zeebriesje

20 september 2013

pc ondertussen vervangen hartstikke bedankt voor jullie hulp

1 september 2013

heb firefox er op gezet ging super snel maar jammer genoeg voor even

heb inderdaad windows toen op nieuw erop gezet omdat deze pc van iemand anders kwam effe alles eruit gegooid en opnieuw begonnen

pc werd vroeger gebruikt om te gamen door men neefje geloof ik

30 augustus 2013

niets gekort hoor

30 augustus 2013

Ga naar C:\Gebruikers\gebruikersnaam\AppData\Local\Google\Chrome\Application en verwijder daar het bestand first run.

kan deze niet vinden

29 augustus 2013

ben benieuwd

29 augustus 2013

ja die shockwave heb ik nodig op facebook , er zit er eentje in chrome maar ook als ik alleen deze gebruik , heb ik paginas die niet reageren , en de shockwave net van hetzelfde

zal maar eens stilletjes uitkijken naar nieuwe pc

hartstikke bedankt voor al jullie hulp

moest er iemand nog iets hebben dat ik kan proberen dan hoor ik t graag

29 augustus 2013

oei pc aan vervanging toe met andere woorden , maar moet toch wel mogelijk zijn om in 1 pagina fatsoenlijk te werken of ni ?

28 augustus 2013

http://speccy.piriform.com/results/qRnXzjNxuVkjXJ36WIB3DH2

28 augustus 2013

met alle sorry hier zal ik overgekeken hebben internet explorer geeft hetzelfde probleem , heb alleen nog maar chrome en internet explorer gehad

28 augustus 2013

niets gekort gaat even goed en dan ist weer zelfde

28 augustus 2013

ccleaner ken ik die gebruik ik regelmatig zal de shockwave nog eens opnieuw doen

27 augustus 2013

ComboFix 13-08-27.02 - Administrator 27/08/2013 19:51:35.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.709 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

FILE ::

"c:\documents and settings\Administrator\DelDAF.bat"

"c:\documents and settings\Default User\DelDAF.bat"

"c:\windows\system32\config\systemprofile\DelDAF.bat"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Application Data\DefaultTab

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-07-27 to 2013-08-27 ))))))))))))))))))))))))))))))

.

2013-08-27 17:43 . 2013-08-27 17:43 -------- d-----w- c:\windows\LastGood

2013-08-27 17:26 . 2013-08-27 17:26 -------- d-----w- c:\windows\system32\xircom

2013-08-27 17:26 . 2013-08-27 17:26 -------- d-----w- c:\windows\system32\wbem\snmp

2013-08-27 17:26 . 2013-08-27 17:26 -------- d-----w- c:\program files\microsoft frontpage

2013-08-27 06:49 . 2013-08-27 06:50 -------- d-----w- C:\AdwCleaner

2013-08-26 15:58 . 2013-08-26 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2013-08-26 15:57 . 2013-08-26 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-08-26 15:57 . 2013-08-26 15:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-08-26 15:57 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-25 05:56 . 2013-08-27 17:46 -------- d-sh--w- c:\documents and settings\Administrator\Onlangs geopend

2013-08-14 06:34 . 2013-08-14 06:37 -------- d-----w- c:\windows\system32\MRT

2013-08-13 05:57 . 2013-08-13 05:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics

2013-08-06 08:02 . 2013-08-06 08:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FixItCenter

2013-08-06 08:00 . 2013-08-06 08:00 -------- d-----w- c:\windows\MATS

2013-08-06 08:00 . 2013-08-06 08:00 -------- d-----w- c:\program files\Microsoft Fix it Center

2013-08-04 10:35 . 2013-08-04 10:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities

2013-08-02 05:55 . 2013-08-02 05:55 105 ----a-w- C:\prefs.js

2013-07-31 12:06 . 2013-07-31 12:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2013-07-31 12:05 . 2013-07-31 12:05 -------- d--h--w- c:\windows\system32\GroupPolicy

2013-07-31 11:58 . 2013-07-31 11:58 -------- d-----w- c:\program files\VideoLAN

2013-07-30 09:27 . 2013-07-31 06:11 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-30 09:27 . 2013-07-31 06:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-07-29 12:29 . 2013-08-09 05:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\LavasoftStatistics

2013-07-29 12:29 . 2013-07-29 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Antivirus

2013-07-29 12:24 . 2013-07-29 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2013-07-29 12:24 . 2013-07-29 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations

2013-07-29 12:23 . 2013-07-29 12:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\SecureSearch

2013-07-29 12:21 . 2013-07-29 12:21 44424 ----a-w- c:\windows\system32\sbbd.exe

2013-07-29 12:21 . 2013-07-29 12:21 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-07-29 12:21 . 2013-07-31 05:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ad-Aware Antivirus

2013-07-29 06:33 . 2013-08-23 08:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment

2013-07-29 06:32 . 2013-07-29 06:32 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2013-07-29 06:31 . 2013-07-29 06:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-26 11:24 . 2013-07-26 11:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-26 11:24 . 2013-07-26 11:24 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-07-26 11:24 . 2013-07-25 17:01 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-07-26 11:24 . 2013-07-26 11:24 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-07-26 02:49 . 2008-05-21 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-07-26 02:48 . 2008-05-21 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2013-07-26 02:48 . 2008-05-21 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-07-25 18:05 . 2013-07-25 18:05 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-07-25 18:05 . 2013-07-25 18:05 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-07-25 18:05 . 2013-07-25 18:05 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-07-25 17:26 . 2013-07-25 17:26 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2013-07-25 17:03 . 2013-07-25 17:03 55533 ----a-w- c:\windows\BricoPackUninst.cmd

2013-07-25 17:03 . 2013-07-25 17:02 6120 ----a-w- c:\windows\BricoPackFoldersDelete.cmd

2013-07-25 17:03 . 2008-05-21 12:00 219136 ----a-w- c:\windows\system32\uxtheme.dll

2013-07-25 17:01 . 2013-07-25 17:01 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

2013-07-25 16:57 . 2013-07-25 17:06 86 ----a-w- c:\documents and settings\Administrator\DelDAF.bat

2013-07-25 16:57 . 2013-07-25 17:03 86 ----a-w- c:\windows\system32\config\systemprofile\DelDAF.bat

2013-07-25 16:57 . 2013-07-25 16:57 86 ----a-w- c:\documents and settings\Default User\DelDAF.bat

2013-07-25 15:58 . 2008-05-21 12:00 385024 ------w- c:\windows\system32\html.iec

2013-07-10 10:37 . 2008-05-21 12:00 406016 ----a-w- c:\windows\system32\usp10.dll

2013-07-04 07:33 . 2008-05-21 12:00 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-04 07:33 . 2008-05-11 12:51 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-05 09:08 . 2008-05-21 12:00 1876864 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 07:22 . 2008-05-21 12:00 563200 ----a-w- c:\windows\system32\qedit.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-05-21 . 0667A612D847BD87667F3CB1FC4C0D6C . 979456 . . [6.00.2900.5512] . . c:\windows\explorer.exe

.

[-] 2008-05-21 . 84FEBA228C626DA702A065C6B86FCB41 . 230912 . . [5.1.2600.5512] . . c:\windows\regedit.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-24 7626752]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-24 86016]

"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]

"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-05-21 15360]

"VisualTaskTips"="c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"PackNoVs"="c:\windows\BricoPacks\Vista Inspirat 2\pack-it.exe" [2007-04-22 98304]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"SetVisualStyle"= c:\windows\Resources\Themes\Inspirat2\Inspirat2.msstyles

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]

2007-10-22 13:49 563519 ----a-w- c:\program files\Desktop Tray Clock\DTClock.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2007-04-16 20:28 577536 ----a-w- c:\windows\SOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]

2007-09-05 09:20 36352 ----a-w- c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [25/07/2013 20:05 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [25/07/2013 20:05 175176]

R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [29/07/2013 14:21 13560]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/07/2013 19:01 717296]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [26/07/2013 9:15 21576]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25/07/2013 20:05 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/07/2013 20:05 369584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/07/2013 20:05 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [25/07/2013 20:05 66336]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-23 08:17 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-30 06:11]

.

2013-08-27 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-07-25 08:58]

.

2013-08-27 c:\windows\Tasks\ConfigExec.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-13 20:09]

.

2013-08-27 c:\windows\Tasks\DataUpload.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-13 20:09]

.

2013-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-23 08:16]

.

2013-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-23 08:16]

.

------- Bijkomende Scan -------

.

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: {{8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - Microsoft Support

TCP: DhcpNameServer = 195.130.131.4 195.130.130.132

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-08-27 19:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-776561741-1972579041-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,52,6d,11,1b,e9,56,4c,be,8e,cc,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,52,6d,11,1b,e9,56,4c,be,8e,cc,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,52,6d,11,1b,e9,56,4c,be,8e,cc,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,52,6d,11,1b,e9,56,4c,be,8e,cc,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,52,6d,11,1b,e9,56,4c,be,8e,cc,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(272)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

.

Voltooingstijd: 2013-08-27 19:57:56

ComboFix-quarantined-files.txt 2013-08-27 17:57

ComboFix2.txt 2013-08-27 15:55

.

Pre-Run: 72.035.700.736 bytes beschikbaar

Post-Run: 72.032.116.736 bytes beschikbaar

.

- - End Of File - - 8B28A2DE09E6272AA479720150BB4EF8

3051207086651214E435112E51817DC5

27 augustus 2013

ComboFix 13-08-25.01 - Administrator 27/08/2013 17:49:35.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.712 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Mijn documenten\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab

c:\documents and settings\Administrator\DelDAF.tmp

c:\documents and settings\Default User\DelDAF.tmp

c:\windows\system32\config\systemprofile\DelDAF.tmp

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-07-27 to 2013-08-27 ))))))))))))))))))))))))))))))

.

2013-08-27 06:49 . 2013-08-27 06:50 -------- d-----w- C:\AdwCleaner

2013-08-26 15:58 . 2013-08-26 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2013-08-26 15:57 . 2013-08-26 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-08-26 15:57 . 2013-08-26 15:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-08-26 15:57 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-25 05:56 . 2013-08-26 16:28 -------- d-sh--w- c:\documents and settings\Administrator\Onlangs geopend