Vraag & Antwoord

Beveiliging & privacy

Scanners vinden niets, maar toch spyware.. + HijackThisLog

Anoniem
juisterr
13 antwoorden
  • Sinds gisteravond heb ik last van pop-ups. Het begon met McAfee die aangaf dat het een trojan had gedetecteerd, namelijk vundo.dll en heeft deze ook gerepareerd. Meteen nadat dat gebeurt was, heb ik McAfee, Spybot S&D en Ad-Aware geupdate. Vervolgens startte ik mijn computer opnieuw op in veilige modus, en heb ik met alledrie de programma’s scans gedaan. Ze hebben behoorlijk wat spyware gevonden, en deze ook verwijderd. Na nog een paar keer scannen vinden ze echter niets meer.

    Nu heb ik dat als ik IE7 opstart, McAfee meteen waarschuwt dat er iets in het register aangepast wordt bij Internet Security Zones, en deze aanpassingen blokkeer ik meteen. Als ik IE afsluit en opnieuw opstart krijg ik de melding weer. Ik heb vervolgens ook nog geprobeerd IE opnieuw te installeren, maar dit heeft niets opgelost.

    Nu weet ik niet meer wat ik moet doen.. De meeste pop-ups zijn van pc-doctor en allemaal andere troep die wil dat ik programma’s installeer, en het begint onderhand behoorlijk frustrerend te worden, vooral omdat ik met McAfee, Spybot en Ad-Aware niets meer kan vinden. Overigens had ik voor gisteravond nooit last van dit soort willekeurige pop-ups, en de pop-ups komen ook voor in Mozilla Firefox.

    Wat me overigens ook is opgevallen is dat bij IE7 de beveiliging van cookies iedere keer vanzelf op laag gezet word.

    Ik heb een HijackThis log gemaakt, zie hieronder. Ik ben echter geen kei in dit soort dingen, dus bedankt voor de hulp alvast ;)

    Logfile of HijackThis v1.99.1
    Scan saved at 13:39:54, on 24-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\DOCUME~1\Ufuk\LOCALS~1\Temp\clclean.0001
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0230Mon.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Documents and Settings\Ufuk\Bureaublad\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114w.bay114.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  • Yep vundo besmetting.


    Download [b:989e4dea54]Combofix[/b:989e4dea54] naar je Bureaublad.
    Dubbelklik [b:989e4dea54]Combofix.exe[/b:989e4dea54]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:989e4dea54]NIET[/b:989e4dea54] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:989e4dea54]combofix.txt[/b:989e4dea54] openen.
    Plaats dit log in je volgende post samen met een nieuw HijackThis log.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • [b:e44c18b295]Combofix log:[/b:e44c18b295]

    "Ufuk" - 2007-05-24 16:44:20 Service Pack 2
    ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\Ufuk\Mijn documenten\ComboFix\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\rcqyqmkj.dll
    C:\WINDOWS\system32\dcbeg.bak1
    C:\WINDOWS\system32\dcbeg.ini
    C:\WINDOWS\system32\dcbeg.bak1
    C:\WINDOWS\system32\dcbeg.ini
    C:\WINDOWS\system32\gebcd.dll
    C:\WINDOWS\system32\qomljkl.dll

    [b:e44c18b295]HijackThis Log:[/b:e44c18b295]

    Logfile of HijackThis v1.99.1
    Scan saved at 16:55:16, on 24-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0230Mon.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\DOCUME~1\Ufuk\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ufuk\Bureaublad\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114w.bay114.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  • Voor goede controle moet ik toch echt het [b:ba22b0624d]"volledige combofixlogje"[/b:ba22b0624d] zien aub.
  • [b:de7c55d358]Volledige log:[/b:de7c55d358]

    "Ufuk" - 2007-05-24 16:44:20 Service Pack 2
    ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\Ufuk\Mijn documenten\ComboFix\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\rcqyqmkj.dll
    C:\WINDOWS\system32\dcbeg.bak1
    C:\WINDOWS\system32\dcbeg.ini
    C:\WINDOWS\system32\dcbeg.bak1
    C:\WINDOWS\system32\dcbeg.ini
    C:\WINDOWS\system32\gebcd.dll
    C:\WINDOWS\system32\qomljkl.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))


    2007-05-24 11:35 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-05-23 23:15 1,310,720 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-05-23 23:15 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
    2007-05-23 23:15 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
    2007-05-23 23:15 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-05-23 23:15 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
    2007-05-23 23:15 <DIR> d——– C:\DOCUME~1\ADMINI~1\Mijn documenten
    2007-05-23 23:15 <DIR> d——– C:\DOCUME~1\ADMINI~1\Favorieten
    2007-05-23 23:15 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
    2007-05-23 23:15 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
    2007-05-15 11:36 <DIR> d——– C:\DOCUME~1\Ufuk\APPLIC~1\Joost
    2007-05-15 11:35 <DIR> d——– C:\Program Files\Joost
    2007-05-09 16:14 <DIR> d——– C:\DOCUME~1\Zeki\APPLIC~1\GrabIt
    2007-05-03 13:46 <DIR> d——– C:\Program Files\TuneUp Utilities 2007
    2007-05-02 21:58 <DIR> d——– C:\Program Files\TomTom DesktopSuite


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-23 21:05:59 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\uTorrent
    2007-05-23 13:17:26 ——– d—–w C:\Program Files\MSN Messenger
    2007-05-23 13:17:26 ——– d—–w C:\Program Files\Messenger Plus! Live
    2007-05-19 17:45:25 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\LimeWire
    2007-05-13 09:22:44 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-05-13 09:21:42 ——– d—–w C:\Program Files\Common Files\PCSuite
    2007-05-09 13:44:43 ——– d—–w C:\Program Files\NewsLeecher
    2007-05-09 13:38:48 ——– d—–w C:\Program Files\GrabIt
    2007-05-07 19:54:40 ——– d—–w C:\Program Files\Microsoft ActiveSync
    2007-05-03 11:45:31 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-04-27 17:18:25 ——– d—–w C:\Program Files\DVD Shrink
    2007-04-19 18:01:43 ——– d—–w C:\Program Files\iTunes
    2007-04-19 18:01:35 ——– d—–w C:\Program Files\iPod
    2007-04-19 18:00:27 ——– d—–w C:\Program Files\Apple Software Update
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-13 10:50:01 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Command & Conquer 3 Tiberium Wars
    2007-04-12 18:52:46 ——– d—–w C:\Program Files\Electronic Arts
    2007-04-10 17:35:18 ——– d—–w C:\Program Files\Common Files\Knowledge Adventure
    2007-04-10 17:35:18 ——– d—–w C:\Program Files\Barbie(TM)
    2007-03-28 17:42:42 29,704 —-a-w C:\WINDOWS\system32\uxtuneup.dll
    2007-03-28 13:58:24 ——– d—–w C:\Program Files\Skype
    2007-03-28 13:58:13 76,582 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-03-28 13:58:13 455,614 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-03-28 13:55:54 ——– d—–w C:\Program Files\EVEREST Ultimate
    2007-03-27 11:13:33 ——– d—–w C:\Program Files\McAfee
    2007-03-27 10:53:49 ——– d—–w C:\Program Files\McAfee.com
    2007-03-27 10:51:31 ——– d—–w C:\Program Files\Common Files\McAfee
    2007-03-25 17:59:18 ——– d—–w C:\Program Files\Palm
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-16 14:17:29 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\NewsLeecher
    2007-03-13 15:26:46 ——– d—–w C:\Program Files\QuickTime
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
    2007-03-06 19:58:31 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Creative
    2007-03-05 20:56:12 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\muvee Technologies
    2007-03-05 15:39:25 50 —-a-w C:\AUTOEXEC.BAT
    2007-03-05 15:39:16 ——– d—–w C:\Program Files\muvee Technologies
    2007-03-05 15:37:54 ——– d—–w C:\Program Files\SightSpeed
    2007-03-05 15:36:48 ——– d—–w C:\Program Files\Creative
    2007-02-18 18:50:40 3,909 —-a-w C:\WINDOWS\mozver.dat
    2007-02-05 20:20:07 185,344 —-a-w C:\WINDOWS\system32\upnphost.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 16:02]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56]
    "mnu"="C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 19:54]
    "MBMon"="CTMBHA.DLL" [2005-05-19 04:54 C:\WINDOWS\system32\CTMBHA.DLL]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 10:47]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
    "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 02:11]
    "V0230Mon.exe"="C:\WINDOWS\V0230Mon.exe" [2006-09-07 02:01]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mnu"="C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 19:54]
    "SetDefaultMIDI"="MIDIDef.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-02-05 17:40]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "UpdReg"=C:\WINDOWS\UpdReg.EXE
    "SigmatelSysTrayApp"=stsystra.exe
    "VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "MWLExe"=C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
    UxTuneUp


    Contents of the 'Scheduled Tasks' folder
    2007-05-18 15:15:01 C:\WINDOWS\tasks\1-Click Maintenance.job
    2007-03-27 10:50:49 C:\WINDOWS\tasks\McDefragTask.job
    2007-03-27 10:50:48 C:\WINDOWS\tasks\McQcTask.job

    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-24 16:48:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-24 16:51:26 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-05-24 16:51

    — E O F —
    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\rcqyqmkj.dll
    C:\WINDOWS\system32\dcbeg.bak1
    C:\WINDOWS\system32\dcbeg.ini
    C:\WINDOWS\system32\dcbeg.bak1
    C:\WINDOWS\system32\dcbeg.ini
    C:\WINDOWS\system32\gebcd.dll
    C:\WINDOWS\system32\qomljkl.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 24-0-01-07 to 24-05-2007 ))))))))))))))))))))))))))))))))))


