oskar01
-
Items
38 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door oskar01
-
-
Ik heb nu Firefox geinstallerd. nu werkt flash wel in html-pagina's.
Dus dit probleem is opgelost, mijn dank!!!
-
De map Qoobox is nu leeg, er staat echter nog 1 lege map in, als ik die wil verwijderen krijg ik de volgende melding:
-
De map C:\Qoobox kan ik niet verwijderen: zie afbeelding
-
Flash Player 10.3 heb ik met succes kunnen installeren, geeft het schermpje althans aan, maar ik krijg nog steeds geen flash-animaties in mijn html pagina's. heeft dit misschien met ActiveX te maken?
-
het is gelukt! geen virusmeldingen meer, allemaal heel erg bedankt, het probleem is opgelost.
Nu heb ik ergens anders op het forum ook een probleem:
http://www.pc-helpforum.be/f169/flash-player-werkt-niet-meer-36167/
-
Het probleem lijkt opgelost: scherm wordt niet iedere keer donker en er komen geen rare popups meer,
Kan ik nu dit My security Engine verwijderen in de programma instellingen?
De map waarin deze Security engine is opgeslagen kan ik niet vinden, heeft iemand enig idee waar deze zou kunnen staan, en hoe hij heet?
-
combofix log:
ComboFix 11-09-01.03 - Eigenaar 05-09-2011 9:42.1.1 - x86
Gestart vanuit: d:\documenten en settings\Eigenaar\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: d:\documenten en settings\Eigenaar\Bureaublad\CFScript.txt
.
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documenten en settings\All Users\Application Data\3e61e5c
d:\documenten en settings\All Users\Application Data\3e61e5c\71.mof
d:\documenten en settings\All Users\Application Data\3e61e5c\866.mof
d:\documenten en settings\All Users\Application Data\3e61e5c\MS3e61.exe
d:\documenten en settings\All Users\Application Data\3e61e5c\MSE.ico
d:\documenten en settings\All Users\Application Data\3e61e5c\MSESys\vd952342.bd
d:\documenten en settings\All Users\Application Data\3e61e5c\MySecurityEngine.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-05 to 2011-09-05 ))))))))))))))))))))))))))))))
.
.
2011-09-03 08:55 . 2011-09-03 08:55 -------- d-----w- d:\documenten en settings\Administrator
2011-08-27 11:42 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-27 11:42 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 11:42 . 2011-08-27 11:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-27 11:14 . 2011-08-27 11:14 -------- d-----w- d:\documenten en settings\All Users\Application Data\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"POINTER"="point32.exe" [bU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Free FTP Manager\\FreeFTPManager.exe"=
.
S3 cem56;Xircom CreditCard 10/100 + 56k-modem;c:\windows\system32\DRIVERS\CEM56n5.sys [2001-09-06 49182]
S3 Maestro;ESS Maestro 2E-audiostuurprogramma (WDM);c:\windows\system32\drivers\essm2e.sys [2002-08-28 137088]
S3 OBOE;Toshiba FIR Port Type-DO;c:\windows\system32\DRIVERS\tos4mo.sys [2001-08-17 28232]
.
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{86227D9C-0EFE-4F8A-AA55-30386A3F5686} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-09-05 10:25
Windows 5.1.2600 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{580924E7-4534-80EF-AD4675C17646FF10}\{0EFB2AA0-1A3E-507D-F9B34D5CF29081CD}\{BBABFA65-B0A6-C96D-B621BCAFF6A8D6D6}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BCA821CD-4A5D-ABF7-7317F5EBFF711061}\{A8AD8BCF-CB94-6A01-1BDB64CAD4C7BA22}\{6360A729-06A7-39D5-91DA34CCB8512CF9}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
Voltooingstijd: 2011-09-05 10:46:37
ComboFix-quarantined-files.txt 2011-09-05 08:45
ComboFix2.txt 2011-09-04 15:24
ComboFix3.txt 2011-09-03 11:35
.
Pre-Run: 23.206.273.024 bytes beschikbaar
Post-Run: 23.116.509.184 bytes beschikbaar
.
- - End Of File - - 97DBD5D20F92337621C2550467ADB00E
---------- Post toegevoegd om 11:25 ---------- Vorige post was om 11:24 ----------
---------- Post toegevoegd om 11:24 ---------- Vorige post was om 11:24 ----------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:46, on 5-9-2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
--
End of file - 1540 bytes
-
bij het opstarten krijg ik weer die verdomde pop up van My security (zie afbeelding)
en even later weer een pop-up met het bekende paardengehinnik...
dat meldt dat er een trojan horse is.
dat Documenten en Settings\All Users\Application Data\3e61e5c\MS3e61.exe is ook weer terug...
Geeft opnieuw een pop up waarin staat dat er besmette mail is geconstateerd.
dat kan helemaal niet, want deze laptop heeft al meer dan een jaar geen internetverbinding!
Kan ik dat My Security niet gewoon als programma uitschakelen, hoe kan ik vinden waar, in welke map My Secirity is opgeslagen?
nieuwe hyack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:14, on 4-9-2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documenten en Settings\All Users\Application Data\3e61e5c\MS3e61.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [My Security Engine] "D:\Documenten en Settings\All Users\Application Data\3e61e5c\MS3e61.exe" /s /d
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE (file missing)
--
End of file - 1998 bytes
-
dit is de combofix scan:
ComboFix 11-09-01.03 - Administrator 03-09-2011 11:36:14.1.1 - x86 MINIMAL
Gestart vanuit: d:\documenten en settings\Administrator\Bureaublad\ComboFix.exe
.
