows\system32\regsvc.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 59904 c:\windows\system32\regsvc.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 49664 c:\windows\system32\regapi.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 49664 c:\windows\system32\regapi.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\reg.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 50176 c:\windows\system32\reg.exe
    - 2010-04-15 23:21 . 2008-04-14 00:12 67072 c:\windows\system32\rdshost.exe
    + 2010-04-15 23:21 . 2008-04-14 04:42 67072 c:\windows\system32\rdshost.exe
    - 2010-04-15 23:21 . 2008-04-14 00:12 13824 c:\windows\system32\rdsaddin.exe
    + 2010-04-15 23:21 . 2008-04-14 04:42 13824 c:\windows\system32\rdsaddin.exe
    + 2010-04-15 23:21 . 2008-04-14 04:43 87176 c:\windows\system32\rdpwsx.dll
    - 2010-04-15 23:21 . 2008-04-14 00:13 87176 c:\windows\system32\rdpwsx.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 19968 c:\windows\system32\rdpsnd.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 19968 c:\windows\system32\rdpsnd.dll
    - 2006-02-28 12:00 . 2008-04-14 00:13 92424 c:\windows\system32\rdpdd.dll
    + 2006-02-28 12:00 . 2008-04-14 04:43 92424 c:\windows\system32\rdpdd.dll
    + 2010-04-15 23:21 . 2008-04-14 04:42 62976 c:\windows\system32\rdpclip.exe
    - 2010-04-15 23:21 . 2008-04-14 00:12 62976 c:\windows\system32\rdpclip.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 21504 c:\windows\system32\rcp.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 21504 c:\windows\system32\rcp.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 35840 c:\windows\system32\rcimlby.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 35840 c:\windows\system32\rcimlby.exe
    + 2010-07-21 06:59 . 2008-04-14 04:42 58368 c:\windows\system32\rastapi.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 58368 c:\windows\system32\rastapi.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 16384 c:\windows\system32\rassapi.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 16384 c:\windows\system32\rassapi.dll
    - 2008-04-14 00:12 . 2008-04-14 00:12 61952 c:\windows\system32\rasqec.dll
    + 2010-12-17 13:23 . 2008-04-14 04:42 61952 c:\windows\system32\rasqec.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 56832 c:\windows\system32\rasphone.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 56832 c:\windows\system32\rasphone.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 61440 c:\windows\system32\rasman.dll
    + 2010-07-21 06:59 . 2008-04-14 04:42 61440 c:\windows\system32\rasman.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 88576 c:\windows\system32\rasauto.dll
    + 2010-07-21 06:59 . 2008-04-14 04:42 88576 c:\windows\system32\rasauto.dll
    + 2010-04-15 23:23 . 2008-04-14 04:42 43520 c:\windows\system32\racpldlg.dll
    - 2010-04-15 23:23 . 2008-04-14 00:12 43520 c:\windows\system32\racpldlg.dll
    - 2008-04-14 00:12 . 2008-04-14 00:12 76800 c:\windows\system32\qutil.dll
    + 2010-12-17 13:23 . 2008-04-14 04:42 76800 c:\windows\system32\qutil.dll
    - 2010-04-15 23:21 . 2008-04-14 00:12 19968 c:\windows\system32\qprocess.exe
    + 2010-04-15 23:21 . 2008-04-14 04:42 19968 c:\windows\system32\qprocess.exe
    - 2010-04-15 23:23 . 2008-04-14 00:12 18944 c:\windows\system32\qmgrprxy.dll
    + 2010-04-15 23:23 . 2008-04-14 04:42 18944 c:\windows\system32\qmgrprxy.dll
    - 2008-04-14 00:12 . 2008-04-14 00:12 62464 c:\windows\system32\qcliprov.dll
    + 2010-12-17 13:23 . 2008-04-14 04:42 62464 c:\windows\system32\qcliprov.dll
    + 2009-05-11 10:42 . 2009-05-11 10:42 59888 c:\windows\system32\pxwma.dll
    + 2009-04-17 11:28 . 2009-04-17 11:28 68080 c:\windows\system32\pxinsa64.exe
    + 2009-04-17 11:28 . 2009-04-17 11:28 68080 c:\windows\system32\pxcpya64.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 34304 c:\windows\system32\pstorsvc.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 34304 c:\windows\system32\pstorsvc.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 43520 c:\windows\system32\pstorec.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 43520 c:\windows\system32\pstorec.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 96768 c:\windows\system32\psbase.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 96768 c:\windows\system32\psbase.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 23040 c:\windows\system32\psapi.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 23040 c:\windows\system32\psapi.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\proquota.