Yvontje82

Hallo Kape, Wederom bedankt. Het was wel even puzzelen, want de beschrijving was niet helemaal kloppend. ik weet niet of je wilt weten wat er anders was, maar ik geef het toch maar even mee. Misschien dat je hierdoor besluit om de handleiding enigzins aan te passen. Zo werd er gevraagd welk "operation systeem" ik wil gebruiken. Keuze tussen: Windows Setup en Windows 7. De eerste keer gebruikte ik windows 7 maar toen verscheen er een ander venster. Zie de bijgevoegde foto. Dit venster heb ik genegeerd en heb je beschrijving verder uitgevoerd. Nadat ik "windowsunlocker" had ge-entered werd mij gevraagd om een keuze te maken: "Pleas, select command to execute: 1 - Unlock Windows 2 - Save boot sector copies 0 - Exit (1) :>" Logisch gekozen voor optie 1. Hierna verscheen er het eea aan tekst en daarna werd weer de hierboven beschreven keuzes aan mij voorgelegd. Ik dacht dat er iets niet goed was gegaan dus heb ik verder hier niet op gereageerd en heb ik het venster gesloten dmv het kruisje en de PC opnieuw opgestart. De tweede keer koos ik, toen mij werd gevraagd welk operation systeem ik wilde gebruiken, voor Windows setup. Wederom verscheen het venster dat ik hierbover ook heb beschreven en genegeerd en ben weer verder gegaan met de handleiding. Nadat ik keuze 1 'Unlock windows' had gekozen, kreeg ik weer hetzelfde riedeltje en daarna koos ik voor de getoonde keuze 0 "Exit". Hierna de PC weer herstart en nu ging hij rechtstreeks naar het normale inlogscherm dat ik altijd heb. En had ik weer gewoon toegang tot mijn account. Hierna direct MBAM gestart als administrator en kreeg tijdens enkele detecties. Deze heb ik na de scan verwijderd. Zie hieronder voor mijn logje. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Databaseversie: v2012.11.14.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Yvonne :: YVONNE-HP [administrator] 14-11-2012 20:59:04 mbam-log-2012-11-14 (20-59-04).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 218607 Verstreken tijd: 2 minuut/minuten, 19 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\Users\Yvonne\AppData\Roaming\msconfig.dat (Trojan.Winlock) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Yvonne\0.8440488850507153.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) - - - Updated - - - En ook maar meteen een HJT-logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:19:50, on 14-11-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Yvonne\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/8 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 O4 - HKLM\..\Run: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Corel Photo Downloader] "c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro 3.6 Crusader (Boot) (HitmanPro36CrusaderBoot) - Unknown owner - C:\Program Files\HitmanPro\HitmanPro.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12533 bytes In ieder geval weer heel erg bedankt alvast. Groetjes Yvonne

Beste, beste, beste, beste, beste, beste, Ik heb wederom (en ondanks AVG-antivirus) een virus op mijn PC. Jullie kunnen er niets aan doen en jullie hebben mij altijd geweldig geholpen, maar ik word er inmiddels wel een beetje moe van. Steeds om de paar maanden dit gedoe. Ik had de hoop alvast een MBAM-logje te kunnen plaatsen, maar zelfs veilige modus kan mij niet helpen. Wanneer ik mijn PC opstart in veilige modus zie ik heel kort even het gebruikelijke bureaublad met hele grote pictogrammen, maar al heel snel zie ik vervolgens dat mijn beeldscherm geheel wit wordt. Het enige dat zichtbaar is, is de muis. Ik heb geen start-knop, geen taakbalk, helemaal niets. Wanneer ik mbv crtl-alt-del mijn PC afsluit, dan verdwijnt het witte scherm weer en zie ik even vluchtig weer de normale bureaublad van de veilige modus. Ik vermoed dat in dit geval de enige oplossing is om dit probleem aan te pakken via "veilige modus in promptopdracht". Nou ja, dat gok ik. Want alleen als ik in die modus opstart krijg ik niet een wit scherm. Ik hoop dat jullie mij kunnen helpen. Groetjes Yvonne

Beste, De hierboven vetgedrukte map is verwijderd. Daarna AVG nog eens laten scannen en kwam toch met meldingen. Zie de bijlage. Omdat er stond "mogelijk gevaarlijk object" heb ik het nog niet verwijderd. Met vriendelijke groet, Yvonne

ComboFix 12-10-14.02 - Yvonne 14-10-2012 9:52.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2669 [GMT 2:00] Gestart vanuit: c:\users\Yvonne\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\boost_interprocess\20121014094421.125600 c:\programdata\boost_interprocess\20121014094421.125600\Nobu64AgentService c:\programdata\boost_interprocess\20121014094421.125600\Nobu64TrayIcon c:\users\Yvonne\AppData\Roaming\Hiyhx c:\users\Yvonne\AppData\Roaming\Hiyhx\saro.nyo . . (((((((((((((((((((( Bestanden Gemaakt van 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))) . . 2012-10-14 07:58 . 2012-10-14 07:58 -------- d-----w- c:\users\Werner\AppData\Local\temp 2012-10-14 07:58 . 2012-10-14 07:58 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-10-14 07:58 . 2012-10-14 07:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-10 12:36 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-10 12:36 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-10 12:36 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-10-10 12:36 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-09-28 13:25 . 2012-09-28 13:31 -------- d-----w- c:\program files\WinRAR 2012-09-28 13:17 . 2012-09-28 13:26 -------- d-----w- c:\programdata\WinZip 2012-09-28 08:09 . 2012-09-28 08:10 -------- d-----w- c:\users\Yvonne\AppData\Local\Alt.Binz 2012-09-26 03:41 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-17 00:12 . 2012-09-17 00:13 -------- d-----w- c:\programdata\ieojjrtllsxovlt . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-11 01:04 . 2011-05-23 07:31 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-07 15:04 . 2012-01-05 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-03 20:20 . 2012-09-03 20:20 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-08-24 13:43 . 2012-08-24 13:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-08-22 18:12 . 2012-09-12 13:45 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 13:45 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 13:45 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 13:45 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-20 17:38 . 2012-10-10 12:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-02 17:58 . 2012-09-12 13:45 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-08-02 16:57 . 2012-09-12 13:45 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-07-26 01:21 . 2012-07-26 01:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2012-07-18 18:15 . 2012-08-15 07:39 3148800 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-09-03 20:20 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-03 1734240] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-08 98304] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-11-01 593920] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-03 947808] "HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960] "ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048] . c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176] R2 HitmanPro36CrusaderBoot;HitmanPro 3.6 Crusader (Boot);c:\program files\HitmanPro\HitmanPro.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-02 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-03 31080] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-03 722528] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Inhoud van de 'Gedeelde Taken' map . 2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 11:38] . 2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 11:38] . 2012-09-14 c:\windows\Tasks\HPCeeScheduleForYVONNE-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-10-14 c:\windows\Tasks\HPCeeScheduleForYvonne.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll FF - ProfilePath - c:\users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: network.proxy.type - 0 FF - user.js: extentions.y2layers.installId - 3d8c62c3-e8a9-4ad3-bc79-bc61006110b3 FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{25515A79-C1C7-4B97-97F8-31A711694487} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HitmanPro36CrusaderBoot] "ImagePath"="\"c:\program files\HitmanPro\HitmanPro.exe\" /crusader:boot" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20, 35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b "{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,6b,7c, 1a,82,e9,65,3d,9d,e9,17,af,a2,b0,e5,ab . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem)

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:20:59, on 13-10-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\adb.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\Yvonne\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro 3.6 Crusader (Boot) (HitmanPro36CrusaderBoot) - Unknown owner - C:\Program Files\HitmanPro\HitmanPro.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11883 bytes Toen ik MBAM liet draaien was ik eerst vergeten om AVG uit te zetten, en toen kreeg ik de melding dat er een meervoudige bedreiging is gevonden. Nu heb ik hier nog niets mee gedaan, want ik dacht dat het mogelijk een melding zou kunnen zijn die opkomt omdat ik AVG niet had uitgezet. Graag hoor ik of dit in derdaad zo is en anders probeer ik die melding alsnog een keertje te voorschijn te toveren. Zie in de bijgevoegde foto voor melding die ik kreeg. Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Databaseversie: v2012.10.13.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Yvonne :: YVONNE-HP [administrator] 13-10-2012 16:30:11 mbam-log-2012-10-13 (16-30-11).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 216730 Verstreken tijd: 3 minuut/minuten, 5 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)