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Altnet
c:\program files\Altnet\DBBackup\Sigfiles.db
c:\program files\Altnet\Download Manager\adm25.dll
c:\program files\Altnet\Download Manager\adm4.dll
c:\program files\Altnet\Download Manager\adm4005.exe
c:\program files\Altnet\Download Manager\admdata.dll
c:\program files\Altnet\Download Manager\admdloader.dll
c:\program files\Altnet\Download Manager\admfdi.dll
c:\program files\Altnet\Download Manager\admprog.dll
c:\program files\Altnet\Download Manager\altnetuninstall.exe
c:\program files\Altnet\Download Manager\asm.exe
c:\program files\Altnet\Download Manager\asmend.exe
c:\program files\Altnet\Download Manager\asmps.dll
c:\program files\Altnet\Download Manager\dminfo3.cab
c:\program files\Altnet\Download Manager\dminstall7.cab
c:\program files\Altnet\Download Manager\dmsetup.bmp
c:\program files\Altnet\Download Manager\dmsetupbig.bmp
c:\program files\Altnet\Download Manager\jsinstall.cab
c:\program files\Altnet\Download Manager\jslegals.txt
c:\program files\Altnet\Download Manager\selectdir.txt
c:\program files\Altnet\Download Manager\selectdir1st.txt
c:\program files\icroso~1
c:\program files\Internet Explorer\SETB.tmp
c:\program files\Internet Explorer\SETC.tmp
c:\program files\messenger\msmsgsin.exe
c:\windows\17PHolmes1002397.exe
c:\windows\dobe~1
c:\windows\Fonts\acrsec.fon
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\IsUn0413.exe
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys
c:\windows\system32\rnaph.dll
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-03 to 2011-09-03 ))))))))))))))))))))))))))))))
.
.
2011-09-03 08:55 . 2011-09-03 08:55 -------- d-----w- d:\documenten en settings\Administrator
2011-08-27 11:42 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-27 11:42 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 11:42 . 2011-08-27 11:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-27 11:14 . 2011-08-27 11:14 -------- d-----w- d:\documenten en settings\All Users\Application Data\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
.
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\ntfs.sys
.
.
.
[-] 2008-04-14 . 69EAA7501F53A40E8C04C69F2391224F . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\browser.dll
[7] 2004-08-04 . 195B1255D9383AEFFBDFA8A11AE4D282 . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll
[7] 2004-08-04 . 195B1255D9383AEFFBDFA8A11AE4D282 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2002-09-11 . 502BB10403C033D259CB451C8D7FB925 . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . 8754210A3399D19610CE2D71E0C3E5D9 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\lsass.exe
.
[-] 2008-04-14 . 5431FB616ECAE0D587C5B97D0B86CBD8 . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\netman.dll
[7] 2005-08-22 . F32049792BCBF64954FF964508E47AFB . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[7] 2005-08-22 . 269182FF03F1FDD0EF803AEB63C01080 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . B2665A1B502EC037388B7919CBD58C28 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[7] 2004-08-04 . B2665A1B502EC037388B7919CBD58C28 . 198144 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2002-09-11 . 58FC56C40F0B9AAB972713242955E590 . 154112 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 17:02 . 49DEEDAED168FD4723934755BF55CCFE . 822784 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\comres.dll
[7] 2004-08-04 08:03 . F0BAE7D75B268BA326D9323DD7C73D8F . 822784 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\comres.dll
[7] 2004-08-04 08:03 . F0BAE7D75B268BA326D9323DD7C73D8F . 822784 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[-] 2002-09-11 13:00 . 8F13292CC6BBA46A7D3ECBB5623BD5AB . 822784 . . [2001.12.4414.42] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 5C0073A51C4873430FA8B262E92183FF . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\qmgr.dll
[7] 2004-08-04 . 772027CC5FFAEA3E7D10AF2691EE7095 . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[7] 2004-08-04 . 772027CC5FFAEA3E7D10AF2691EE7095 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2002-09-11 . 9F93E038B7D35F4EA7F46D0CD392D018 . 223232 . . [6.2.2600.1106] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
.
[7] 2009-02-09 . 657B69389B893F440B07590C9E963F23 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-09 . D98A222A707FFE40043E533FE7A6BA24 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2009-02-09 . 1A00FCECA4E29A6B4B33A9D0B3E7CBA0 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
[7] 2009-02-09 . 1A00FCECA4E29A6B4B33A9D0B3E7CBA0 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe
[7] 2009-02-09 . CE06E39F34BBF6B0ADA70F37F70CF0D8 . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . B77BC5CD88EB96D4352AF5202EC4AEC2 . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\services.exe
[7] 2004-08-04 . 39991CD3C17B7529D039151A88E84499 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe
[7] 2004-08-04 . 39991CD3C17B7529D039151A88E84499 . 108544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2002-09-11 . BD4B45F82F699D9977681403796716B8 . 101888 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2008-04-14 . DB454135DE1A09FE7FEDA7B554B5CCA2 . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\spoolsv.exe
.
[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\winlogon.exe
[7] 2004-08-04 . 732ED791711DF9C9DD15E5515BC681B8 . 504832 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-04 . 732ED791711DF9C9DD15E5515BC681B8 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2002-09-11 . D375231CCA973A06C43E4B6087BFA706 . 519168 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
.