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 50176 c:\windows\system32\proquota.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 27648 c:\windows\system32\profmap.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 27648 c:\windows\system32\profmap.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 17408 c:\windows\system32\powrprof.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 17408 c:\windows\system32\powrprof.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 49152 c:\windows\system32\powercfg.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 49152 c:\windows\system32\powercfg.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 58880 c:\windows\system32\pnrpnsp.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 58880 c:\windows\system32\pnrpnsp.dll
    + 2006-02-28 12:00 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
    - 2006-02-28 12:00 . 2009-03-08 02:31 46592 c:\windows\system32\pngfilt.dll
    + 2004-08-04 00:56 . 2008-04-14 04:42 15360 c:\windows\system32\pjlmon.dll
    - 2004-08-04 00:56 . 2008-04-14 00:12 15360 c:\windows\system32\pjlmon.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 17920 c:\windows\system32\ping.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 17920 c:\windows\system32\ping.exe
    - 2006-02-28 12:00 . 2008-04-14 00:11 24064 c:\windows\system32\pidgen.dll
    + 2006-02-28 12:00 . 2008-04-14 04:41 24064 c:\windows\system32\pidgen.dll
    - 2004-08-04 00:56 . 2008-04-14 00:12 35328 c:\windows\system32\pid.dll
    + 2004-08-04 00:56 . 2008-04-14 04:42 35328 c:\windows\system32\pid.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 34816 c:\windows\system32\perfproc.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 34816 c:\windows\system32\perfproc.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 25088 c:\windows\system32\perfos.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\perfos.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 17920 c:\windows\system32\perfnet.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 17920 c:\windows\system32\perfnet.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 15872 c:\windows\system32\perfmon.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 15872 c:\windows\system32\perfmon.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 26624 c:\windows\system32\perfdisk.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 26624 c:\windows\system32\perfdisk.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 39936 c:\windows\system32\perfctrs.dll
    + 2010-07-21 06:59 . 2008-04-14 04:42 39936 c:\windows\system32\perfctrs.dll
    + 2006-02-28 12:00 . 2010-12-18 18:41 72360 c:\windows\system32\perfc009.dat
    - 2006-02-28 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\pautoenr.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 67584 c:\windows\system32\pautoenr.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 58368 c:\windows\system32\packager.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 58368 c:\windows\system32\packager.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 67584 c:\windows\system32\osuninst.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\osuninst.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 67584 c:\windows\system32\openfiles.exe
    - 2006-02-28 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\openfiles.exe
    + 2010-04-15 23:23 . 2008-04-14 04:42 51200 c:\windows\system32\oobe\oobebaln.exe
    - 2010-04-15 23:23 . 2008-04-14 00:12 51200 c:\windows\system32\oobe\oobebaln.exe
    - 2010-04-15 23:23 . 2008-04-14 00:12 29184 c:\windows\system32\oobe\msoobe.exe
    + 2010-04-15 23:23 . 2008-04-14 04:42 29184 c:\windows\system32\oobe\msoobe.exe
    + 2010-04-15 23:23 . 2008-04-14 04:42 19456 c:\windows\system32\oobe\msobweb.dll
    - 2010-04-15 23:23 . 2008-04-14 00:12 19456 c:\windows\system32\oobe\msobweb.dll
    - 2010-04-15 23:23 . 2008-04-14 00:12 30720 c:\windows\system32\oobe\msobshel.dll
    + 2010-04-15 23:23 . 2008-04-14 04:42 30720 c:\windows\system32\oobe\msobshel.dll
    - 2010-04-15 23:23 . 2008-04-14 00:12 16384 c:\windows\system32\oobe\msobdl.dll
    + 2010-04-15 23:23 . 2008-04-14 04:42 16384 c:\windows\system32\oobe\msobdl.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 84992 c:\windows\system32\olepro32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 84992 c:\windows\system32\olepro32.dll