Beste, Hierbij het logje. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:29:19, on 12-10-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\Yvonne\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro 3.6 Crusader (Boot) (HitmanPro36CrusaderBoot) - Unknown owner - C:\Program Files\HitmanPro\HitmanPro.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11951 bytes

Hallo, Zonet werd ik plots verrast door een melding van AVG anti-virus dat er een trojaanspaard was gedetecteerd. Deze heb ik meteen in quarantaine geplaatst. (Zie de bijlage voor de melding). De melding kwam opzetten toen ik een zojuist gescand bestand wilde zoeken. Het betreffen bestand die als trojaanspaard werd aangeduidt stond in mijn lijst in de map "Mijn afbeeldingen". ik weet of deze info van belang kan zijn voor jullie, maar ik geef het maar even mee. Graag zou ik een PC-check willen doen om te kijken of er mogelijk nog meer geinfecteerde bestanden op mijn PC staan. Met vriendelijke groet, Yvonne

Hoi Kape, Volgens mij niet (voor zover ik dat merk aan mijn pc). Ik kon mijn PC al na de eerste verwijdering weer gewoon gebruiken Groetjes en bedankt. Yvonne

Nou, hopelijk ben ik er nu vanaf ComboFix 12-07-31.03 - Yvonne 02-08-2012 22:45:16.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2715 [GMT 2:00] Gestart vanuit: c:\users\Yvonne\Desktop\ComboFix1.exe gebruikte Opdracht switches :: c:\users\Yvonne\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Web Assistant c:\program files\Web Assistant\Extension64.dll c:\program files\Web Assistant\ExtensionUpdaterService.exe c:\program files\Web Assistant\Firefox\chrome.manifest c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js c:\program files\Web Assistant\Firefox\chrome\content\main.js c:\program files\Web Assistant\Firefox\chrome\content\main.xul c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js c:\program files\Web Assistant\Firefox\install.rdf c:\program files\Web Assistant\InstallerHelper.dll c:\program files\Web Assistant\libraries\DataExchangeScript.js c:\program files\Web Assistant\resources\localscript.js c:\program files\Web Assistant\source.crx c:\program files\Web Assistant\unins000.dat c:\program files\Web Assistant\unins000.exe c:\programdata\boost_interprocess\20120802224023.125600 c:\programdata\boost_interprocess\20120802224023.125600\Nobu64AgentService c:\programdata\boost_interprocess\20120802224023.125600\Nobu64TrayIcon . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Web Assistant Updater . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))) . . 2012-08-02 20:51 . 2012-08-02 20:51 -------- d-----w- c:\users\Werner\AppData\Local\temp 2012-08-02 20:51 . 2012-08-02 20:51 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-08-02 20:51 . 2012-08-02 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-10 22:16 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-10 21:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-10 21:05 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-07-10 21:05 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-10 21:05 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-10 21:05 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-10 21:05 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2012-07-10 21:05 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-07-10 21:05 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-10 21:05 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-10 21:05 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll 2012-07-10 21:05 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-10 21:05 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-07-08 11:08 . 2012-07-08 11:08 -------- d-----w- c:\program files (x86)\Gamers Unite! Snag Bar 2012-07-04 17:33 . 2012-07-04 17:33 -------- d-----w- c:\users\Yvonne\AppData\Roaming\ICQ 2012-07-04 15:18 . 2012-07-04 15:18 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Windows Desktop Search 2012-07-04 14:46 . 2012-07-04 15:34 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Media Player Classic 2012-07-04 11:34 . 2012-07-04 11:34 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Microsoft Corporation 2012-07-04 11:18 . 2012-07-04 14:30 -------- d-----w- c:\users\Yvonne\AppData\Roaming\vlc 2012-07-04 10:26 . 2012-07-04 17:17 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Google Inc 2012-07-04 10:26 . 2012-07-04 10:26 -------- d-----w- c:\users\Yvonne\AppData\Roaming\TeamViewer . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-10 22:12 . 2011-05-23 07:31 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-02 22:19 . 2012-06-21 15:01 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 15:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 15:01 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 15:01 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 15:01 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 15:01 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 15:01 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 15:01 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-21 15:01 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-09 01:19 . 2012-05-09 01:19 0 ----a-w- c:\windows\SysWow64\shoB9BF.tmp . . ((((((((((((((((((((((((((((( SnapShot_2012-08-02_04.35.55 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-02 20:52 . 2012-08-02 20:52 12411 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-08-02 04:34 . 2012-08-02 04:34 12411 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2009-07-14 04:54 . 2012-08-01 14:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-02 20:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-01 14:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-02 20:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-02 20:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-08-01 14:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-21 05:15 . 2012-08-02 20:42 56764 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2011-05-21 05:15 . 2012-08-02 04:37 56764 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-08-02 04:37 39542 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-02 20:42 39542 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-20 18:49 . 2012-08-02 20:42 24650 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2155248324-3539292037-1374523505-1000_UserData.bin + 2011-05-21 05:15 . 2012-08-02 20:42 56764 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-02 20:42 39542 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-08-02 04:17 39542 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-20 18:49 . 2012-08-02 20:42 24650 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2155248324-3539292037-1374523505-1000_UserData.bin + 2012-08-02 20:52 . 2012-08-02 20:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-02 04:35 . 2012-08-02 04:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-02 04:35 . 2012-08-02 04:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-02 20:52 . 2012-08-02 20:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-02-01 23:34 . 2012-08-02 04:19 701992 c:\windows\system64\perfh013.dat + 2011-02-01 23:34 . 2012-08-02 20:57 701992 c:\windows\system64\perfh013.dat + 2009-07-14 02:36 . 2012-08-02 20:57 616476 c:\windows\system64\perfh009.dat - 2009-07-14 02:36 . 2012-08-02 04:19 616476 c:\windows\system64\perfh009.dat + 2011-02-01 23:34 . 2012-08-02 20:57 133766 c:\windows\system64\perfc013.dat - 2011-02-01 23:34 . 2012-08-02 04:19 133766 c:\windows\system64\perfc013.dat - 2009-07-14 02:36 . 2012-08-02 04:19 106598 c:\windows\system64\perfc009.dat + 2009-07-14 02:36 . 2012-08-02 20:57 106598 c:\windows\system64\perfc009.dat + 2011-02-01 23:34 . 2012-08-02 20:57 701992 c:\windows\system32\perfh013.dat - 2011-02-01 23:34 . 2012-08-02 04:19 701992 c:\windows\system32\perfh013.dat + 2009-07-14 02:36 . 2012-08-02 20:57 616476 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-08-02 04:19 616476 c:\windows\system32\perfh009.dat - 2011-02-01 23:34 . 2012-08-02 04:19 133766 c:\windows\system32\perfc013.dat + 2011-02-01 23:34 . 2012-08-02 20:57 133766 c:\windows\system32\perfc013.dat - 2009-07-14 02:36 . 2012-08-02 04:19 106598 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-08-02 20:57 106598 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-08-02 04:34 395992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-02 20:52 395992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-05-20 22:06 . 2012-08-02 20:52 4087736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2155248324-3539292037-1374523505-1000-8192.dat - 2011-06-10 23:28 . 2012-08-02 03:03 3157972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2155248324-3539292037-1374523505-1000-12288.dat + 2011-06-10 23:28 . 2012-08-02 15:42 3157972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2155248324-3539292037-1374523505-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-04 12:34 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-06-04 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-08 98304] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-11-01 593920] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-04 1107552] "HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960] . c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176] R2 HitmanPro36CrusaderBoot;HitmanPro 3.6 Crusader (Boot);c:\program files\HitmanPro\HitmanPro.exe [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-02 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-06-04 935008] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Inhoud van de 'Gedeelde Taken' map . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 11:38] . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 11:38] . 2012-07-16 c:\windows\Tasks\HPCeeScheduleForYVONNE-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-07-28 c:\windows\Tasks\HPCeeScheduleForYvonne.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896] "combofix"="c:\combofix1\CF26738.3XE" [2010-11-20 345088] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\Web Assistant\Extension64.dll WebBrowser-{25515A79-C1C7-4B97-97F8-31A711694487} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HitmanPro36CrusaderBoot] "ImagePath"="\"c:\program files\HitmanPro\HitmanPro.exe\" /crusader:boot" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20, 35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b "{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,6b,7c, 1a,82,e9,65,3d,9d,e9,17,af,a2,b0,e5,ab . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c0,1e,2d,53,55,1d,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe . ************************************************************************** . Voltooingstijd: 2012-08-02 23:27:33 - machine werd herstart ComboFix-quarantined-files.txt 2012-08-02 21:27 ComboFix2.txt 2012-08-02 04:40 ComboFix3.txt 2012-07-02 18:13 ComboFix4.txt 2012-03-02 16:18 . Pre-Run: 912.595.025.920 bytes beschikbaar Post-Run: 912.299.237.376 bytes beschikbaar . - - End Of File - - CD98BECE3322F91E73292C177AFC89A0