[-] 2008-04-14 . EFD9660AF9177D90018AC9A9AA42310F . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\comctl32.dll
[-] 2008-04-14 . 1EAA8CD46BFB33307ACAF10EFF80E8BD . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2006-08-25 . F67AE54BCA3873D48A1AC722A9CA70BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2006-08-25 . F67AE54BCA3873D48A1AC722A9CA70BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2006-08-25 . F567148940C1F5D93070822C0F3C0C34 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2004-08-04 . 8A473F553E9E45DB4EF6FF11AB54E4E1 . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[7] 2004-08-04 . 8A473F553E9E45DB4EF6FF11AB54E4E1 . 611328 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2004-08-04 . FBCF5EF8A261632D1CB45B20ACEDE4B1 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2002-09-11 . 5F12538B78C66C67D49B9653DEED0DB9 . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2002-09-11 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\i386\asms\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[7] 2002-09-11 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2002-09-11 . 1B5D729AFC4B6FE3EC397B74DB7A1BAF . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
.
[-] 2008-04-14 . 0A9CF5D3CF63A8699F28C814EF821C7E . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\cryptsvc.dll
[7] 2004-08-04 . 5F321535D399516B6D780FF9EF8D8B7A . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[7] 2004-08-04 . 5F321535D399516B6D780FF9EF8D8B7A . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2002-09-11 . 4563396E23EA861523C08AEDA0666014 . 53248 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[7] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[7] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[7] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[7] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 17:02 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\es.dll
[7] 2005-07-26 04:42 . 094ECC4FB57ABA154F840C8414867E90 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2005-07-26 04:36 . 3732BE0811CE6E15A56AD1CEC02CF532 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 08:03 . 3F59BCDFAC47550F43001C4CE8CB0B91 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
[7] 2004-08-04 08:03 . 3F59BCDFAC47550F43001C4CE8CB0B91 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2002-09-11 13:00 . 4A652DAF0BFD8FF8AA5DB61C7B798DCB . 225280 . . [2001.12.4414.46] . . c:\windows\$NtServicePackUninstall$\es.dll
.
.
[7] 2009-03-21 . B30975B6B1B08A5A18AAC7E3577C7C53 . 1027072 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
[7] 2009-03-21 . B30975B6B1B08A5A18AAC7E3577C7C53 . 1027072 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 . CE7EFE07C7119C8CD09D953AD9ECA7CD . 1030656 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 . 93E2307273AE7B2D5418E132902373A7 . 1032704 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2009-03-21 . 67A29642EC9A1ADA0768605B21AA4552 . 1030144 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . 09BCB7171F8172C2BA0189FE1F9C25CB . 1030656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\kernel32.dll
[7] 2007-04-16 . 68757F5935D6D76DD10975B7B7A9751D . 1027072 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2007-04-16 . 6557EA471552BB9AF16B66902D572BD5 . 1025536 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2006-07-05 . 8672CE1E9BAF84EC0665D73DB8849EDB . 1026048 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2006-07-05 . F2352FB7D9E5C70374568724A32B5CB7 . 1025024 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2004-08-04 . 54379BD67780FDBBE1590EEC142A659C . 1024512 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
[7] 2004-08-04 . 54379BD67780FDBBE1590EEC142A659C . 1024512 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2002-09-11 . CDE58E6276B4B9104ECC70B90AE386A2 . 971264 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
.
[-] 2008-04-14 . FE6417AB01E9A5B124A58BE2B5DB663B . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\lpk.dll
[7] 2004-08-04 . 8DF7AC820F9B3FD5E713E9A74827931C . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll
[7] 2004-08-04 . 8DF7AC820F9B3FD5E713E9A74827931C . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[7] 2004-08-04 . 8DF7AC820F9B3FD5E713E9A74827931C . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll
[-] 2002-09-11 . 69BFF2682E81C712C3ED8852BD320244 . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[7] 2010-05-06 . E7CD22F3A8247FC3BFD283D30B4674D2 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\mshtml.dll
.
[-] 2008-04-14 . 074C38B50CE71E3EC6DD3F6DAABF4EEF . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\msvcrt.dll
[-] 2008-04-14 . 61E70054981A2F9E64CEA7CA9479C0AA . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\asms\70\msft\windows\mswincrt\msvcrt.dll
[7] 2004-08-04 . 687ABDBF4790F907FB0D3A50B8D9FE3A . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2004-08-04 . 687ABDBF4790F907FB0D3A50B8D9FE3A . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[7] 2004-08-04 . 40AC9CE966A05B05C9A4DB5B306A26C3 . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2002-09-11 . 33D03EC823482177D5171907AF19FFF9 . 323072 . . [7.0.2600.1106] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[7] 2002-09-11 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\i386\asms\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[7] 2002-09-11 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2002-09-11 . 1B2C477D8847E4123DD8761D2E9008F7 . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll
.
.
[7] 2009-02-06 . 45AE58ACDD9B4A8767064544533F94E2 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . 45AE58ACDD9B4A8767064544533F94E2 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . E6A7071DF6855AB7CCCC220AC3AAD087 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\netlogon.dll
.
[-] 2008-04-14 . 32167CE0150DC2A269D99689A143FB67 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\powrprof.dll
[7] 2004-08-04 . D5A792DB732622A393A0469FE6EAA728 . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2004-08-04 . D5A792DB732622A393A0469FE6EAA728 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2002-09-11 . 506AEC11B86CCFF9894FEA9BB1C1BDCD . 14848 . . [6.00.2600.0000] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . 0E3B585761E23C1E35442E972B7E45F9 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\scecli.dll
.