    24-05-2007 16:51 49.152 –a—— C:\WINDOWS\nircmd.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-23 21:05:59 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\uTorrent
    2007-05-23 13:17:26 ——– d—–w C:\Program Files\MSN Messenger
    2007-05-23 13:17:26 ——– d—–w C:\Program Files\Messenger Plus! Live
    2007-05-19 17:45:25 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\LimeWire
    2007-05-13 09:22:44 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-05-13 09:21:42 ——– d—–w C:\Program Files\Common Files\PCSuite
    2007-05-09 13:44:43 ——– d—–w C:\Program Files\NewsLeecher
    2007-05-09 13:38:48 ——– d—–w C:\Program Files\GrabIt
    2007-05-07 19:54:40 ——– d—–w C:\Program Files\Microsoft ActiveSync
    2007-05-03 11:45:31 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-04-27 17:18:25 ——– d—–w C:\Program Files\DVD Shrink
    2007-04-19 18:01:43 ——– d—–w C:\Program Files\iTunes
    2007-04-19 18:01:35 ——– d—–w C:\Program Files\iPod
    2007-04-19 18:00:27 ——– d—–w C:\Program Files\Apple Software Update
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-13 10:50:01 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Command & Conquer 3 Tiberium Wars
    2007-04-12 18:52:46 ——– d—–w C:\Program Files\Electronic Arts
    2007-04-10 17:35:18 ——– d—–w C:\Program Files\Common Files\Knowledge Adventure
    2007-04-10 17:35:18 ——– d—–w C:\Program Files\Barbie(TM)
    2007-03-28 17:42:42 29,704 —-a-w C:\WINDOWS\system32\uxtuneup.dll
    2007-03-28 13:58:24 ——– d—–w C:\Program Files\Skype
    2007-03-28 13:58:13 76,582 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-03-28 13:58:13 455,614 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-03-28 13:55:54 ——– d—–w C:\Program Files\EVEREST Ultimate
    2007-03-27 11:13:33 ——– d—–w C:\Program Files\McAfee
    2007-03-27 10:53:49 ——– d—–w C:\Program Files\McAfee.com
    2007-03-27 10:51:31 ——– d—–w C:\Program Files\Common Files\McAfee
    2007-03-25 17:59:18 ——– d—–w C:\Program Files\Palm
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-16 14:17:29 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\NewsLeecher
    2007-03-13 15:26:46 ——– d—–w C:\Program Files\QuickTime
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
    2007-03-06 19:58:31 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Creative
    2007-03-05 20:56:12 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\muvee Technologies
    2007-03-05 15:39:25 50 —-a-w C:\AUTOEXEC.BAT
    2007-03-05 15:39:16 ——– d—–w C:\Program Files\muvee Technologies
    2007-03-05 15:37:54 ——– d—–w C:\Program Files\SightSpeed
    2007-03-05 15:36:48 ——– d—–w C:\Program Files\Creative
    2007-03-02 12:16:52 109,608 —-a-w C:\WINDOWS\system32\drivers\Mpfp.sys
    2007-03-02 11:08:08 ——– d—–w C:\Program Files\Windows Media Connect 2
    2007-02-18 18:50:40 3,909 —-a-w C:\WINDOWS\mozver.dat
    2007-02-14 13:39:10 ——– d—–w C:\Program Files\DivX
    2007-02-13 17:56:54 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Ahead
    2007-02-09 11:10:35 574,464 —-a-w C:\WINDOWS\system32\drivers\ntfs.sys
    2007-02-05 20:20:07 185,344 —-a-w C:\WINDOWS\system32\upnphost.dll
    2007-02-01 04:56:06 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-02-01 04:56:05 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-02-01 04:56:05 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-02-01 04:56:04 639,066 —-a-w C:\WINDOWS\system32\DivX.dll
    2007-01-31 21:27:01 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2007-01-30 23:15:10 118,784 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-01-30 05:03:40 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-01-30 05:03:26 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-01-30 05:03:26 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-01-30 04:56:56 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-01-30 04:56:56 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-01-30 04:56:54 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-01-30 04:56:52 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-01-30 04:56:52 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-01-30 04:56:52 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-01-30 04:56:52 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-01-30 04:56:52 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-01-26 01:19:00 36,624 ——w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-01-26 01:19:00 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2007-01-26 01:19:00 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2007-01-26 01:19:00 116,472 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2007-01-22 11:55:32 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\AdobeUM
    2007-01-19 11:53:04 51,056 —-a-w C:\WINDOWS\system32\sirenacm.dll
    2007-01-10 15:48:16 ——– d—–w C:\Program Files\Microsoft Works
    2007-01-10 15:43:58 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\OfficeUpdate12
    2007-01-06 14:07:38 ——– d—–w C:\Program Files\Microsoft.NET
    2006-12-22 14:02:40 71,496 —-a-w C:\WINDOWS\system32\drivers\mfeavfk.sys
    2006-12-22 14:02:34 37,480 —-a-w C:\WINDOWS\system32\drivers\mfesmfk.sys
    2006-12-22 14:02:34 34,184 —-a-w C:\WINDOWS\system32\drivers\mfebopk.sys
    2006-12-22 14:02:34 32,008 —-a-w C:\WINDOWS\system32\drivers\mferkdk.sys
    2006-12-22 14:02:34 170,408 —-a-w C:\WINDOWS\system32\drivers\mfehidk.sys
    2006-12-12 16:24:42 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2006-12-04 14:21:50 414,720 —-a-w C:\WINDOWS\system32\msscp.dll
    2006-11-30 16:15:11 ——– d—–w C:\Program Files\PC Connectivity Solution
    2006-11-29 11:06:18 3,426,072 —-a-w C:\WINDOWS\system32\d3dx9_32.dll
    2006-11-19 13:57:45 ——– d—–w C:\Program Files\ATI Technologies
    2006-11-16 18:47:22 524,288 —-a-w C:\WINDOWS\opuc.dll
    2006-11-16 16:03:46 ——– d—–w C:\Program Files\Common Files\NSV
    2006-11-16 14:24:54 ——– d—–w C:\Program Files\DAEMON Tools
    2006-11-16 14:21:36 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\ATI
    2006-11-09 16:30:58 163,644 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2006-11-08 05:07:53 679,424 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:32:17 ——– d–h–r C:\DOCUME~1\Ufuk\APPLIC~1\SecuROM
    2006-11-07 19:03:36 413,696 —-a-w C:\WINDOWS\system32\vbscript.dll
    2006-11-07 19:03:36 156,160 —-a-w C:\WINDOWS\system32\msls31.dll
    2006-11-07 01:26:44 71,680 —-a-w C:\WINDOWS\system32\admparse.dll
    2006-11-07 01:26:42 55,296 —-a-w C:\WINDOWS\system32\iesetup.dll
    2006-11-01 19:19:10 927,504 —-a-w C:\WINDOWS\system32\mfc40u.dll
    2006-10-31 15:19:00 28,104 —-a-w C:\DOCUME~1\Ufuk\APPLIC~1\GDIPFONTCACHEV1.DAT
    2006-10-29 13:26:18 ——– d—–w C:\Program Files\Atomic Clock Sync
    2006-10-26 15:00:41 98,304 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
    2006-10-26 13:34:29 ——– d—–w C:\Program Files\LimeWire
    2006-10-26 13:06:35 ——– d—–w C:\Program Files\Common Files\InstallShield
    2006-10-26 13:00:11 271,360 —-a-w C:\WINDOWS\system32\drivers\atksgt.sys
    2006-10-26 13:00:11 18,048 —-a-w C:\WINDOWS\system32\drivers\lirsgt.sys
    2006-10-22 19:59:18 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Lavasoft
    2006-10-22 19:58:22 ——– d—–w C:\Program Files\Lavasoft RegHance
    2006-10-22 19:57:45 ——– d—–w C:\Program Files\Lavasoft
    2006-10-22 19:24:07 ——– d—–w C:\Program Files\SigmaTel
    2006-10-22 19:03:30 ——– d—–w C:\Program Files\Common Files\Real
    2006-10-22 18:03:06 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Real
    2006-10-20 12:51:48 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Google
    2006-10-20 12:51:18 ——– d—–w C:\Program Files\Google
    2006-10-20 01:39:56 714,752 —-a-w C:\WINDOWS\system32\sxs.dll
    2006-10-19 19:38:28 831,048 —-a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
    2006-10-19 16:15:19 ——– d—–w C:\Program Files\Common Files\Ahead
    2006-10-18 22:04:54 42,496 ——w C:\WINDOWS\system32\wpdshextres.dll
    2006-10-18 21:58:00 8,704 —-a-w C:\WINDOWS\system32\wdfmgr.exe
    2006-10-18 21:58:00 8,704 —-a-w C:\WINDOWS\system32\uwdf.exe
    2006-10-18 21:47:22 767,488 ——w C:\WINDOWS\system32\WMVSENCD.dll
    2006-10-18 21:47:22 656,896 ——w C:\WINDOWS\system32\WMVXENCD.dll
    2006-10-18 21:47:22 63,488 —-a-w C:\WINDOWS\system32\wpdmtpus.dll
    2006-10-18 21:47:22 629,760 —-a-w C:\WINDOWS\system32\wpd_ci.dll
    2006-10-18 21:47:22 603,648 —-a-w C:\WINDOWS\system32\WMSPDMOD.dll
    2006-10-18 21:47:22 4,096 —-a-w C:\WINDOWS\system32\wmvdmoe2.dll
    2006-10-18 21:47:22 4,096 —-a-w C:\WINDOWS\system32\wmvdmod.dll
    2006-10-18 21:47:22 4,096 —-a-w C:\WINDOWS\system32\WMVADVE.DLL
    2006-10-18 21:47:22 4,096 —-a-w C:\WINDOWS\system32\WMVADVD.dll
    2006-10-18 21:47:22 4,096 —-a-w C:\WINDOWS\system32\wmsdmoe2.dll
    2006-10-18 21:47:22 4,096 —-a-w C:\WINDOWS\system32\wmsdmod.dll
    2006-10-18 21:47:22 356,352 —-a-w C:\WINDOWS\system32\wpdsp.dll
    2006-10-18 21:47:22 35,840 —-a-w C:\WINDOWS\system32\wpdconns.dll
    2006-10-18 21:47:22 2,603,008 ——w C:\WINDOWS\system32\WpdShext.dll
    2006-10-18 21:47:22 154,624 —-a-w C:\WINDOWS\system32\wpdmtp.dll
    2006-10-18 21:47:22 133,632 ——w C:\WINDOWS\system32\WPDShServiceObj.dll
    2006-10-18 21:47:22 1,574,912 ——w C:\WINDOWS\system32\WMVENCOD.dll
    2006-10-18 21:47:22 1,543,680 ——w C:\WINDOWS\system32\WMVDECOD.dll
    2006-10-18 21:47:22 1,382,912 ——w C:\WINDOWS\system32\WMVSDECD.dll
    2006-10-18 21:47:22 1,329,152 —-a-w C:\WINDOWS\system32\WMSPDMOE.dll
    2006-10-18 21:47:20 99,840 —-a-w C:\WINDOWS\system32\wmpshell.dll
    2006-10-18 21:47:20 937,984 —-a-w C:\WINDOWS\system32\WMNetMgr.dll
    2006-10-18 21:47:20 8,231,936 —-a-w C:\WINDOWS\system32\wmploc.dll
    2006-10-18 21:47:20 613,376 ——w C:\WINDOWS\system32\wmpmde.dll
    2006-10-18 21:47:20 535,040 ——w C:\WINDOWS\system32\wmdrmsdk.dll
    2006-10-18 21:47:20 348,672 —-a-w C:\WINDOWS\system32\wmdrmnet.dll
    2006-10-18 21:47:20 314,880 —-a-w C:\WINDOWS\system32\wmpdxm.dll
    2006-10-18 21:47:20 295,936 ——w C:\WINDOWS\system32\wmpeffects.dll
    2006-10-18 21:47:20 242,688 —-a-w C:\WINDOWS\system32\wmpasf.dll
    2006-10-18 21:47:20 227,328 —-a-w C:\WINDOWS\system32\wmerror.dll
    2006-10-18 21:47:20 204,288 —-a-w C:\WINDOWS\system32\wmpsrcwp.dll
    2006-10-18 21:47:20 157,184 —-a-w C:\WINDOWS\system32\wmidx.dll
    2006-10-18 21:47:20 130,048 ——w C:\WINDOWS\system32\wmpps.dll
    2006-10-18 21:47:20 1,661,440 —-a-w C:\WINDOWS\system32\wmpencen.dll
    2006-10-18 21:47:18 757,248 —-a-w C:\WINDOWS\system32\wmadmod.dll
    2006-10-18 21:47:18 429,056 —-a-w C:\WINDOWS\system32\wmdrmdev.dll
    2006-10-18 21:47:18 4,096 —-a-w C:\WINDOWS\system32\wdfapi.dll
    2006-10-18 21:47:18 37,376 —-a-w C:\WINDOWS\system32\wmdmps.dll
    2006-10-18 21:47:18 33,792 —-a-w C:\WINDOWS\system32\wmdmlog.dll
    2006-10-18 21:47:18 284,160 ——w C:\WINDOWS\system32\PortableDeviceApi.dll
    2006-10-18 21:47:18 222,208 —-a-w C:\WINDOWS\system32\wmasf.dll
    2006-10-18 21:47:18 211,456 —-a-w C:\WINDOWS\system32\qasf.dll
    2006-10-18 21:47:18 199,168 ——w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
    2006-10-18 21:47:18 166,912 ——w C:\WINDOWS\system32\PortableDeviceTypes.dll
    2006-10-18 21:47:18 132,096 ——w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
    2006-10-18 21:47:18 101,888 ——w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
    2006-10-18 21:47:18 1,117,696 —-a-w C:\WINDOWS\system32\WMADMOE.dll
    2006-10-18 21:47:16 321,536 —-a-w C:\WINDOWS\system32\mswmdm.dll
    2006-10-18 21:47:16 27,136 —-a-w C:\WINDOWS\system32\mspmsnsv.dll
    2006-10-18 21:47:16 179,712 —-a-w C:\WINDOWS\system32\msnetobj.dll
    2006-10-18 21:47:16 175,616 —-a-w C:\WINDOWS\system32\mspmsp.dll
    2006-10-18 21:47:14 4,096 —-a-w C:\WINDOWS\system32\MPG4DMOD.dll
    2006-10-18 21:47:14 4,096 —-a-w C:\WINDOWS\system32\MP4SDMOD.dll
    2006-10-18 21:47:14 4,096 —-a-w C:\WINDOWS\system32\MP43DMOD.dll
    2006-10-18 21:47:14 317,440 ——w C:\WINDOWS\system32\MP4SDECD.dll
    2006-10-18 21:47:14 259,072 ——w C:\WINDOWS\system32\MPG4DECD.dll
    2006-10-18 21:47:14 259,072 ——w C:\WINDOWS\system32\MP43DECD.dll
    2006-10-18 21:47:14 212,992 ——w C:\WINDOWS\system32\MFPLAT.dll
    2006-10-18 21:47:14 11,264 —-a-w C:\WINDOWS\system32\LAPRXY.dll
    2006-10-18 21:47:10 991,744 —-a-w C:\WINDOWS\system32\drmv2clt.dll
    2006-10-18 21:47:10 542,720 —-a-w C:\WINDOWS\system32\blackbox.dll
    2006-10-18 21:47:10 229,376 —-a-w C:\WINDOWS\system32\cewmdm.dll
    2006-10-18 21:47:08 7,168 —-a-w C:\WINDOWS\system32\asferror.dll
    2006-10-18 21:47:08 276,992 —-a-w C:\WINDOWS\system32\audiodev.dll
    2006-10-18 20:03:58 100,864 —-a-w C:\WINDOWS\system32\logagent.exe
    2006-10-18 20:00:46 249,856 ——w C:\WINDOWS\system32\drmupgds.exe
    2006-10-18 20:00:14 17,408 ——w C:\WINDOWS\system32\wpdshextautoplay.exe
    2006-10-18 20:00:00 38,528 —-a-w C:\WINDOWS\system32\drivers\wpdusb.sys
    2006-10-17 10:06:00 78,336 —-a-w C:\WINDOWS\system32\ieencode.dll
    2006-10-17 10:05:10 40,960 —-a-w C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 10:03:56 17,408 —-a-w C:\WINDOWS\system32\corpol.dll
    2006-10-17 09:57:58 36,352 —-a-w C:\WINDOWS\system32\imgutil.dll
    2006-10-17 09:56:10 45,568 —-a-w C:\WINDOWS\system32\mshta.exe
    2006-10-17 09:28:56 48,128 —-a-w C:\WINDOWS\system32\mshtmler.dll
    2006-10-16 16:16:24 124,928 —-a-w C:\WINDOWS\system32\oledlg.dll
    2006-10-14 08:13:25 981,760 —-a-w C:\WINDOWS\system32\mfc42u.dll
    2006-10-13 12:41:32 65,536 —-a-w C:\WINDOWS\system32\nwwks.dll
    2006-10-13 12:41:32 64,000 —-a-w C:\WINDOWS\system32\nwapi32.dll
    2006-10-13 12:41:32 144,384 —-a-w C:\WINDOWS\system32\nwprovau.dll
    2006-10-13 10:34:36 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Apple Computer
    2006-10-13 10:23:15 163,584 —-a-w C:\WINDOWS\system32\drivers\nwrdr.sys
    2006-10-12 22:10:06 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Hamachi
    2006-10-12 16:12:36 15,440 —-a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2006-10-10 07:54:30 50,688 —-a-w C:\WINDOWS\system32\nmwcdcls.dll
    2006-10-04 18:18:15 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\DivX
    2006-10-03 18:47:52 109,360 —-a-w C:\WINDOWS\system32\GEARAspi.dll
    2006-10-03 16:46:25 ——– d—–w C:\Program Files\Common Files\Adobe Systems Shared
    2006-10-02 14:28:42 312,128 ——w C:\WINDOWS\system32\msdelta.dll
    2006-10-01 12:30:59 14 —-a-w C:\WINDOWS\system32\SysEngineDrive1.sys
    2006-10-01 12:27:55 ——– d—–w C:\Program Files\BlazeVideo
    2006-10-01 10:01:06 ——– d—–w C:\Program Files\QuickPar
    2006-09-29 00:01:00 500,480 —-a-w C:\WINDOWS\system32\drivers\V0230VID.sys
    2006-09-29 00:01:00 36,864 —-a-w C:\WINDOWS\system32\V0230Pin.dll
    2006-09-28 18:44:50 ——– d—–w C:\Program Files\SlySoft
    2006-09-28 18:25:22 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\SlySoft
    2006-09-28 18:15:28 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\PC Suite
    2006-09-28 18:10:03 ——– d—–w C:\Program Files\Garmin
    2006-09-28 16:36:37 ——– d—–w C:\Program Files\DIFX
    2006-09-28 15:05:56 237,848 —-a-w C:\WINDOWS\system32\xactengine2_4.dll
    2006-09-28 15:05:20 2,414,360 —-a-w C:\WINDOWS\system32\d3dx9_31.dll
    2006-09-28 15:04:02 68,888 —-a-w C:\WINDOWS\system32\xinput1_3.dll
    2006-09-28 15:03:28 15,128 —-a-w C:\WINDOWS\system32\x3daudio1_1.dll
    2006-09-27 17:01:02 ——– d—–w C:\Program Files\FTDv3.7.3
    2006-09-27 14:24:53 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\TuneUp Software
    2006-09-27 13:19:37 ——– d—–w C:\Program Files\Nero
    2006-09-27 13:05:18 ——– d—–w C:\Program Files\Jasc Software Inc
    2006-09-27 12:47:48 ——– d—–w C:\Program Files\Gabest
    2006-09-26 21:06:49 ——– d—–w C:\Program Files\Messenger
    2006-09-26 20:32:54 ——– d—–w C:\Program Files\Common Files\ODBC
    2006-09-26 20:32:51 ——– d—–w C:\Program Files\Common Files\SpeechEngines
    2006-09-26 20:25:21 ——– d—–w C:\Program Files\Trust
    2006-09-26 20:01:18 ——– d—–w C:\DOCUME~1\Ufuk\APPLIC~1\Help
    2006-09-26 19:29:42 ——– d—–w C:\Program Files\Viruz-V
    2006-09-26 19:26:13 611,064 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
    2006-09-26 19:20:20 ——– d—–w C:\Program Files\Orange
    2006-09-26 19:17:47 ——– d—–w C:\Program Files\SAGEM
    2006-09-26 19:12:44 ——– d—–w C:\Program Files\Common Files\Creative Labs Shared
    2006-09-26 19:05:04 ——– d—–w C:\Program Files\Dell Photo Printer 720
    2006-09-26 19:04:30 ——– d—–w C:\Program Files\Dell 720
    2006-09-26 18:50:05 ——– d—–w C:\Program Files\Intel
    2006-09-26 18:47:48 ——– d—–w C:\Program Files\Dell
    2006-09-26 18:41:46 ——– d—–w C:\Program Files\microsoft frontpage
    2006-09-26 18:41:34 0 –sha-r C:\MSDOS.SYS
    2006-09-26 18:41:34 0 –sha-r C:\IO.SYS
    2006-09-26 18:41:34 0 —-a-w C:\CONFIG.SYS
    2006-09-26 18:40:36 ——– d–h–w C:\Program Files\WindowsUpdate
    2006-09-26 18:40:35 ——– d—–w C:\Program Files\Online Services
    2006-09-26 18:39:47 ——– d—–w C:\Program Files\Common Files\MSSoap
    2006-09-26 18:39:38 ——– d—–w C:\Program Files\Movie Maker
    2006-09-26 18:38:54 21,748 —-a-w C:\WINDOWS\system32\emptyregdb.dat
    2006-09-26 18:38:44 ——– d—–w C:\Program Files\MSN Gaming Zone
    2006-09-26 18:38:35 ——– d—–w C:\Program Files\Windows NT
    2006-09-22 00:01:00 294,912 —-a-w C:\WINDOWS\system32\V0230CVW.dll
    2006-09-19 14:44:04 15,664 —-a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2006-09-16 02:02:34 23,856 —-a-w C:\WINDOWS\system32\spupdsvc.exe
    2006-09-15 22:30:16 87,040 ——w C:\WINDOWS\system32\WUDFCoinstaller.dll
    2006-09-15 22:30:16 55,296 ——w C:\WINDOWS\system32\WudfSvc.dll
    2006-09-15 22:30:16 308,224 ——w C:\WINDOWS\system32\WUDFx.dll
    2006-09-15 22:30:06 142,848 ——w C:\WINDOWS\system32\WudfHost.exe
    2006-09-15 21:30:10 82,688 ——w C:\WINDOWS\system32\drivers\WudfRd.sys
    2006-09-15 21:29:54 163,840 ——w C:\WINDOWS\system32\WudfPlatform.dll
    2006-09-15 21:29:52 76,544 ——w C:\WINDOWS\system32\drivers\WudfPf.sys
    2006-09-13 05:07:10 1,084,416 —-a-w C:\WINDOWS\system32\msxml3.dll
    2006-09-13 00:01:00 126,976 —-a-w C:\WINDOWS\system32\V0230Vfw.dll
    2006-09-07 00:01:00 32,768 —-a-w C:\WINDOWS\V0230Mon.exe
    2006-08-25 15:51:55 617,472 —-a-w C:\WINDOWS\system32\comctl32.dll
    2006-08-25 03:47:00 2,560 ——w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2006-08-25 03:47:00 2,432 ——w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2006-08-24 12:19:52 246,814 —-a-w C:\WINDOWS\system32\strmdll.dll
    2006-08-24 12:18:10 499,254 —-a-w C:\WINDOWS\system32\dxmasf.dll
    2006-08-21 12:28:04 16,896 —-a-w C:\WINDOWS\system32\fltlib.dll
    2006-08-21 09:14:58 23,040 —-a-w C:\WINDOWS\system32\fltmc.exe
    2006-08-21 09:14:58 128,896 —-a-w C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-08-17 12:30:16 727,040 —-a-w C:\WINDOWS\system32\lsasrv.dll
    2006-08-17 12:30:16 132,096 —-a-w C:\WINDOWS\system32\wkssvc.dll
    2006-08-16 11:59:42 100,352 —-a-w C:\WINDOWS\system32\6to4svc.dll
    2006-08-16 09:37:30 225,664 —-a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2006-08-14 10:34:41 332,928 —-a-w C:\WINDOWS\system32\drivers\srv.sys
    2006-08-11 00:01:00 32,768 —-a-w C:\WINDOWS\system32\V0230Hwx.dll
    2006-07-28 08:30:32 236,824 —-a-w C:\WINDOWS\system32\xactengine2_3.dll
    2006-07-28 08:30:14 62,744 —-a-w C:\WINDOWS\system32\xinput1_2.dll
    2006-07-21 08:29:40 72,704 —-a-w C:\WINDOWS\system32\hlink.dll
    2006-07-14 15:29:44 966,656 —-a-w C:\WINDOWS\UNRecode.exe
    2006-07-14 15:29:44 966,656 —-a-w C:\WINDOWS\UNNeroShowTime.exe
    2006-07-14 15:29:44 966,656 —-a-w C:\WINDOWS\UNNeroMediaHome.exe
    2006-07-14 15:29:44 966,656 —-a-w C:\WINDOWS\UNNeroBackItUp.exe
    2006-07-13 08:48:58 202,240 —-a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2006-06-29 07:05:44 26,112 ——w C:\WINDOWS\system32\idndl.dll
    2006-06-29 07:05:44 23,552 ——w C:\WINDOWS\system32\normaliz.dll
    2006-06-28 16:59:26 24,576 ——w C:\WINDOWS\system32\nlsdl.dll
    2006-06-22 05:17:19 1,440,768 —-a-w C:\WINDOWS\system32\query.dll
    2006-06-22 05:17:18 69,120 —-a-w C:\WINDOWS\system32\ciodm.dll
    2006-06-16 10:30:54 90,112 —-a-w C:\WINDOWS\CtDrvIns.exe
    2006-06-14 09:00:45 82,944 —-a-w C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-06-14 08:47:46 6,400 —-a-w C:\WINDOWS\system32\drivers\splitter.sys
    2006-06-14 08:47:45 172,416 —-a-w C:\WINDOWS\system32\drivers\kmixer.sys
    2006-05-15 14:24:50 86,880 —-a-w C:\WINDOWS\system32\drivers\WscNetDr.sys
    2006-05-05 09:47:57 174,592 —-a-w C:\WINDOWS\system32\drivers\rdbss.sys
    2006-05-05 09:41:45 453,120 —-a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
    2006-04-20 11:51:50 359,808 —-a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2006-04-10 16:05:10 104,576 —-a-w C:\WINDOWS\system32\drivers\wceusbsh.sys
    2006-03-24 04:40:00 49,152 —-a-w C:\WINDOWS\system32\wdigest.dll
    2006-03-24 00:00:00 6,272 —-a-w C:\WINDOWS\system32\drivers\V0230Vfx.sys
    2006-03-17 00:38:01 28,672 ——w C:\WINDOWS\system32\verclsid.exe
    2006-03-17 00:33:10 262,784 —-a-w C:\WINDOWS\system32\drivers\http.sys
    2006-03-16 00:00:00 9,216 —-a-w C:\WINDOWS\V0230Cfg.exe
    2006-03-16 00:00:00 8,192 —-a-w C:\WINDOWS\system32\V0230Srv.exe
    2006-03-01 19:44:36 956,416 —-a-w C:\WINDOWS\system32\msdtctm.dll
    2006-03-01 19:44:36 91,136 —-a-w C:\WINDOWS\system32\mtxoci.dll
    2006-03-01 19:44:36 66,560 —-a-w C:\WINDOWS\system32\mtxclu.dll
    2006-03-01 19:44:36 426,496 —-a-w C:\WINDOWS\system32\msdtcprx.dll
    2006-03-01 19:44:36 161,280 —-a-w C:\WINDOWS\system32\msdtcuiu.dll
    2006-03-01 19:44:36 11,776 —-a-w C:\WINDOWS\system32\xolehlp.dll
    2006-02-15 00:22:26 142,464 —-a-w C:\WINDOWS\system32\drivers\aec.sys
    2006-01-04 03:36:30 68,096 —-a-w C:\WINDOWS\system32\webclnt.dll
    2005-12-01 12:31:38 1,645,320 —-a-w C:\WINDOWS\system32\gdiplus.dll
    2005-10-21 01:47:05 12,800 —-a-w C:\WINDOWS\system32\drivers\usb8023.sys
    2005-10-21 01:47:05 12,800 ——w C:\WINDOWS\system32\drivers\usb8023x.sys
    2005-10-21 01:47:04 30,592 —-a-w C:\WINDOWS\system32\drivers\rndismp.sys
    2005-10-21 01:47:04 30,592 ——w C:\WINDOWS\system32\drivers\rndismpx.sys
    2005-10-20 22:31:13 1,092,096 —-a-w C:\WINDOWS\system32\esent.dll
    2005-10-18 09:08:04 349,760 —-a-w C:\WINDOWS\system32\mcinsctl.dll
    2005-10-17 21:21:57 80,896 —-a-w C:\WINDOWS\system32\fontsub.dll
    2005-10-17 21:21:57 118,272 —-a-w C:\WINDOWS\system32\t2embed.dll
    2005-09-23 05:28:56 32,768 —-a-w C:\WINDOWS\system32\netfxperf.dll
    2005-09-23 05:28:52 74,240 —-a-w C:\WINDOWS\system32\mscories.dll
    2005-09-23 05:28:52 270,848 —-a-w C:\WINDOWS\system32\mscoree.dll
    2005-09-23 05:28:52 150,016 —-a-w C:\WINDOWS\system32\mscorier.dll
    2005-09-23 05:28:38 83,456 —-a-w C:\WINDOWS\system32\dfshim.dll
    2005-09-21 10:14:32 1,350,784 —-a-w C:\WINDOWS\system32\drivers\sigfilt.sys
    2005-09-10 01:55:37 2,067,968 —-a-w C:\WINDOWS\system32\cdosys.dll
    2005-09-01 02:28:26 19,968 —-a-w C:\WINDOWS\system32\linkinfo.dll
    2005-08-30 03:56:40 1,291,264 —-a-w C:\WINDOWS\system32\quartz.dll
    2005-08-23 03:40:36 124,416 —-a-w C:\WINDOWS\system32\umpnpmgr.dll
    2005-08-22 18:36:16 197,632 —-a-w C:\WINDOWS\system32\netman.dll
    2005-08-17 06:41:08 1,022,040 —-a-w C:\WINDOWS\system32\drivers\sthda.sys
    2005-08-15 10:08:26 5,888 —-a-w C:\WINDOWS\system32\drivers\imagedrv.sys
    2005-08-15 10:08:26 127,488 —-a-w C:\WINDOWS\system32\drivers\imagesrv.sys
    2005-08-05 20:05:00 516,096 ——w C:\WINDOWS\system32\ati2sgag.exe
    2005-08-04 01:07:56 307,200 —-a-w C:\WINDOWS\system32\atiiiexx.dll
    2005-08-04 00:27:54 249,856 —-a-w C:\WINDOWS\system32\ATIDEMGR.dll
    2005-08-03 23:46:26 6,684,672 —-a-w C:\WINDOWS\system32\atioglx1.dll
    2005-08-03 22:28:52 5,005,312 —-a-w C:\WINDOWS\system32\atioglxx.dll
    2005-08-03 22:10:38 205,312 ——w C:\WINDOWS\system32\ati2dvag.dll
    2005-08-03 22:10:18 1,273,344 —-a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2005-08-03 22:04:56 106,496 —-a-w C:\WINDOWS\system32\atipdlxx.dll
    2005-08-03 22:04:42 73,728 —-a-w C:\WINDOWS\system32\Oemdspif.dll
    2005-08-03 22:04:34 25,088 —-a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2005-08-03 22:04:28 39,936 —-a-w C:\WINDOWS\system32\ati2edxx.dll
    2005-08-03 22:04:18 46,080 —-a-w C:\WINDOWS\system32\ati2evxx.dll
    2005-08-03 22:02:58 380,928 —-a-w C:\WINDOWS\system32\ati2evxx.exe
    2005-08-03 22:02:32 53,248 —-a-w C:\WINDOWS\system32\ATIDDC.DLL
    2005-08-03 21:54:08 2,365,472 ——w C:\WINDOWS\system32\ati3duag.dll
    2005-08-03 21:47:08 639,872 ——w C:\WINDOWS\system32\ativvaxx.dll
    2005-08-03 21:34:12 147,456 —-a-w C:\WINDOWS\system32\atikvmag.dll
    2005-08-03 21:08:22 17,408 —-a-w C:\WINDOWS\system32\atitvo32.dll
    2005-08-03 21:02:26 212,992 ——w C:\WINDOWS\system32\ati2cqag.dll
    2005-07-26 04:42:48 75,264 —-a-w C:\WINDOWS\system32\olecli32.dll
    2005-07-26 04:42:48 540,160 —-a-w C:\WINDOWS\system32\comuid.dll
    2005-07-26 04:42:48 397,824 —-a-w C:\WINDOWS\system32\rpcss.dll
    2005-07-26 04:42:48 37,888 —-a-w C:\WINDOWS\system32\olecnv32.dll
    2005-07-26 04:42:48 243,200 —-a-w C:\WINDOWS\system32\es.dll
    2005-07-26 04:42:48 101,376 —-a-w C:\WINDOWS\system32\txflog.dll
    2005-07-26 04:42:48 1,284,608 —-a-w C:\WINDOWS\system32\ole32.dll
    2005-07-26 04:42:48 1,267,200 —-a-w C:\WINDOWS\system32\comsvcs.dll
    2005-07-26 04:42:47 97,792 —-a-w C:\WINDOWS\system32\comrepl.dll
    2005-07-26 04:42:47 625,152 —-a-w C:\WINDOWS\system32\catsrvut.dll
    2005-07-26 04:42:47 60,416 —-a-w C:\WINDOWS\system32\colbact.dll
    2005-07-26 04:42:47 498,688 —-a-w C:\WINDOWS\system32\clbcatq.dll
    2005-07-26 04:42:47 225,792 —-a-w C:\WINDOWS\system32\catsrv.dll
    2005-07-26 04:42:47 110,080 —-a-w C:\WINDOWS\system32\clbcatex.dll
    2005-07-14 02:26:16 155,648 —-a-w C:\WINDOWS\system32\stacapi.dll
    2005-07-14 02:23:38 109,056 —-a-w C:\WINDOWS\system32\staco.dll
    2005-07-08 16:29:37 249,344 —-a-w C:\WINDOWS\system32\tapisrv.dll
    2005-07-07 00:07:00 36,864 —-a-w C:\WINDOWS\system32\CtCamMgr.dll
    2005-06-29 01:53:10 74,240 —-a-w C:\WINDOWS\system32\mscms.dll
    2005-06-29 01:53:10 254,976 —-a-w C:\WINDOWS\system32\icm32.dll
    2005-06-17 05:33:40 872,064 —-a-w C:\WINDOWS\system32\drivers\iaStor.sys
    2005-06-15 17:51:07 295,936 —-a-w C:\WINDOWS\system32\kerberos.dll
    2005-06-10 23:53:32 57,856 —-a-w C:\WINDOWS\system32\spoolsv.exe
    2005-06-10 15:59:16 95,617 —-a-w C:\WINDOWS\system32\atiicdxx.dat
    2005-06-10 04:11:54 139,528 —-a-w C:\WINDOWS\system32\drivers\rdpwd.sys
    2005-05-27 02:08:56 41,472 —-a-w C:\WINDOWS\system32\hhsetup.dll
    2005-05-27 02:08:56 155,136 —-a-w C:\WINDOWS\system32\itircl.dll
    2005-05-27 02:08:56 137,216 —-a-w C:\WINDOWS\system32\itss.dll
    2005-05-26 23:22:01 10,752 —-a-w C:\WINDOWS\hh.exe
    2005-05-26 14:34:52 2,297,552 —-a-w C:\WINDOWS\system32\d3dx9_26.dll
    2005-05-26 02:16:34 466,200 —-a-w C:\WINDOWS\system32\wuapi.dll
    2005-05-26 02:16:34 194,840 —-a-w C:\WINDOWS\system32\wuaueng1.dll
    2005-05-26 02:16:34 174,360 —-a-w C:\WINDOWS\system32\wuauclt1.exe
    2005-05-26 02:16:34 128,280 —-a-w C:\WINDOWS\system32\wucltui.dll
    2005-05-26 02:16:34 125,208 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2005-05-26 02:16:30 41,240 —-a-w C:\WINDOWS\system32\wups.dll
    2005-05-26 02:16:30 18,200 —-a-w C:\WINDOWS\system32\wups2.dll
    2005-05-26 02:16:30 173,536 —-a-w C:\WINDOWS\system32\wuweb.dll
    2005-05-26 02:16:30 1,343,768 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2005-05-26 02:16:24 75,544 —-a-w C:\WINDOWS\system32\cdm.dll
    2005-05-26 02:16:24 198,424 —-a-w C:\WINDOWS\system32\iuengine.dll