ComboFix 12-07-31.03 - Yvonne 02-08-2012 6:28.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2884 [GMT 2:00] Gestart vanuit: c:\users\Yvonne\Desktop\ComboFix1.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\boost_interprocess\20120802061426.125600 c:\programdata\boost_interprocess\20120802061426.125600\Nobu64AgentService c:\programdata\boost_interprocess\20120802061426.125600\Nobu64TrayIcon c:\programdata\wiapzgmykxiykzx c:\users\Yvonne\AppData\Roaming\Help\coredb\storage . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))) . . 2012-08-02 04:34 . 2012-08-02 04:34 -------- d-----w- c:\users\Werner\AppData\Local\temp 2012-08-02 04:34 . 2012-08-02 04:34 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-08-02 04:34 . 2012-08-02 04:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-10 22:16 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-10 21:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-10 21:05 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-07-10 21:05 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-10 21:05 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-10 21:05 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-10 21:05 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2012-07-10 21:05 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-07-10 21:05 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-10 21:05 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-10 21:05 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll 2012-07-10 21:05 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-10 21:05 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-07-08 11:08 . 2012-07-08 11:08 -------- d-----w- c:\program files (x86)\Gamers Unite! Snag Bar 2012-07-04 17:33 . 2012-07-04 17:33 -------- d-----w- c:\users\Yvonne\AppData\Roaming\ICQ 2012-07-04 15:18 . 2012-07-04 15:18 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Windows Desktop Search 2012-07-04 14:46 . 2012-07-04 15:34 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Media Player Classic 2012-07-04 11:34 . 2012-07-04 11:34 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Microsoft Corporation 2012-07-04 11:18 . 2012-07-04 14:30 -------- d-----w- c:\users\Yvonne\AppData\Roaming\vlc 2012-07-04 10:26 . 2012-07-04 17:17 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Google Inc 2012-07-04 10:26 . 2012-07-04 10:26 -------- d-----w- c:\users\Yvonne\AppData\Roaming\TeamViewer . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-10 22:12 . 2011-05-23 07:31 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-02 22:19 . 2012-06-21 15:01 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 15:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 15:01 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 15:01 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 15:01 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 15:01 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 15:01 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 15:01 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-21 15:01 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-09 01:19 . 2012-05-09 01:19 0 ----a-w- c:\windows\SysWow64\shoB9BF.tmp 2012-05-04 11:06 . 2012-06-13 06:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 06:06 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 06:06 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((( SnapShot_2012-07-02_18.09.38 ))))))))))))))))))))))))))))))))))))))))) . - 2012-01-31 03:04 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll + 2012-07-10 21:04 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll + 2012-07-10 21:04 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll - 2012-01-31 03:04 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll + 2012-07-10 22:11 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll - 2012-06-13 14:57 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll - 2012-06-13 14:57 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2012-07-10 22:11 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll - 2012-06-13 14:57 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll + 2012-07-10 22:11 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll + 2012-08-02 04:34 . 2012-08-02 04:34 12411 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-07-02 18:08 . 2012-07-02 18:08 12411 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2009-07-14 04:54 . 2012-07-01 20:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-01 14:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-01 14:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-01 20:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-01 14:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-01 20:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-21 05:15 . 2012-08-02 04:37 56764 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-02 04:37 39542 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-20 18:49 . 2012-08-02 04:37 24618 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2155248324-3539292037-1374523505-1000_UserData.bin - 2012-06-13 14:57 . 2012-05-18 01:51 96768 c:\windows\system64\mshtmled.dll + 2012-07-10 22:11 . 2012-06-02 11:57 96768 c:\windows\system64\mshtmled.dll - 2012-06-13 14:57 . 2012-05-18 01:56 86528 c:\windows\system64\migration\WininetPlugin.dll + 2012-07-10 22:11 . 2012-06-02 12:03 86528 c:\windows\system64\migration\WininetPlugin.dll - 2012-06-13 14:57 . 2012-05-18 01:56 85504 c:\windows\system64\jsproxy.dll + 2012-07-10 22:11 . 2012-06-02 12:03 85504 c:\windows\system64\jsproxy.dll + 2012-07-10 21:04 . 2012-06-02 05:48 95600 c:\windows\system64\drivers\ksecdd.sys - 2012-01-31 03:04 . 2011-11-17 06:49 95600 c:\windows\system64\drivers\ksecdd.sys - 2011-05-21 03:44 . 2012-06-30 18:34 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-21 03:44 . 2012-08-02 04:25 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-21 03:44 . 2012-06-30 18:34 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-05-21 03:44 . 2012-08-02 04:25 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-30 18:34 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-02 04:25 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-21 05:15 . 2012-08-02 04:17 56342 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-02 04:17 39542 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-20 18:49 . 2012-08-02 04:17 24378 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2155248324-3539292037-1374523505-1000_UserData.bin - 2012-06-13 14:57 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll + 2012-07-10 22:11 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll - 2012-06-13 14:57 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll + 2012-07-10 22:11 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll - 2012-06-13 14:57 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll + 2012-07-10 22:11 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll - 2012-01-31 03:04 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys + 2012-07-10 21:04 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys - 2011-05-21 03:44 . 2012-06-30 18:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-21 03:44 . 2012-08-02 04:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-21 03:44 . 2012-06-30 18:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-05-21 03:44 . 2012-08-02 04:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-30 18:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-02 04:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:46 . 2012-06-30 18:26 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 04:46 . 2012-07-16 20:16 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2011-05-20 18:56 . 2012-03-29 02:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-20 18:56 . 2012-07-12 04:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-07-20 00:58 . 2012-07-20 00:58 25600 c:\windows\Installer\b6993.msi + 2011-08-28 13:42 . 2012-07-10 22:16 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2011-08-28 13:42 . 2012-06-13 15:07 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2011-08-28 13:42 . 2012-06-13 15:07 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2011-08-28 13:42 . 2012-07-10 22:16 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2011-08-28 13:42 . 2012-06-13 15:07 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2011-08-28 13:42 . 2012-07-10 22:16 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2011-07-20 05:28 . 