Vraag & Antwoord

Beveiliging & privacy

VPN verkeer als ik alleen mijn muis maar beweeg?

Anoniem
None
63 antwoorden
  • Hallo Abraham,

    Morgen ga ik direkt bellen met systeembeheer.

    Als ik morgen wel VPN op bouw met de zaak, zijn er dan gevolgen?

    Rob
  • Hallo allemaal,

    Ik heb pas gezien dat er veel data verzonden wordt naar mijn bedrijf als ik een VPN-verbinding opzet.

    Het lijkt er op dat hoe langer het geleden is dat ik met mijn "werk netwerk" verbonden was, hoe meer data er verzonden wordt.

    Nog vreemder is dat als ik bijvoorbeeld mijn muis over een icon op mijn werkblad beweeg er gelijk data wordt genereerd. Hetzelfde gebeurt ook als ik bijvoorbeeld in Word iets type. Het gevolg is dat er vaak 2 maal zoveel data verzonden wordt dan dat ik ontvang. Zeker als ik lange tijd geen VPN heb gehad vertraagd dit de eerste minuten enorm als ik de VPN weer op bouw.

    Heeft iemand een idee om er achter te komen wat er nu verzonden wordt over die VPN-verbinding?

    Het gaat om een Windows XP machine en de standaard Windows VPN-client. Default Gateway staat uitgeschakeld.

    Met vriendelijke groet,
    Rob
  • Hallo Rob, begin hiermee: download [b:f893f2dcbb]TFC[/b:f893f2dcbb] (klick) naar je bureaublad.

    • Klik/dubbelklik op [b:f893f2dcbb]TFC.exe[/b:f893f2dcbb] om het programma te starten.
    • Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
    • Vervolgens klik je op de knop [b:f893f2dcbb]Start[/b:f893f2dcbb] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
    • Indien TFC klaar is, dan komt de melding dat de computer opnieu opgestart wordt.
    • Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.


    Daarna: download, installeer en blijf [b:f893f2dcbb]MBAM[/b:f893f2dcbb] gebruiken.
    Al meteen na de installatie wil [b:f893f2dcbb]MBAM[/b:f893f2dcbb] zijn database opwaarderen – toestaan dus.
    Ook bij herhaald gebruik: eerst de tab [b:f893f2dcbb]Update[/b:f893f2dcbb] aandoen!

    [b:f893f2dcbb]Download MBAM[/b:f893f2dcbb] (KLIK)

    Start [b:f893f2dcbb]MBAM[/b:f893f2dcbb] en kies voor [b:f893f2dcbb]Snelle Scan[/b:f893f2dcbb]


    [b:f893f2dcbb]N.B.: Vista- en Windows 7 gebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:f893f2dcbb]



    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik dan op de knop [b:f893f2dcbb]OK[/b:f893f2dcbb] , daarna op de knop [b:f893f2dcbb]Bekijk Resultaten[/b:f893f2dcbb] om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klikken op: [b:f893f2dcbb]Verwijder geselecteerde[/b:f893f2dcbb] .
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    Het log wordt automatisch bewaard door [b:f893f2dcbb]MBAM[/b:f893f2dcbb] en dat kan je terugvinden door op de tab [b:f893f2dcbb]Logs[/b:f893f2dcbb] te klikken in [b:f893f2dcbb]MBAM[/b:f893f2dcbb] .

    Indien [b:f893f2dcbb]MBAM[/b:f893f2dcbb] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:f893f2dcbb]OK[/b:f893f2dcbb] klikken!
    Daarna zal [b:f893f2dcbb]MBAM[/b:f893f2dcbb] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.



    Als laatste: download [b:f893f2dcbb] naar je bureaublad.

    • dds.scr dubbelklikken (Vista/Win 7 gebruikers doen dit via rechtsklik en kiezen voor Als Administrator uitvoeren) - wacht tot de scan klaar is.
    • Na de scan worden twee tekstdocumnenten geopend - post de inhoud van het DDS-log (maar schakel eerst in kladblok via Opmaak de Automatische terugloop uit!).


    Post de volgense keer de inhoud van beide DDS-logs en dito het MBAM log.