    2005-05-25 09:34:00 158,464 —-a-w C:\WINDOWS\system32\drivers\CTUSFSYN.SYS
    2005-05-24 17:23:32 288,320 —-a-w C:\WINDOWS\system32\mcgdmgr.dll
    2005-05-19 02:54:00 1,345,520 —-a-w C:\WINDOWS\system32\CTMBHA.DLL
    2005-05-11 02:31:47 79,360 —-a-w C:\WINDOWS\system32\telnet.exe
    2005-05-04 12:45:36 884,736 —-a-w C:\WINDOWS\system32\msimsg.dll
    2005-05-04 12:45:36 78,848 —-a-w C:\WINDOWS\system32\msiexec.exe
    2005-05-04 12:45:36 271,360 —-a-w C:\WINDOWS\system32\msihnd.dll
    2005-05-04 12:45:36 15,360 —-a-w C:\WINDOWS\system32\msisip.dll
    2005-03-31 15:04:52 180,736 —-a-w C:\WINDOWS\system32\drivers\e1e5132.sys
    2005-03-30 01:26:44 88,960 —-a-w C:\WINDOWS\system32\drivers\NvAtaBus.sys
    2005-03-30 01:26:44 68,992 —-a-w C:\WINDOWS\system32\drivers\nvraid.sys
    2005-03-30 01:25:51 39,904 —-a-w C:\WINDOWS\system32\drivers\cercsr6.sys
    2005-03-30 01:25:24 4,627 —-a-w C:\WINDOWS\system32\oembios.dat
    2005-03-30 01:25:24 13,107,200 —-a-w C:\WINDOWS\system32\oembios.bin
    2005-03-22 10:20:44 339,968 —-a-w C:\WINDOWS\stsystra.exe
    2005-03-17 21:39:56 1,146,320 —-a-w C:\WINDOWS\system32\FM20.DLL
    2005-03-10 09:49:42 17,408 —-a-w C:\WINDOWS\system32\EtCoInst.dll
    2005-03-09 14:22:52 126,976 —-a-w C:\WINDOWS\system32\Prounstl.exe
    2005-03-09 14:21:40 163,840 —-a-w C:\WINDOWS\system32\e1000msg.dll
    2005-03-09 03:01:00 51,712 —-a-w C:\WINDOWS\system32\CISETUP.DLL
    2005-03-08 16:26:28 23,040 —-a-w C:\WINDOWS\system32\IntelNic.dll
    2005-03-02 18:19:18 56,832 —-a-w C:\WINDOWS\system32\authz.dll
    2005-02-23 06:36:00 132,608 —-a-w C:\WINDOWS\system32\CtDvInst.dll
    2005-02-16 13:18:04 90,184 —-a-w C:\WINDOWS\system32\NeroCo.dll
    2005-02-16 12:41:48 20,480 —-a-w C:\WINDOWS\MBDEF.EXE
    2005-01-28 11:32:44 258,296 —-a-w C:\WINDOWS\system32\drmclien.dll
    2005-01-28 06:53:22 96,768 —-a-w C:\WINDOWS\system32\drmstor.dll
    2005-01-28 06:52:52 20,480 —-a-w C:\WINDOWS\system32\wmpui.dll
    2005-01-28 06:52:52 20,480 —-a-w C:\WINDOWS\system32\wmpcore.dll
    2005-01-28 06:52:52 20,480 —-a-w C:\WINDOWS\system32\wmpcd.dll
    2005-01-27 23:36:26 331,776 —-a-w C:\WINDOWS\system32\wpdmtpdr.dll
    2005-01-27 23:36:16 10,752 —-a-w C:\WINDOWS\system32\wpdtrace.dll
    2005-01-10 10:15:00 20,992 —-a-w C:\WINDOWS\system32\SFMAN32.DLL
    2005-01-10 10:15:00 138,752 —-a-w C:\WINDOWS\system32\drivers\CTSFM2K.SYS
    2005-01-10 10:15:00 115,200 —-a-w C:\WINDOWS\system32\SFMS32.DLL
    2005-01-10 10:15:00 106,496 —-a-w C:\WINDOWS\system32\drivers\CTOSS2K.SYS
    2005-01-06 07:54:24 57,344 —-a-w C:\WINDOWS\system32\dlbccinf.dll
    2005-01-06 07:54:14 49,152 —-a-w C:\WINDOWS\system32\dlbccoin.dll
    2005-01-06 07:20:46 73,728 —-a-w C:\WINDOWS\system32\dlbcpwr.dll
    2004-12-22 10:40:02 24,576 —-a-w C:\WINDOWS\MIDIDEF.EXE
    2004-12-07 19:34:27 96,768 —-a-w C:\WINDOWS\system32\srvsvc.dll
    2004-11-17 17:43:32 352,768 —-a-w C:\WINDOWS\system32\hypertrm.dll
    2004-10-25 19:02:00 21,664 —-a-w C:\WINDOWS\system32\drivers\Entech.sys
    2004-10-19 08:07:22 9,728 ——w C:\WINDOWS\system32\drivers\PfModNT.sys
    2004-09-29 22:28:37 134,912 —-a-w C:\WINDOWS\system32\drivers\ipnat.sys
    2004-08-12 15:45:54 137,728 ——w C:\WINDOWS\system32\drivers\Hdaudbus.sys
    2004-08-12 15:45:52 61,952 ——w C:\WINDOWS\system32\Hdaudpropshortcut.exe
    2004-08-12 15:45:52 24,064 ——w C:\WINDOWS\system32\Hdaudprop.dll
    2004-08-12 15:45:52 113,664 ——w C:\WINDOWS\system32\drivers\Hdaudio.sys
    2004-08-12 15:45:42 5,120 ——w C:\WINDOWS\system32\Hdaudpropres.dll
    2004-08-04 12:00:00 999,936 —-a-w C:\WINDOWS\system32\setupapi.dll
    2004-08-04 12:00:00 999,424 —-a-w C:\WINDOWS\system32\msgina.dll
    2004-08-04 12:00:00 993,280 —-a-w C:\WINDOWS\system32\syssetup.dll
    2004-08-04 12:00:00 99,840 —-a-w C:\WINDOWS\system32\winscard.dll
    2004-08-04 12:00:00 99,328 —-a-w C:\WINDOWS\system32\loadperf.dll
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\slbiop.dll
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\scardsvr.exe
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\rtm.dll
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\psbase.dll
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\odbcint.dll
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\cscript.exe
    2004-08-04 12:00:00 98,304 —-a-w C:\WINDOWS\system32\ahui.exe
    2004-08-04 12:00:00 98,278 —-a-w C:\WINDOWS\system32\eventquery.vbs
    2004-08-04 12:00:00 97,280 —-a-w C:\WINDOWS\system32\dpcdll.dll
    2004-08-04 12:00:00 96,256 —-a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
    2004-08-04 12:00:00 96,256 —-a-w C:\WINDOWS\system32\drivers\scsiport.sys
    2004-08-04 12:00:00 95,744 —-a-w C:\WINDOWS\system32\mqsec.dll
    2004-08-04 12:00:00 94,784 —-a-w C:\WINDOWS\twain.dll
    2004-08-04 12:00:00 94,282 —-a-w C:\WINDOWS\system32\msencode.dll
    2004-08-04 12:00:00 94,208 —-a-w C:\WINDOWS\system32\tscfgwmi.dll
    2004-08-04 12:00:00 937,984 —-a-w C:\WINDOWS\system32\winbrand.dll
    2004-08-04 12:00:00 93,696 —-a-w C:\WINDOWS\system32\wlnotify.dll
    2004-08-04 12:00:00 93,184 —-a-w C:\WINDOWS\system32\dskquota.dll
    2004-08-04 12:00:00 924,432 —-a-w C:\WINDOWS\system32\mfc40.dll
    2004-08-04 12:00:00 92,384 —-a-w C:\WINDOWS\system32\krnl386.exe
    2004-08-04 12:00:00 92,168 —-a-w C:\WINDOWS\system32\rdpdd.dll
    2004-08-04 12:00:00 92,160 —-a-w C:\WINDOWS\system32\smlogsvc.exe
    2004-08-04 12:00:00 92,160 —-a-w C:\WINDOWS\system32\ntprint.dll
    2004-08-04 12:00:00 92,032 —-a-w C:\WINDOWS\system32\drivers\ksecdd.sys
    2004-08-04 12:00:00 91,776 —-a-w C:\WINDOWS\system32\drivers\ndiswan.sys
    2004-08-04 12:00:00 91,648 —-a-w C:\WINDOWS\system32\xactsrv.dll
    2004-08-04 12:00:00 91,136 —-a-w C:\WINDOWS\system32\mydocs.dll
    2004-08-04 12:00:00 90,624 —-a-w C:\WINDOWS\system32\trkwks.dll
    2004-08-04 12:00:00 90,112 —-a-w C:\WINDOWS\system32\rsvpsp.dll
    2004-08-04 12:00:00 90,112 —-a-w C:\WINDOWS\system32\mycomput.dll
    2004-08-04 12:00:00 9,936 —-a-w C:\WINDOWS\system32\lzexpand.dll
    2004-08-04 12:00:00 9,728 —-a-w C:\WINDOWS\system32\sprestrt.exe
    2004-08-04 12:00:00 9,728 —-a-w C:\WINDOWS\system32\rsvpperf.dll
    2004-08-04 12:00:00 9,728 —-a-w C:\WINDOWS\system32\reset.exe
    2004-08-04 12:00:00 9,728 —-a-w C:\WINDOWS\system32\proxycfg.exe
    2004-08-04 12:00:00 9,728 —-a-w C:\WINDOWS\system32\label.exe
    2004-08-04 12:00:00 9,728 —-a-w C:\WINDOWS\system32\finger.exe
    2004-08-04 12:00:00 9,600 —-a-w C:\WINDOWS\system32\drivers\ndistapi.sys
    2004-08-04 12:00:00 9,600 —-a-w C:\WINDOWS\system32\drivers\hidusb.sys
    2004-08-04 12:00:00 9,344 —-a-w C:\WINDOWS\system32\vga.dll
    2004-08-04 12:00:00 9,344 —-a-w C:\WINDOWS\system32\framebuf.dll
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\wshatm.dll
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\winfax.dll
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\wifeman.dll
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\subst.exe
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\scrnsave.scr
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\print.exe
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\lprmonui.dll
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\iissuba.dll
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\find.exe
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\eventvwr.exe
    2004-08-04 12:00:00 9,216 —-a-w C:\WINDOWS\system32\diskcomp.com
    2004-08-04 12:00:00 9,040 —-a-w C:\WINDOWS\system32\ver.dll
    2004-08-04 12:00:00 9,029 —-a-w C:\WINDOWS\system32\ansi.sys
    2004-08-04 12:00:00 89,600 —-a-w C:\WINDOWS\system32\langwrbk.dll
    2004-08-04 12:00:00 89,088 —-a-w C:\WINDOWS\system32\rasauto.dll
    2004-08-04 12:00:00 89,088 —-a-w C:\WINDOWS\system32\mqlogmgr.dll
    2004-08-04 12:00:00 882 —-a-w C:\WINDOWS\system32\share.exe
    2004-08-04 12:00:00 882 —-a-w C:\WINDOWS\system32\fastopen.exe
    2004-08-04 12:00:00 881,152 —-a-w C:\WINDOWS\system32\netplwiz.dll
    2004-08-04 12:00:00 88,576 —-a-w C:\WINDOWS\system32\netsh.exe
    2004-08-04 12:00:00 88,576 —-a-w C:\WINDOWS\system32\fldrclnr.dll
    2004-08-04 12:00:00 88,448 —-a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
    2004-08-04 12:00:00 88,064 —-a-w C:\WINDOWS\system32\p2pnetsh.dll
    2004-08-04 12:00:00 87,176 —-a-w C:\WINDOWS\system32\rdpwsx.dll
    2004-08-04 12:00:00 87,040 —-a-w C:\WINDOWS\system32\mprapi.dll
    2004-08-04 12:00:00 86,556 —-a-w C:\WINDOWS\system32\dgsetup.dll
    2004-08-04 12:00:00 86,528 —-a-w C:\WINDOWS\system32\iassam.dll
    2004-08-04 12:00:00 86,073 —-a-w C:\WINDOWS\system32\usrfaxa.dll
    2004-08-04 12:00:00 86,016 —-a-w C:\WINDOWS\system32\p2pgasvc.dll
    2004-08-04 12:00:00 86,016 —-a-w C:\WINDOWS\system32\msapsspc.dll
    2004-08-04 12:00:00 86,016 —-a-w C:\WINDOWS\system32\isign32.dll
    2004-08-04 12:00:00 86,016 —-a-w C:\WINDOWS\system32\ipxmontr.dll
    2004-08-04 12:00:00 859,648 —-a-w C:\WINDOWS\system32\tapi3.dll
    2004-08-04 12:00:00 85,504 —-a-w C:\WINDOWS\system32\makecab.exe
    2004-08-04 12:00:00 85,504 —-a-w C:\WINDOWS\system32\diantz.exe
    2004-08-04 12:00:00 85,504 —-a-w C:\WINDOWS\system32\catsrvps.dll
    2004-08-04 12:00:00 85,504 —-a-w C:\WINDOWS\system32\cabview.dll
    2004-08-04 12:00:00 85,504 —-a-w C:\WINDOWS\system32\avifil32.dll
    2004-08-04 12:00:00 847,872 —-a-w C:\WINDOWS\system32\dbgeng.dll
    2004-08-04 12:00:00 84,992 —-a-w C:\WINDOWS\system32\mciavi32.dll
    2004-08-04 12:00:00 831,519 —-a-w C:\WINDOWS\system32\mswdat10.dll
    2004-08-04 12:00:00 83,456 —-a-w C:\WINDOWS\system32\olepro32.dll
    2004-08-04 12:00:00 83,456 —-a-w C:\WINDOWS\system32\dpvsetup.exe
    2004-08-04 12:00:00 825,344 —-a-w C:\WINDOWS\system32\d3dim700.dll
    2004-08-04 12:00:00 822,784 —-a-w C:\WINDOWS\system32\comres.dll
    2004-08-04 12:00:00 82,944 —-a-w C:\WINDOWS\system32\ws2_32.dll
    2004-08-04 12:00:00 82,944 —-a-w C:\WINDOWS\system32\tapiui.dll
    2004-08-04 12:00:00 82,944 —-a-w C:\WINDOWS\system32\olecli.dll
    2004-08-04 12:00:00 82,432 —-a-w C:\WINDOWS\system32\ufat.dll
    2004-08-04 12:00:00 82,432 —-a-w C:\WINDOWS\system32\dmscript.dll
    2004-08-04 12:00:00 82,432 —-a-w C:\WINDOWS\system32\dfrgfat.exe
    2004-08-04 12:00:00 817 —-a-w C:\WINDOWS\system32\mscdexnt.exe
    2004-08-04 12:00:00 815,104 —-a-w C:\WINDOWS\system32\mmc.exe
    2004-08-04 12:00:00 81,920 —-a-w C:\WINDOWS\system32\ils.dll
    2004-08-04 12:00:00 81,920 —-a-w C:\WINDOWS\system32\fsusd.dll
    2004-08-04 12:00:00 81,408 —-a-w C:\WINDOWS\system32\wscsvc.dll
    2004-08-04 12:00:00 81,408 —-a-w C:\WINDOWS\system32\netui0.dll
    2004-08-04 12:00:00 800,000 —-a-w C:\WINDOWS\system32\drivers\dmboot.sys
    2004-08-04 12:00:00 80,896 —-a-w C:\WINDOWS\system32\faultrep.dll
    2004-08-04 12:00:00 80,896 —-a-w C:\WINDOWS\system32\charmap.exe
    2004-08-04 12:00:00 80,896 —-a-w C:\WINDOWS\system32\autodisc.dll
    2004-08-04 12:00:00 80,384 —-a-w C:\WINDOWS\system32\iccvid.dll
    2004-08-04 12:00:00 80,384 —-a-w C:\WINDOWS\system32\eventtriggers.exe
    2004-08-04 12:00:00 80,384 —-a-w C:\WINDOWS\system32\drivers\parport.sys
    2004-08-04 12:00:00 8,832 —-a-w C:\WINDOWS\system32\drivers\rasacd.sys
    2004-08-04 12:00:00 8,704 —-a-w C:\WINDOWS\system32\lpr.exe
    2004-08-04 12:00:00 8,704 —-a-w C:\WINDOWS\system32\hostname.exe
    2004-08-04 12:00:00 8,704 —-a-w C:\WINDOWS\system32\dciman32.dll
    2004-08-04 12:00:00 8,704 —-a-w C:\WINDOWS\system32\batt.dll
    2004-08-04 12:00:00 8,488 —-a-w C:\WINDOWS\system32\exe2bin.exe
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\winhlp32.exe
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\streamci.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\smbinst.exe
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\qosname.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\psnppagn.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\ntlsapi.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\mqperf.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\mountvol.exe
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\mciole16.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\mag_hook.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\igmpagnt.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\d3d8thk.dll
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\control.exe
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\cidaemon.exe
    2004-08-04 12:00:00 8,192 —-a-w C:\WINDOWS\system32\bitsprx2.dll
    2004-08-04 12:00:00 8,192 —-a-r C:\WINDOWS\system32\kbdhept.dll
    2004-08-04 12:00:00 79,872 —-a-w C:\WINDOWS\system32\tlntsess.exe
    2004-08-04 12:00:00 79,744 —-a-w C:\WINDOWS\system32\drivers\videoprt.sys
    2004-08-04 12:00:00 78,336 —-a-w C:\WINDOWS\system32\unimdmat.dll
    2004-08-04 12:00:00 78,336 —-a-w C:\WINDOWS\system32\shrpubw.exe
    2004-08-04 12:00:00 78,336 —-a-w C:\WINDOWS\system32\sdbinst.exe
    2004-08-04 12:00:00 78,336 —-a-w C:\WINDOWS\system32\rtcshare.exe
    2004-08-04 12:00:00 78,336 —-a-w C:\WINDOWS\system32\browsewm.dll
    2004-08-04 12:00:00 772,608 —-a-w C:\WINDOWS\system32\winntbbu.dll
    2004-08-04 12:00:00 77,891 —-a-w C:\WINDOWS\system32\usrmlnka.exe
    2004-08-04 12:00:00 77,890 —-a-w C:\WINDOWS\system32\usrdpa.dll
    2004-08-04 12:00:00 77,883 —-a-w C:\WINDOWS\system32\usrrtosa.dll
    2004-08-04 12:00:00 77,824 —-a-w C:\WINDOWS\system32\cliconfg.dll
    2004-08-04 12:00:00 77,312 —-a-w C:\WINDOWS\system32\gcdef.dll
    2004-08-04 12:00:00 77,312 —-a-w C:\WINDOWS\system32\browser.dll
    2004-08-04 12:00:00 76,800 —-a-w C:\WINDOWS\system32\nslookup.exe
    2004-08-04 12:00:00 76,800 —-a-w C:\WINDOWS\system32\dhcpsapi.dll
    2004-08-04 12:00:00 76,288 —-a-w C:\WINDOWS\system32\mmcbase.dll
    2004-08-04 12:00:00 755,200 —-a-w C:\WINDOWS\system32\ir50_32.dll
    2004-08-04 12:00:00 75,776 —-a-w C:\WINDOWS\system32\wiascr.dll
    2004-08-04 12:00:00 75,776 —-a-w C:\WINDOWS\system32\strmfilt.dll
    2004-08-04 12:00:00 75,776 —-a-w C:\WINDOWS\system32\cryptdlg.dll
    2004-08-04 12:00:00 75,264 —-a-w C:\WINDOWS\system32\locator.exe
    2004-08-04 12:00:00 75,264 —-a-w C:\WINDOWS\system32\inetpp.dll
    2004-08-04 12:00:00 741 —-a-w C:\WINDOWS\system32\noise.dat
    2004-08-04 12:00:00 74,752 —-a-w C:\WINDOWS\system32\tlntsvr.exe
    2004-08-04 12:00:00 74,752 —-a-w C:\WINDOWS\system32\spoolss.dll
    2004-08-04 12:00:00 74,752 —-a-w C:\WINDOWS\system32\fdeploy.dll
    2004-08-04 12:00:00 74,752 —-a-w C:\WINDOWS\system32\drivers\ipsec.sys
    2004-08-04 12:00:00 733,696 —-a-w C:\WINDOWS\system32\qedwipes.dll
    2004-08-04 12:00:00 73,802 —-a-w C:\WINDOWS\system32\msrclr40.dll
    2004-08-04 12:00:00 73,728 —-a-w C:\WINDOWS\system32\tasklist.exe
    2004-08-04 12:00:00 73,728 —-a-w C:\WINDOWS\system32\taskkill.exe
    2004-08-04 12:00:00 73,728 —-a-w C:\WINDOWS\system32\icwdial.dll
    2004-08-04 12:00:00 73,728 —-a-w C:\WINDOWS\system32\csseqchk.dll
    2004-08-04 12:00:00 73,472 —-a-w C:\WINDOWS\system32\drivers\sr.sys
    2004-08-04 12:00:00 73,216 —-a-w C:\WINDOWS\system32\msaudite.dll
    2004-08-04 12:00:00 73,216 —-a-w C:\WINDOWS\system32\magnify.exe
    2004-08-04 12:00:00 73,216 —-a-w C:\WINDOWS\system32\avwav.dll
    2004-08-04 12:00:00 729,088 —-a-w C:\WINDOWS\system32\ntdll.dll
    2004-08-04 12:00:00 728,576 —-a-w C:\WINDOWS\system32\userenv.dll
    2004-08-04 12:00:00 72,960 —-a-w C:\WINDOWS\system32\drivers\mqac.sys
    2004-08-04 12:00:00 72,704 —-a-w C:\WINDOWS\system32\msw3prt.dll
    2004-08-04 12:00:00 72,192 —-a-w C:\WINDOWS\system32\sprio800.dll
    2004-08-04 12:00:00 72,192 —-a-w C:\WINDOWS\system32\dsdmoprp.dll
    2004-08-04 12:00:00 713,728 —-a-w C:\WINDOWS\system32\opengl32.dll
    2004-08-04 12:00:00 71,680 —-a-w C:\WINDOWS\system32\ssdpsrv.dll
    2004-08-04 12:00:00 71,680 —-a-w C:\WINDOWS\system32\msacm32.dll
    2004-08-04 12:00:00 71,680 —-a-w C:\WINDOWS\system32\blastcln.exe
    2004-08-04 12:00:00 71,552 —-a-w C:\WINDOWS\system32\drivers\bridge.sys
    2004-08-04 12:00:00 71,168 —-a-w C:\WINDOWS\system32\sigverif.exe
    2004-08-04 12:00:00 71,040 —-a-w C:\WINDOWS\system32\drivers\dxg.sys
    2004-08-04 12:00:00 71,006 —-a-w C:\WINDOWS\system32\edit.com
    2004-08-04 12:00:00 708,608 —-a-w C:\WINDOWS\system32\ss3dfo.scr
    2004-08-04 12:00:00 707 —-a-w C:\WINDOWS\_default.pif
    2004-08-04 12:00:00 701,440 —-a-w C:\WINDOWS\system32\msxml2.dll
    2004-08-04 12:00:00 70,656 —-a-w C:\WINDOWS\system32\sprio600.dll
    2004-08-04 12:00:00 70,656 —-a-w C:\WINDOWS\system32\scarddlg.dll
    2004-08-04 12:00:00 70,656 —-a-w C:\WINDOWS\system32\ipxpromn.dll
    2004-08-04 12:00:00 70,656 —-a-w C:\WINDOWS\system32\ifsutil.dll
    2004-08-04 12:00:00 70,656 —-a-w C:\WINDOWS\system32\amstream.dll
    2004-08-04 12:00:00 70,192 —-a-w C:\WINDOWS\system32\mmsystem.dll
    2004-08-04 12:00:00 70,144 —-a-w C:\WINDOWS\system32\systeminfo.exe
    2004-08-04 12:00:00 70,144 —-a-w C:\WINDOWS\system32\notepad.exe
    2004-08-04 12:00:00 70,144 —-a-w C:\WINDOWS\system32\avicap.dll
    2004-08-04 12:00:00 70,144 —-a-w C:\WINDOWS\NOTEPAD.EXE
    2004-08-04 12:00:00 7,936 —-a-w C:\WINDOWS\system32\drivers\fs_rec.sys
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\vcdex.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\ncxpnt.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\mll_mtf.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\mciole32.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\kbdsmsno.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\kbdsmsfi.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\kbdcan.dll
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\drivers\mcd.sys
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\ckcnv.exe
    2004-08-04 12:00:00 7,680 —-a-w C:\WINDOWS\system32\chcp.com
    2004-08-04 12:00:00 7,424 —-a-w C:\WINDOWS\system32\kd1394.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\wshnetbs.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\tlntsvrp.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\recover.exe
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\msr2cenu.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\mscat32.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\kbdukx.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\kbdno1.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\kbdnec.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\kbdfi1.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\hccoin.dll
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\forcedos.exe
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\diskcopy.com
    2004-08-04 12:00:00 7,168 —-a-w C:\WINDOWS\system32\bitsprx3.dll
    2004-08-04 12:00:00 7,168 —-a-r C:\WINDOWS\system32\kbdcz.dll
    2004-08-04 12:00:00 7,084 —-a-w C:\WINDOWS\system32\nlsfunc.exe
    2004-08-04 12:00:00 7,040 —-a-w C:\WINDOWS\system32\kdcom.dll
    2004-08-04 12:00:00 69,700 —-a-w C:\WINDOWS\system32\usrshuta.exe
    2004-08-04 12:00:00 69,699 —-a-w C:\WINDOWS\system32\usrcoina.dll
    2004-08-04 12:00:00 69,632 —-a-w C:\WINDOWS\system32\spnike.dll
    2004-08-04 12:00:00 69,632 —-a-w C:\WINDOWS\system32\raschap.dll
    2004-08-04 12:00:00 69,632 —-a-w C:\WINDOWS\system32\openfiles.exe
    2004-08-04 12:00:00 69,632 —-a-w C:\WINDOWS\system32\odbcconf.exe
    2004-08-04 12:00:00 69,632 —-a-w C:\WINDOWS\system32\msr2c.dll
    2004-08-04 12:00:00 69,632 —-a-w C:\WINDOWS\system32\msconf.dll
    2004-08-04 12:00:00 69,120 —-a-w C:\WINDOWS\system32\olethk32.dll
    2004-08-04 12:00:00 69,120 —-a-w C:\WINDOWS\system32\MSCTFP.dll
    2004-08-04 12:00:00 69,120 —-a-w C:\WINDOWS\system32\mprddm.dll
    2004-08-04 12:00:00 69,120 —-a-w C:\WINDOWS\system32\drivers\psched.sys
    2004-08-04 12:00:00 684,032 —-a-w C:\WINDOWS\system32\sstext3d.scr
    2004-08-04 12:00:00 684,032 —-a-w C:\WINDOWS\system32\advapi32.dll
    2004-08-04 12:00:00 68,608 —-a-w C:\WINDOWS\system32\digest.dll
    2004-08-04 12:00:00 68,096 —-a-w C:\WINDOWS\system32\shgina.dll
    2004-08-04 12:00:00 68,096 —-a-w C:\WINDOWS\system32\osuninst.dll
    2004-08-04 12:00:00 68,096 —-a-w C:\WINDOWS\system32\adsmsext.dll
    2004-08-04 12:00:00 676,864 —-a-w C:\WINDOWS\system32\rasdlg.dll
    2004-08-04 12:00:00 673,088 —-a-w C:\WINDOWS\system32\mlang.dat
    2004-08-04 12:00:00 67,584 —-a-w C:\WINDOWS\system32\sti.dll
    2004-08-04 12:00:00 67,584 —-a-w C:\WINDOWS\system32\srclient.dll
    2004-08-04 12:00:00 67,584 —-a-w C:\WINDOWS\system32\drivers\sdbus.sys
    2004-08-04 12:00:00 67,584 —-a-w C:\WINDOWS\system32\browselc.dll
    2004-08-04 12:00:00 67,584 —-a-w C:\WINDOWS\system32\acctres.dll
    2004-08-04 12:00:00 67,072 —-a-w C:\WINDOWS\system32\rdshost.exe
    2004-08-04 12:00:00 67,072 —-a-w C:\WINDOWS\system32\ntdsapi.dll
    2004-08-04 12:00:00 67,072 —-a-w C:\WINDOWS\system32\console.dll
    2004-08-04 12:00:00 662,528 —-a-w C:\WINDOWS\system32\getuname.dll
    2004-08-04 12:00:00 660,992 —-a-w C:\WINDOWS\system32\mqqm.dll
    2004-08-04 12:00:00 66,560 —-a-w C:\WINDOWS\system32\ipxsap.dll
    2004-08-04 12:00:00 66,176 —-a-w C:\WINDOWS\system32\drivers\udfs.sys
    2004-08-04 12:00:00 66,048 —-a-w C:\WINDOWS\system32\wextract.exe
    2004-08-04 12:00:00 655,360 —-a-w C:\WINDOWS\system32\mstscax.dll
    2004-08-04 12:00:00 65,920 —-a-w C:\WINDOWS\system32\drivers\serial.sys
    2004-08-04 12:00:00 65,536 —-a-w C:\WINDOWS\system32\wshext.dll
    2004-08-04 12:00:00 65,536 —-a-w C:\WINDOWS\system32\shimeng.dll
    2004-08-04 12:00:00 65,536 —-a-w C:\WINDOWS\system32\odbccu32.dll
    2004-08-04 12:00:00 65,536 —-a-w C:\WINDOWS\system32\odbccr32.dll
    2004-08-04 12:00:00 65,536 —-a-w C:\WINDOWS\system32\jgsh400.dll
    2004-08-04 12:00:00 65,536 —-a-w C:\WINDOWS\system32\icwphbk.dll
    2004-08-04 12:00:00 65,024 —-a-w C:\WINDOWS\system32\pautoenr.dll
    2004-08-04 12:00:00 65,024 —-a-w C:\WINDOWS\system32\msratelc.dll
    2004-08-04 12:00:00 65,024 —-a-w C:\WINDOWS\system32\cleanmgr.exe
    2004-08-04 12:00:00 65,024 —-a-w C:\WINDOWS\system32\avicap32.dll
    2004-08-04 12:00:00 65,024 —-a-w C:\WINDOWS\system32\asycfilt.dll
    2004-08-04 12:00:00 640,000 —-a-w C:\WINDOWS\system32\dbghelp.dll
    2004-08-04 12:00:00 64,512 —-a-w C:\WINDOWS\system32\cmstp.exe
    2004-08-04 12:00:00 64,000 —-a-w C:\WINDOWS\system32\samlib.dll
    2004-08-04 12:00:00 632,832 —-a-w C:\WINDOWS\system32\autoconv.exe
    2004-08-04 12:00:00 63,744 —-a-w C:\WINDOWS\system32\drivers\mf.sys
    2004-08-04 12:00:00 63,744 —-a-w C:\WINDOWS\system32\drivers\cdfs.sys
    2004-08-04 12:00:00 63,488 —-a-w C:\WINDOWS\system32\cryptnet.dll
    2004-08-04 12:00:00 63,232 —-a-w C:\WINDOWS\system32\drivers\nwlnknb.sys
    2004-08-04 12:00:00 629,248 —-a-w C:\WINDOWS\system32\netcfgx.dll
    2004-08-04 12:00:00 62,976 —-a-w C:\WINDOWS\system32\tlntadmn.exe
    2004-08-04 12:00:00 62,976 —-a-w C:\WINDOWS\system32\rsopprov.exe
    2004-08-04 12:00:00 62,976 —-a-w C:\WINDOWS\system32\dsauth.dll
    2004-08-04 12:00:00 62,464 —-a-w C:\WINDOWS\system32\rdpclip.exe
    2004-08-04 12:00:00 62,464 —-a-w C:\WINDOWS\system32\iasnap.dll
    2004-08-04 12:00:00 62,464 —-a-w C:\WINDOWS\system32\dpnmodem.dll
    2004-08-04 12:00:00 619,008 —-a-w C:\WINDOWS\system32\dx7vb.dll
    2004-08-04 12:00:00 619,008 —-a-w C:\WINDOWS\system32\autochk.exe
    2004-08-04 12:00:00 614,912 —-a-w C:\WINDOWS\system32\h323msp.dll
    2004-08-04 12:00:00 614,429 —-a-w C:\WINDOWS\system32\mswstr10.dll
    2004-08-04 12:00:00 610,816 —-a-w C:\WINDOWS\system32\autofmt.exe
    2004-08-04 12:00:00 610,304 —-a-w C:\WINDOWS\system32\sspipes.scr
    2004-08-04 12:00:00 61,952 —-a-w C:\WINDOWS\system32\dpnwsock.dll
    2004-08-04 12:00:00 61,824 —-a-w C:\WINDOWS\system32\drivers\nic1394.sys
    2004-08-04 12:00:00 61,508 —-a-w C:\WINDOWS\system32\usrprbda.exe
    2004-08-04 12:00:00 61,500 —-a-w C:\WINDOWS\system32\usrcntra.dll
    2004-08-04 12:00:00 61,440 —-a-w C:\WINDOWS\system32\remotepg.dll
    2004-08-04 12:00:00 61,440 —-a-w C:\WINDOWS\system32\rasman.dll
    2004-08-04 12:00:00 61,440 —-a-w C:\WINDOWS\system32\ocmanage.dll
    2004-08-04 12:00:00 61,440 —-a-w C:\WINDOWS\system32\msvcrt40.dll
    2004-08-04 12:00:00 61,440 —-a-w C:\WINDOWS\system32\logman.exe
    2004-08-04 12:00:00 61,440 —-a-w C:\WINDOWS\system32\dmcompos.dll
    2004-08-04 12:00:00 61,264 —-a-w C:\WINDOWS\system32\msacm.dll
    2004-08-04 12:00:00 61,056 —-a-w C:\WINDOWS\system32\drivers\ohci1394.sys
    2004-08-04 12:00:00 609,280 —-a-w C:\WINDOWS\system32\wsecedit.dll
    2004-08-04 12:00:00 601,088 —-a-w C:\WINDOWS\system32\crypt32.dll
    2004-08-04 12:00:00 60,928 —-a-w C:\WINDOWS\system32\mqgentr.dll
    2004-08-04 12:00:00 60,928 —-a-w C:\WINDOWS\system32\miglibnt.dll
    2004-08-04 12:00:00 60,928 —-a-w C:\WINDOWS\system32\iassvcs.dll
    2004-08-04 12:00:00 60,928 —-a-w C:\WINDOWS\system32\dpnhupnp.dll
    2004-08-04 12:00:00 60,800 —-a-w C:\WINDOWS\system32\drivers\arp1394.sys
    2004-08-04 12:00:00 60,416 —-a-w C:\WINDOWS\system32\ipv6mon.dll
    2004-08-04 12:00:00 60,416 —-a-w C:\WINDOWS\system32\fwcfg.dll
    2004-08-04 12:00:00 60,416 —-a-w C:\WINDOWS\system32\cryptsvc.dll
    2004-08-04 12:00:00 6,912 —-a-w C:\WINDOWS\system32\drivers\parvdm.sys
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\wuauserv.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\sensapi.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\routetab.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\msswchx.exe
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\msidle.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\kbdsg.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\kbdla.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\kbdinmal.dll
    2004-08-04 12:00:00 6,656 —-a-w C:\WINDOWS\system32\kbdinben.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdycl.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdsl1.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdsl.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdpl.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdhu.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdhela3.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdcz2.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdcz1.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\kbdcr.dll
    2004-08-04 12:00:00 6,656 —-a-r C:\WINDOWS\system32\KBDAL.DLL
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\svcpack.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\nwevent.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\msdtc.exe
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\lpq.exe
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdusx.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdusr.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdusl.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdsw.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdsp.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdsf.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdpo.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdno.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdne.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdmlt48.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdmlt47.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdmac.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdinbe1.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdic.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdgr1.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdgr.dll
    2004-08-
  • ik krijg zo te zien de hele log niet in 1 post, ik heb dan ook geen idee of het genoeg is of te weinig wat ik post.. :-?