2011-07-20 05:28 54104 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\SCANOST.EXE + 2011-07-20 05:28 . 2011-07-20 05:28 75624 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\RM.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 38248 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\RECALL.DLL + 2011-05-26 19:18 . 2011-05-26 19:18 52088 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OUTLVBA.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 34208 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\DUMPSTER.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 87408 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\DLGSETP.DLL - 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system64\msxml3r.dll + 2012-07-10 21:05 . 2010-06-26 03:55 2048 c:\windows\system64\msxml3r.dll + 2012-08-02 04:35 . 2012-08-02 04:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-02 18:09 . 2012-07-02 18:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-02 18:09 . 2012-07-02 18:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-02 04:35 . 2012-08-02 04:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-10 22:11 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll - 2012-06-13 14:57 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll + 2012-07-10 21:04 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll - 2012-06-13 14:57 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll + 2012-07-10 22:11 . 2012-06-02 08:19 716800 c:\windows\SysWOW64\jscript.dll + 2012-07-10 22:11 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe - 2012-06-13 14:57 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe + 2012-07-10 22:11 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll - 2012-06-13 14:57 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll + 2012-07-10 21:04 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll - 2011-06-06 23:35 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll + 2011-05-21 20:57 . 2012-08-01 12:44 264214 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2012-07-10 22:11 . 2012-06-02 12:04 237056 c:\windows\system64\url.dll - 2012-06-13 14:57 . 2012-05-18 01:58 237056 c:\windows\system64\url.dll + 2012-07-10 21:05 . 2012-06-02 05:45 340992 c:\windows\system64\schannel.dll - 2012-01-31 03:04 . 2011-11-17 06:35 340992 c:\windows\system64\schannel.dll + 2011-02-01 23:34 . 2012-08-02 04:19 701992 c:\windows\system64\perfh013.dat - 2011-02-01 23:34 . 2012-07-02 16:42 701992 c:\windows\system64\perfh013.dat + 2009-07-14 02:36 . 2012-08-02 04:19 616476 c:\windows\system64\perfh009.dat - 2009-07-14 02:36 . 2012-07-02 16:42 616476 c:\windows\system64\perfh009.dat - 2011-02-01 23:34 . 2012-07-02 16:42 133766 c:\windows\system64\perfc013.dat + 2011-02-01 23:34 . 2012-08-02 04:19 133766 c:\windows\system64\perfc013.dat - 2009-07-14 02:36 . 2012-07-02 16:42 106598 c:\windows\system64\perfc009.dat + 2009-07-14 02:36 . 2012-08-02 04:19 106598 c:\windows\system64\perfc009.dat - 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system64\ncrypt.dll + 2012-07-10 21:05 . 2012-06-02 05:44 307200 c:\windows\system64\ncrypt.dll + 2012-07-10 22:11 . 2012-06-02 12:00 818688 c:\windows\system64\jscript.dll - 2012-06-13 14:57 . 2012-05-18 01:55 818688 c:\windows\system64\jscript.dll + 2012-07-10 22:11 . 2012-06-02 12:01 173056 c:\windows\system64\ieUnatt.exe - 2012-06-13 14:57 . 2012-05-18 01:55 173056 c:\windows\system64\ieUnatt.exe + 2012-07-10 22:11 . 2012-06-02 11:54 248320 c:\windows\system64\ieui.dll - 2012-06-13 14:57 . 2012-05-18 01:47 248320 c:\windows\system64\ieui.dll - 2009-07-14 04:45 . 2012-06-13 22:26 424424 c:\windows\system64\FNTCACHE.DAT + 2009-07-14 04:45 . 2012-07-11 03:48 424424 c:\windows\system64\FNTCACHE.DAT + 2012-07-10 21:05 . 2012-06-02 05:48 151920 c:\windows\system64\drivers\ksecpkg.sys + 2012-07-10 21:05 . 2012-06-02 05:50 458704 c:\windows\system64\drivers\cng.sys + 2011-05-21 20:57 . 2012-08-01 12:44 264214 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin - 2012-06-13 14:57 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll + 2012-07-10 22:11 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll - 2011-02-01 23:34 . 2012-07-02 16:42 701992 c:\windows\system32\perfh013.dat + 2011-02-01 23:34 . 2012-08-02 04:19 701992 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2012-07-02 16:42 616476 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-02 04:19 616476 c:\windows\system32\perfh009.dat + 2011-02-01 23:34 . 2012-08-02 04:19 133766 c:\windows\system32\perfc013.dat - 2011-02-01 23:34 . 2012-07-02 16:42 133766 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2012-08-02 04:19 106598 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-07-02 16:42 106598 c:\windows\system32\perfc009.dat + 2012-07-10 22:11 . 2012-06-02 12:00 818688 c:\windows\system32\jscript.dll - 2012-06-13 14:57 . 2012-05-18 01:55 818688 c:\windows\system32\jscript.dll + 2012-07-10 22:11 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe - 2012-06-13 14:57 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe + 2012-07-10 22:11 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll - 2012-06-13 14:57 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll - 2009-07-14 04:45 . 2012-06-13 22:26 424424 c:\windows\system32\FNTCACHE.DAT + 2009-07-14 04:45 . 2012-07-11 03:48 424424 c:\windows\system32\FNTCACHE.DAT - 2009-07-14 05:01 . 2012-07-02 18:08 395992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-02 04:34 395992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-08-28 13:42 . 2012-06-13 15:07 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2011-08-28 13:42 . 2012-07-10 22:16 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2011-08-28 13:42 . 2012-07-10 22:16 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2011-08-28 13:42 . 2012-06-13 15:07 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2011-08-28 13:42 . 2012-07-10 22:16 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2011-08-28 13:42 . 2012-06-13 15:07 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2011-08-28 13:42 . 2012-06-13 15:07 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2011-08-28 13:42 . 2012-07-10 22:16 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2011-08-28 13:42 . 2012-07-10 22:16 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2011-08-28 13:42 . 2012-06-13 15:07 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2011-08-28 13:42 . 2012-07-10 22:16 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2011-08-28 13:42 . 2012-06-13 15:07 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2011-08-28 13:42 . 2012-07-10 22:16 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2011-08-28 13:42 . 2012-06-13 15:07 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2011-07-20 05:28 . 2011-07-20 05:28 282032 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\SCNPST64.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 273832 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\SCNPST32.DLL + 2011-07-27 03:55 . 2011-07-27 03:55 410992 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\RTFHTML.DLL + 2011-07-20 06:06 . 2011-07-20 06:06 770480 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\REGFORM.EXE + 2011-07-20 05:28 . 2011-07-20 05:28 421736 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\PSTPRX32.DLL + 2011-05-31 15:15 . 2011-05-31 15:15 177040 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OUTLPH.DLL + 2011-07-27 03:55 . 2011-07-27 03:55 596888 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OUTLMIME.DLL + 2011-05-26 19:18 . 2011-05-26 19:18 136536 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OUTLCTL.DLL + 2011-07-27 05:03 . 2011-07-27 05:03 194448 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OMSXP32.DLL + 2011-07-27 05:03 . 2011-07-27 05:03 661888 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OMSMAIN.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 253824 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OLKFSTUB.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 340320 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\MIMEDIR.DLL + 2012-03-07 02:03 . 2012-03-07 02:03 117160 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\IPOMINT.DLL + 2011-07-20 06:06 . 2011-07-20 06:06 176024 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\IPOLK.DLL + 2011-07-20 05:28 . 2011-07-20 05:28 138088 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\IMPMAIL.DLL + 2009-02-26 11:09 . 2009-02-26 11:09 154000 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\ENVELOPE.DLL + 2011-05-26 19:18 . 