    + 2010-07-21 06:59 . 2008-04-14 04:42 37376 c:\windows\system32\olecnv32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 37376 c:\windows\system32\olecnv32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 74752 c:\windows\system32\olecli32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 74752 c:\windows\system32\olecli32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 20511 c:\windows\system32\odtext32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 20511 c:\windows\system32\odtext32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 20510 c:\windows\system32\odpdx32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 20510 c:\windows\system32\odpdx32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 20510 c:\windows\system32\odfox32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 20510 c:\windows\system32\odfox32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 20510 c:\windows\system32\odexl32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 20510 c:\windows\system32\odexl32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 20511 c:\windows\system32\oddbse32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 20511 c:\windows\system32\oddbse32.dll
    - 2006-02-28 12:00 . 2008-04-13 17:26 12288 c:\windows\system32\odbcp32r.dll
    + 2006-02-28 12:00 . 2008-04-13 21:56 12288 c:\windows\system32\odbcp32r.dll
    + 2006-02-28 12:00 . 2008-04-14 04:40 53279 c:\windows\system32\odbcji32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:10 53279 c:\windows\system32\odbcji32.dll
    + 2006-02-28 12:00 . 2008-04-13 21:56 94208 c:\windows\system32\odbcint.dll
    - 2006-02-28 12:00 . 2008-04-13 17:26 94208 c:\windows\system32\odbcint.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 65536 c:\windows\system32\odbccu32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 65536 c:\windows\system32\odbccu32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 65536 c:\windows\system32\odbccr32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 65536 c:\windows\system32\odbccr32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 69632 c:\windows\system32\odbcconf.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 69632 c:\windows\system32\odbcconf.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 24576 c:\windows\system32\odbcbcp.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 24576 c:\windows\system32\odbcbcp.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 32768 c:\windows\system32\odbcad32.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 32768 c:\windows\system32\odbcad32.exe
    + 2006-02-28 12:00 . 2008-04-14 04:42 16384 c:\windows\system32\odbc32gt.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 16384 c:\windows\system32\odbc32gt.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\ocmanage.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 67584 c:\windows\system32\ocmanage.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 65536 c:\windows\system32
    wwks.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 65536 c:\windows\system32
    wwks.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 64000 c:\windows\system32
    wapi32.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 64000 c:\windows\system32
    wapi32.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 15360 c:\windows\system32
    tvdmd.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 15360 c:\windows\system32
    tvdmd.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 91136 c:\windows\system32
    tprint.dll
    + 2010-07-21 06:59 . 2008-04-14 04:42 91136 c:\windows\system32
    tprint.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 40960 c:\windows\system32
    tmsapi.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 40960 c:\windows\system32
    tmsapi.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 44032 c:\windows\system32
    tlanman.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 44032 c:\windows\system32
    tlanman.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 67072 c:\windows\system32
    tdsapi.dll
    + 2006-02-28 12:00 . 2008-04-14 04:42 67072 c:\windows\system32
    tdsapi.dll
    - 2006-02-28 12:00 . 2008-04-14 00:12 76800 c:\windows\system32
    slookup.exe
    + 2010-07-21 06:59 . 2008-04-14 04:42 76800 c:\windows\system32
    slookup.exe
    + 2006-02-28



























  • Hoi, je log is niet compleet en wat je gepost is een waslijst geworden!

    Doe het volgende:


    open een nieuw kladblok bestand, via Start>Alle programma’s>Bureau-accessoires>Kladblok.


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:aae80ba7bd]
  • Dit ging niet van harte (nl. in het verleden wel vaker gedaan zònder haperingen) er kwam een mededeling dat ik géén RTF moest gebruiken.