[-] 2008-04-14 . E6DCF5DD55AC2655971A478718307D18 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\sfc.dll
[7] 2004-08-04 . 0B10A3122527910CE60D23A7F29C28B1 . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll
[7] 2004-08-04 . 0B10A3122527910CE60D23A7F29C28B1 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2002-09-11 . 750A97F61172F0917AE97E8931E164CE . 4096 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . E410EC73E2BE2A41D923B006F51C8427 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\svchost.exe
.
[-] 2008-04-14 . 2BC9FB448F0C2394FF53C83A7BB04731 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\tapisrv.dll
[7] 2005-07-08 . 5A145DBF2916F583921BB27B91B2DC0B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[7] 2005-07-08 . C2A4E29888F45E7FC1FD64C83D5EA669 . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[7] 2004-08-04 . F38C48EE55AD051BF5474F5BDD69C846 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[7] 2004-08-04 . F38C48EE55AD051BF5474F5BDD69C846 . 246272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2002-09-11 . D482CBF778D95C532F3A4C2648EB4B8B . 233984 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
.
[-] 2008-04-14 . 6818A533ED3B2FA9936DF3DAF45352DF . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\userinit.exe
[7] 2004-08-04 . DE7A0EE4A6A28E6DFE3118EB22468DA6 . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2004-08-04 . DE7A0EE4A6A28E6DFE3118EB22468DA6 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2002-09-11 . 54EB9CE26234AE9116555C587FAED658 . 22016 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[7] 2010-05-06 . 109D1EFA1C0BC4EC65EBA39707F31A19 . 916480 . . [8.00.6001.18923] . . c:\windows\system32\wininet.dll
[7] 2010-05-06 . 109D1EFA1C0BC4EC65EBA39707F31A19 . 916480 . . [8.00.6001.18923] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-05-06 . A319118B77A91EB08AB2BF098D91900E . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-02-26 . C3177DEF96C00B09DBEDCC84D4C46C87 . 665088 . . [6.00.2900.3676] . . c:\windows\ie8\wininet.dll
[7] 2010-02-26 . E85C22092E206FB7D8C75E297571E584 . 671744 . . [6.00.2900.3676] . . c:\windows\$hf_mig$\KB980182\SP2QFE\wininet.dll
[7] 2010-02-26 . 48C55933922D72B990E94CF8656BD05C . 670208 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3GDR\wininet.dll
[7] 2010-02-26 . D3E73E61284082EF6249E3A62D1C79D0 . 671744 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll
[7] 2010-02-25 . 2A850B8F7B435ACFB9DCD0A566FD720C . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[7] 2010-02-25 . BB424C9406140FEAFB4732025BEBB69B . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-22 . 38A33F9FCFD2A1DB80798D4DB485D496 . 665088 . . [6.00.2900.3660] . . c:\windows\$NtUninstallKB980182$\wininet.dll
[7] 2009-12-22 . 45497B53C56228E1065CA628FFFA7038 . 671744 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\wininet.dll
[7] 2009-12-22 . A21DF8A5A088A16563B30B7F3E70FEF2 . 670208 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\wininet.dll
[7] 2009-12-22 . 2ABF21F7978482AF7CFA4DABF8C5B4E6 . 671744 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll
[7] 2009-10-29 . B8AB8FF4D10FD7C9D99F743AD5186932 . 665088 . . [6.00.2900.3640] . . c:\windows\$NtUninstallKB978207$\wininet.dll
[7] 2009-10-29 . 772A3480B543FB5280DE1679FA73E799 . 670208 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\wininet.dll
[7] 2009-10-29 . 77DA6400FF88337FE260CF87A530D64C . 671744 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[7] 2009-10-29 . C038E702E474EBE32EAAFB4A5952D1B1 . 671744 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\wininet.dll
[7] 2009-09-25 . 0833020BDA48BFCE318D8A11421E0218 . 665088 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB976325$\wininet.dll
.
[-] 2008-04-14 . 520391367546218929749612ABFE840C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\ws2_32.dll
[7] 2004-08-04 . 06EBCBE58321E924980148B7E3DBD753 . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2004-08-04 . 06EBCBE58321E924980148B7E3DBD753 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2002-09-11 . 3EA6EDC08BB3F373839060EA8B40CE72 . 75264 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 7ED22EA6D840CD388BD68B68580468E1 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\ws2help.dll
.
[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\explorer.exe
[7] 2007-06-13 . 147E95A42A58CE99E403F7F57656BBEB . 1036800 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 147E95A42A58CE99E403F7F57656BBEB . 1036800 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 . 1D6245AFBD3FAABC16A885116BE1874D . 1036800 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 . A1D7304A87FC3093150F5E3CC7B0F338 . 1035776 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2004-08-04 . A1D7304A87FC3093150F5E3CC7B0F338 . 1035776 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-09-11 . 040CC36796BBA354B678BCE9DCB25A3A . 1007616 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . E67C9B97306DEEFBB481072CE5FF8E07 . 153088 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\regedit.exe
.
[-] 2008-04-14 . B2EE0E38A8025D6D7A7F3EEC8CA2829E . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\ole32.dll
[7] 2005-07-26 . 588443247F2EE6A61B5864B64A7E270E . 1284608 . . [5.1.2600.2726] . . c:\windows\system32\ole32.dll
[7] 2005-07-26 . 0F0E95779DB45EB8D09EAA8827D740CC . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[7] 2005-04-28 . 5C3B15C45ADF30B024927F1A0823BD16 . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[7] 2005-04-28 . 48629EDCD92AA071554304F9F9E96E38 . 1284608 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[7] 2004-08-04 . 602969286376832E3F49F54E4F0F051A . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[7] 2004-08-04 . 602969286376832E3F49F54E4F0F051A . 1281024 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2002-09-11 . 8C57515321D7FFD77ADD70517D7BE737 . 1169920 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2008-04-14 . 0996802B726C0CFE94A44CDBD661983A . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\usp10.dll
.