2011-05-26 19:18 115584 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\EMABLT32.DLL + 2011-07-27 03:55 . 2011-07-27 03:55 128376 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\CONTAB32.DLL + 2012-07-10 22:12 . 2012-07-10 22:12 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll - 2012-03-07 02:03 . 2012-03-07 02:03 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll + 2012-07-10 22:11 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll - 2012-06-13 14:57 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll + 2012-07-10 22:11 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll - 2012-06-13 14:57 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll + 2012-07-10 22:11 . 2012-06-02 08:33 1800192 c:\windows\SysWOW64\jscript9.dll - 2012-06-13 14:57 . 2012-05-17 22:45 1800192 c:\windows\SysWOW64\jscript9.dll + 2012-07-10 22:11 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll - 2012-06-13 14:57 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll - 2012-06-13 14:57 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll + 2012-07-10 22:11 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll + 2012-07-10 22:11 . 2012-06-02 12:05 1392128 c:\windows\system64\wininet.dll - 2012-06-13 14:57 . 2012-05-18 01:59 1392128 c:\windows\system64\wininet.dll + 2012-07-10 22:16 . 2012-06-12 03:08 3148800 c:\windows\system64\win32k.sys - 2012-06-13 14:57 . 2012-05-18 01:59 1346048 c:\windows\system64\urlmon.dll + 2012-07-10 22:11 . 2012-06-02 12:05 1346048 c:\windows\system64\urlmon.dll + 2012-07-10 21:05 . 2012-06-06 06:06 2004480 c:\windows\system64\msxml6.dll - 2011-06-06 23:35 . 2010-11-20 13:27 2004480 c:\windows\system64\msxml6.dll + 2012-07-10 21:05 . 2012-06-06 06:06 1881600 c:\windows\system64\msxml3.dll - 2012-06-13 14:57 . 2012-05-18 02:06 2311680 c:\windows\system64\jscript9.dll + 2012-07-10 22:11 . 2012-06-02 12:12 2311680 c:\windows\system64\jscript9.dll - 2012-06-13 14:57 . 2012-05-18 01:54 2144768 c:\windows\system64\iertutil.dll + 2012-07-10 22:11 . 2012-06-02 11:59 2144768 c:\windows\system64\iertutil.dll - 2011-06-06 23:35 . 2010-11-20 13:25 1133568 c:\windows\system64\cdosys.dll + 2012-07-10 21:04 . 2012-06-06 06:02 1133568 c:\windows\system64\cdosys.dll + 2012-07-10 22:11 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll - 2012-06-13 14:57 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll - 2012-06-13 14:57 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll + 2012-07-10 22:11 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll + 2012-07-10 22:11 . 2012-06-02 12:12 2311680 c:\windows\system32\jscript9.dll - 2012-06-13 14:57 . 2012-05-18 02:06 2311680 c:\windows\system32\jscript9.dll + 2012-07-10 22:11 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll - 2012-06-13 14:57 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll + 2012-07-10 21:04 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll - 2011-06-06 23:35 . 2010-11-20 13:25 1133568 c:\windows\system32\cdosys.dll - 2009-07-14 04:45 . 2012-06-23 10:02 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2012-07-11 03:51 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2011-05-20 18:46 . 2012-06-30 18:57 1752696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-05-20 18:46 . 2012-07-28 10:39 1752696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-05-20 22:06 . 2012-08-02 04:34 1606716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2155248324-3539292037-1374523505-1000-8192.dat + 2011-06-10 23:28 . 2012-08-02 03:03 3157972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2155248324-3539292037-1374523505-1000-12288.dat + 2012-05-30 05:19 . 2012-05-30 05:19 1732608 c:\windows\Installer\b84bf6.msp + 2012-06-25 15:02 . 2012-06-25 15:02 2460672 c:\windows\Installer\b84bec.msi + 2012-06-19 10:54 . 2012-06-19 10:54 2239488 c:\windows\Installer\b84be3.msp + 2012-06-19 10:54 . 2012-06-19 10:54 5009920 c:\windows\Installer\b84bcb.msp + 2012-04-04 20:37 . 2012-04-04 20:37 2540544 c:\windows\Installer\b84bb3.msp + 2012-04-04 20:37 . 2012-04-04 20:37 3149824 c:\windows\Installer\b84b8d.msp + 2012-07-16 20:18 . 2012-07-16 20:18 8452608 c:\windows\Installer\66da8.msi + 2011-08-28 13:42 . 2012-07-10 22:16 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2011-08-28 13:42 . 2012-06-13 15:07 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2011-08-28 13:42 . 2012-07-10 22:16 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2011-08-28 13:42 . 2012-06-13 15:07 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2011-07-27 03:55 . 2011-07-27 03:55 3004800 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OLMAPI32.DLL + 2011-07-27 04:09 . 2011-07-27 04:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\IPEDITOR.DLL + 2011-07-27 04:09 . 2011-07-27 04:09 5484416 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\IPDESIGN.DLL + 2011-07-27 04:09 . 2011-07-27 04:09 1460088 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\INFOPATH.EXE + 2012-07-10 21:05 . 2012-06-09 04:41 12873728 c:\windows\SysWOW64\shell32.dll - 2012-06-13 14:57 . 2012-05-17 23:11 12314624 c:\windows\SysWOW64\mshtml.dll + 2012-07-10 22:11 . 2012-06-02 09:07 12314624 c:\windows\SysWOW64\mshtml.dll + 2009-07-14 02:34 . 2012-07-11 03:47 11010048 c:\windows\system64\SMI\Store\Machine\SCHEMA.DAT + 2012-07-10 21:05 . 2012-06-09 05:43 14172672 c:\windows\system64\shell32.dll - 2012-02-16 19:44 . 2012-01-04 10:44 14172672 c:\windows\system64\shell32.dll - 2012-06-13 14:57 . 2012-05-18 02:47 17807360 c:\windows\system64\mshtml.dll + 2012-07-10 22:11 . 2012-06-02 12:49 17807360 c:\windows\system64\mshtml.dll + 2011-05-23 07:31 . 2012-07-10 22:12 59701280 c:\windows\system64\MRT.exe - 2012-06-13 14:57 . 2012-05-18 02:16 10924032 c:\windows\system64\ieframe.dll + 2012-07-10 22:11 . 2012-06-02 12:17 10924032 c:\windows\system64\ieframe.dll + 2009-07-14 02:34 . 2012-07-11 03:47 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2012-07-10 22:11 . 2012-06-02 12:49 17807360 c:\windows\system32\mshtml.dll - 2012-06-13 14:57 . 2012-05-18 02:47 17807360 c:\windows\system32\mshtml.dll - 2012-06-13 14:57 . 2012-05-18 02:16 10924032 c:\windows\system32\ieframe.dll + 2012-07-10 22:11 . 2012-06-02 12:17 10924032 c:\windows\system32\ieframe.dll + 2012-05-30 05:18 . 2012-05-30 05:18 11885056 c:\windows\Installer\b84c27.msp + 2011-08-03 17:18 . 2011-08-03 17:18 12997488 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OUTLOOK.EXE . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-04 12:34 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-06-04 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-08 98304] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-11-01 593920] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-04 1107552] "HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960] . c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176] R2 HitmanPro36CrusaderBoot;HitmanPro 3.6 Crusader (Boot);c:\program files\HitmanPro\HitmanPro.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-02 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-06-04 935008] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Inhoud van de 'Gedeelde Taken' map . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 11:38] . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 11:38] . 2012-07-16 c:\windows\Tasks\HPCeeScheduleForYVONNE-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-07-28 c:\windows\Tasks\HPCeeScheduleForYvonne.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] 2012-05-08 13:15 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{25515A79-C1C7-4B97-97F8-31A711694487} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HitmanPro36CrusaderBoot] "ImagePath"="\"c:\program files\HitmanPro\HitmanPro.exe\" /crusader:boot" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20, 35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b "{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,6b,7c, 1a,82,e9,65,3d,9d,e9,17,af,a2,b0,e5,ab . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c0,1e,2d,53,55,1d,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe . ************************************************************************** . Voltooingstijd: 2012-08-02 06:40:05 - machine werd herstart ComboFix-quarantined-files.txt 2012-08-02 04:40 ComboFix2.txt 2012-07-02 18:13 ComboFix3.txt 2012-03-02 16:18 . Pre-Run: 913.367.568.384 bytes beschikbaar Post-Run: 913.034.825.728 bytes beschikbaar . - - End Of File - - 30227979F75C010512D60F239BE5C5D0