    Alsnog een word-bestand opgeslagen als .rtf, en toen lukte het wel:
    [img:26d15f9dd6]http://i51.tinypic.com/x1d06t.jpg[/img:26d15f9dd6]

    ComboFix 10-12-18.01 - Administrator 19-12-2010 9:35.9.3 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.3327.2719 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Administrator\Desktop\CFScript.txt.rtf
    AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2010-11-19 to 2010-12-19 ))))))))))))))))))))))))))))))
    .

    2010-12-18 09:43 . 2010-12-18 09:43 ——– d—–w- C:\NVIDIA
    2010-12-17 14:39 . 2010-12-17 14:39 ——– d—–w- c:\documents and settings\Administrator\Application Data\Easeware
    2010-12-17 13:56 . 2010-09-18 06:53 974848 -c—-w- c:\windows\system32\dllcache\mfc42.dll
    2010-12-17 13:56 . 2010-09-18 06:53 953856 -c—-w- c:\windows\system32\dllcache\mfc40u.dll
    2010-12-17 13:56 . 2010-08-23 16:12 617472 -c—-w- c:\windows\system32\dllcache\comctl32.dll
    2010-12-17 13:56 . 2010-02-24 13:11 455680 -c—-w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-12-17 13:52 . 2009-12-09 05:53 726528 -c–a-w- c:\windows\system32\dllcache\jscript.dll
    2010-12-17 13:24 . 2009-07-31 08:05 1372672 -c—-w- c:\windows\system32\dllcache\msxml6.dll
    2010-12-17 13:24 . 2008-04-13 21:57 79872 -c—-w- c:\windows\system32\dllcache\msxml6r.dll
    2010-12-17 13:21 . 2010-11-26 04:17 5555712 -c–a-w- c:\windows\system32\dllcache\ati2mtag.sys
    2010-12-17 13:19 . 2006-12-28 23:31 19569 —-a-w- c:\windows\003033_.tmp
    2010-12-17 08:08 . 2010-12-17 17:13 ——– d—–w- C:\Lop SD
    2010-12-16 09:04 . 2010-12-16 09:06 ——– d—–w- c:\documents and settings\All Users\Application Data\Avanquest
    2010-12-16 09:04 . 2010-12-16 09:06 ——– d—–w- c:\documents and settings\Administrator\Application Data\Avanquest
    2010-12-16 08:59 . 2010-12-16 08:59 ——– d—–w- c:\documents and settings\Administrator\Application Data\Registry Mechanic
    2010-12-15 11:43 . 2010-12-15 11:43 ——– d—–w- c:\documents and settings\All Users\Application Data\ATI
    2010-12-14 19:30 . 2010-11-02 15:17 40960 -c—-w- c:\windows\system32\dllcache
    dproxy.sys
    2010-12-14 19:29 . 2010-10-11 14:59 45568 -c—-w- c:\windows\system32\dllcache\wab.exe
    2010-12-14 08:13 . 2010-12-14 08:13 ——– d—–w- c:\program files\Common Files\Skype
    2010-12-14 08:11 . 2010-12-14 08:11 ——– d—–w- c:\program files\Auslogics
    2010-12-13 10:59 . 2010-12-13 11:07 ——– d—–w- c:\documents and settings\Administrator\Application Data\TeamViewer
    2010-12-13 10:59 . 2010-12-13 10:59 ——– d—–w- c:\program files\TeamViewer
    2010-12-12 12:27 . 2010-12-12 12:27 ——– d—–w- c:\program files\ACD
    2010-12-10 10:25 . 2010-12-10 10:25 ——– d—–w- c:\documents and settings\All Users\Application Data\espionServerData
    2010-12-09 17:49 . 2010-12-09 17:49 ——– d—–w- c:\windows\system32\Adobe
    2010-12-08 12:45 . 2001-08-17 21:36 53760 -c–a-w- c:\windows\system32\dllcache\wiamsmud.dll
    2010-12-08 12:44 . 2001-08-17 12:28 794654 -c–a-w- c:\windows\system32\dllcache\usr1801.sys
    2010-12-08 12:43 . 2001-08-17 12:51 4992 -c–a-w- c:\windows\system32\dllcache\toside.sys
    2010-12-08 12:42 . 2001-08-17 21:36 53248 -c–a-w- c:\windows\system32\dllcache\stlncoin.dll
    2010-12-08 12:41 . 2001-08-17 21:36 28672 -c–a-w- c:\windows\system32\dllcache\sma0w.dll
    2010-12-08 12:40 . 2001-08-17 12:51 23936 -c–a-w- c:\windows\system32\dllcache\sccmn50m.sys
    2010-12-08 12:39 . 2001-08-17 12:28 899146 -c–a-w- c:\windows\system32\dllcache\r2mdkxga.sys