    Deze logs openen in kladblok - schakel eerst in kladblok via Opmaak de Automatische terugloop uit!
  • Ok, ik wil dat best doen maar ik zie nu dat er ook serienummers e.d. in genoemd worden en wordt door de programma's de opmerking gemaakt dat je de logs niet moet posten. Kan ik die serienummers en andere zaken die "de wereld" niets aan gaan er uit halen?

    Overigens vond MBAM geen problemen.

    Rob
  • Het DDS-log geeft geen serienummers prijs, zoekt deze ook niet!

    Ik weet niet waar jij dit nu uit opmaakt!

    Je kan de logs gewoon posten!
  • Okokok rustig maar…Ik werd met name getriggerd door de opmerking van het programma zelf…… :oops:

    Dus bij deze de logs:

    [b:4c7b25afc6]MBAM:[/b:4c7b25afc6]
    Malwarebytes' Anti-Malware 1.44
    Database version: 3792
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.13

    25-2-2010 17:46:23
    mbam-log-2010-02-25 (17-46-23).txt

    Scan type: Quick Scan
    Objects scanned: 130754
    Time elapsed: 5 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    [b:4c7b25afc6]DDS[/b:4c7b25afc6]


    DDS (Ver_09-12-01.01) - NTFSx86
    Run by rvdvegt at 17:47:10,93 on do 25-02-2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1403 [GMT 1:00]

    AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

    ============== Running Processes ===============

    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\System Update\SUService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Test\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = 172.16.3.4:8080
    uInternet Settings,ProxyOverride = 172.16.*.*;<local>
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
    uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
    uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 7\PcSync2.exe" /NoDialog
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
    mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
    mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [TP4EX] tp4ex.exe
    mRun: [<NO NAME>]
    mRun: [TpShocks] TpShocks.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
    DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
    DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263552693705
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265102574535
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://213.201.135.121/activex/AxisCamControl.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://X__X.webex.com/client/T26L10NSP49EP30/webex/ieatgpc.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
    Notify: tpfnf2 - notifyf2.dll
    Notify: tphotkey - tphklock.dll
    LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll

    ============= SERVICES / DRIVERS ===============

    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-1-28 20520]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-10-5 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-10-5 108392]
    R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-5 2189240]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-5 102448]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-25 38224]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100224.068\NAVENG.SYS [2010-2-25 84912]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100224.068\NAVEX15.SYS [2010-2-25 1324720]
    S3 vmserverdWin32;VMware Registration Service;c:\program files\vmware\vmware server\vmserverdWin32.exe [2009-10-20 1654884]
    S4 vsdatant;vsdatant;a –> a [?]

    =============== Created Last 30 ================

    2010-02-25 16:40:16 0 d—–w- c:\docume~1\rvdvegt\applic~1\Malwarebytes
    2010-02-25 16:40:11 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-25 16:40:09 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-25 16:40:09 0 d—–w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-02-25 16:40:08 0 d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-25 08:03:12 16384 —-atw- c:\temp\Perflib_Perfdata_cf8.dat
    2010-02-25 08:01:11 16384 —-atw- c:\temp\Perflib_Perfdata_658.dat
    2010-02-25 08:01:10 16384 —-atw- c:\temp\Perflib_Perfdata_6dc.dat
    2010-02-17 16:12:10 0 d—–w- C:\Graphics Offerte
    2010-02-02 09:26:00 236 —-a-w- C:\register.bat

    ==================== Find3M ====================

    2010-02-24 22:24:20 2487 —-a-w- c:\windows\bthservsdp.dat
    2010-01-04 10:36:18 54776 —-a-w- c:\windows\system32\drivers\mozy.sys
    2009-12-17 09:52:16 70984 —-a-w- c:\documents and settings\rvdvegt\g2mdlhlpx.exe

    ============= FINISH: 17:47:23,69 ===============


    [b:4c7b25afc6]Attach[/b:4c7b25afc6]


    [b:4c7b25afc6]UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT[/b:4c7b25afc6]

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1-10-2009 1:45:45
    System Uptime: 25-2-2010 8:59:50 (9 hours ago)