    [b:fb4cbb2e5f]Hier verder:[/b:fb4cbb2e5f]

    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdgr1.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdgr.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdfr.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdfo.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdfi.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdfc.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdes.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdda.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdca.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdbr.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdbene.dll
    2004-08-04 12:00:00 6,144 —-a-w C:\WINDOWS\system32\kbdbe.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdtuq.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdtuf.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdlv1.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdlv.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdhela2.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdgkl.dll
    2004-08-04 12:00:00 6,144 —-a-r C:\WINDOWS\system32\kbdest.dll
    2004-08-04 12:00:00 593,408 —-a-w C:\WINDOWS\system32\wiashext.dll
    2004-08-04 12:00:00 590,336 —-a-w C:\WINDOWS\system32\d3dramp.dll
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\regsvc.dll
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\mpr.dll
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\fsutil.exe
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\drivers\atmarpc.sys
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\driverquery.exe
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\devenum.dll
    2004-08-04 12:00:00 59,904 —-a-w C:\WINDOWS\system32\cabinet.dll
    2004-08-04 12:00:00 586,240 —-a-w C:\WINDOWS\system32\mlang.dll
    2004-08-04 12:00:00 581,120 —-a-w C:\WINDOWS\system32\rpcrt4.dll
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\resutils.dll
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\rastapi.dll
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\packager.exe
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\ntlanui.dll
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\msdtclog.dll
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\licwmi.dll
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\gpupdate.exe
    2004-08-04 12:00:00 58,880 —-a-w C:\WINDOWS\system32\atl.dll
    2004-08-04 12:00:00 58,368 —-a-w C:\WINDOWS\system32\dvdplay.exe
    2004-08-04 12:00:00 58,112 —-a-w C:\WINDOWS\system32\drivers\vdmindvd.sys
    2004-08-04 12:00:00 572,928 —-a-w C:\WINDOWS\system32\printui.dll
    2004-08-04 12:00:00 572,928 —-a-w C:\WINDOWS\system32\gpedit.dll
    2004-08-04 12:00:00 57,856 —-a-w C:\WINDOWS\system32\wmerrNLD.dll
    2004-08-04 12:00:00 57,856 —-a-w C:\WINDOWS\system32\synceng.dll
    2004-08-04 12:00:00 57,856 —-a-w C:\WINDOWS\system32\rasphone.exe
    2004-08-04 12:00:00 57,856 —-a-w C:\WINDOWS\system32\dpwsockx.dll
    2004-08-04 12:00:00 57,856 —-a-w C:\WINDOWS\system32\clusapi.dll
    2004-08-04 12:00:00 57,856 —-a-w C:\WINDOWS\system32\cipher.exe
    2004-08-04 12:00:00 57,616 —-a-w C:\WINDOWS\system32\odbcji32.dll
    2004-08-04 12:00:00 57,392 —-a-w C:\WINDOWS\system32\wshnl.dll
    2004-08-04 12:00:00 57,344 —-a-w C:\WINDOWS\system32\sol.exe
    2004-08-04 12:00:00 57,344 —-a-w C:\WINDOWS\system32\msasn1.dll
    2004-08-04 12:00:00 57,344 —-a-w C:\WINDOWS\system32\mfc42loc.dll
    2004-08-04 12:00:00 57,344 —-a-w C:\WINDOWS\system32\ipconfig.exe
    2004-08-04 12:00:00 566,784 —-a-w C:\WINDOWS\system32\shdoclc.dll
    2004-08-04 12:00:00 565,760 —-a-w C:\WINDOWS\system32\msvcp50.dll
    2004-08-04 12:00:00 562,688 —-a-w C:\WINDOWS\system32\qedit.dll
    2004-08-04 12:00:00 56,832 —-a-w C:\WINDOWS\system32\reg.exe
    2004-08-04 12:00:00 56,832 —-a-w C:\WINDOWS\system32\getmac.exe
    2004-08-04 12:00:00 56,320 —-a-w C:\WINDOWS\system32\wmiscmgr.dll
    2004-08-04 12:00:00 56,320 —-a-w C:\WINDOWS\system32\servdeps.dll
    2004-08-04 12:00:00 553,472 —-a-w C:\WINDOWS\system32\oleaut32.dll
    2004-08-04 12:00:00 552,989 —-a-w C:\WINDOWS\system32\msrepl40.dll
    2004-08-04 12:00:00 55,936 —-a-w C:\WINDOWS\system32\drivers\nwlnkspx.sys
    2004-08-04 12:00:00 55,936 —-a-w C:\WINDOWS\system32\drivers\atmlane.sys
    2004-08-04 12:00:00 55,808 —-a-w C:\WINDOWS\system32\secur32.dll
    2004-08-04 12:00:00 55,808 —-a-w C:\WINDOWS\system32\icmui.dll
    2004-08-04 12:00:00 55,808 —-a-w C:\WINDOWS\system32\freecell.exe
    2004-08-04 12:00:00 55,808 —-a-w C:\WINDOWS\system32\eventlog.dll
    2004-08-04 12:00:00 55,296 —-a-w C:\WINDOWS\system32\sendmail.dll
    2004-08-04 12:00:00 55,296 —-a-w C:\WINDOWS\system32\npptools.dll
    2004-08-04 12:00:00 55,296 —-a-w C:\WINDOWS\system32\dmutil.dll
    2004-08-04 12:00:00 54,784 —-a-w C:\WINDOWS\system32\narrator.exe
    2004-08-04 12:00:00 54,784 —-a-w C:\WINDOWS\system32\msvcirt.dll
    2004-08-04 12:00:00 54,784 —-a-w C:\WINDOWS\system32\ixsso.dll
    2004-08-04 12:00:00 54,784 —-a-w C:\WINDOWS\system32\dfrgres.dll
    2004-08-04 12:00:00 54,784 —-a-w C:\WINDOWS\system32\dataclen.dll
    2004-08-04 12:00:00 54,784 —-a-w C:\WINDOWS\system32\cryptext.dll
    2004-08-04 12:00:00 54,272 —-a-w C:\WINDOWS\system32\stclient.dll
    2004-08-04 12:00:00 54,272 —-a-w C:\WINDOWS\system32\rsm.exe
    2004-08-04 12:00:00 539,136 —-a-w C:\WINDOWS\system32\spider.exe
    2004-08-04 12:00:00 53,920 —-a-w C:\WINDOWS\system32\dosx.exe
    2004-08-04 12:00:00 53,760 —-a-w C:\WINDOWS\system32\winsta.dll
    2004-08-04 12:00:00 53,760 —-a-w C:\WINDOWS\system32\ipv6.exe
    2004-08-04 12:00:00 53,760 —-a-w C:\WINDOWS\system32\drivers\i8042prt.sys
    2004-08-04 12:00:00 53,632 —-a-w C:\WINDOWS\system32\drivers\volsnap.sys
    2004-08-04 12:00:00 53,520 —-a-w C:\WINDOWS\system32\dpserial.dll
    2004-08-04 12:00:00 53,305 —-a-w C:\WINDOWS\system32\usrlbva.dll
    2004-08-04 12:00:00 53,279 —-a-w C:\WINDOWS\system32\msjter40.dll
    2004-08-04 12:00:00 53,248 —-a-w C:\WINDOWS\system32\mfc40loc.dll
    2004-08-04 12:00:00 53,248 —-a-w C:\WINDOWS\system32\drivers\1394bus.sys
    2004-08-04 12:00:00 527,872 —-a-w C:\WINDOWS\system32\cryptui.dll
    2004-08-04 12:00:00 526,848 —-a-w C:\WINDOWS\system32\p2psvc.dll
    2004-08-04 12:00:00 52,736 —-a-w C:\WINDOWS\system32\migpwd.exe
    2004-08-04 12:00:00 52,736 —-a-w C:\WINDOWS\system32\basesrv.dll
    2004-08-04 12:00:00 52,224 —-a-w C:\WINDOWS\system32\tsappcmp.dll
    2004-08-04 12:00:00 52,224 —-a-w C:\WINDOWS\system32\dssec.dll
    2004-08-04 12:00:00 52,206 —-a-w C:\WINDOWS\system32\command.com
    2004-08-04 12:00:00 517,632 —-a-w C:\WINDOWS\system32\mqsnap.dll
    2004-08-04 12:00:00 515,072 —-a-w C:\WINDOWS\system32\logonui.exe
    2004-08-04 12:00:00 512,029 —-a-w C:\WINDOWS\system32\msexch40.dll
    2004-08-04 12:00:00 51,712 —-a-w C:\WINDOWS\system32\wzcsapi.dll
    2004-08-04 12:00:00 51,712 —-a-w C:\WINDOWS\system32\w32tm.exe
    2004-08-04 12:00:00 51,712 —-a-w C:\WINDOWS\system32\vdmredir.dll
    2004-08-04 12:00:00 51,712 —-a-w C:\WINDOWS\system32\msident.dll
    2004-08-04 12:00:00 51,712 —-a-w C:\WINDOWS\system32\eventcreate.exe
    2004-08-04 12:00:00 51,712 —-a-w C:\WINDOWS\system32\drivers\tosdvd.sys
    2004-08-04 12:00:00 51,456 —-a-w C:\WINDOWS\system32\vga256.dll
    2004-08-04 12:00:00 51,328 —-a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
    2004-08-04 12:00:00 51,200 —-a-w C:\WINDOWS\system32\wstdecod.dll
    2004-08-04 12:00:00 51,200 —-a-w C:\WINDOWS\system32\syncapp.exe
    2004-08-04 12:00:00 506,368 —-a-w C:\WINDOWS\system32\msxml.dll
    2004-08-04 12:00:00 504,832 —-a-w C:\WINDOWS\system32\winlogon.exe
    2004-08-04 12:00:00 504,832 —-a-w C:\WINDOWS\system32\mqutil.dll
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\twain_32.dll
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\system32\smss.exe
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\system32\proquota.exe
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\system32\mmcshext.dll
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\system32\loghours.dll
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\system32\camocx.dll
    2004-08-04 12:00:00 50,688 —-a-w C:\WINDOWS\system32\btpanui.dll
    2004-08-04 12:00:00 50,176 —-a-w C:\WINDOWS\system32\xmlprovi.dll
    2004-08-04 12:00:00 50,176 —-a-w C:\WINDOWS\system32\utilman.exe
    2004-08-04 12:00:00 50,176 —-a-w C:\WINDOWS\system32\mdhcp.dll
    2004-08-04 12:00:00 50,176 —-a-w C:\WINDOWS\system32\inetres.dll
    2004-08-04 12:00:00 5,888 —-a-w C:\WINDOWS\system32\drivers\rootmdm.sys
    2004-08-04 12:00:00 5,888 —-a-w C:\WINDOWS\system32\drivers\dmload.sys
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\write.exe
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\wmi.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\winver.exe
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\tapiperf.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\softpub.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\skdll.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\security.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\perfnw.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\mll_qic.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbdus.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbduk.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbdmaori.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbdit142.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbdit.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbdir.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\kbdgae.dll
    2004-08-04 12:00:00 5,632 —-a-w C:\WINDOWS\system32\cisvc.exe
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdro.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdpl1.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdmon.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdlt1.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdlt.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdkyr.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdhu1.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdhe319.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdhe220.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdhe.dll
    2004-08-04 12:00:00 5,632 —-a-r C:\WINDOWS\system32\kbdazel.dll
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\winnls.dll
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\shell.dll
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\sfc.dll
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\lodctr.exe
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\kbddv.dll
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\dcomcnfg.exe
    2004-08-04 12:00:00 5,120 —-a-w C:\WINDOWS\system32\bootvrfy.exe
    2004-08-04 12:00:00 495,104 —-a-w C:\WINDOWS\system32\ntmsmgr.dll
    2004-08-04 12:00:00 49,680 —-a-w C:\WINDOWS\twunk_16.exe
    2004-08-04 12:00:00 49,664 —-a-w C:\WINDOWS\system32\rsmui.exe
    2004-08-04 12:00:00 49,664 —-a-w C:\WINDOWS\system32\regapi.dll
    2004-08-04 12:00:00 49,664 —-a-w C:\WINDOWS\system32\drivers\classpnp.sys
    2004-08-04 12:00:00 49,536 —-a-w C:\WINDOWS\system32\drivers\cdrom.sys
    2004-08-04 12:00:00 49,211 —-a-w C:\WINDOWS\system32\usrvpa.dll
    2004-08-04 12:00:00 49,211 —-a-w C:\WINDOWS\system32\usrsdpia.dll
    2004-08-04 12:00:00 49,209 —-a-w C:\WINDOWS\system32\usrv80a.dll
    2004-08-04 12:00:00 49,179 —-a-w C:\WINDOWS\system32\sqlwoa.dll
    2004-08-04 12:00:00 49,152 —-a-w C:\WINDOWS\system32\powercfg.exe
    2004-08-04 12:00:00 49,152 —-a-w C:\WINDOWS\system32\mprdim.dll
    2004-08-04 12:00:00 49,152 —-a-w C:\WINDOWS\system32\cnbjmon.dll
    2004-08-04 12:00:00 486 —-a-w C:\WINDOWS\system32\login.cmd
    2004-08-04 12:00:00 48,976 —-a-w C:\WINDOWS\system32\jobexec.dll
    2004-08-04 12:00:00 48,640 —-a-w C:\WINDOWS\system32\pnrpnsp.dll
    2004-08-04 12:00:00 48,640 —-a-w C:\WINDOWS\system32\msxml3r.dll
    2004-08-04 12:00:00 48,640 —-a-w C:\WINDOWS\system32\mqupgrd.dll
    2004-08-04 12:00:00 48,640 —-a-w C:\WINDOWS\system32\docprop2.dll
    2004-08-04 12:00:00 48,384 —-a-w C:\WINDOWS\system32\drivers\raspptp.sys
    2004-08-04 12:00:00 48,128 —-a-w C:\WINDOWS\system32\msprivs.dll
    2004-08-04 12:00:00 47,872 —-a-w C:\WINDOWS\system32\user.exe
    2004-08-04 12:00:00 47,616 —-a-w C:\WINDOWS\system32\ssmypics.scr
    2004-08-04 12:00:00 47,616 —-a-w C:\WINDOWS\system32\mprui.dll
    2004-08-04 12:00:00 47,616 —-a-w C:\WINDOWS\system32\d3dxof.dll
    2004-08-04 12:00:00 47,104 —-a-w C:\WINDOWS\system32\mqdscli.dll
    2004-08-04 12:00:00 47,104 —-a-w C:\WINDOWS\system32\docprop.dll
    2004-08-04 12:00:00 47,104 —-a-w C:\WINDOWS\system32\cmdl32.exe
    2004-08-04 12:00:00 464,896 —-a-w C:\WINDOWS\system32\wiadefui.dll
    2004-08-04 12:00:00 464,896 —-a-w C:\WINDOWS\system32\certmgr.dll
    2004-08-04 12:00:00 46,592 —-a-w C:\WINDOWS\system32\tcpmonui.dll
    2004-08-04 12:00:00 46,592 —-a-w C:\WINDOWS\system32\pmspl.dll
    2004-08-04 12:00:00 46,592 —-a-w C:\WINDOWS\system32\drwtsn32.exe
    2004-08-04 12:00:00 46,592 —-a-w C:\WINDOWS\system32\drivers\p3.sys
    2004-08-04 12:00:00 46,258 —-a-w C:\WINDOWS\system32\mib.bin
    2004-08-04 12:00:00 46,080 —-a-w C:\WINDOWS\system32\tcpmon.dll
    2004-08-04 12:00:00 46,080 —-a-w C:\WINDOWS\system32\ipsec6.exe
    2004-08-04 12:00:00 450,560 —-a-w C:\WINDOWS\system32\infosoft.dll
    2004-08-04 12:00:00 45,568 —-a-w C:\WINDOWS\system32\safrslv.dll
    2004-08-04 12:00:00 45,568 —-a-w C:\WINDOWS\system32\jgsd400.dll
    2004-08-04 12:00:00 45,568 —-a-w C:\WINDOWS\system32\extrac32.exe
    2004-08-04 12:00:00 45,568 —-a-w C:\WINDOWS\system32\dnsrslvr.dll
    2004-08-04 12:00:00 45,116 —-a-w C:\WINDOWS\system32\usrvoica.dll
    2004-08-04 12:00:00 45,083 —-a-w C:\WINDOWS\system32\dispex.dll
    2004-08-04 12:00:00 45,056 —-a-w C:\WINDOWS\system32\ftp.exe
    2004-08-04 12:00:00 442,368 —-a-w C:\WINDOWS\system32\sqlsrv32.dll
    2004-08-04 12:00:00 440,320 —-a-w C:\WINDOWS\system32\shimgvw.dll
    2004-08-04 12:00:00 44,544 —-a-w C:\WINDOWS\system32\tscupgrd.exe
    2004-08-04 12:00:00 44,544 —-a-w C:\WINDOWS\system32\jgaw400.dll
    2004-08-04 12:00:00 44,544 —-a-w C:\WINDOWS\system32\hticons.dll
    2004-08-04 12:00:00 44,544 —-a-w C:\WINDOWS\system32\alg.exe
    2004-08-04 12:00:00 44,032 —-a-w C:\WINDOWS\system32\twext.dll
    2004-08-04 12:00:00 44,032 —-a-w C:\WINDOWS\system32\rtutils.dll
    2004-08-04 12:00:00 44,032 —-a-w C:\WINDOWS\system32\dimap.dll
    2004-08-04 12:00:00 437,248 —-a-w C:\WINDOWS\system32\xpob2res.dll
    2004-08-04 12:00:00 437,248 —-a-w C:\WINDOWS\system32\ntmssvc.dll
    2004-08-04 12:00:00 436,736 —-a-w C:\WINDOWS\system32\wiaacmgr.exe
    2004-08-04 12:00:00 436,224 —-a-w C:\WINDOWS\system32\d3dim.dll
    2004-08-04 12:00:00 435,712 —-a-w C:\WINDOWS\system32\shellstyle.dll
    2004-08-04 12:00:00 430,592 —-a-w C:\WINDOWS\system32\vssapi.dll
    2004-08-04 12:00:00 43,520 —-a-w C:\WINDOWS\system32\safrcdlg.dll
    2004-08-04 12:00:00 43,520 —-a-w C:\WINDOWS\system32\racpldlg.dll
    2004-08-04 12:00:00 43,520 —-a-w C:\WINDOWS\system32\pstorec.dll
    2004-08-04 12:00:00 43,520 —-a-w C:\WINDOWS\system32\ntlanman.dll
    2004-08-04 12:00:00 43,008 —-a-w C:\WINDOWS\system32\msports.dll
    2004-08-04 12:00:00 429,056 —-a-w C:\WINDOWS\system32\samsrv.dll
    2004-08-04 12:00:00 424,448 —-a-w C:\WINDOWS\system32\licdll.dll
    2004-08-04 12:00:00 421,919 —-a-w C:\WINDOWS\system32\msrd2x40.dll
    2004-08-04 12:00:00 420,864 —-a-w C:\WINDOWS\system32\ntvdm.exe
    2004-08-04 12:00:00 42,809 —-a-w C:\WINDOWS\system32\key01.sys
    2004-08-04 12:00:00 42,768 —-a-w C:\WINDOWS\system32\dpwsock.dll
    2004-08-04 12:00:00 42,537 —-a-w C:\WINDOWS\system32\keyboard.sys
    2004-08-04 12:00:00 42,496 —-a-w C:\WINDOWS\system32\wsnmp32.dll
    2004-08-04 12:00:00 42,496 —-a-w C:\WINDOWS\system32\shmgrate.exe
    2004-08-04 12:00:00 42,496 —-a-w C:\WINDOWS\system32\net.exe
    2004-08-04 12:00:00 42,496 —-a-w C:\WINDOWS\system32\htui.dll
    2004-08-04 12:00:00 42,496 —-a-w C:\WINDOWS\system32\audiosrv.dll
    2004-08-04 12:00:00 42,240 —-a-w C:\WINDOWS\system32\drivers\mountmgr.sys
    2004-08-04 12:00:00 416,768 —-a-w C:\WINDOWS\system32\setupdll.dll
    2004-08-04 12:00:00 413,696 ——w C:\WINDOWS\system32\msvcp60.dll
    2004-08-04 12:00:00 412,160 —-a-w C:\WINDOWS\system32\mstsc.exe
    2004-08-04 12:00:00 41,984 —-a-w C:\WINDOWS\system32\osuninst.exe
    2004-08-04 12:00:00 41,856 —-a-w C:\WINDOWS\system32\drivers\imapi.sys
    2004-08-04 12:00:00 41,472 —-a-w C:\WINDOWS\system32\perfctrs.dll
    2004-08-04 12:00:00 41,472 —-a-w C:\WINDOWS\system32\ntmsevt.dll
    2004-08-04 12:00:00 41,472 —-a-w C:\WINDOWS\system32\iasads.dll
    2004-08-04 12:00:00 41,472 —-a-w C:\WINDOWS\system32\drivers\raspppoe.sys
    2004-08-04 12:00:00 41,472 —-a-w C:\WINDOWS\system32\drivers\amdk7.sys
    2004-08-04 12:00:00 41,232 —-a-w C:\WINDOWS\system32\msxml2r.dll
    2004-08-04 12:00:00 41,088 —-a-w C:\WINDOWS\system32\drivers\amdk6.sys
    2004-08-04 12:00:00 41,019 —-a-w C:\WINDOWS\system32\usrsvpia.dll
    2004-08-04 12:00:00 407,040 —-a-w C:\WINDOWS\system32\netlogon.dll
    2004-08-04 12:00:00 406,528 —-a-w C:\WINDOWS\system32\usp10.dll
    2004-08-04 12:00:00 40,960 —-a-w C:\WINDOWS\system32\webhits.dll
    2004-08-04 12:00:00 40,960 —-a-w C:\WINDOWS\system32\ntmsapi.dll
    2004-08-04 12:00:00 40,576 —-a-w C:\WINDOWS\system32\drivers\crusoe.sys
    2004-08-04 12:00:00 40,448 —-a-w C:\WINDOWS\system32\rshx32.dll
    2004-08-04 12:00:00 40,448 —-a-w C:\WINDOWS\system32\cmutil.dll
    2004-08-04 12:00:00 40,448 —-a-w C:\WINDOWS\system32\cmmon32.exe
    2004-08-04 12:00:00 40,320 —-a-w C:\WINDOWS\system32\drivers\nmnt.sys
    2004-08-04 12:00:00 40,192 —-a-w C:\WINDOWS\system32\drivers\intelppm.sys
    2004-08-04 12:00:00 4,952 –sha-r C:\Bootfont.bin
    2004-08-04 12:00:00 4,864 —-a-w C:\WINDOWS\system32\himem.sys
    2004-08-04 12:00:00 4,736 —-a-w C:\WINDOWS\system32\drivers\usbd.sys
    2004-08-04 12:00:00 4,656 —-a-w C:\WINDOWS\system32\ds16gt.dLL
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\vjoy.dll
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\regwiz.exe
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\rdpcfgex.dll
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\mssip32.dll
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\msimg32.dll
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\mqsvc.exe
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\mchgrcoi.dll
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\dllhst3g.exe
    2004-08-04 12:00:00 4,608 —-a-w C:\WINDOWS\system32\bootok.exe
    2004-08-04 12:00:00 4,569 —-a-w C:\WINDOWS\system32\secupd.dat
    2004-08-04 12:00:00 4,352 —-a-w C:\WINDOWS\system32\drivers\wmilib.sys
    2004-08-04 12:00:00 4,352 —-a-w C:\WINDOWS\system32\drivers\swenum.sys
    2004-08-04 12:00:00 4,224 —-a-w C:\WINDOWS\system32\drivers\rdpcdd.sys
    2004-08-04 12:00:00 4,224 —-a-w C:\WINDOWS\system32\drivers\mnmdd.sys
    2004-08-04 12:00:00 4,224 —-a-w C:\WINDOWS\system32\drivers\beep.sys
    2004-08-04 12:00:00 4,208 —-a-w C:\WINDOWS\system32\storage.dll
    2004-08-04 12:00:00 4,126 —-a-w C:\WINDOWS\system32\msdxmlc.dll
    2004-08-04 12:00:00 4,096 —-a-w C:\WINDOWS\system32\unlodctr.exe
    2004-08-04 12:00:00 4,096 —-a-w C:\WINDOWS\system32\nddeapir.exe
    2004-08-04 12:00:00 4,096 —-a-w C:\WINDOWS\system32\mtxex.dll
    2004-08-04 12:00:00 4,096 —-a-w C:\WINDOWS\system32\iprtprio.dll
    2004-08-04 12:00:00 4,096 —-a-w C:\WINDOWS\system32\dsprpres.dll
    2004-08-04 12:00:00 4,096 —-a-w C:\WINDOWS\system32\actmovie.exe
    2004-08-04 12:00:00 399,872 —-a-w C:\WINDOWS\system32\lmrt.dll
    2004-08-04 12:00:00 399,360 —-a-w C:\WINDOWS\system32\regwizc.dll
    2004-08-04 12:00:00 399,360 —-a-w C:\WINDOWS\system32\cmd.exe
    2004-08-04 12:00:00 395,264 —-a-w C:\WINDOWS\system32\diactfrm.dll
    2004-08-04 12:00:00 393,216 —-a-w C:\WINDOWS\system32\ssflwbox.scr
    2004-08-04 12:00:00 390,144 —-a-w C:\WINDOWS\system32\themeui.dll
    2004-08-04 12:00:00 39,936 —-a-w C:\WINDOWS\system32\ipxrtmgr.dll
    2004-08-04 12:00:00 39,744 —-a-w C:\WINDOWS\system32\ole2.dll
    2004-08-04 12:00:00 39,424 —-a-w C:\WINDOWS\system32\msobjs.dll
    2004-08-04 12:00:00 39,424 —-a-w C:\WINDOWS\system32\grpconv.exe
    2004-08-04 12:00:00 39,424 —-a-w C:\WINDOWS\system32\esentutl.exe
    2004-08-04 12:00:00 39,424 —-a-w C:\WINDOWS\system32\drivers\processr.sys
    2004-08-04 12:00:00 39,424 —-a-w C:\WINDOWS\system32\ddeml.dll
    2004-08-04 12:00:00 39,424 —-a-w C:\WINDOWS\system32\cfgbkend.dll
    2004-08-04 12:00:00 39,386 —-a-w C:\WINDOWS\system32\mem.exe
    2004-08-04 12:00:00 39,178 —-a-w C:\WINDOWS\system32\perfd013.dat
    2004-08-04 12:00:00 387,072 —-a-w C:\WINDOWS\system32\dhcpmon.dll
    2004-08-04 12:00:00 386,048 —-a-w C:\WINDOWS\system32\ipsmsnap.dll
    2004-08-04 12:00:00 386,048 —-a-w C:\WINDOWS\system32\fontext.dll
    2004-08-04 12:00:00 385,536 —-a-w C:\WINDOWS\system32\qdvd.dll
    2004-08-04 12:00:00 382,464 —-a-w C:\WINDOWS\system32\qmgr.dll
    2004-08-04 12:00:00 380,957 —-a-w C:\WINDOWS\system32\expsrv.dll
    2004-08-04 12:00:00 38,912 —-a-w C:\WINDOWS\system32\sens.dll
    2004-08-04 12:00:00 38,912 —-a-w C:\WINDOWS\system32\dfrgsnap.dll
    2004-08-04 12:00:00 38,016 —-a-w C:\WINDOWS\system32\drivers\ndproxy.sys
    2004-08-04 12:00:00 379,392 —-a-w C:\WINDOWS\system32\wzcdlg.dll
    2004-08-04 12:00:00 375,296 —-a-w C:\WINDOWS\system32\dpnet.dll
    2004-08-04 12:00:00 37,888 —-a-w C:\WINDOWS\system32\syskey.exe
    2004-08-04 12:00:00 37,888 —-a-w C:\WINDOWS\system32\netstat.exe
    2004-08-04 12:00:00 37,376 —-a-w C:\WINDOWS\system32\typeperf.exe