[-] 2008-04-14 . 2D54DB081CDACF8C0B738B9F25B25DCD . 4096 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\ksuser.dll
[7] 2004-08-04 . 9001FC03FF453DCE7635794ED49379EE . 4096 . . [5.3.2600.2180] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2004-08-04 . 9001FC03FF453DCE7635794ED49379EE . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
[7] 2004-08-04 . 9001FC03FF453DCE7635794ED49379EE . 4096 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\ksuser.dll
[7] 2002-12-12 07:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[7] 2002-12-12 07:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
.
[-] 2008-04-14 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\srsvc.dll
.
[-] 2008-04-14 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\wscntfy.exe
[7] 2004-08-04 . D6381A7C1704BE7A8FD5EFDFD9F1463B . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[7] 2004-08-04 . D6381A7C1704BE7A8FD5EFDFD9F1463B . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . FD3C38635808920F8235BF2FED642F54 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\xmlprov.dll
[7] 2004-08-04 . F4C8D4B0A294AAF37FE50C407B6E03F9 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2004-08-04 . F4C8D4B0A294AAF37FE50C407B6E03F9 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
.
[-] 2008-04-14 . CA64B9406EEDA4FFA2DAEAE1DABCCE42 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\eventlog.dll
[7] 2004-08-04 . F1720914CAB06FDE4BE250E3767713CF . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . F1720914CAB06FDE4BE250E3767713CF . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2002-09-11 . 7593FA76DAFDBD9511A9A2B1465FF8C2 . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\sfcfiles.dll
[7] 2004-08-04 . 486594A19F7AEDEBEA600855FFD5E914 . 1548288 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2004-08-04 . 486594A19F7AEDEBEA600855FFD5E914 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2002-09-11 . 3B8FA96FF436D4CD4E0D13223F965FAB . 1145856 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
.
[-] 2008-04-14 . CFB406497D9CF95DFFE17594899FD367 . 135680 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\shsvcs.dll
[7] 2006-12-19 . D6F2B8963663F2014FAFCD8E15E4E778 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[7] 2006-12-19 . D6F2B8963663F2014FAFCD8E15E4E778 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[7] 2006-12-19 . 20A1DFA416579DACEE28E15E331C3930 . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . 394FD6CE1AC84BB318B806A6F8D90F66 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[7] 2004-08-04 . 394FD6CE1AC84BB318B806A6F8D90F66 . 135168 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2002-09-11 . 99792E295E5A4E7BCD08F4D708E16AAB . 116736 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-14 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\regsvc.dll
[7] 2004-08-04 . D01BB100558945178E4BCB33B0FE9364 . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[7] 2004-08-04 . D01BB100558945178E4BCB33B0FE9364 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2002-09-11 . 548ACD377576BDABAC2E190F6D156906 . 51712 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\schedsvc.dll
[7] 2004-08-04 . D245B3E32F8AB3B2FB576AFCFDEC105E . 192000 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[7] 2004-08-04 . D245B3E32F8AB3B2FB576AFCFDEC105E . 192000 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2002-09-11 . 5239C9913F5166838D772BF4A61C7844 . 160256 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
.
[-] 2008-04-14 . E0AEF86A594C9990D6321C5CA239C5B7 . 297472 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\termsrv.dll
[7] 2004-08-04 . E2CE999886A4636026F157DEB886AA94 . 297472 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2004-08-04 . E2CE999886A4636026F157DEB886AA94 . 297472 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2002-09-11 . 6AF0C847079356FE152BFD53A60D7487 . 202240 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 6F18B42068D29B1F6F283DC37057836D . 347648 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\hnetcfg.dll
[7] 2004-08-04 . 490BF3896AE3EBD21B448FFB1579AA09 . 347648 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[7] 2004-08-04 . 490BF3896AE3EBD21B448FFB1579AA09 . 347648 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2002-09-11 . B176F863C9B6A5773E58D98770F9BAC5 . 244224 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2002-09-11 . 63F517B1A87DABF3F5ACB8A7952FC1D1 . 12032 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[7] 2002-09-11 . 63F517B1A87DABF3F5ACB8A7952FC1D1 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\agp440.sys
[7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys
[7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\agp440.sys
[7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys
[-] 2001-08-17 . 65880045C51AA36184841CEE915A61DF . 25472 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\agp440.sys
[-] 2001-08-17 . 65880045C51AA36184841CEE915A61DF . 25472 . . [5.1.2600.0] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\ip6fw.sys
.
[-] 2008-04-14 17:02 . 2407EADA5E2E146AB51E925F151DDAA5 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\mfc40u.dll
[7] 2006-11-01 19:19 . 13E52326F0F19A1A8D34681E3444E8D1 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[7] 2006-11-01 19:19 . 13E52326F0F19A1A8D34681E3444E8D1 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2002-09-11 13:00 . 8EED1D71C14C356684E586B0A7DB6BCE . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . C56A45A03DCA11712DE9FDF98224230B . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\msgsvc.dll
.