    Motherboard: IBM | | 2373F3G
    Processor: Intel(R) Pentium(R) M processor 1.80GHz | None | 1794/400mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 34 GiB total, 3,572 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP111: 16-1-2010 23:28:06 - Installed MozyHome Remote Backup
    RP112: 18-1-2010 0:45:38 - System Checkpoint
    RP113: 19-1-2010 15:44:00 - System Checkpoint
    RP114: 21-1-2010 12:45:56 - System Checkpoint
    RP115: 22-1-2010 8:37:29 - Removed MSXML 6.0 Parser (KB925673)
    RP116: 22-1-2010 8:37:54 - Removed Nokia Connectivity Cable Driver
    RP117: 22-1-2010 8:38:33 - Removed PC Connectivity Solution
    RP118: 23-1-2010 15:35:19 - System Checkpoint
    RP119: 24-1-2010 16:31:32 - System Checkpoint
    RP120: 25-1-2010 17:49:33 - System Checkpoint
    RP121: 27-1-2010 0:57:34 - System Checkpoint
    RP122: 29-1-2010 17:09:47 - System Checkpoint
    RP123: 1-2-2010 1:35:49 - System Checkpoint
    RP124: 2-2-2010 17:47:52 - System Checkpoint
    RP125: 3-2-2010 18:00:44 - System Checkpoint
    RP126: 4-2-2010 18:01:06 - System Checkpoint
    RP127: 5-2-2010 18:37:54 - System Checkpoint
    RP128: 6-2-2010 19:16:33 - System Checkpoint
    RP129: 8-2-2010 5:41:15 - System Checkpoint
    RP130: 9-2-2010 9:33:42 - System Checkpoint
    RP131: 10-2-2010 13:28:20 - System Checkpoint
    RP132: 11-2-2010 16:18:11 - System Checkpoint
    RP133: 15-2-2010 10:07:45 - System Checkpoint
    RP134: 16-2-2010 17:34:56 - System Checkpoint
    RP135: 17-2-2010 17:57:16 - System Checkpoint
    RP136: 18-2-2010 18:05:02 - System Checkpoint
    RP137: 19-2-2010 18:41:33 - System Checkpoint
    RP138: 22-2-2010 10:42:15 - System Checkpoint
    RP139: 23-2-2010 11:31:31 - System Checkpoint
    RP140: 24-2-2010 15:22:08 - System Checkpoint

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.6
    Apple Application Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Canon MF Toolbox 4.9.1.1.mf07
    Canon MF4100 Series
    Chinese (Simplified) Language Support
    Chinese (Traditional) Language Support
    Chinese Simplified Fonts Support For Adobe Reader 8
    Chinese Traditional Fonts Support For Adobe Reader 8
    Compatibiliteitspakket voor het 2007 Microsoft Office system
    Compatibility Pack for the 2007 Office system
    CutePDF Writer 2.6
    Google SketchUp 6
    GoToMeeting 4.1.0.366
    Hotfix for Windows XP (KB915865)
    Intel PROSet Wireless
    Intel(R) Network Connections 14.5.1.0
    Intel(R) PROSet/Wireless WiFi Software
    Java(TM) 6 Update 17
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 3.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Proofing Tools
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    MozyHome Remote Backup
    MSVC80_x86
    MSVC80_x86_v2
    MSVC90_x86
    MSXML 6.0 Parser
    Network Recording Player
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    PC Connectivity Solution
    QuickTime
    SecondLife (remove only)
    SecondLifeReleaseCandidate (remove only)
    SoundMAX
    Symantec Endpoint Protection
    System Requirements Lab
    System Update
    ThinkPad Configuration
    ThinkPad EasyEject Utility
    ThinkPad FullScreen Magnifier
    ThinkPad Hotkey Features Setup
    ThinkPad Integrated 56K Modem
    ThinkPad Keyboard Customizer Utility
    ThinkPad Power Management Driver
    ThinkPad Presentation Director
    ThinkPad UltraNav Driver
    ThinkPad UltraNav Utility
    ThinkPad UltraNav Wizard
    ThinkVantage Active Protection System
    ThinkVantage Fingerprint Software
    TrackPoint Accessibility Features
    VMware Server
    WebEx
    WebEx Recorder and Player
    WebFldrs XP
    Windows Communication Foundation
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
    Windows Driver Package - Nokia Modem (10/05/2009 4.2)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Presentation Foundation
    Windows Workflow Foundation
    Windows XP Hotfix - KB896613
    Windows XP Service Pack 2
    WinRAR archiver
    WinZip
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    24-2-2010 22:53:05, error: NETLOGON [5719] - No Domain Controller is available for domain X__X due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    24-2-2010 20:51:15, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service.
    22-2-2010 9:14:18, error: NETLOGON [5719] - No Domain Controller is available for domain X__X due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    18-2-2010 20:34:55, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 000E35761E2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================



    [b:4c7b25afc6]Opmerking[/b:4c7b25afc6]

    Bedrijfsnaam is vervangen door X__X
  • Hallo Rob, jouw Windows heeft een besmetting!