Zo hierbij het logje. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:26:12, on 1-8-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro 3.6 Crusader (Boot) (HitmanPro36CrusaderBoot) - Unknown owner - C:\Program Files\HitmanPro\HitmanPro.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11779 bytes

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:46:17, on 31-7-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Safe mode Running processes: C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro 3.6 Crusader (Boot) (HitmanPro36CrusaderBoot) - Unknown owner - C:\Program Files\HitmanPro\HitmanPro.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11312 bytes Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.06.21.10 Windows 7 Service Pack 1 x64 NTFS (Veilige modus) Internet Explorer 9.0.8112.16421 Yvonne :: YVONNE-HP [administrator] 31-7-2012 21:46:28 mbam-log-2012-07-31 (21-46-28).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 230833 Verstreken tijd: 5 minuut/minuten, 22 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:\Users\Yvonne\0.3501714381902584.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)

Beste, Ik heb alweer last van een UKASH virus of trojan. De laatste keer was dit in mei 2012. Hieronder heb ik vast een MBAM en HJT logje geplaatst. Groetjes Yvonne Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.06.21.10 Windows 7 Service Pack 1 x64 FAT (Veilige modus) Internet Explorer 9.0.8112.16421 Yvonne :: YVONNE-HP [administrator] 31-7-2012 20:48:51 mbam-log-2012-07-31 (21-10-40).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 230843 Verstreken tijd: 5 minuut/minuten, 34 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:\Users\Yvonne\0.3501714381902584.exe (Trojan.Agent.Gen) -> Geen actie ondernomen. (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:12:03, on 31-7-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Safe mode Running processes: C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R3 - URLSearchHook: FCToolbarURLSearchHook Class - {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: FCTBPos00Pos - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: Gamers Unite! Snag Bar - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKCU\..\Run: [upgrade] C:\Users\Yvonne\AppData\Roaming\Google Inc.\{FB263410-1DFF-4B4F-85CF-3D215C04B7C9}\Upgrade.exe O4 - HKCU\..\Run: [uzoqyoglslkyecu] C:\ProgramData\uzoqyogl.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro 3.6 Crusader (Boot) (HitmanPro36CrusaderBoot) - Unknown owner - C:\Program Files\HitmanPro\HitmanPro.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11961 bytes

Beste, Ik heb wederom (laatste keer in mei 2012) last van een Ukash virus of trojan. Ik heb alvast een MBAM en Hijackthis gemaakt. Zie voor de logjes hieronder. Groetjes Yvonne Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.06.21.10 Windows 7 Service Pack 1 x64 FAT (Veilige modus) Internet Explorer 9.0.8112.16421 Yvonne :: YVONNE-HP [administrator] 31-7-2012 20:48:51 mbam-log-2012-07-31 (21-10-40).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 230843 Verstreken tijd: 5 minuut/minuten, 34 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:\Users\Yvonne\0.3501714381902584.exe (Trojan.Agent.Gen) -> Geen actie ondernomen. (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:12:03, on 31-7-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Safe mode Running processes: C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R3 - URLSearchHook: FCToolbarURLSearchHook Class - {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: FCTBPos00Pos - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: Gamers Unite! Snag Bar - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKCU\..\Run: [upgrade] C:\Users\Yvonne\AppData\Roaming\Google Inc.\{FB263410-1DFF-4B4F-85CF-3D215C04B7C9}\Upgrade.exe O4 - HKCU\..\Run: [uzoqyoglslkyecu] C:\ProgramData\uzoqyogl.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro 3.6 Crusader (Boot) (HitmanPro36CrusaderBoot) - Unknown owner - C:\Program Files\HitmanPro\HitmanPro.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11961 bytes