    2010-12-08 12:38 . 2001-08-17 13:07 27296 -c–a-w- c:\windows\system32\dllcache\perc2.sys
    2010-12-08 12:37 . 2001-08-17 11:50 39264 -c–a-w- c:\windows\system32\dllcache
    eo20xx.sys
    2010-12-08 12:36 . 2008-04-13 19:46 15232 -c–a-w- c:\windows\system32\dllcache\mpe.sys
    2010-12-08 12:35 . 2001-08-17 21:36 8192 -c–a-w- c:\windows\system32\dllcache\kbdkor.dll
    2010-12-08 12:34 . 2001-08-17 21:36 26624 -c–a-w- c:\windows\system32\dllcache\icam3ext.dll
    2010-12-08 12:33 . 2001-08-17 21:36 93696 -c–a-w- c:\windows\system32\dllcache\hpgt42.dll
    2010-12-08 12:32 . 2001-08-17 21:36 45568 -c–a-w- c:\windows\system32\dllcache\esunib.dll
    2010-12-08 12:31 . 2001-08-17 21:36 6729 -c–a-w- c:\windows\system32\dllcache\disrvci.dll
    2010-12-08 12:30 . 2001-08-17 11:13 164923 -c–a-w- c:\windows\system32\dllcache\diapi2.sys
    2010-12-08 12:29 . 2001-08-17 13:56 66048 -c–a-w- c:\windows\system32\dllcache\s3legacy.dll
    2010-12-08 08:40 . 2010-12-08 08:40 ——– d—–w- c:\program files\ePaperPress
    2010-12-08 08:23 . 2010-12-08 08:23 ——– d—–w- c:\program files\FastStone Image Viewer
    2010-12-07 18:19 . 2010-12-07 18:19 ——– d—–w- c:\documents and settings\All Users\Application Data\ACD Systems
    2010-12-07 13:52 . 2010-12-07 13:52 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\ACDSee
    2010-12-02 18:38 . 2010-12-02 18:38 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\Bibble Labs
    2010-12-02 18:36 . 2010-12-02 18:36 ——– d—–w- c:\program files\Bibble Labs
    2010-12-02 03:35 . 2010-12-02 03:35 4280320 —-a-w- c:\windows\system32\GPhotos.scr
    2010-11-30 08:06 . 2009-06-25 12:20 1446264 —-a-w- c:\program files\Mozilla Firefox\plugins
    pLegitCheckPlugin.dll
    2010-11-29 09:01 . 2010-11-29 09:01 ——– d—–w- c:\documents and settings\Administrator\Application Data\Kalender
    2010-11-26 18:35 . 2010-11-26 18:35 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2010-11-26 18:35 . 2010-11-26 18:35 ——– d—–w- c:\program files\Java
    2010-11-26 11:11 . 2010-11-26 12:00 ——– d—–w- c:\program files\Microsoft Works
    2010-11-26 11:11 . 2010-11-26 11:11 ——– d—–w- c:\windows\SHELLNEW
    2010-11-26 11:10 . 2010-11-26 11:10 ——– d—–w- c:\program files\Microsoft.NET
    2010-11-26 11:08 . 2010-11-26 11:08 ——– d—–r- C:\MSOCache
    2010-11-25 18:09 . 2010-11-29 12:00 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\Hema Fotoalbum
    2010-11-24 12:03 . 2010-11-28 12:53 ——– d—–w- c:\program files\OpenOffice.org 3
    2010-11-21 09:02 . 2010-11-21 09:02 ——– d—–w- c:\documents and settings\All Users\Application Data\IObit

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-13 16:31 . 2010-08-25 07:08 8605 —-a-w- c:\documents and settings\Administrator\Application Data\mdb.bin
    2010-11-29 16:42 . 2010-09-28 18:47 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 16:42 . 2010-09-28 18:47 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-26 18:35 . 2010-07-26 17:34 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2010-11-26 03:57 . 2010-07-21 07:45 16748544 —-a-w- c:\windows\system32\atioglxx.dll
    2010-11-26 03:23 . 2010-07-21 07:45 471040 —-a-w- c:\windows\system32\atiok3x2.dll
    2010-11-26 03:12 . 2010-07-21 07:45 311296 —-a-w- c:\windows\system32\atiiiexx.dll
    2010-11-26 03:07 . 2010-07-21 07:45 57344 —-a-w- c:\windows\system32\aticalrt.dll
    2010-11-26 03:07 . 2010-07-21 07:45 53248 —-a-w- c:\windows\system32\aticalcl.dll