    [b:91b0b74d31]Laat Combofix jouw Windows scannen[/b:91b0b74d31] (klik).

    [b:91b0b74d31]Hoe Combofix goed te gebruiken[/b:91b0b74d31] (klik)

    [b:91b0b74d31]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:
  • Nou, ik moet zeggen dat was wel spannend temeer omdat ik 2 maal de melding kreeg:
    Error saving file c:\combofix\HIV\Security!
    RegCreateKeyEx: 5 Access denied!
    Continue withe the next file Yes/No

    Yes werkte niet, dus maar op No gedrukt….en alles lijkt nog steeds te werken. :?

    Tevens werd de internetverbinding niet verbroken en is de recovery console gedownlad.

    Bij deze de log:

    ComboFix 10-02-25.02 - rvdvegt 25-02-2010 21:29:01.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1497 [GMT 1:00]
    Running from: c:\documents and settings\rvdvegt\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\srchasst\nls302en.lex

    .
    ((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
    .

    2010-02-25 20:37 . 2010-02-25 20:37 16384 —-atw- c:\temp\Perflib_Perfdata_ce8.dat
    2010-02-25 20:37 . 2010-02-25 20:37 16384 —-atw- c:\temp\Perflib_Perfdata_308.dat
    2010-02-25 20:36 . 2010-02-25 20:36 16384 —-atw- c:\temp\Perflib_Perfdata_2a4.dat
    2010-02-25 20:21 . 2010-02-25 20:21 16384 —-atw- c:\temp\Perflib_Perfdata_628.dat
    2010-02-25 16:40 . 2010-02-25 16:40 ——– d—–w- c:\documents and settings\rvdvegt\Application Data\Malwarebytes
    2010-02-25 16:40 . 2010-01-07 15:07 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-25 16:40 . 2010-02-25 16:40 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-02-25 16:40 . 2010-01-07 15:07 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-25 16:40 . 2010-02-25 16:40 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-17 16:12 . 2010-02-17 16:14 ——– d—–w- C:\Graphics Offerte
    2010-02-02 09:26 . 2010-02-02 09:26 236 —-a-w- C:\register.bat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-25 20:34 . 2009-10-05 08:44 2487 —-a-w- c:\windows\bthservsdp.dat
    2010-02-17 11:00 . 2009-11-02 12:08 ——– d—–w- c:\documents and settings\rvdvegt\Application Data\VMware
    2010-02-17 11:00 . 2009-11-02 10:45 ——– d—–w- c:\documents and settings\LocalService\Application Data\VMware
    2010-02-17 10:23 . 2009-12-08 15:48 ——– d—–w- c:\windows\system32\config\systemprofile\Application Data\VMware
    2010-02-17 10:22 . 2009-11-02 10:39 ——– d—–w- c:\documents and settings\All Users\Application Data\VMware
    2010-02-15 20:53 . 2009-10-06 14:04 ——– d—–w- c:\documents and settings\rvdvegt\Application Data\Nokia
    2010-02-04 15:12 . 2009-10-06 14:15 ——– d—–w- c:\documents and settings\rvdvegt\Application Data\webex
    2010-01-29 08:54 . 2009-10-06 14:04 ——– d—–w- c:\documents and settings\rvdvegt\Application Data\PC Suite
    2010-01-22 08:00 . 2009-10-06 14:03 ——– d—–w- c:\program files\Nokia
    2010-01-22 08:00 . 2009-11-21 20:07 ——– d—–w- c:\program files\Common Files\Nokia
    2010-01-22 07:54 . 2010-01-22 07:36 12212040 —-a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
    2010-01-22 07:54 . 2010-01-22 07:36 13930312 —-a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
    2010-01-22 07:54 . 2010-01-22 07:36 61440 —-a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
    2010-01-22 07:54 . 2010-01-22 07:36 77824 —-a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
    2010-01-22 07:54 . 2010-01-22 07:36 58880 —-a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
    2010-01-22 07:54 . 2010-01-22 07:36 50000 —-a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
    2010-01-22 07:38 . 2010-01-22 07:38 ——– d—–w- c:\program files\PC Connectivity Solution
    2010-01-22 07:37 . 2010-01-22 07:37 ——– d—–w- c:\program files\MSXML 6.0
    2010-01-22 07:35 . 2010-01-22 07:35 ——– d—–w- c:\documents and settings\All Users\Application Data\OviInstallerCache
    2010-01-22 07:35 . 2010-01-22 07:35 95992424 —-a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
    2010-01-16 22:00 . 2010-01-16 22:00 ——– d—–w- c:\program files\MozyHome
    2010-01-04 10:36 . 2010-01-16 22:00 54776 —-a-w- c:\windows\system32\drivers\mozy.sys
    2009-12-17 09:52 . 2009-12-17 09:52 70984 —-a-w- c:\documents and settings\rvdvegt\g2mdlhlpx.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
    @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2010-01-04 10:36 2848568 —-a-w- c:\program files\MozyHome\mozyshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
    @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2010-01-04 10:36 2848568 —-a-w- c:\program files\MozyHome\mozyshell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-10-26 753664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-05 115560]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-07 344064]
    "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
    "TP4EX"="tp4ex.exe" [2005-10-17 65536]
    "TpShocks"="TpShocks.exe" [2009-02-02 181536]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-04 149280]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2009-05-21 23:54 100104 —-a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-06 06:45 28672 —-a-w- c:\windows\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-12-01 03:16 24576 —-a-w- c:\windows\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=