Hoi hoi, Hier dan eindelijk mijn combofixlogje. Ben benieuwd of je nu nog iets bijzonders ziet.... ComboFix 12-07-02.01 - Yvonne 02-07-2012 20:02:57.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2840 [GMT 2:00] Gestart vanuit: c:\users\Yvonne\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\22cd857d c:\programdata\boost_interprocess\20120702183757.124601 c:\programdata\boost_interprocess\20120702183757.124601\Nobu64AgentService c:\programdata\boost_interprocess\20120702183757.124601\Nobu64TrayIcon c:\programdata\boost_interprocess\20120702183757.125600 c:\programdata\boost_interprocess\20120702183757.125600\Nobu64AgentService c:\programdata\boost_interprocess\20120702183757.125600\Nobu64TrayIcon c:\programdata\zgifhflkaupcbid c:\users\Yvonne\AppData\Roaming\e03b5f16 c:\users\Yvonne\AppData\Roaming\Ovyn c:\users\Yvonne\AppData\Roaming\Ovyn\yqfoz.fyb . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))) . . 2012-07-02 18:08 . 2012-07-02 18:08 -------- d-----w- c:\users\Werner\AppData\Local\temp 2012-07-02 18:08 . 2012-07-02 18:08 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-02 18:08 . 2012-07-02 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-28 21:24 . 2012-06-28 21:24 -------- d-----w- c:\programdata\Symantec 2012-06-28 21:14 . 2012-06-28 21:15 -------- d-----w- c:\users\Yvonne\AppData\Local\NPE 2012-06-28 21:11 . 2012-06-28 21:11 -------- d-s---w- c:\windows\SysWow64\Microsoft 2012-06-27 12:09 . 2012-06-27 12:09 -------- d-----w- c:\programdata\tmiygbotsgdxpyp 2012-06-21 15:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 15:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 15:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 15:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 15:01 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 15:01 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 15:01 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 15:01 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 15:01 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-15 01:15 . 2012-06-15 18:08 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Dava 2012-06-15 01:15 . 2012-06-15 01:41 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Opewn 2012-06-13 06:06 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-12 12:16 . 2012-06-28 21:18 -------- d-----w- c:\windows\system32\drivers\NISx64\1207020.003 2012-06-10 09:05 . 2012-06-10 09:05 447 ----a-w- C:\user.js 2012-06-10 09:05 . 2012-06-28 14:43 -------- d-----w- c:\program files\Web Assistant 2012-06-10 09:05 . 2012-06-10 09:05 -------- d-----w- c:\users\Yvonne\AppData\Local\Apple Computer 2012-06-10 09:05 . 2012-06-10 09:05 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Apple Computer 2012-06-10 09:05 . 2012-06-10 09:05 -------- d-----w- c:\programdata\Apple Computer 2012-06-10 09:04 . 2012-06-10 09:04 -------- d-----w- c:\users\Yvonne\AppData\Local\Apple 2012-06-10 09:04 . 2012-06-10 09:04 -------- d-----w- c:\programdata\Apple . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-09 01:19 . 2012-05-09 01:19 0 ----a-w- c:\windows\SysWow64\shoB9BF.tmp 2012-04-19 02:50 . 2012-04-19 02:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-04-18 11:49 . 2012-05-27 08:01 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll 2012-04-04 13:56 . 2012-01-05 20:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-03-02_16.14.46 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-23 22:18 . 2007-04-04 16:53 81768 c:\windows\SysWOW64\xinput1_3.dll + 2012-04-23 22:17 . 2006-07-28 07:30 62744 c:\windows\SysWOW64\xinput1_2.dll + 2012-04-23 22:18 . 2010-06-02 02:55 74072 c:\windows\SysWOW64\XAPOFX1_5.dll + 2012-04-23 22:18 . 2010-02-04 08:01 74072 c:\windows\SysWOW64\XAPOFX1_4.dll + 2012-04-23 22:18 . 2008-10-27 08:04 70992 c:\windows\SysWOW64\XAPOFX1_2.dll + 2012-04-23 22:18 . 2008-07-31 08:41 68616 c:\windows\SysWOW64\XAPOFX1_1.dll + 2012-04-23 22:18 . 2008-05-30 12:17 65032 c:\windows\SysWOW64\XAPOFX1_0.dll + 2012-04-23 22:18 . 2010-02-04 08:01 22360 c:\windows\SysWOW64\X3DAudio1_7.dll + 2012-04-23 22:18 . 2009-03-16 12:18 22360 c:\windows\SysWOW64\X3DAudio1_6.dll + 2012-04-23 22:18 . 2008-10-27 08:04 23376 c:\windows\SysWOW64\X3DAudio1_5.dll + 2012-04-23 22:18 . 2008-05-30 12:17 25608 c:\windows\SysWOW64\X3DAudio1_4.dll + 2012-04-23 22:18 . 2008-03-05 14:00 25608 c:\windows\SysWOW64\X3DAudio1_3.dll + 2012-04-23 22:18 . 2007-10-22 01:37 17928 c:\windows\SysWOW64\X3DAudio1_2.dll + 2012-04-23 22:17 . 2007-03-05 10:42 15128 c:\windows\SysWOW64\x3daudio1_1.dll + 2012-06-13 14:57 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll + 2012-06-13 14:57 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll - 2012-02-17 00:22 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll - 2012-02-17 00:22 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll + 2012-06-13 14:57 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll - 2012-03-02 16:13 . 2012-03-02 16:13 12411 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2012-07-02 18:08 . 2012-07-02 18:08 12411 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2012-04-18 11:20 . 2012-04-18 11:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat - 2009-07-14 04:54 . 2012-02-28 14:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-01 20:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-01 20:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-04-18 11:21 . 2012-04-18 11:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012041820120419\index.dat + 2009-07-14 04:54 . 2012-07-01 20:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-02-28 14:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-04-18 11:20 . 2010-08-13 23:19 96008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Toolbar\Applications\scextension.dll + 2012-04-18 11:20 . 2012-04-18 11:20 49120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT + 2012-04-18 11:21 . 2012-04-18 11:21 17407 c:\windows\SysWOW64\config\systemprofile\AppData\Local\dt.dat + 2012-04-23 22:17 . 2006-07-28 07:31 83736 c:\windows\system64\xinput1_2.dll + 2012-04-23 22:18 . 2010-06-02 02:55 77656 c:\windows\system64\XAPOFX1_5.dll + 2012-04-23 22:18 . 2010-02-04 08:01 78680 c:\windows\system64\XAPOFX1_4.dll + 2012-04-23 22:18 . 2009-09-04 15:44 73544 c:\windows\system64\XAPOFX1_3.dll + 2012-04-23 22:18 . 2008-10-27 08:04 74576 c:\windows\system64\XAPOFX1_2.dll + 2012-04-23 22:18 . 2008-07-31 08:41 72200 c:\windows\system64\XAPOFX1_1.dll + 2012-04-23 22:18 . 2008-05-30 12:17 68104 c:\windows\system64\XAPOFX1_0.dll + 2012-04-23 22:18 . 2010-02-04 08:01 24920 c:\windows\system64\X3DAudio1_7.dll + 2012-04-23 22:18 . 2009-03-16 12:18 24920 c:\windows\system64\X3DAudio1_6.dll + 2012-04-23 22:18 . 2008-10-27 08:04 25936 c:\windows\system64\X3DAudio1_5.dll + 2012-04-23 22:18 . 2008-05-30 12:16 28168 c:\windows\system64\X3DAudio1_4.dll + 2012-04-23 22:18 . 2008-03-05 14:00 28168 c:\windows\system64\X3DAudio1_3.dll + 2012-04-23 22:18 . 2007-10-22 01:37 21000 c:\windows\system64\X3DAudio1_2.dll + 2012-04-23 22:17 . 2007-03-05 10:42 17688 c:\windows\system64\x3daudio1_1.dll + 2012-06-21 15:01 . 2012-06-02 22:19 44056 c:\windows\system64\wups2.dll + 2012-06-21 15:01 . 2012-06-02 22:19 38424 c:\windows\system64\wups.dll + 2012-06-21 15:01 . 2012-06-02 22:15 99840 c:\windows\system64\wudriver.dll + 2012-06-21 15:01 . 2012-06-02 22:19 57880 c:\windows\system64\wuauclt.exe - 2011-06-06 23:34 . 2010-11-20 13:25 36864 c:\windows\system64\wuapp.exe + 2012-06-21 15:01 . 2012-06-02 13:15 36864 c:\windows\system64\wuapp.exe + 2011-05-21 05:15 . 2012-07-01 20:42 56164 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-01 20:42 39510 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-20 18:49 . 2012-07-01 20:42 23438 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2155248324-3539292037-1374523505-1000_UserData.bin + 2011-08-28 13:42 . 2009-02-27 02:42 66440 c:\windows\system64\spool\drivers\x64\msonpui.dll + 2012-06-13 06:06 . 2012-04-26 05:41 77312 c:\windows\system64\rdpwsx.dll - 2011-06-06 23:35 . 2010-11-20 13:27 77312 c:\windows\system64\rdpwsx.dll + 2012-06-13 14:57 . 2012-05-18 01:51 96768 c:\windows\system64\mshtmled.dll + 2012-06-13 14:57 . 2012-05-18 01:56 86528 c:\windows\system64\migration\WininetPlugin.dll - 2012-02-17 00:22 . 2011-12-14 07:02 86528 c:\windows\system64\migration\WininetPlugin.dll - 2012-02-17 00:22 . 2011-12-14 07:01 85504 c:\windows\system64\jsproxy.dll + 2012-06-13 14:57 . 2012-05-18 01:56 85504 c:\windows\system64\jsproxy.dll + 2012-04-11 02:17 . 2012-03-01 06:33 81408 c:\windows\system64\imagehlp.dll - 2009-07-14 05:30 . 2011-12-29 12:50 86016 c:\windows\system64\DriverStore\infpub.dat + 2009-07-14 05:30 . 2012-04-25 19:54 86016 c:\windows\system64\DriverStore\infpub.dat + 2012-03-14 08:47 . 2012-02-17 04:57 23552 c:\windows\system64\drivers\tdtcp.sys - 2009-07-14 00:16 . 2009-07-14 00:16 23552 c:\windows\system64\drivers\tdtcp.sys + 2012-05-08 21:14 . 2012-03-17 07:58 75120 c:\windows\system64\drivers\partmgr.sys + 2012-01-05 20:50 . 2012-04-04 13:56 24904 c:\windows\system64\drivers\mbam.sys + 2012-04-11 02:17 . 2012-03-01 06:46 23408 c:\windows\system64\drivers\fs_rec.sys + 2012-01-31 02:46 . 2012-01-31 02:46 36944 c:\windows\system64\drivers\avgrkx64.sys + 2011-12-23 11:32 . 2011-12-23 11:32 47696 c:\windows\system64\drivers\avgmfx64.sys + 2012-04-19 02:50 . 2012-04-19 02:50 28480 c:\windows\system64\drivers\avgidsha.sys + 2011-12-23 11:32 . 2011-12-23 11:32 29776 c:\windows\system64\drivers\avgidsfiltera.sys - 2011-05-21 03:44 . 2012-03-01 17:48 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-21 03:44 . 2012-06-30 18:34 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-21 03:44 . 2012-06-30 18:34 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-05-21 03:44 . 2012-03-01 17:48 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-03-01 17:48 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-30 18:34 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-04-23 22:17 . 2006-07-28 07:31 83736 c:\windows\system32\xinput1_2.dll + 2012-04-23 22:18 . 2010-06-02 02:55 77656 c:\windows\system32\XAPOFX1_5.dll + 2012-04-23 22:18 . 2010-02-04 08:01 78680 c:\windows\system32\XAPOFX1_4.dll + 2012-04-23 22:18 . 2009-09-04 15:44 73544 c:\windows\system32\XAPOFX1_3.dll + 2012-04-23 22:18 . 2008-10-27 08:04 74576 c:\windows\system32\XAPOFX1_2.dll + 2012-04-23 22:18 . 2008-07-31 08:41 72200 c:\windows\system32\XAPOFX1_1.dll + 2012-04-23 22:18 . 2008-05-30 12:17 68104 c:\windows\system32\XAPOFX1_0.dll + 2012-04-23 22:18 . 2010-02-04 08:01 24920 c:\windows\system32\X3DAudio1_7.dll + 2012-04-23 22:18 . 