[-] 2008-04-14 17:02 . 2628076412EC86C92827AE5202501E5D . 52736 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\mspmsnsv.dll
[7] 2004-08-04 08:03 . 2706E00334C86DD2E5279A47600C916A . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
[7] 2004-08-04 08:03 . 2706E00334C86DD2E5279A47600C916A . 52736 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
[-] 2002-12-21 00:11 . 4771A45ECD623CDA43316658C8102F4E . 52736 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
.
[7] 2010-02-17 . 1BA87670B4305072123A0CC0F478A340 . 2068096 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
[7] 2010-02-16 . 9F4BED5BFCA2291BA1AD16BB7F0A6E60 . 2062720 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
.
[-] 2008-04-14 17:02 . AC1A78237B53044735693633F8235468 . 437248 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\ntmssvc.dll
[7] 2004-08-04 08:03 . AC75E028773CBBD7D8B1313F382E7C05 . 437248 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2004-08-04 08:03 . AC75E028773CBBD7D8B1313F382E7C05 . 437248 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2002-09-11 13:00 . 5117C60E5FC52F0E2BD02E6B0451AE9F . 394752 . . [5.1.2400.1106] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
.
[-] 2008-04-14 . 3A9974C925F4500BFF226F61DE1C4AF8 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\dsound.dll
[7] 2004-08-04 . 4AAB7EC0EA6C53C6B381546F15C286CA . 367616 . . [5.3.2600.2180] . . c:\windows\ServicePackFiles\i386\dsound.dll
[7] 2004-08-04 . 4AAB7EC0EA6C53C6B381546F15C286CA . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[7] 2004-08-04 . 4AAB7EC0EA6C53C6B381546F15C286CA . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll
[7] 2002-12-12 07:14 . CA6CC3A47D8813208CEE02EB40DACA21 . 355328 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[7] 2002-12-12 07:14 . CA6CC3A47D8813208CEE02EB40DACA21 . 355328 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
.
[-] 2008-04-14 . 85F98F220C5E69E08149186BFEEF7B70 . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\d3d9.dll
.
[-] 2008-04-14 . 7D2ABE7AA2D6CBC1CB0A1EB8B2619FCF . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\ddraw.dll
.
[-] 2008-04-14 17:02 . 6508ED3152C29B28B5E9183160DD2686 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\olepro32.dll
[7] 2004-08-04 08:03 . DFB4A7A3E7948686DBC4B0DEA4A0AE94 . 83456 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2004-08-04 08:03 . DFB4A7A3E7948686DBC4B0DEA4A0AE94 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2002-09-11 13:00 . 11171D442A392E556EBDCE15EA7E62CD . 106496 . . [5.0.5014] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . E62337E275E82AA3F0ABFFED7E6E01E2 . 41472 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\perfctrs.dll
.
[-] 2008-04-14 . 85844EC167674A67F547E13747E3E0E3 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\version.dll
[7] 2004-08-04 . D67A94C11062EEE45BED5106DFDB9C0A . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\version.dll
[7] 2004-08-04 . D67A94C11062EEE45BED5106DFDB9C0A . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2002-09-11 . 049F5724E94B45B8F01EFEDAF5218C21 . 16384 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 164B6F619C579FAD4E548ACC654FF710 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\iexplore.exe
[7] 2004-08-04 . 78D969F35CD64BF0761F731FCA5FC99D . 93184 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe
[7] 2004-08-04 . 78D969F35CD64BF0761F731FCA5FC99D . 93184 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2002-09-11 . 3CAE6FAAB310782FAF84E1B6E1F0E28C . 91136 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
[7] 2010-02-17 . FD62829F3524A1BE95FD384A3C445AAB . 2194304 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[7] 2010-02-16 . E6CA0044BAC297BE280BCD5AB04B44F6 . 2185728 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-02-16 . E6CA0044BAC297BE280BCD5AB04B44F6 . 2185728 . . [5.1.2600.3670] . . c:\windows\system32\ntoskrnl.exe
[7] 2010-02-16 . E6CA0044BAC297BE280BCD5AB04B44F6 . 2185728 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-02-16 . 481961F97B0526A66EF676E0D00C4180 . 2191232 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
[7] 2010-02-16 . B79C48187CA08D2EC27DA4939953F082 . 2194432 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 5037978D6ED651AEC5D6ACC87D65C715 . 2193664 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 9FCCE3EF6E062C55FDA6E67C7EE7BAF4 . 2184704 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-12-09 . F96B89E41B78F5B3050A1003FD143732 . 2190336 . . [5.1.2600.3654] . . c:\windows\$hf_mig$\KB977165\SP2QFE\ntoskrnl.exe
[7] 2009-12-09 . 13C15BFF7E82D3F9FD215ADD54A3929D . 2193536 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe
[7] 2009-08-05 . 270DE336026B0815F064BB8BD4CFD336 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
.
[-] 2008-04-14 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\srsvc.dll
[7] 2004-08-04 . 0B96A1E4252F663222C9C3BAC89F596C . 170496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2004-08-04 . 0B96A1E4252F663222C9C3BAC89F596C . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2002-09-11 . 323020B1DF45D8B80886C1806AF35595 . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
.
[-] 2008-04-14 . 5AE996186D2DC694FEF88F14A3FC9242 . 334336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\wiaservc.dll
[7] 2006-12-19 . 1689AC8BD2FC31B377D5D23CC7D872A8 . 334336 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[7] 2006-12-19 . 0BF8DE5896D9A02C99C4A4EF896E917E . 334336 . . [5.1.2600.3051] . . c:\windows\system32\wiaservc.dll
[7] 2006-12-19 . 0BF8DE5896D9A02C99C4A4EF896E917E . 334336 . . [5.1.2600.3051] . . c:\windows\system32\dllcache\wiaservc.dll
[7] 2004-08-04 . A52AA02DDB663FEF22C18C693B0EE891 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
[7] 2004-08-04 . A52AA02DDB663FEF22C18C693B0EE891 . 333824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2002-09-11 . 415531BDA25C2F8D1D342CD47A3BBC8C . 316928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5203C84A11E39CBB1408F5E2767B04ED . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\midimap.dll
.