    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28-1-2009 16:57 20520]
    R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13-3-2009 22:47 12560]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5-10-2009 10:18 102448]
    S3 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [20-10-2009 13:51 1654884]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = 172.16.3.4:8080
    uInternet Settings,ProxyOverride = 172.16.*.*;<local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
    SafeBoot-Symantec Antvirus
    AddRemove-SecondLife - c:\test\probeersel\SecondLife\uninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-25 21:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"="a"
    .
    ——————— DLLs Loaded Under Running Processes ———————

    - - - - - - - > 'winlogon.exe'(1128)
    c:\windows\system32\vrlogon.dll
    c:\windows\system32\Ati2evxx.dll
    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infql2.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
    c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
    c:\windows\system32\tphklock.dll

    - - - - - - - > 'Explorer.EXE'(1008)
    c:\program files\MozyHome\mozyshell.dll
    c:\windows\system32\msi.dll
    .
    Completion time: 2010-02-25 21:45:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-02-25 20:45

    Pre-Run: 3.724.906.496 bytes free
    Post-Run: 3.751.329.792 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - A8CF681032099E001AD729BBD1948BEE
  • Hoe heeft jouw Windows tot nu op de kuur gereageerd?
  • Als je de vraag zo stelt begin ik mij zorgen te maken…..

    Tot nu toe geen problemen ontdekt en alles lijkt normaal te werken, maar ik heb nog niet alles getest. Snelheid van programma's is wat toegenomen lijkt het.

    Wel is er nog steeds veel data die verzonden wordt, dus het lijkt niet geholpen te hebben OF het is wel een normaal verschijnsel. Ik heb geen idee.

    Daarom heb ik twee vragen:
    Waarom denk je dat mijn laptop besmet is?
    Met welke onderdelen zou ik eventueel problemen kunnen krijgen?

    Rob
  • Een voorbeeld van het verkeer:

    Ik heb de VPN geopend en verder niets gedaan. Outlook stond niet open dus connectie met Exchange werd niet gevraagd.

    In 2 minuten werd er ongeveer 31k aan bytes verstuurd en 15k aan bytes ontvangen.

    Elke keer als ik de muis over een icon (zoals hierboven de Quote en List beweeg genereert dit 3500 bytes naar mijn werk en 1100 bytes die ik terug krijg.