    2004-08-04 12:00:00 368,128 —-a-w C:\WINDOWS\system32\smlogcfg.dll
    2004-08-04 12:00:00 367,616 —-a-w C:\WINDOWS\system32\dsound.dll
    2004-08-04 12:00:00 362,496 —-a-w C:\WINDOWS\system32\jet500.dll
    2004-08-04 12:00:00 36,921 —-a-w C:\WINDOWS\system32\imeshare.dll
    2004-08-04 12:00:00 36,864 —-a-w C:\WINDOWS\system32\ntsdexts.dll
    2004-08-04 12:00:00 36,864 —-a-w C:\WINDOWS\system32\mscpxl32.dLL
    2004-08-04 12:00:00 36,352 —-a-w C:\WINDOWS\system32\umandlg.dll
    2004-08-04 12:00:00 36,352 —-a-w C:\WINDOWS\system32\ncobjapi.dll
    2004-08-04 12:00:00 36,352 —-a-w C:\WINDOWS\system32\narrhook.dll
    2004-08-04 12:00:00 36,352 —-a-w C:\WINDOWS\system32\mssign32.dll
    2004-08-04 12:00:00 36,352 —-a-w C:\WINDOWS\system32\drivers\disk.sys
    2004-08-04 12:00:00 36,224 —-a-w C:\WINDOWS\system32\drivers\hidclass.sys
    2004-08-04 12:00:00 359,936 —-a-w C:\WINDOWS\system32\wzcsvc.dll
    2004-08-04 12:00:00 359,936 —-a-w C:\WINDOWS\system32\cards.dll
    2004-08-04 12:00:00 358,976 —-a-w C:\WINDOWS\system32\msjetoledb40.dll
    2004-08-04 12:00:00 358,912 —-a-w C:\WINDOWS\system32\termmgr.dll
    2004-08-04 12:00:00 356,352 —-a-w C:\WINDOWS\system32\ipsecsnp.dll
    2004-08-04 12:00:00 352,256 —-a-w C:\WINDOWS\system32\drivers\atmuni.sys
    2004-08-04 12:00:00 351,232 —-a-w C:\WINDOWS\system32\winhttp.dll
    2004-08-04 12:00:00 350,208 —-a-w C:\WINDOWS\system32\d3drm.dll
    2004-08-04 12:00:00 35,915 —-a-w C:\WINDOWS\system32\prncnfg.vbs
    2004-08-04 12:00:00 35,840 —-a-w C:\WINDOWS\system32\winchat.exe
    2004-08-04 12:00:00 35,840 —-a-w C:\WINDOWS\system32\rcimlby.exe
    2004-08-04 12:00:00 35,840 —-a-w C:\WINDOWS\system32\jgmd400.dll
    2004-08-04 12:00:00 35,840 —-a-w C:\WINDOWS\system32\dmloader.dll
    2004-08-04 12:00:00 35,648 —-a-w C:\WINDOWS\system32\ntio411.sys
    2004-08-04 12:00:00 35,424 —-a-w C:\WINDOWS\system32\ntio412.sys
    2004-08-04 12:00:00 35,328 —-a-w C:\WINDOWS\system32\pifmgr.dll
    2004-08-04 12:00:00 35,328 —-a-w C:\WINDOWS\system32\pid.dll
    2004-08-04 12:00:00 35,328 —-a-w C:\WINDOWS\system32\perfproc.dll
    2004-08-04 12:00:00 35,328 —-a-w C:\WINDOWS\system32\mciqtz32.dll
    2004-08-04 12:00:00 35,328 —-a-w C:\WINDOWS\system32\iologmsg.dll
    2004-08-04 12:00:00 35,328 —-a-w C:\WINDOWS\system32\dpnhpast.dll
    2004-08-04 12:00:00 35,072 —-a-w C:\WINDOWS\system32\drivers\msgpc.sys
    2004-08-04 12:00:00 35,072 —-a-w C:\WINDOWS\system32\drivers\fips.sys
    2004-08-04 12:00:00 349,184 —-a-w C:\WINDOWS\system32\ippromon.dll
    2004-08-04 12:00:00 349,184 —-a-w C:\WINDOWS\system32\cmdial32.dll
    2004-08-04 12:00:00 348,189 —-a-w C:\WINDOWS\system32\msxbde40.dll
    2004-08-04 12:00:00 348,189 —-a-w C:\WINDOWS\system32\mspbde40.dll
    2004-08-04 12:00:00 347,648 —-a-w C:\WINDOWS\system32\tourstart.exe
    2004-08-04 12:00:00 347,648 —-a-w C:\WINDOWS\system32\hnetcfg.dll
    2004-08-04 12:00:00 346,112 —-a-w C:\WINDOWS\system32\confmsp.dll
    2004-08-04 12:00:00 345,600 —-a-w C:\WINDOWS\system32\mspaint.exe
    2004-08-04 12:00:00 344,064 —-a-w C:\WINDOWS\system32\filemgmt.dll
    2004-08-04 12:00:00 343,040 —-a-w C:\WINDOWS\system32\msvcrt.dll
    2004-08-04 12:00:00 343,040 —-a-w C:\WINDOWS\system32\localspl.dll
    2004-08-04 12:00:00 340,480 —-a-w C:\WINDOWS\system32\zipfldr.dll
    2004-08-04 12:00:00 34,816 —-a-w C:\WINDOWS\system32\ssdpapi.dll
    2004-08-04 12:00:00 34,816 —-a-w C:\WINDOWS\system32\d3dpmesh.dll
    2004-08-04 12:00:00 34,816 —-a-w C:\WINDOWS\system32\atmpvcno.dll
    2004-08-04 12:00:00 34,816 —-a-w C:\WINDOWS\system32\asr_ldm.exe
    2004-08-04 12:00:00 34,560 —-a-w C:\WINDOWS\system32\ntio804.sys
    2004-08-04 12:00:00 34,560 —-a-w C:\WINDOWS\system32\ntio404.sys
    2004-08-04 12:00:00 34,560 —-a-w C:\WINDOWS\system32\mnmdd.dll
    2004-08-04 12:00:00 34,560 —-a-w C:\WINDOWS\system32\drivers\wanarp.sys
    2004-08-04 12:00:00 34,560 —-a-w C:\WINDOWS\system32\drivers\netbios.sys
    2004-08-04 12:00:00 34,432 —-a-w C:\WINDOWS\system32\drivers\rawwan.sys
    2004-08-04 12:00:00 34,304 —-a-w C:\WINDOWS\system32\pstorsvc.dll
    2004-08-04 12:00:00 338,432 —-a-w C:\WINDOWS\system32\ir41_qcx.dll
    2004-08-04 12:00:00 335,360 —-a-w C:\WINDOWS\system32\hnetwiz.dll
    2004-08-04 12:00:00 334,848 —-a-w C:\WINDOWS\system32\cscui.dll
    2004-08-04 12:00:00 332,800 —-a-w C:\WINDOWS\system32\netsetup.exe
    2004-08-04 12:00:00 332,288 —-a-w C:\WINDOWS\system32\ipnathlp.dll
    2004-08-04 12:00:00 330,752 —-a-w C:\WINDOWS\system32\dmconfig.dll
    2004-08-04 12:00:00 33,920 —-a-w C:\WINDOWS\system32\ntio.sys
    2004-08-04 12:00:00 33,792 —-a-w C:\WINDOWS\system32\vssadmin.exe
    2004-08-04 12:00:00 33,792 —-a-w C:\WINDOWS\system32\rundll32.exe
    2004-08-04 12:00:00 33,792 —-a-w C:\WINDOWS\system32\relog.exe
    2004-08-04 12:00:00 33,792 —-a-w C:\WINDOWS\system32\regini.exe
    2004-08-04 12:00:00 33,792 —-a-w C:\WINDOWS\system32\ping6.exe
    2004-08-04 12:00:00 33,792 —-a-w C:\WINDOWS\system32\msgsvc.dll
    2004-08-04 12:00:00 33,696 —-a-w C:\WINDOWS\system32\commdlg.dll
    2004-08-04 12:00:00 33,280 —-a-w C:\WINDOWS\system32\inetmib1.dll
    2004-08-04 12:00:00 33,280 —-a-w C:\WINDOWS\system32\eventcls.dll
    2004-08-04 12:00:00 33,280 —-a-w C:\WINDOWS\system32\cryptdll.dll
    2004-08-04 12:00:00 33,280 —-a-w C:\WINDOWS\system32\clipsrv.exe
    2004-08-04 12:00:00 33,040 —-a-w C:\WINDOWS\system32\dplay.dll
    2004-08-04 12:00:00 324,096 —-a-w C:\WINDOWS\system32\scesrv.dll
    2004-08-04 12:00:00 323,641 —-a-w C:\WINDOWS\system32\usrdtea.dll
    2004-08-04 12:00:00 32,896 —-a-w C:\WINDOWS\system32\drivers\ipfltdrv.sys
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\wpnpinst.exe
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\winipsec.dll
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\sethc.exe
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\odbcad32.exe
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\mnmsrvc.exe
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\isrdbg32.dll
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\csrsrv.dll
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\cnetcfg.dll
    2004-08-04 12:00:00 32,768 —-a-w C:\WINDOWS\system32\asr_pfu.exe
    2004-08-04 12:00:00 32,712 —-a-w C:\WINDOWS\system32\prnmngr.vbs
    2004-08-04 12:00:00 32,512 —-a-w C:\WINDOWS\system32\drivers\nwlnkfwd.sys
    2004-08-04 12:00:00 32,256 —-a-w C:\WINDOWS\system32\wupdmgr.exe
    2004-08-04 12:00:00 32,256 —-a-w C:\WINDOWS\system32\wpabaln.exe
    2004-08-04 12:00:00 32,256 —-a-w C:\WINDOWS\system32\tracert6.exe
    2004-08-04 12:00:00 32,256 —-a-w C:\WINDOWS\system32\iashlpr.dll
    2004-08-04 12:00:00 319,517 —-a-w C:\WINDOWS\system32\msexcl40.dll
    2004-08-04 12:00:00 318,670 —-a-w C:\WINDOWS\system32\perfi013.dat
    2004-08-04 12:00:00 316,416 —-a-w C:\WINDOWS\system32\untfs.dll
    2004-08-04 12:00:00 315,423 —-a-w C:\WINDOWS\system32\msrd3x40.dll
    2004-08-04 12:00:00 312,320 —-a-w C:\WINDOWS\system32\p2pgraph.dll
    2004-08-04 12:00:00 31,744 —-a-w C:\WINDOWS\system32\rtipxmib.dll
    2004-08-04 12:00:00 31,744 —-a-w C:\WINDOWS\system32\ntsd.exe
    2004-08-04 12:00:00 31,360 —-a-w C:\WINDOWS\system32\drivers\atmepvc.sys
    2004-08-04 12:00:00 31,232 —-a-w C:\WINDOWS\system32\traffic.dll
    2004-08-04 12:00:00 31,232 —-a-w C:\WINDOWS\system32\sc.exe
    2004-08-04 12:00:00 31,232 —-a-w C:\WINDOWS\system32\ddeshare.exe
    2004-08-04 12:00:00 309,760 —-a-w C:\WINDOWS\system32\netui2.dll
    2004-08-04 12:00:00 306,176 —-a-w C:\WINDOWS\system32\slbcsp.dll
    2004-08-04 12:00:00 305,664 —-a-w C:\WINDOWS\system32\ulib.dll
    2004-08-04 12:00:00 304,128 —-a-w C:\WINDOWS\system32\duser.dll
    2004-08-04 12:00:00 303,616 —-a-w C:\WINDOWS\system32\wmstream.dll
    2004-08-04 12:00:00 300,032 —-a-w C:\WINDOWS\system32\appmgr.dll
    2004-08-04 12:00:00 30,848 —-a-w C:\WINDOWS\system32\drivers\npfs.sys
    2004-08-04 12:00:00 30,749 —-a-w C:\WINDOWS\system32\vbajet32.dll
    2004-08-04 12:00:00 30,720 —-a-w C:\WINDOWS\system32\xcopy.exe
    2004-08-04 12:00:00 30,720 —-a-w C:\WINDOWS\system32\plustab.dll
    2004-08-04 12:00:00 30,720 —-a-w C:\WINDOWS\system32\asr_fmt.exe
    2004-08-04 12:00:00 30,336 —-a-w C:\WINDOWS\system32\drivers\modem.sys
    2004-08-04 12:00:00 30,208 —-a-w C:\WINDOWS\system32\mspatcha.dll
    2004-08-04 12:00:00 30,208 —-a-w C:\WINDOWS\system32\lights.exe
    2004-08-04 12:00:00 30,208 —-a-w C:\WINDOWS\system32\dplaysvr.exe
    2004-08-04 12:00:00 30,208 —-a-w C:\WINDOWS\system32\bthserv.dll
    2004-08-04 12:00:00 30,208 —-a-w C:\WINDOWS\system32\atmlib.dll
    2004-08-04 12:00:00 30,160 —-a-w C:\WINDOWS\system32\compobj.dll
    2004-08-04 12:00:00 3,732 —-a-w C:\WINDOWS\system32\pubprn.vbs
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\riched32.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\regedt32.exe
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\msafd.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\mll_hp.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\iprop.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\icmp.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\dpnlobby.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\dpnaddr.dll
    2004-08-04 12:00:00 3,584 —-a-w C:\WINDOWS\system32\comcat.dll
    2004-08-04 12:00:00 3,456 —-a-w C:\WINDOWS\system32\drivers\oprghdlr.sys
    2004-08-04 12:00:00 3,352 —-a-w C:\WINDOWS\system32\redir.exe
    2004-08-04 12:00:00 3,328 —-a-w C:\WINDOWS\system32\drivers\dxgthk.sys
    2004-08-04 12:00:00 3,242 —-a-w C:\WINDOWS\system32\nw16.exe
    2004-08-04 12:00:00 3,200 —-a-w C:\WINDOWS\system32\wowfax.dll
    2004-08-04 12:00:00 3,072 —-a-w C:\WINDOWS\system32\systray.exe
    2004-08-04 12:00:00 3,072 —-a-w C:\WINDOWS\system32\rnr20.dll
    2004-08-04 12:00:00 3,072 —-a-w C:\WINDOWS\system32\fixmapi.exe
    2004-08-04 12:00:00 297,472 —-a-w C:\WINDOWS\system32\termsrv.dll
    2004-08-04 12:00:00 294,400 —-a-w C:\WINDOWS\system32\MSCTF.dll
    2004-08-04 12:00:00 292,864 —-a-w C:\WINDOWS\system32\vssvc.exe
    2004-08-04 12:00:00 290,816 —-a-w C:\WINDOWS\system32\msnsspc.dll
    2004-08-04 12:00:00 29,752 —-a-w C:\WINDOWS\system32\prnport.vbs
    2004-08-04 12:00:00 29,696 —-a-w C:\WINDOWS\system32\sendcmsg.dll
    2004-08-04 12:00:00 29,696 —-a-w C:\WINDOWS\system32\safrdm.dll
    2004-08-04 12:00:00 29,370 —-a-w C:\WINDOWS\system32\ntdos411.sys
    2004-08-04 12:00:00 29,274 —-a-w C:\WINDOWS\system32\ntdos412.sys
    2004-08-04 12:00:00 29,184 —-a-w C:\WINDOWS\system32\sdhcinst.dll
    2004-08-04 12:00:00 29,146 —-a-w C:\WINDOWS\system32\ntdos804.sys
    2004-08-04 12:00:00 29,146 —-a-w C:\WINDOWS\system32\ntdos404.sys
    2004-08-04 12:00:00 29,056 —-a-w C:\WINDOWS\system32\drivers\ip6fw.sys
    2004-08-04 12:00:00 287,744 —-a-w C:\WINDOWS\system32\objsel.dll
    2004-08-04 12:00:00 287,744 —-a-w C:\WINDOWS\system32\devmgr.dll
    2004-08-04 12:00:00 287,232 —-a-w C:\WINDOWS\winhlp32.exe
    2004-08-04 12:00:00 285,696 —-a-w C:\WINDOWS\system32\atmfd.dll
    2004-08-04 12:00:00 285,184 —-a-w C:\WINDOWS\system32\pdh.dll
    2004-08-04 12:00:00 285,184 —-a-w C:\WINDOWS\system32\glmf32.dll
    2004-08-04 12:00:00 281,088 —-a-w C:\WINDOWS\system32\comdlg32.dll
    2004-08-04 12:00:00 28,746 —-a-w C:\WINDOWS\system32\msrecr40.dll
    2004-08-04 12:00:00 28,719 —-a-w C:\WINDOWS\system32\jsnl.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\wshcon.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\rsfsaps.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\nmmkcert.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\msxmlr.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\findstr.exe
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\dmband.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\dfsshlex.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\dbnmpntw.dll
    2004-08-04 12:00:00 28,672 —-a-w C:\WINDOWS\system32\batmeter.dll
    2004-08-04 12:00:00 28,626 —-a-w C:\WINDOWS\system32\perfd009.dat
    2004-08-04 12:00:00 28,224 —-a-w C:\WINDOWS\system32\drwatson.exe
    2004-08-04 12:00:00 28,160 —-a-w C:\WINDOWS\system32\shscrap.dll
    2004-08-04 12:00:00 279,040 —-a-w C:\WINDOWS\system32\qdv.dll
    2004-08-04 12:00:00 278,559 —-a-w C:\WINDOWS\system32\odbcjt32.dll
    2004-08-04 12:00:00 278,528 —-a-w C:\WINDOWS\system32\mstask.dll
    2004-08-04 12:00:00 278,528 —-a-w C:\WINDOWS\system32\inetcfg.dll
    2004-08-04 12:00:00 274,944 —-a-w C:\WINDOWS\system32\neth.dll
    2004-08-04 12:00:00 273,920 —-a-w C:\WINDOWS\system32\dmdlgs.dll
    2004-08-04 12:00:00 272,128 —-a-w C:\WINDOWS\system32\perfi009.dat
    2004-08-04 12:00:00 270,848 —-a-w C:\WINDOWS\system32\sbe.dll
    2004-08-04 12:00:00 27,928 —-a-w C:\WINDOWS\system32\ntdos.sys
    2004-08-04 12:00:00 27,648 —-a-w C:\WINDOWS\system32\profmap.dll
    2004-08-04 12:00:00 27,648 —-a-w C:\WINDOWS\system32\conime.exe
    2004-08-04 12:00:00 27,648 —-a-w C:\WINDOWS\system32\ccfgnt.dll
    2004-08-04 12:00:00 27,392 —-a-w C:\WINDOWS\system32\drivers\fdc.sys
    2004-08-04 12:00:00 27,200 —-a-r C:\WINDOWS\system32\ctl3dv2.dll
    2004-08-04 12:00:00 27,136 —-a-w C:\WINDOWS\system32\rsvpmsg.dll
    2004-08-04 12:00:00 27,136 —-a-w C:\WINDOWS\system32\perfdisk.dll
    2004-08-04 12:00:00 27,136 —-a-w C:\WINDOWS\system32\efsadu.dll
    2004-08-04 12:00:00 27,136 —-a-w C:\WINDOWS\system32\ddrawex.dll
    2004-08-04 12:00:00 27,136 —-a-w C:\WINDOWS\system32\ctl3d32.dll
    2004-08-04 12:00:00 27,097 —-a-w C:\WINDOWS\system32\country.sys
    2004-08-04 12:00:00 267,264 —-a-w C:\WINDOWS\system32\oakley.dll
    2004-08-04 12:00:00 266,240 —-a-w C:\WINDOWS\system32\ddraw.dll
    2004-08-04 12:00:00 264,704 —-a-w C:\WINDOWS\system32\wow32.dll
    2004-08-04 12:00:00 263,680 —-a-w C:\WINDOWS\system32\adsnt.dll
    2004-08-04 12:00:00 262,528 —-a-w C:\WINDOWS\system32\drivers\cinemst2.sys
    2004-08-04 12:00:00 260,096 —-a-w C:\WINDOWS\system32\tracerpt.exe
    2004-08-04 12:00:00 26,624 —-a-w C:\WINDOWS\system32\scredir.dll
    2004-08-04 12:00:00 26,624 —-a-w C:\WINDOWS\system32\cnvfat.dll
    2004-08-04 12:00:00 26,224 —-a-w C:\WINDOWS\system32\odbc16gt.dll
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\vdmdbg.dll
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\utildll.dll
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\skeys.exe
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\perfos.dll
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\ntdsbcli.dll
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\lnkstub.exe
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\graftabl.com
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\at.exe
    2004-08-04 12:00:00 26,112 —-a-w C:\WINDOWS\system32\adptif.dll
    2004-08-04 12:00:00 258,077 —-a-w C:\WINDOWS\system32\mstext40.dll
    2004-08-04 12:00:00 257,072 —-a-w C:\WINDOWS\winhelp.exe
    2004-08-04 12:00:00 253,952 —-a-w C:\WINDOWS\system32\msvcrt20.dll
    2004-08-04 12:00:00 253,440 —-a-w C:\WINDOWS\system32\compatUI.dll
    2004-08-04 12:00:00 252,928 —-a-w C:\WINDOWS\system32\msoeacct.dll
    2004-08-04 12:00:00 252,928 —-a-w C:\WINDOWS\system32\iassdo.dll
    2004-08-04 12:00:00 251,904 —-a-w C:\WINDOWS\system32\msieftp.dll
    2004-08-04 12:00:00 250,368 —-a-w C:\WINDOWS\system32\newdev.dll
    2004-08-04 12:00:00 25,706 —-a-w C:\WINDOWS\system32\prndrvr.vbs
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\twunk_32.exe
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\udhisapi.dll
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\slayerxp.dll
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\routemon.exe
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\msvidc32.dll
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\mslbui.dll
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\format.com
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\comaddin.dll
    2004-08-04 12:00:00 25,600 —-a-w C:\WINDOWS\system32\aaaamon.dll
    2004-08-04 12:00:00 25,472 —-a-w C:\WINDOWS\system32\drivers\sonydcam.sys
    2004-08-04 12:00:00 25,216 —-a-w C:\WINDOWS\system32\drivers\kbdclass.sys
    2004-08-04 12:00:00 25,088 —-a-w C:\WINDOWS\system32\sort.exe
    2004-08-04 12:00:00 25,088 —-a-w C:\WINDOWS\system32\shfolder.dll
    2004-08-04 12:00:00 25,088 —-a-w C:\WINDOWS\system32\mtxlegih.dll
    2004-08-04 12:00:00 25,088 —-a-w C:\WINDOWS\system32\defrag.exe
    2004-08-04 12:00:00 25,088 —-a-w C:\WINDOWS\system32\davclnt.dll
    2004-08-04 12:00:00 249,856 —-a-w C:\WINDOWS\system32\odbc32.dll
    2004-08-04 12:00:00 247,296 —-a-w C:\WINDOWS\system32\mswsock.dll
    2004-08-04 12:00:00 245,760 —-a-w C:\WINDOWS\system32\netui1.dll
    2004-08-04 12:00:00 241,693 —-a-w C:\WINDOWS\system32\msjtes40.dll
    2004-08-04 12:00:00 241,152 —-a-w C:\WINDOWS\system32\srrstr.dll
    2004-08-04 12:00:00 240,128 —-a-w C:\WINDOWS\system32\dsquery.dll
    2004-08-04 12:00:00 24,960 —-a-w C:\WINDOWS\system32\drivers\hidparse.sys
    2004-08-04 12:00:00 24,661 —-a-w C:\WINDOWS\system32\spxcoins.dll
    2004-08-04 12:00:00 24,626 —-a-w C:\WINDOWS\system32\scrrnnl.dll
    2004-08-04 12:00:00 24,624 —-a-w C:\WINDOWS\system32\vbsnl.dll
    2004-08-04 12:00:00 24,624 —-a-w C:\WINDOWS\system32\sconl.dll
    2004-08-04 12:00:00 24,603 —-a-w C:\WINDOWS\system32\sqlwid.dll
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\wsock32.dll
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\userinit.exe
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\rsmsink.exe
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\odbcbcp.dll
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\msorc32r.dll
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\httpapi.dll
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\gdi.exe
    2004-08-04 12:00:00 24,576 —-a-w C:\WINDOWS\system32\dbmsrpcn.dll
    2004-08-04 12:00:00 24,064 —-a-w C:\WINDOWS\system32\pidgen.dll
    2004-08-04 12:00:00 24,064 —-a-w C:\WINDOWS\system32\olesvr.dll
    2004-08-04 12:00:00 24,064 —-a-w C:\WINDOWS\system32\ipxroute.exe
    2004-08-04 12:00:00 24,064 —-a-w C:\WINDOWS\system32\dpmodemx.dll
    2004-08-04 12:00:00 24,064 —-a-w C:\WINDOWS\system32\dmserver.dll
    2004-08-04 12:00:00 239,616 —-a-w C:\WINDOWS\system32\upnpui.dll
    2004-08-04 12:00:00 236,544 —-a-w C:\WINDOWS\system32\rasapi32.dll
    2004-08-04 12:00:00 233,984 —-a-w C:\WINDOWS\system32\netevent.dll
    2004-08-04 12:00:00 233,472 —-a-w C:\WINDOWS\system32\avtapi.dll
    2004-08-04 12:00:00 230,400 —-a-w C:\WINDOWS\system32\compstui.dll
    2004-08-04 12:00:00 23,936 —-a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
    2004-08-04 12:00:00 23,808 —-a-w C:\WINDOWS\system32\drivers\usbcamd.sys
    2004-08-04 12:00:00 23,552 —-a-w C:\WINDOWS\system32\sfmapi.dll
    2004-08-04 12:00:00 23,552 —-a-w C:\WINDOWS\system32\rasrad.dll
    2004-08-04 12:00:00 23,552 —-a-w C:\WINDOWS\system32\mciwave.dll
    2004-08-04 12:00:00 23,552 —-a-w C:\WINDOWS\system32\iasacct.dll
    2004-08-04 12:00:00 23,552 —-a-w C:\WINDOWS\system32\drivers\mouclass.sys
    2004-08-04 12:00:00 23,040 —-a-w C:\WINDOWS\system32\setup.exe
    2004-08-04 12:00:00 23,040 —-a-w C:\WINDOWS\system32\qwinsta.exe
    2004-08-04 12:00:00 23,040 —-a-w C:\WINDOWS\system32\psapi.dll
    2004-08-04 12:00:00 23,040 —-a-w C:\WINDOWS\system32\mciseq.dll
    2004-08-04 12:00:00 23,040 —-a-w C:\WINDOWS\system32\ersvc.dll
    2004-08-04 12:00:00 229,888 —-a-w C:\WINDOWS\system32\dplayx.dll
    2004-08-04 12:00:00 225,792 —-a-w C:\WINDOWS\system32\localsec.dll
    2004-08-04 12:00:00 225,280 —-a-w C:\WINDOWS\system32\mqoa.dll
    2004-08-04 12:00:00 225,280 —-a-w C:\WINDOWS\system32\dmadmin.exe
    2004-08-04 12:00:00 221,184 —-a-w C:\WINDOWS\system32\wmpns.dll
    2004-08-04 12:00:00 220,672 —-a-w C:\WINDOWS\system32\logon.scr
    2004-08-04 12:00:00 22,528 —-a-w C:\WINDOWS\system32\rasmxs.dll
    2004-08-04 12:00:00 22,528 —-a-w C:\WINDOWS\system32\pathping.exe
    2004-08-04 12:00:00 22,528 —-a-w C:\WINDOWS\system32\nbtstat.exe
    2004-08-04 12:00:00 22,528 —-a-w C:\WINDOWS\system32\mfcsubs.dll
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\w32topl.dll
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\rpcns4.dll
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\rcp.exe
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\olesvr32.dll
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\msg.exe
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\mpnotify.exe
    2004-08-04 12:00:00 22,016 —-a-w C:\WINDOWS\system32\lpk.dll
    2004-08-04 12:00:00 219,136 —-a-w C:\WINDOWS\system32\uxtheme.dll
    2004-08-04 12:00:00 218,003 —-a-w C:\WINDOWS\system32\dssec.dat
    2004-08-04 12:00:00 216,064 —-a-w C:\WINDOWS\system32\osk.exe
    2004-08-04 12:00:00 216,064 —-a-w C:\WINDOWS\system32\moricons.dll
    2004-08-04 12:00:00 213,023 —-a-w C:\WINDOWS\system32\msltus40.dll
    2004-08-04 12:00:00 212,480 —-a-w C:\WINDOWS\system32\dpvoice.dll
    2004-08-04 12:00:00 21,896 —-a-w C:\WINDOWS\system32\drivers\tdtcp.sys
    2004-08-04 12:00:00 21,691 —-a-w C:\WINDOWS\system32\prnjobs.vbs
    2004-08-04 12:00:00 21,504 —-a-w C:\WINDOWS\system32\sclgntfy.dll
    2004-08-04 12:00:00 21,504 —-a-w C:\WINDOWS\system32\route.exe
    2004-08-04 12:00:00 21,504 —-a-w C:\WINDOWS\system32\ipxrip.dll
    2004-08-04 12:00:00 21,504 —-a-w C:\WINDOWS\system32\fontview.exe
    2004-08-04 12:00:00 21,504 —-a-w C:\WINDOWS\system32\feclient.dll
    2004-08-04 12:00:00 21,504 —-a-w C:\WINDOWS\system32\dpvacm.dll
    2004-08-04 12:00:00 21,376 —-a-w C:\WINDOWS\system32\drivers\tsbvcap.sys
    2004-08-04 12:00:00 209,408 —-a-w C:\WINDOWS\system32\drivers\update.sys
    2004-08-04 12:00:00 208,896 —-a-w C:\WINDOWS\system32\wavemsp.dll
    2004-08-04 12:00:00 208,896 —-a-w C:\WINDOWS\system32\mobsync.dll
    2004-08-04 12:00:00 206,336 —-a-w C:\WINDOWS\system32\rasppp.dll