[-] 2008-04-14 . 3D5CC4BFF926A0ABD4F5A117825629A3 . 7680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\rasadhlp.dll
[7] 2006-06-26 . 5F1240D4B842F0122042FDA8540432FC . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[7] 2006-06-26 . 91282911237187F11BD3AD8F834CB5E6 . 8192 . . [5.1.2600.2938] . . c:\windows\system32\rasadhlp.dll
[7] 2006-06-26 . 91282911237187F11BD3AD8F834CB5E6 . 8192 . . [5.1.2600.2938] . . c:\windows\system32\dllcache\rasadhlp.dll
[7] 2004-08-04 . 9C38671C922A2C86802A7FA3F5834634 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
[7] 2004-08-04 . 9C38671C922A2C86802A7FA3F5834634 . 8192 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2002-09-11 . 8B36031EB26860D00D12C87941D27471 . 6144 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Free FTP Manager\\FreeFTPManager.exe"=
"d:\\Documenten en Settings\\All Users\\Application Data\\3e61e5c\\MS3e61.exe"=
.
R3 cem56;Xircom CreditCard 10/100 + 56k-modem;c:\windows\system32\DRIVERS\CEM56n5.sys [2001-09-06 49182]
R3 Maestro;ESS Maestro 2E-audiostuurprogramma (WDM);c:\windows\system32\drivers\essm2e.sys [2002-08-28 137088]
R3 OBOE;Toshiba FIR Port Type-DO;c:\windows\system32\DRIVERS\tos4mo.sys [2001-08-17 28232]
.
.
.
------- Bijkomende Scan -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM-Run-POINTER - point32.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE
AddRemove-AltnetDM - c:\program files\Altnet\Download Manager\AltnetUninstall.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-09-03 12:19
Windows 5.1.2600 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{580924E7-4534-80EF-AD4675C17646FF10}\{0EFB2AA0-1A3E-507D-F9B34D5CF29081CD}\{BBABFA65-B0A6-C96D-B621BCAFF6A8D6D6}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BCA821CD-4A5D-ABF7-7317F5EBFF711061}\{A8AD8BCF-CB94-6A01-1BDB64CAD4C7BA22}\{6360A729-06A7-39D5-91DA34CCB8512CF9}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
Voltooingstijd: 2011-09-03 13:35:25
ComboFix-quarantined-files.txt 2011-09-03 11:35
.
Pre-Run: 23.303.401.472 bytes beschikbaar
Post-Run: 23.244.378.112 bytes beschikbaar
.
- - End Of File - - 0B5524641B9E3FB9625A0EC757005E72
-
heb inderdaad via andere computer en via usb programma op bureaublad geplaatst, uitgepakt/geinstalleerd.
krijg een blauw venster te zien:
er wordt geprobeerd een nieuw Systeem herstelpunt aan te maken.
staat nu al meer dan een uur zo, er gebeurd niets meer.
-
in het blauwe scherm staat dat er geprobeerd wordt een nieuw herstelpunt te maken,
Met deze laptop heb ik geen internet verbinding, is ook niet te installeren: kabel/plug/kaart is kapot.
kan ik niet via hyackthis die virussen uitschakelen?
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
-
Het probleem is nog steeds niet opgelost:zie afbeeldingen
-
dit is de nieuwe log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:22, on 1-9-2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documenten en Settings\All Users\Application Data\3e61e5c\MS3e61.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [My Security Engine] "D:\Documenten en Settings\All Users\Application Data\3e61e5c\MS3e61.exe" /s /d
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
--
End of file - 2139 bytes
-
kan ik die mofcomp en collecteddata bestanden ook verwijderen?
kan de hele lijst in de afbeelding verwijderd worden?
-
De map 3e61e5ckan niet worden gevonden, wel krijg ik in de lijst een aantal tekst bestanden, wat moet ik hier mee doen, allemaal verwijderen? zie afb.
-
Nee, ik zit echt in de map D:\Documenten en Settings\All Users\Application Data\
Moet ik de PC eerst in de veilige modus opstarten?
-
Ik kan nu in deze verborgen map, zie afbeelding.
maar 3e61e5c zie ik niet...
-
Je zal dus eerst de optie "verborgen mappen tonen" moeten inschakelen.
Hoe doe ik dat?
-
Daar waar MBAM vraagt om naar update te zoeken, op Nee geklikt,
uiteindelijk krijg ik dan deze error:
-
In opdracht prompt sc stop "My Security Engine" en sc delete "My Security Engine" ingetypt:
er gebeurd niets, zie afbeelding.
De map D:\Documenten en Settings\All Users\Application Data\3e61e5c kan ik niet vinden, is er niet.
Ik heb MBAM geinstalleerd, maar updaten zal niet werken, want de laptop heeft geen internet verbinding.
-
Het probleem is nog niet opgelost.
krijg nog steeds hetzelfde bericht in mijn scherm:
Ik heb een paar jaar geleden per ongeluk een zgn antivirus programma gedownload: My security engine.
Ik heb het idee dat het daar mee te maken heeft, dat dat het probleem veroorzaakt.