    Het typen van dit stukje tekst genereerde ongeveer 40k aan verstuurde data..totaal in 5 minuten

    Rob
  • Hallo Rob, wat zijn je bevindingen m.b.t. de systeembeheerder tot nu toe?
  • Hallo Rob, dan gaan we nu specifiek op zoek naar rootkits!

    Download [b:b0060a0d4a] naar je bureaublad.

    • pak het bestand uit op je bureaublad en klik/dubbelklik op [b:b0060a0d4a]TDSSKiller.exe[/b:b0060a0d4a]
    • Een comandoprompt zal nu opstarten; waneer de scan compleet is zal je hetlog in C kunnen terugvinden.
    • Indien je gevorderd wordt de computer opnieuw op te starten, doe je dat!
    • Post de inhoud van het log in je volgende post.
  • Ik krijg een foutmelding:
    SetPriveleges failed
    Driver load error
    press any key (waar zat die ook weer?)
    en dan stopt ie

    Rob
  • Deaktiveer je antivirus en probeer het opnieuw.
  • Nope, geen verbetering.
  • Hallo Rob - probeer het in Veilige Modus!
  • Hallo Abraham,

    In veilige modus & symantec uit hetzelfde probleem.

    Rob
  • Het is om er een beetje moedeloos van te worden, maar, de volgende stap gaan dan maar doen - kijken welke problemen er dan mogelijk jouw pad kruisen?

    Download [b:9b77095888] naar je bureaublad.

    • Verwijder eerst de internetverbinding en sluit ook alle openstaande vensters.
    • Deaktiveer vervolgens tijdelijk alle aktiveve beveiligingsprogramma's, zodat deze niet kunnen interferreren met GMER
    • Klik/dubbelklik (Vista/Win 7 gebruikers doen dit via rechtsklik en kiezen voor Als Administrator uitvoeren) op het gedownloade GMER-bestand,
    dat een toevallig gekozen naam heeft (bijv. n7gmo46c.exe) en indien gvraagd, toestaan dat de gmer.sys driver geladen mag worden.

    • Bij opstarten zal GMER openen met de Rootkit/Malware tab en zal een korte automatische scan uitvoeren - doe dan geen andere taken met de computer gedurende de scan!
    • Indien je nu een waarschuwing krijgt over rootkit activity en gevraagd wordt een volledige scan te doen -
    dan klik je vervolgens op NO.
    • Klik nu op de Scan knop. Wanneer je nu een rootkit waarschuwing ziet, dan klik je op OK.
    • Klik vervolgens op de COPY knop en plak het resultaat in je volgende post.
    • Sluit GMER af en reaktiveer nu alle gedeaktiveerde beveiligingen.
    • Indien je een probleem ondervindt om GMER te gebruiken, probeer dit dan in Veilge Modus te doen.
  • Om half 2 ben ik maar naar bed gegaan en vanochtend was er dit resultaat:

    1e scan:
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-02-26 00:23:30
    Windows 5.1.2600 Service Pack 2
    Running: eu3d7k7q.exe; Driver: C:\DOCUME~1\rvdvegt\LOCALS~1\Temp\pwldqpog.sys


    —- Devices - GMER 1.0.15 —-

    AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    —- EOF - GMER 1.0.15 —-

    2e scan:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-02-26 08:39:41
    Windows 5.1.2600 Service Pack 2
    Running: eu3d7k7q.exe; Driver: C:\DOCUME~1\rvdvegt\LOCALS~1\Temp\pwldqpog.sys


    —- System - GMER 1.0.15 —-

    SSDT 89AE7B68 ZwConnectPort
    SSDT 899EE0A8 ZwResumeThread

    —- Devices - GMER 1.0.15 —-

    AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\usbhub \Device\00000090 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\00000091 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\00000092 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\00000094 hcmon.sys (VMware USB monitor/VMware, Inc.)