    2010-11-26 03:06 . 2010-07-21 07:45 4489216 —-a-w- c:\windows\system32\aticaldd.dll
    2010-11-26 02:55 . 2010-07-21 07:45 462848 —-a-w- c:\windows\system32\ATIDEMGX.dll
    2010-11-26 02:39 . 2010-07-21 07:45 53248 —-a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-11-26 02:34 . 2010-07-21 07:45 212992 —-a-w- c:\windows\system32\atipdlxx.dll
    2010-11-26 02:34 . 2010-07-21 07:45 155648 —-a-w- c:\windows\system32\Oemdspif.dll
    2010-11-26 02:34 . 2010-07-21 07:45 26112 —-a-w- c:\windows\system32\Ati2mdxx.exe
    2010-11-26 02:34 . 2010-07-21 07:45 43520 —-a-w- c:\windows\system32\ati2edxx.dll
    2010-11-26 02:34 . 2010-07-21 07:45 159744 —-a-w- c:\windows\system32\ati2evxx.dll
    2010-11-26 02:32 . 2010-07-21 07:45 614400 —-a-w- c:\windows\system32\ati2evxx.exe
    2010-11-26 02:31 . 2010-07-21 07:45 53248 —-a-w- c:\windows\system32\ATIDDC.DLL
    2010-11-26 02:30 . 2010-07-21 07:45 143360 —-a-w- c:\windows\system32\atiapfxx.exe
    2010-11-26 02:26 . 2010-07-21 07:45 651264 —-a-w- c:\windows\system32\atikvmag.dll
    2010-11-26 02:24 . 2010-07-21 07:45 196608 —-a-w- c:\windows\system32\atiadlxx.dll
    2010-11-26 02:24 . 2010-07-21 07:45 17408 —-a-w- c:\windows\system32\atitvo32.dll
    2010-11-26 02:16 . 2010-07-21 07:45 64512 —-a-w- c:\windows\system32\atimpc32.dll
    2010-11-26 02:16 . 2010-07-21 07:45 64512 —-a-w- c:\windows\system32\amdpcom32.dll
    2010-11-18 18:12 . 2010-04-15 23:22 81920 —-a-w- c:\windows\system32\isign32.dll
    2010-11-10 15:08 . 2010-11-10 15:08 121080 —-a-w- c:\program files\uninst.exe
    2010-11-10 15:06 . 2010-11-10 15:06 779576 —-a-w- c:\program files\df.exe
    2010-11-10 15:06 . 2010-11-10 15:06 2110776 —-a-w- c:\program files\Defraggler.exe
    2010-11-10 13:54 . 2010-11-10 13:54 400864 —-a-w- c:\windows\system32\drivers\timntr.sys
    2010-11-10 13:54 . 2010-11-10 13:54 32768 —-a-w- c:\windows\system32\drivers\tifsfilt.sys
    2010-11-10 13:54 . 2010-11-10 13:54 120992 —-a-w- c:\windows\system32\drivers\snapman.sys
    2010-11-06 00:26 . 2006-02-28 12:00 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2006-02-28 12:00 43520 ——w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2006-02-28 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2006-02-28 12:00 385024 ——w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2010-07-21 06:59 40960 —-a-w- c:\windows\system32\drivers
    dproxy.sys
    2010-10-28 13:13 . 2006-02-28 12:00 290048 —-a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2010-07-21 06:59 1853312 —-a-w- c:\windows\system32\win32k.sys
    2010-09-30 13:41 . 2010-09-30 13:41 388096 ——r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-09-30 12:01 . 2010-10-22 08:36 17712 —-a-w- c:\windows\system32
    itrolocalui.dll
    2010-09-30 12:01 . 2010-10-22 08:36 26416 —-a-w- c:\windows\system32
    itrolocalmon.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
    "RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoPopUpsOnBoot"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HDDlife.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\HDDlife.lnk
    backup=c:\windows\pss\HDDlife.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2 .lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    2007-08-30 08:44 148760 —-a-w- c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
    2010-03-04 12:31 311296 —-a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
    2010-08-09 12:47 248832 —-a-w- c:\program files\filehippo.com\UpdateChecker.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