-
Het bestand hosts (heb het in de map etc gezet) is een text file...
niet het soort bestand als de andere files in die map.
Wat kan ik nog meer verwijderen uit de hyack log?
Moet ik de nieuwe hyack log opslaan (.log), en in welke map?
dit is de nieuwe log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:47, on 26-8-2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documenten en Settings\All Users\Application Data\3e61e5c\MS3e61.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [My Security Engine] "D:\Documenten en Settings\All Users\Application Data\3e61e5c\MS3e61.exe" /s /d
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
--
End of file - 2107 bytes
-
Ja, het gaat om mijn oude laptop met problemen, verder heb ik een computer met windows 7.
De vraag of een usb-stick virussen kan overdragen (ja) is mij nu duidelijk.
Onderwerp kan wat mij betreft gesloten worden, bedankt voor ieders interesse.
-
Nee, maar wel Imhosts.
Heb het nogmaals geprobeerd met de eerste download Hosts.
Ik heb het in de map programma's unzipped.
Nu gebeurd er iets anders in het (nu zwarte) DOS scherm.
Hyack this opgestart, en hier krijg ik het volgende bericht (zie afbeelding)
In uitvoeren heb ik het gevraagde ingetoetst, en krijg een file met al die O1-IP adressen in de log van Hyack This. IP adressen verwijderd, waar moet ik dan het documentje 'hosts' opslaan, en met welke extensie? in de map etc?
Wat doe ik hier verkeerd?
Na reboot is dit de Hyackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:54, on 26-8-2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documenten en Settings\All Users\Application Data\3e61e5c\MS3e61.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 173.232.149.92 www.google.com
O1 - Hosts: 173.232.149.92 google.com
O1 - Hosts: 173.232.149.92 google.com.au
O1 - Hosts: 173.232.149.92 www.google.com.au
O1 - Hosts: 173.232.149.92 google.be
O1 - Hosts: 173.232.149.92 www.google.be
O1 - Hosts: 173.232.149.92 google.com.br
O1 - Hosts: 173.232.149.92 www.google.com.br
O1 - Hosts: 173.232.149.92 google.ca
O1 - Hosts: 173.232.149.92 www.google.ca
O1 - Hosts: 173.232.149.92 google.ch
O1 - Hosts: 173.232.149.92 www.google.ch
O1 - Hosts: 173.232.149.92 google.de
O1 - Hosts: 173.232.149.92 www.google.de
O1 - Hosts: 173.232.149.92 google.dk
O1 - Hosts: 173.232.149.92 www.google.dk
O1 - Hosts: 173.232.149.92 google.fr
O1 - Hosts: 173.232.149.92 www.google.fr
O1 - Hosts: 173.232.149.92 google.ie
O1 - Hosts: 173.232.149.92 www.google.ie
O1 - Hosts: 173.232.149.92 google.it
O1 - Hosts: 173.232.149.92 www.google.it
O1 - Hosts: 173.232.149.92 google.co.jp
O1 - Hosts: 173.232.149.92 www.google.co.jp
O1 - Hosts: 173.232.149.92 google.nl
O1 - Hosts: 173.232.149.92 www.google.nl
O1 - Hosts: 173.232.149.92 google.no
O1 - Hosts: 173.232.149.92 www.google.no
O1 - Hosts: 173.232.149.92 google.co.nz
O1 - Hosts: 173.232.149.92 www.google.co.nz
O1 - Hosts: 173.232.149.92 google.pl
O1 - Hosts: 173.232.149.92 www.google.pl
O1 - Hosts: 173.232.149.92 google.se
O1 - Hosts: 173.232.149.92 www.google.se
O1 - Hosts: 173.232.149.92 google.co.uk
O1 - Hosts: 173.232.149.92 www.google.co.uk
O1 - Hosts: 173.232.149.92 google.co.za
O1 - Hosts: 173.232.149.92 www.google.co.za
O1 - Hosts: 173.232.149.92 www.google-analytics.com
O1 - Hosts: 173.232.149.92 www.bing.com
O1 - Hosts: 173.232.149.92 search.yahoo.com
O1 - Hosts: 173.232.149.92 www.search.yahoo.com
O1 - Hosts: 173.232.149.92 uk.search.yahoo.com
O1 - Hosts: 173.232.149.92 ca.search.yahoo.com
O1 - Hosts: 173.232.149.92 de.search.yahoo.com
O1 - Hosts: 173.232.149.92 fr.search.yahoo.com
O1 - Hosts: 173.232.149.92 au.search.yahoo.com
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [My Security Engine] "D:\Documenten en Settings\All Users\Application Data\3e61e5c\MS3e61.exe" /s /d
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
--
End of file - 4895 bytes
virus
in Archief Bestrijding malware & virussen
Geplaatst: · aangepast door oskar01
Heb het ingetypt, werkt niet, toen in veilige modus opgestart. opnieuw ingetypt.
Nu start de Laptop niet meer opnieuw op: blijft hangen met mededeling:
MyCom Clarity v.1.1
Clarity.sys is juist geladen...
Boot
Clarity.Cfg is juist geparsed...
Normal Boot
NTLDR ontbreekt
Druk CTRL+ALT+DEL om opnieuw te starten
En als ik opnieuw opstart krijg ik weer dezelfde mededeling...
Het lijkt me dat de laptop nu echt kapot is...
Via F2 heeft het geen zin om via andere onderdelen, B, D enz op te starten, krijg zelfde melding,
kan verder ook geen commando's intypen.
CDrom met xp start ook niet op...