    2004-08-04 12:00:00 204,800 —-a-w C:\WINDOWS\system32\mswebdvd.dll
    2004-08-04 12:00:00 200,704 —-a-w C:\WINDOWS\system32\dmdskmgr.dll
    2004-08-04 12:00:00 200,192 —-a-w C:\WINDOWS\system32\ir50_qc.dll
    2004-08-04 12:00:00 200,192 —-a-w C:\WINDOWS\system32\gptext.dll
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\ssmarque.scr
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\shutdown.exe
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\ipxwan.dll
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\hid.dll
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\drivers\vga.sys
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\drivers\ipinip.sys
    2004-08-04 12:00:00 20,992 —-a-w C:\WINDOWS\system32\bthci.dll
    2004-08-04 12:00:00 20,970 —-a-w C:\WINDOWS\system32\debug.exe
    2004-08-04 12:00:00 20,535 —-a-w C:\WINDOWS\system32\vfpodbc.dll
    2004-08-04 12:00:00 20,511 —-a-w C:\WINDOWS\system32\odtext32.dll
    2004-08-04 12:00:00 20,511 —-a-w C:\WINDOWS\system32\oddbse32.dll
    2004-08-04 12:00:00 20,510 —-a-w C:\WINDOWS\system32\odpdx32.dll
    2004-08-04 12:00:00 20,510 —-a-w C:\WINDOWS\system32\odfox32.dll
    2004-08-04 12:00:00 20,510 —-a-w C:\WINDOWS\system32\odexl32.dll
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\winstrm.dll
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\qprocess.exe
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\nwcfg.dll
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\mtxdm.dll
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\encapi.dll
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\drivers\flpydisk.sys
    2004-08-04 12:00:00 20,480 —-a-w C:\WINDOWS\system32\cliconfg.exe
    2004-08-04 12:00:00 2,962,432 —-a-w C:\WINDOWS\system32\xpsp2res.dll
    2004-08-04 12:00:00 2,944 —-a-w C:\WINDOWS\system32\drivers\null.sys
    2004-08-04 12:00:00 2,864 —-a-w C:\WINDOWS\system32\winsock.dll
    2004-08-04 12:00:00 2,736 —-a-w C:\WINDOWS\system32\wowdeb.exe
    2004-08-04 12:00:00 2,560 —-a-w C:\WINDOWS\system32\lz32.dll
    2004-08-04 12:00:00 2,113,536 —-a-w C:\WINDOWS\system32\dxdiagn.dll
    2004-08-04 12:00:00 2,112 —-a-w C:\WINDOWS\system32\winspool.exe
    2004-08-04 12:00:00 199,168 —-a-w C:\WINDOWS\system32\ir32_32.dll
    2004-08-04 12:00:00 197,632 —-a-w C:\WINDOWS\system32\certcli.dll
    2004-08-04 12:00:00 196,096 —-a-w C:\WINDOWS\system32\xpsp1res.dll
    2004-08-04 12:00:00 195,584 —-a-w C:\WINDOWS\system32\msutb.dll
    2004-08-04 12:00:00 195,072 —-a-w C:\WINDOWS\system32\syncui.dll
    2004-08-04 12:00:00 194,560 —-a-w C:\WINDOWS\system32\eudcedit.exe
    2004-08-04 12:00:00 194,048 —-a-w C:\WINDOWS\system32\activeds.dll
    2004-08-04 12:00:00 193,024 —-a-w C:\WINDOWS\system32\fsquirt.exe
    2004-08-04 12:00:00 192,512 —-a-w C:\WINDOWS\system32\qcap.dll
    2004-08-04 12:00:00 192,000 —-a-w C:\WINDOWS\system32\schedsvc.dll
    2004-08-04 12:00:00 19,968 —-a-w C:\WINDOWS\system32\wshtcpip.dll
    2004-08-04 12:00:00 19,968 —-a-w C:\WINDOWS\system32\ws2help.dll
    2004-08-04 12:00:00 19,968 —-a-w C:\WINDOWS\system32\ssbezier.scr
    2004-08-04 12:00:00 19,968 —-a-w C:\WINDOWS\system32\rdpsnd.dll
    2004-08-04 12:00:00 19,968 —-a-w C:\WINDOWS\system32\mqbkup.exe
    2004-08-04 12:00:00 19,968 —-a-w C:\WINDOWS\system32\arp.exe
    2004-08-04 12:00:00 19,806 —-a-w C:\WINDOWS\system32\graphics.com
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\wmiprop.dll
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\vwipxspx.dll
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\tcpsvcs.exe
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\oleaccrc.dll
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\nddenb32.dll
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\mode.com
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\dswave.dll
    2004-08-04 12:00:00 19,456 —-a-w C:\WINDOWS\system32\dmocx.dll
    2004-08-04 12:00:00 19,200 —-a-w C:\WINDOWS\system32\tapi.dll
    2004-08-04 12:00:00 19,088 —-a-w C:\WINDOWS\system32\sysedit.exe
    2004-08-04 12:00:00 19,072 —-a-w C:\WINDOWS\system32\drivers\msfs.sys
    2004-08-04 12:00:00 188,928 —-a-w C:\WINDOWS\system32\cmprops.dll
    2004-08-04 12:00:00 188,544 —-a-w C:\WINDOWS\system32\drivers\acpi.sys
    2004-08-04 12:00:00 187,392 —-a-w C:\WINDOWS\system32\accwiz.exe
    2004-08-04 12:00:00 186,880 —-a-w C:\WINDOWS\system32\mqtrig.dll
    2004-08-04 12:00:00 186,880 —-a-w C:\WINDOWS\system32\dinput8.dll
    2004-08-04 12:00:00 186,368 —-a-w C:\WINDOWS\system32\encdec.dll
    2004-08-04 12:00:00 186,368 —-a-w C:\WINDOWS\system32\els.dll
    2004-08-04 12:00:00 185,344 —-a-w C:\WINDOWS\system32\netmsg.dll
    2004-08-04 12:00:00 184,832 —-a-w C:\WINDOWS\system32\scecli.dll
    2004-08-04 12:00:00 184,320 —-a-w C:\WINDOWS\system32\ipsecsvc.dll
    2004-08-04 12:00:00 183,808 —-a-w C:\WINDOWS\system32\ir50_qcx.dll
    2004-08-04 12:00:00 183,296 —-a-w C:\WINDOWS\system32\snmpsnap.dll
    2004-08-04 12:00:00 182,912 —-a-w C:\WINDOWS\system32\drivers\ndis.sys
    2004-08-04 12:00:00 181,760 —-a-w C:\WINDOWS\system32\tapi32.dll
    2004-08-04 12:00:00 181,760 —-a-w C:\WINDOWS\system32\dsdmo.dll
    2004-08-04 12:00:00 181,248 —-a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2004-08-04 12:00:00 181,248 —-a-w C:\WINDOWS\system32\dmime.dll
    2004-08-04 12:00:00 180,800 —-a-w C:\WINDOWS\system32\sqlunirl.dll
    2004-08-04 12:00:00 180,224 —-a-w C:\WINDOWS\system32\dwwin.exe
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\vmmreg32.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\version.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\ssmyst.scr
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\snmpapi.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\seclogon.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\secedit.exe
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\rsmps.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\qmgrprxy.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\ping.exe
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\mimefilt.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\midimap.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\diskperf.exe
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\deskperf.dll
    2004-08-04 12:00:00 18,944 —-a-w C:\WINDOWS\system32\cacls.exe
    2004-08-04 12:00:00 18,688 —-a-w C:\WINDOWS\system32\drivers\partmgr.sys
    2004-08-04 12:00:00 18,688 —-a-w C:\WINDOWS\system32\drivers\cdaudio.sys
    2004-08-04 12:00:00 18,560 —-a-w C:\WINDOWS\system32\drivers\tdi.sys
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\wtsapi32.dll
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\win.com
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\ups.exe
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\prflbmsg.dll
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\dpnsvr.exe
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\dmintf.dll
    2004-08-04 12:00:00 18,432 —-a-w C:\WINDOWS\system32\compact.exe
    2004-08-04 12:00:00 18,176 —-a-w C:\WINDOWS\system32\vga64k.dll
    2004-08-04 12:00:00 179,712 —-a-w C:\WINDOWS\system32\ntmsdba.dll
    2004-08-04 12:00:00 179,200 —-a-w C:\WINDOWS\system32\winmm.dll
    2004-08-04 12:00:00 177,856 —-a-w C:\WINDOWS\system32\typelib.dll
    2004-08-04 12:00:00 177,152 —-a-w C:\WINDOWS\system32\mqrt.dll
    2004-08-04 12:00:00 176,640 —-a-w C:\WINDOWS\system32\wintrust.dll
    2004-08-04 12:00:00 176,640 —-a-w C:\WINDOWS\system32\ftsrch.dll
    2004-08-04 12:00:00 176,159 —-a-w C:\WINDOWS\system32\msjint40.dll
    2004-08-04 12:00:00 176,157 —-a-w C:\WINDOWS\system32\dgrpsetu.dll
    2004-08-04 12:00:00 175,736 —-a-w C:\WINDOWS\system32\xenroll.dll
    2004-08-04 12:00:00 175,616 —-a-w C:\WINDOWS\system32\w32time.dll
    2004-08-04 12:00:00 175,616 —-a-w C:\WINDOWS\system32\appmgmts.dll
    2004-08-04 12:00:00 175,616 —-a-w C:\WINDOWS\system32\adsldp.dll
    2004-08-04 12:00:00 172,544 —-a-w C:\WINDOWS\system32\wldap32.dll
    2004-08-04 12:00:00 172,032 —-a-w C:\WINDOWS\system32\photowiz.dll
    2004-08-04 12:00:00 171,008 —-a-w C:\WINDOWS\system32\sccsccp.dll
    2004-08-04 12:00:00 170,496 —-a-w C:\WINDOWS\system32\srsvc.dll
    2004-08-04 12:00:00 17,920 —-a-w C:\WINDOWS\system32\ureg.dll
    2004-08-04 12:00:00 17,920 —-a-w C:\WINDOWS\system32\tsshutdn.exe
    2004-08-04 12:00:00 17,920 —-a-w C:\WINDOWS\system32\nddeapi.dll
    2004-08-04 12:00:00 17,920 —-a-w C:\WINDOWS\system32\mmfutil.dll
    2004-08-04 12:00:00 17,920 —-a-w C:\WINDOWS\system32\iaspolcy.dll
    2004-08-04 12:00:00 17,920 —-a-w C:\WINDOWS\system32\dvdupgrd.exe
    2004-08-04 12:00:00 17,792 —-a-w C:\WINDOWS\system32\drivers\ptilink.sys
    2004-08-04 12:00:00 17,664 —-a-w C:\WINDOWS\system32\watchdog.sys
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\winshfhc.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\tftp.exe
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\qappsrv.exe
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\powrprof.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\perfnet.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\nwapi16.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\mcicda.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\esentprf.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\bidispl.dll
    2004-08-04 12:00:00 17,408 —-a-w C:\WINDOWS\system32\alrsvc.dll
    2004-08-04 12:00:00 169,984 —-a-w C:\WINDOWS\system32\sccbase.dll
    2004-08-04 12:00:00 169,984 —-a-w C:\WINDOWS\system32\iprtrmgr.dll
    2004-08-04 12:00:00 169,520 —-a-w C:\WINDOWS\system32\ole2disp.dll
    2004-08-04 12:00:00 167,868 —-a-w C:\WINDOWS\system32\pagefileconfig.vbs
    2004-08-04 12:00:00 167,424 —-a-w C:\WINDOWS\system32\diskpart.exe
    2004-08-04 12:00:00 165,376 —-a-w C:\WINDOWS\system32\ciadmin.dll
    2004-08-04 12:00:00 164,864 —-a-w C:\WINDOWS\system32\credui.dll
    2004-08-04 12:00:00 164,352 —-a-w C:\WINDOWS\system32\dinput.dll
    2004-08-04 12:00:00 163,328 —-a-w C:\WINDOWS\system32\oleacc.dll
    2004-08-04 12:00:00 162,816 —-a-w C:\WINDOWS\system32\drivers\netbt.sys
    2004-08-04 12:00:00 162,304 —-a-w C:\WINDOWS\system32\adsnds.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\winrnr.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\vss_ps.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\usbmon.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\upnpcont.exe
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\runas.exe
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\rassapi.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\msidntld.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\mqise.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\expand.exe
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\deskmon.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\deskadp.dll
    2004-08-04 12:00:00 16,896 —-a-w C:\WINDOWS\system32\cfgmgr32.dll
    2004-08-04 12:00:00 16,512 —-a-w C:\WINDOWS\system32\drivers\raspti.sys
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\tskill.exe
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\rwinsta.exe
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\odbc32gt.dll
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\icfgnt5.dll
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\fmifs.dll
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\ds32gt.dll
    2004-08-04 12:00:00 16,384 —-a-w C:\WINDOWS\system32\avmeter.dll
    2004-08-04 12:00:00 16,000 —-a-w C:\WINDOWS\system32\drivers\usbintel.sys
    2004-08-04 12:00:00 159,744 —-a-w C:\WINDOWS\system32\scrobj.dll
    2004-08-04 12:00:00 159,232 —-a-w C:\WINDOWS\system32\sbeio.dll
    2004-08-04 12:00:00 159,232 —-a-w C:\WINDOWS\system32\MSIMTF.dll
    2004-08-04 12:00:00 157,696 —-a-w C:\WINDOWS\system32\paqsp.dll
    2004-08-04 12:00:00 156,160 —-a-w C:\WINDOWS\system32\ipmontr.dll
    2004-08-04 12:00:00 154,624 —-a-w C:\WINDOWS\system32\shmedia.dll
    2004-08-04 12:00:00 154,112 —-a-w C:\WINDOWS\system32\keymgr.dll
    2004-08-04 12:00:00 153,856 —-a-w C:\WINDOWS\system32\drivers\dmio.sys
    2004-08-04 12:00:00 153,088 —-a-w C:\WINDOWS\regedit.exe
    2004-08-04 12:00:00 153,008 —-a-w C:\WINDOWS\system32\ole2nls.dll
    2004-08-04 12:00:00 152,576 —-a-w C:\WINDOWS\system32\rsaenh.dll
    2004-08-04 12:00:00 152,064 —-a-w C:\WINDOWS\system32\datime.dll
    2004-08-04 12:00:00 152,064 —-a-w C:\WINDOWS\system32\bootcfg.exe
    2004-08-04 12:00:00 151,552 —-a-w C:\WINDOWS\system32\scrrun.dll
    2004-08-04 12:00:00 151,552 —-a-w C:\WINDOWS\system32\msdart.dll
    2004-08-04 12:00:00 150,016 —-a-w C:\WINDOWS\system32\imapi.exe
    2004-08-04 12:00:00 15,984 —-a-w C:\WINDOWS\system32\prnqctl.vbs
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\TASKMAN.EXE
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\w3ssl.dll
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\taskman.exe
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\sysinv.dll
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\rsh.exe
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\perfmon.exe
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\more.com
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\inetppui.dll
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\dmremote.exe
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\comp.exe
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\cmcfg32.dll
    2004-08-04 12:00:00 15,872 —-a-w C:\WINDOWS\system32\cdmodem.dll
    2004-08-04 12:00:00 15,488 —-a-w C:\WINDOWS\system32\drivers\serenum.sys
    2004-08-04 12:00:00 15,488 —-a-w C:\WINDOWS\system32\drivers\mssmbios.sys
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\tsdiscon.exe
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\tsd32.dll
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\tscon.exe
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\slbrccsp.dll
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\shadow.exe
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\pjlmon.dll
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\pentnt.exe
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\logoff.exe
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\hnetmon.dll
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\help.exe
    2004-08-04 12:00:00 15,360 —-a-w C:\WINDOWS\system32\ctfmon.exe
    2004-08-04 12:00:00 149,019 —-a-w C:\WINDOWS\system32\crtdll.dll
    2004-08-04 12:00:00 147,968 —-a-w C:\WINDOWS\system32\rdchost.dll
    2004-08-04 12:00:00 147,968 —-a-w C:\WINDOWS\system32\mdwmdmsp.dll
    2004-08-04 12:00:00 147,968 —-a-w C:\WINDOWS\system32\dskquoui.dll
    2004-08-04 12:00:00 147,456 —-a-w C:\WINDOWS\system32\odbctrac.dll
    2004-08-04 12:00:00 147,456 —-a-w C:\WINDOWS\system32\initpki.dll
    2004-08-04 12:00:00 147,456 —-a-w C:\WINDOWS\system32\comsnap.dll
    2004-08-04 12:00:00 146,944 —-a-w C:\WINDOWS\system32\hotplug.dll
    2004-08-04 12:00:00 145,920 —-a-w C:\WINDOWS\system32\modemui.dll
    2004-08-04 12:00:00 145,408 —-a-w C:\WINDOWS\system32\wiavusd.dll
    2004-08-04 12:00:00 145,408 —-a-w C:\WINDOWS\system32\ntshrui.dll
    2004-08-04 12:00:00 145,408 —-a-w C:\WINDOWS\system32\dsprop.dll
    2004-08-04 12:00:00 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
    2004-08-04 12:00:00 144,384 —-a-w C:\WINDOWS\system32\mobsync.exe
    2004-08-04 12:00:00 144,384 —-a-w C:\WINDOWS\system32\imagehlp.dll
    2004-08-04 12:00:00 144,384 —-a-w C:\WINDOWS\system32\capesnpn.dll
    2004-08-04 12:00:00 143,360 —-a-w C:\WINDOWS\system32\rasmontr.dll
    2004-08-04 12:00:00 143,360 —-a-w C:\WINDOWS\system32\msorcl32.dll
    2004-08-04 12:00:00 143,360 —-a-w C:\WINDOWS\system32\drivers\fastfat.sys
    2004-08-04 12:00:00 143,360 —-a-w C:\WINDOWS\system32\adsldpc.dll
    2004-08-04 12:00:00 142,848 —-a-w C:\WINDOWS\system32\netid.dll
    2004-08-04 12:00:00 142,336 —-a-w C:\WINDOWS\system32\sessmgr.exe
    2004-08-04 12:00:00 141,824 —-a-w C:\WINDOWS\system32\sfc_os.dll
    2004-08-04 12:00:00 141,312 —-a-w C:\WINDOWS\system32\iasrecst.dll
    2004-08-04 12:00:00 140,800 —-a-w C:\WINDOWS\system32\taskmgr.exe
    2004-08-04 12:00:00 14,976 —-a-w C:\WINDOWS\system32\drivers\tape.sys
    2004-08-04 12:00:00 14,850 —-a-w C:\WINDOWS\system32\kb16.com
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\tcpmib.dll
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\stimon.exe
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\serwvdrv.dll
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\serialui.dll
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\rexec.exe
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\ntlanui2.dll
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\mgmtapi.dll
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\mcastmib.dll
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\fc.exe
    2004-08-04 12:00:00 14,848 —-a-w C:\WINDOWS\system32\drivers\kbdhid.sys
    2004-08-04 12:00:00 14,592 —-a-w C:\WINDOWS\system32\drivers\smclib.sys
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\wship6.dll
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\wowfaxui.dll
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\svchost.exe
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\ssstars.scr
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\runonce.exe
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\msdmo.dll
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\drprov.dll
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\drivers\asyncmac.sys
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\cmpbk32.dll
    2004-08-04 12:00:00 14,336 —-a-w C:\WINDOWS\system32\auditusr.exe
    2004-08-04 12:00:00 14,208 —-a-w C:\WINDOWS\system32\drivers\diskdump.sys
    2004-08-04 12:00:00 139,264 —-a-w C:\WINDOWS\system32\sndvol32.exe
    2004-08-04 12:00:00 138,752 —-a-w C:\WINDOWS\system32\swprv.dll
    2004-08-04 12:00:00 138,496 —-a-w C:\WINDOWS\system32\drivers\afd.sys
    2004-08-04 12:00:00 138,240 —-a-w C:\WINDOWS\system32\mqad.dll
    2004-08-04 12:00:00 138,240 —-a-w C:\WINDOWS\system32\ifmon.dll
    2004-08-04 12:00:00 137,216 —-a-w C:\WINDOWS\system32\sti_ci.dll
    2004-08-04 12:00:00 137,216 —-a-w C:\WINDOWS\system32\dssenh.dll
    2004-08-04 12:00:00 136,192 —-a-w C:\WINDOWS\system32\webvw.dll
    2004-08-04 12:00:00 135,168 —-a-w C:\WINDOWS\system32\odbcconf.dll
    2004-08-04 12:00:00 134,656 —-a-w C:\WINDOWS\system32\mssap.dll
    2004-08-04 12:00:00 132,608 —-a-w C:\WINDOWS\system32\upnp.dll
    2004-08-04 12:00:00 132,608 —-a-w C:\WINDOWS\system32\sndrec32.exe
    2004-08-04 12:00:00 132,608 —-a-w C:\WINDOWS\system32\rsvp.exe
    2004-08-04 12:00:00 132,096 —-a-w C:\WINDOWS\system32\acledit.dll
    2004-08-04 12:00:00 130,560 —-a-w C:\WINDOWS\system32\dmdskres.dll
    2004-08-04 12:00:00 130,048 —-a-w C:\WINDOWS\system32\sdpblb.dll
    2004-08-04 12:00:00 13,952 —-a-w C:\WINDOWS\system32\drivers\cbidf2k.sys
    2004-08-04 12:00:00 13,888 —-a-w C:\WINDOWS\system32\toolhelp.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\wscntfy.exe
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\uniplat.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\sisbkup.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\sigtab.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\senscfg.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\savedump.exe
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\rdsaddin.exe
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\mrinfo.exe
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\lmhsvc.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\convert.exe
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\cmsetACL.dll
    2004-08-04 12:00:00 13,824 —-a-w C:\WINDOWS\system32\atkctrs.dll
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\win87em.dll
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\verifier.dll
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\umdmxfrm.dll
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\tcmsetup.exe
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\ntvdmd.dll
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\msswch.dll
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\lsass.exe
    2004-08-04 12:00:00 13,312 —-a-w C:\WINDOWS\system32\irclass.dll
    2004-08-04 12:00:00 129,536 —-a-w C:\WINDOWS\system32\xmlprov.dll
    2004-08-04 12:00:00 129,536 —-a-w C:\WINDOWS\system32\msv1_0.dll
    2004-08-04 12:00:00 129,024 —-a-w C:\WINDOWS\system32\nwscript.exe
    2004-08-04 12:00:00 128,000 —-a-w C:\WINDOWS\system32\mshearts.exe
    2004-08-04 12:00:00 126,976 —-a-w C:\WINDOWS\system32\msvideo.dll
    2004-08-04 12:00:00 126,976 —-a-w C:\WINDOWS\system32\apphelp.dll
    2004-08-04 12:00:00 125,952 —-a-w C:\WINDOWS\system32\schtasks.exe
    2004-08-04 12:00:00 125,952 —-a-w C:\WINDOWS\system32\input.dll
    2004-08-04 12:00:00 125,696 —-a-w C:\WINDOWS\system32\drivers\ftdisk.sys
    2004-08-04 12:00:00 124,928 —-a-w C:\WINDOWS\system32\wiadss.dll
    2004-08-04 12:00:00 124,928 —-a-w C:\WINDOWS\system32\net1.exe
    2004-08-04 12:00:00 124,416 —-a-w C:\WINDOWS\system32\mplay32.exe
    2004-08-04 12:00:00 123,904 —-a-w C:\WINDOWS\system32\dfrgui.dll
    2004-08-04 12:00:00 123,392 —-a-w C:\WINDOWS\system32\mqrtdep.dll
    2004-08-04 12:00:00 123,392 —-a-w C:\WINDOWS\system32\glu32.dll
    2004-08-04 12:00:00 122,368 —-a-w C:\WINDOWS\system32\stobject.dll
    2004-08-04 12:00:00 121,856 —-a-w C:\WINDOWS\system32\idq.dll
    2004-08-04 12:00:00 121,856 —-a-w C:\WINDOWS\system32\gpresult.exe
    2004-08-04 12:00:00 121,856 —-a-w C:\WINDOWS\system32\exts.dll
    2004-08-04 12:00:00 121,344 —-a-w C:\WINDOWS\syst
  • En weer niet… Ik wacht je antwoord eerst wel af voordat ik de rest ook nog post, sorry :wink:
  • Heel lijstje.