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\BTHUSB \Device\00000096 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\BTHUSB \Device\00000098 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)

    —- Registry - GMER 1.0.15 —-

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e07b5317
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e07b5317@0017e72be818 0x91 0x7D 0x93 0x83 …
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0020e07b5317 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0020e07b5317@0017e72be818 0x91 0x7D 0x93 0x83 …

    —- Files - GMER 1.0.15 —-

    File C:\System Volume Information\MountPointManagerRemoteDatabase 0 bytes
    File C:\System Volume Information\tracking.log 20480 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F} 0 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\fifo.log 5062 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\drivetable.txt 132 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111 0 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034970.dll 19456 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034953.ini 84 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034954.msi 1181184 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034955.PNF 7800 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034956.dll 19456 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034957.dll 19456 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034958.dll 21504 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034959.dll 22016 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034960.dll 19456 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034961.dll 19456 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034962.dll 21504 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034963.dll 19968 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034964.dll 20992 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034965.dll 20992 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034966.dll 19456 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034967.dll 19456 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034968.dll 20480 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034969.dll 19456 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034971.dll 19456 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034972.dll 20992 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034973.dll 20480 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034974.dll 21504 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034975.exe 99840 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034976.exe 35328 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034977.dll 362496 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034978.dll 362496 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034980.ini 62 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\A0034981.ini 62 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\change.log.1 89370 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\change.log.2 6954 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\drivetable.txt 134 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\RestorePointSize 8 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP111\rp.log 536 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112 0 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034982.inf 0 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034983.PNF 0 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034984.ini 62 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034985.DLL 2747440 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034986.VXD 6899 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034987.DLL 259440 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034988.SYS 371248 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034989.SPM 5408 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034990.SYS 102448 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034991.SYS 84912 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034992.VXD 90698 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034993.DLL 177520 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034994.SYS 1323568 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034995.VXD 1028171 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034996.DLL 1647984 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034997.CAT 8719 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034998.INF 1063 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035000.INF 582 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035001.INF 106244 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035002.LNK 747 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035003.LNK 641 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035004.inf 2462 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035005.ini 278 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035006.ini 62 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035007.ini 62 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035008.ini 62 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035009.lnk 974 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035010.lnk 1089 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035011.lnk 1024 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035012.lnk 979 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035013.lnk 1149 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035014.lnk 1051 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035015.lnk 549 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035016.LNK 794 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035018.LNK 907 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035019.lnk 1089 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035020.LNK 887 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035021.LNK 525 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035022.lnk 844 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035023.LNK 1147 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035024.lnk 577 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035025.LNK 794 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035026.lnk 880 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035027.lnk 490 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035028.LNK 848 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035029.LNK 508 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035030.LNK 666 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035031.LNK 411 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035032.lnk 676 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035033.lnk 393 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035034.DLL 2747440 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035036.DLL 259440 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035037.SYS 371248 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035038.SPM 5408 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035039.SYS 102448 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035040.SYS 84912 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035041.VXD 90698 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035042.DLL 177520 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035043.SYS 1323568 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035044.VXD 1028171 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035045.DLL 1647984 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035046.CAT 8719 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035047.INF 1063 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035048.CAT 7816 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035049.INF 582 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035050.INF 106244 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035051.DLL 2747440 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035052.VXD 6899 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035054.SYS 371248 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035055.SPM 5408 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035056.SYS 102448 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035057.SYS 84912 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035058.VXD 90698 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035059.DLL 177520 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035060.SYS 1323568 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035061.VXD 1028171 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035062.DLL 1647984 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035063.CAT 8719 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035064.INF 1063 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035065.CAT 7816 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035066.INF 582 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035067.INF 106244 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035068.DLL 2747440 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035069.VXD 6899 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035070.DLL 259440 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035072.SPM 5408 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035073.SYS 102448 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035074.SYS 84912 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035075.VXD 90698 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035076.DLL 177520 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035077.SYS 1323568 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035078.VXD 1028171 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035079.DLL 1647984 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035080.CAT 8719 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035081.INF 1063 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035082.CAT 7816 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035083.INF 582 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035084.INF 106244 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035085.ini 278 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035086.ini 62 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035087.ini 62 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035088.ini 62 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0034999.CAT 7816 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035017.LNK 637 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035035.VXD 6899 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035053.DLL 259440 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035071.SYS 371248 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035089.LNK 912 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035107.CAT 8719 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035125.INF 1063 