    2007-08-20 08:42 495616 —-a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
    2007-06-26 20:10 317440 —-a-w- c:\windows\inf\unregmp2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 09:50 155648 —-a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2010-10-11 15:49 14940040 —-a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2010-11-25 20:32 98304 —-a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2010-08-24 09:38 247144 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "uvnc_service"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [30-8-2010 11:26 40560]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7-4-2010 20:07 114984]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7-4-2010 20:08 95872]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 11:03 169312]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7-4-2010 20:07 810120]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-8-2010 10:38 92008]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [21-7-2010 8:47 77824]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21-7-2010 8:49 1691480]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10-3-2010 7:18 24216]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [30-8-2010 12:42 16472]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [30-8-2010 12:42 11104]
    S4 uvnc_service;uvnc_service;c:\documents and settings\Administrator\Local Settings\Application Data\CrossLoop\winvnc.exe [27-7-2010 9:32 1590216]
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-12-19 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:15]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    Trusted Zone: google.nl\www
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkqhpqx7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-19 09:42
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MailWasher = c:\progra~1\MAILWA~1\MAILWA~1.EXE?

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,8d,89,d2,53,08,a2,4b,b6,e3,c4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,8d,89,d2,53,08,a2,4b,b6,e3,c4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–¤|ÿÿÿÿÀ•¤|ù•A~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(788)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll

    - - - - - - - > 'explorer.exe'(1264)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
    c:\windows\system32\Layout.dll
    c:\program files\ESET\ESET NOD32 Antivirus\shellExt.dll
    c:\program files\7-Zip\7-zip.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\HPZipm12.exe
    c:\windows\RTHDCPL.EXE
    c:\progra~1\MAILWA~1\MAILWA~1.EXE
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-12-19 09:46:21 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-12-19 08:46
    ComboFix2.txt 2010-12-18 18:54

    Pre-Run: 221.588.467.712 bytes free
    Post-Run: 221.567.475.712 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 0637C29F523B50F3E312514FA7969FDD

    hoop dat het iets oplevert?





  • startte om te kijken of combofix het nu spontaan deed, en dat was zo - CF opnieuw op en zag een melding van de niet uitgeschakelde Nod32 een Eicar voorbijkomen. Ik weet dat dat een schijnvirus is, maar voor de aardigheid opende ik eens een logbestand van nod32:
    [img:66c708d694]http://i53.tinypic.com/2d91d92.jpg[/img:66c708d694]
    dat vind ik tamelijk véél!
  • Welke alarmbellen gingen rinkelen bij jouw Eset i.v.m. met die Eicartest?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.