    1. Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:2d6ccc3928]Select All[/b:2d6ccc3928].
    Klik op de knop [b:2d6ccc3928]Empty Selected[/b:2d6ccc3928].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:2d6ccc3928]Select All[/b:2d6ccc3928].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:2d6ccc3928]Empty Selected[/b:2d6ccc3928].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:2d6ccc3928]Select All[/b:2d6ccc3928].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:2d6ccc3928]Empty Selected[/b:2d6ccc3928].
    Ga naar het tabblad "Main" en klik op de knop [b:2d6ccc3928]Exit[/b:2d6ccc3928] om het programma af te sluiten.

    2. Download [b:2d6ccc3928]Dr.Web CureIt[/b:2d6ccc3928] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    3. Start de computer in veilige modus.

    4. Dubbelklik [b:2d6ccc3928]drweb-cureit.exe[/b:2d6ccc3928] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:2d6ccc3928]Options[/b:2d6ccc3928] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:2d6ccc3928]groene pijl[/b:2d6ccc3928] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:2d6ccc3928]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:2d6ccc3928]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:2d6ccc3928]Move incurable[/b:2d6ccc3928] zoals je zal zien in volgende afbeelding:
    [img:2d6ccc3928]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:2d6ccc3928]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:2d6ccc3928]file[/b:2d6ccc3928] en kies [b:2d6ccc3928]save report list[/b:2d6ccc3928]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    5. [b:2d6ccc3928]Herstart[/b:2d6ccc3928] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis
  • Done. Wat ik wel raar vond is dat DrWeb het update programma van McAfee aanmerkt als potentiële downloader, Mcupdmgr.exe. Na het opnieuw opstarten geeft McAfee dan ook meteen de melding dat ik niet meer beschermd ben. Aangezien ik dit ook niet veilig vind, ga ik zo dadelijk trachten McAfee te herstellen, en mocht het dan op weerstand stuiten van uw kant doe ik weer hetzelfde met DrWeb :roll: (Edit: Hoe doe ik dat overigens? * Edit2: Ah nevermind, dat is al gelukt ;) )