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035090.LNK 891 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035091.LNK 641 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035092.LNK 929 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035093.lnk 1050 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035094.lnk 721 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035095.DLL 2747440 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035096.VXD 6899 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035097.DLL 259440 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035098.SYS 371248 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035099.SPM 5408 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035100.SYS 102448 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035101.SYS 84912 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035102.VXD 90698 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035103.DLL 177520 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035104.SYS 1323568 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035105.VXD 1028171 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035106.DLL 1647984 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035108.INF 1063 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035109.CAT 7816 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035110.INF 582 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035111.INF 106244 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035112.DLL 2747440 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035113.VXD 6899 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035114.DLL 259440 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035115.SYS 371248 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035116.SPM 5408 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035117.SYS 102448 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035118.SYS 84912 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035119.VXD 90698 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035120.DLL 177520 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035121.SYS 1323568 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035122.VXD 1028171 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035123.DLL 1647984 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035124.CAT 8719 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035126.CAT 7816 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035127.INF 582 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035128.INF 106244 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035129.LNK 782 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035130.LNK 702 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035131.LNK 774 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035132.lnk 748 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035133.lnk 966 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035134.lnk 507 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\A0035135.lnk 489 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\change.log.1 65550 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\change.log.2 156636 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\change.log.3 105752 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\drivetable.txt 132 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\RestorePointSize 8 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\rp.log 536 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot 0 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-4218303200-2545105973-3366685108-1296 3670016 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\ComDb.Dat 22512 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\domain.txt 50 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\Repository 0 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\Repository\$WinMgmt.CFG 20 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\Repository\FS 0 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\Repository\FS\INDEX.BTR 1556480 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\Repository\FS\INDEX.MAP 816 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\Repository\FS\MAPPING.VER 4 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\Repository\FS\MAPPING1.MAP 10764 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\Repository\FS\MAPPING2.MAP 10764 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\Repository\FS\OBJECTS.DATA 20381696 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\Repository\FS\OBJECTS.MAP 9980 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_MACHINE_SAM 28672 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_MACHINE_SECURITY 57344 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_MACHINE_SOFTWARE 23945216 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_MACHINE_SYSTEM 5562368 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_.DEFAULT 266240 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18 0 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19 233472 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20 233472 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1993962763-839522115-322266691-1003 786432 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1993962763-839522115-322266691-500 1310720 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18 262144 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19 8192 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20 8192 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1993962763-839522115-322266691-1003 262144 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1993962763-839522115-322266691-500 262144 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP112\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-4218303200-2545105973-3366685108-1296 262144 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113 0 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035136.inf 2462 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035137.LNK 860 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035138.LNK 745 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035139.dll 66560 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035140.dll 430592 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035141.exe 111104 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035142.cpl 162304 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035143.dll 1134592 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035144.dll 112640 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035145.dll 96480 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035146.dll 575704 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035147.exe 53472 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035148.cpl 217816 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035149.dll 1929952 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035150.dll 327896 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035151.dll 44768 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035152.dll 66560 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035154.exe 111104 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035155.cpl 162304 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035156.dll 1134592 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035157.dll 112640 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035158.ini 278 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035159.ini 62 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035160.ini 62 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035161.ini 62 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035162.dll 66560 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035163.dll 430592 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035164.exe 111104 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035165.cpl 162304 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035166.dll 1134592 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035167.dll 112640 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035168.dll 36864 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035169.LNK 965 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035170.LNK 745 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035172.dll 430592 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035173.exe 111104 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035174.cpl 162304 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035175.dll 1134592 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035176.dll 112640 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035177.dll 96480 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035178.dll 575704 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035179.exe 53472 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035180.cpl 217816 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035181.dll 1929952 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035182.dll 327896 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035183.dll 44768 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035184.dll 66560 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035185.dll 430592 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035186.exe 111104 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035187.cpl 162304 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035188.dll 1134592 bytes executable
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035190.LNK 669 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035191.lnk 475 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035192.lnk 714 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035193.LNK 952 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035194.LNK 714 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035195.lnk 359 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035196.LNK 616 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035197.lnk 1043 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035198.LNK 905 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035199.LNK 617 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035200.lnk 796 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035201.lnk 686 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035202.lnk 330 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035203.lnk 716 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035204.lnk 1168 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035205.lnk 1018 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035206.lnk 1038 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035208.lnk 1113 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035209.ini 278 bytes
    File C:\System Volume Information\_restore{346BE8D5-F409-48B9-B1AC-F2F426F4EE1F}\RP113\A0035210.ini

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.