    [b:57a0581b7e]log van HijackThis:[/b:57a0581b7e]

    Logfile of HijackThis v1.99.1
    Scan saved at 21:02:35, on 24-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0230Mon.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\DOCUME~1\Ufuk\LOCALS~1\Temp\clclean.0001
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Documents and Settings\Ufuk\Bureaublad\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114w.bay114.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    [b:57a0581b7e]log van DrWeb:[/b:57a0581b7e]

    mcupdmgr.exe c:\program files\mcafee\msc Probably DLOADER.Trojan Incurable.Moved.
    VBAOL11.CHM\html/olobjAddressEntries.htm C:\Program Files\Microsoft Office\OFFICE11\1043\VBAOL11.CHM Modification of VBS.Petik
    VBAOL11.CHM C:\Program Files\Microsoft Office\OFFICE11\1043 Archive contains infected objects Moved.
    rcqyqmkj.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    A0062750.dll C:\System Volume Information\_restore{C6047249-B8FE-4F02-AAF1-9B17FBAA739B}\RP375 Trojan.Virtumod Deleted.
  • Voor Yep vundo besmetting bestaat een removal tool:

    http://securityresponse.symantec.com/avcenter/FixVundo.exe

    Kun je die dan niet beter gebruiken?
  • [quote:471ddc679e="Tweaky"]Voor Yep vundo besmetting bestaat een removal tool:

    http://securityresponse.symantec.com/avcenter/FixVundo.exe

    Kun je die dan niet beter gebruiken?[/quote:471ddc679e]

    Niet beter, want de combofix is beter omdat hij de bestanden unlocked(automatisch) en verwijderd. Combo laat nog meer zien en dat is ook handig, maar soms wissel ik wel eens af,

    die van symantec , :-?
    VIRTUMONDO_BEGONE Virtumundo Begone http://hicheckthis.dyndns.org/hjt/ncslist.php?lang=NL&view=118
    ———————
    VUNDO VundoFix
    http://hicheckthis.dyndns.org/hjt/ncslist.php?lang=NL&view=103
    ————————
    en natuurlijk de combofix.

    die van symantec gebruik ik nooit.
  • Logje ziet er al weer terug schoon uit, hoe is het met je problemen?
  • De problemen zijn helemaal weg, bedankt voor de hulp ;)
    En voor in de toekomst, mocht ik weer last hebben van spyware, is het dan aan te raden om bijvoorbeeld Combofix te gebruiken in combinatie met Dr. Web? Of is Combofix alleen voor vundo besmettingen?

    Wat ik ook wel raar vind is dat een (toch hoog aangeschreven) programma als McAfee niet gewoon om kan gaan met dergelijke trojans.. Je zou toch denken dat die antivirusprogramma's daar speciaal voor geschreven worden.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.