2009-03-16 12:18 24920 c:\windows\system32\X3DAudio1_6.dll + 2012-04-23 22:18 . 2008-10-27 08:04 25936 c:\windows\system32\X3DAudio1_5.dll + 2012-04-23 22:18 . 2008-05-30 12:16 28168 c:\windows\system32\X3DAudio1_4.dll + 2012-04-23 22:18 . 2008-03-05 14:00 28168 c:\windows\system32\X3DAudio1_3.dll + 2012-04-23 22:18 . 2007-10-22 01:37 21000 c:\windows\system32\X3DAudio1_2.dll + 2012-04-23 22:17 . 2007-03-05 10:42 17688 c:\windows\system32\x3daudio1_1.dll + 2011-05-21 05:15 . 2012-07-01 20:42 56164 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-01 20:42 39510 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-20 18:49 . 2012-07-01 20:42 23438 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2155248324-3539292037-1374523505-1000_UserData.bin + 2011-08-28 13:42 . 2009-02-27 02:42 66440 c:\windows\system32\spool\drivers\x64\msonpui.dll - 2011-06-06 23:35 . 2010-11-20 13:27 77312 c:\windows\system32\rdpwsx.dll + 2012-06-13 06:06 . 2012-04-26 05:41 77312 c:\windows\system32\rdpwsx.dll + 2012-06-13 14:57 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll + 2012-06-13 14:57 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll - 2012-02-17 00:22 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll - 2012-02-17 00:22 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll + 2012-06-13 14:57 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll + 2012-04-11 02:17 . 2012-03-01 06:33 81408 c:\windows\system32\imagehlp.dll + 2009-07-14 05:30 . 2012-04-25 19:54 86016 c:\windows\system32\DriverStore\infpub.dat - 2009-07-14 05:30 . 2011-12-29 12:50 86016 c:\windows\system32\DriverStore\infpub.dat - 2009-07-14 00:16 . 2009-07-14 00:16 23552 c:\windows\system32\drivers\tdtcp.sys + 2012-03-14 08:47 . 2012-02-17 04:57 23552 c:\windows\system32\drivers\tdtcp.sys + 2012-05-08 21:14 . 2012-03-17 07:58 75120 c:\windows\system32\drivers\partmgr.sys + 2012-04-11 02:17 . 2012-03-01 06:46 23408 c:\windows\system32\drivers\fs_rec.sys + 2012-01-31 02:46 . 2012-01-31 02:46 36944 c:\windows\system32\drivers\avgrkx64.sys + 2011-12-23 11:32 . 2011-12-23 11:32 47696 c:\windows\system32\drivers\avgmfx64.sys + 2011-12-23 11:32 . 2011-12-23 11:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys + 2011-05-21 03:44 . 2012-06-30 18:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-21 03:44 . 2012-03-01 17:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-21 03:44 . 2012-03-01 17:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-05-21 03:44 . 2012-06-30 18:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-30 18:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-03-01 17:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-06-30 18:26 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2009-07-14 04:46 . 2012-02-22 11:59 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-05-20 18:56 . 2012-03-29 02:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-20 18:56 . 2012-02-20 19:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-12-15 12:01 . 2011-12-15 12:01 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll + 2011-12-15 11:08 . 2011-12-15 11:08 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll + 2012-06-13 15:06 . 2012-06-13 15:06 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll - 2012-02-17 00:27 . 2012-02-17 00:27 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll + 2012-06-13 15:06 . 2012-06-13 15:06 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll - 2012-02-17 00:27 . 2012-02-17 00:27 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll - 2012-02-17 00:27 . 2012-02-17 00:27 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll + 2012-06-13 15:06 . 2012-06-13 15:06 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll + 2012-06-13 15:06 . 2012-06-13 15:06 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll - 2012-02-17 00:27 . 2012-02-17 00:27 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll - 2012-02-17 00:27 . 2012-02-17 00:27 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll + 2012-06-13 15:06 . 2012-06-13 15:06 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll + 2012-06-13 15:06 . 2012-06-13 15:06 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll - 2012-02-17 00:27 . 2012-02-17 00:27 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll + 2012-06-13 15:06 . 2012-06-13 15:06 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll - 2012-02-17 00:27 . 2012-02-17 00:27 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll - 2012-02-17 00:27 . 2012-02-17 00:27 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll + 2012-06-13 15:06 . 2012-06-13 15:06 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll - 2012-02-17 00:27 . 2012-02-17 00:27 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll + 2012-06-13 15:06 . 2012-06-13 15:06 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll + 2012-06-13 15:06 . 2012-06-13 15:06 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll - 2012-02-17 00:27 . 2012-02-17 00:27 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll + 2012-06-13 15:06 . 2012-06-13 15:06 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll - 2012-02-17 00:27 . 2012-02-17 00:27 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll - 2012-02-17 00:27 . 2012-02-17 00:27 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2012-06-13 15:06 . 2012-06-13 15:06 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2012-06-13 15:06 . 2012-06-13 15:06 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll - 2012-02-17 00:27 . 2012-02-17 00:27 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll + 2012-06-13 15:06 . 2012-06-13 15:06 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll - 2012-02-17 00:27 . 2012-02-17 00:27 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll + 2012-06-13 15:06 . 2012-06-13 15:06 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll - 2012-02-17 00:27 . 2012-02-17 00:27 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll + 2012-06-13 15:06 . 2012-06-13 15:06 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2012-02-17 00:27 . 2012-02-17 00:27 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2012-06-13 15:06 . 2012-06-13 15:06 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2012-02-17 00:27 . 2012-02-17 00:27 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2012-06-13 15:06 . 2012-06-13 15:06 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2012-02-17 00:27 . 2012-02-17 00:27 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2012-06-13 15:06 . 2012-06-13 15:06 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2012-02-17 00:27 . 2012-02-17 00:27 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2012-02-17 00:27 . 2012-02-17 00:27 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2012-06-13 15:06 . 2012-06-13 15:06 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2012-02-17 00:26 . 2012-02-17 00:26 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-06-13 15:05 . 2012-06-13 15:05 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-06-13 15:05 . 2012-06-13 15:05 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2012-02-17 00:26 . 2012-02-17 00:26 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2012-03-28 13:53 . 2012-03-28 13:53 25600 c:\windows\Installer\353416c.msi + 2011-08-28 13:42 . 2012-06-13 15:07 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2011-08-28 13:42 . 2012-02-17 00:24 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2011-08-28 13:42 . 2012-06-13 15:07 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2011-08-28 13:42 . 2012-02-17 00:24 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2011-08-28 13:42 . 2012-02-17 00:24 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2011-08-28 13:42 . 2012-06-13 15:07 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2011-02-01 23:33 . 2012-05-09 01:02 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll - 2011-02-01 23:33 . 2012-02-17 00:25 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll + 2006-07-24 08:50 . 2006-07-24 08:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\VBAME.DLL + 2009-02-26 13:24 . 2009-02-26 13:24 71536 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\ONFILTER.DLL + 2009-02-26 13:24 . 2009-02-26 13:24 97680 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\ONENOTEM.EXE + 2011-08-28 13:39 . 2011-08-28 13:39 35648 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OLCTLPIA.DLL + 2009-04-02 10:01 . 2009-04-02 10:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\EXP_XPS.DLL + 2009-04-03 16:46 . 2009-04-03 16:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\EXP_PDF.DLL + 2006-10-26 18:13 . 2006-10-26 18:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACECNFLT.EXE + 2012-05-09 17:02 . 2012-05-09 17:02 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\7fa267d10b2df6dbd00d00d130715f0a\System.Xml.Serialization.ni.dll + 2012-05-09 17:02 . 2012-05-09 17:02 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\054fce9466c6cef615b2f7cc9ff4e7f8\System.Windows.Presentation.ni.dll + 2012-05-09 17:01 . 2012-05-09 17:01 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\ff78ec1b5bf38a8fb74c2d4f41bb308a\System.Web.ApplicationServices.ni.dll + 2012-05-09 16:59 . 2012-05-09 16:59 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\e144d0028365c62178eb0662911ac910\System.AddIn.Contract.ni.dll + 2012-05-09 16:57 . 2012-05-09 16:57 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\93295f3771dc9e5be2d49d5f5d76a7a6\Microsoft.VisualC.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\5ea625ce2d6c08687f70cb81a003a28b\dfsvc.ni.exe + 2012-05-09 16:56 . 2012-05-09 16:56 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\061cbee19075e086d675a9e1f65725d7\Accessibility.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\f3a9c6e87bfa4bab3689ec1cdb56964f\System.Windows.Presentation.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\9b418f37f4594806e1f4b0ed6d083a95\System.Web.ApplicationServices.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d09c237ee72af3935f1a01388ef8e315\System.ServiceModel.Channels.ni.dll + 2012-05-09 16:49 . 2012-05-09 16:49 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\59be5fb54e018032511415f0b0523ee3\System.AddIn.Contract.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\46f273930666397a8cb538ffe9190eef\Microsoft.VisualC.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\fb4bc14964a1d415bdbe55b62ce73a52\System.Windows.Presentation.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\eef76dd965ea0a8ae5fb0c734d84389c\System.Web.DynamicData.Design.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\ee709a01b51c82626f4b2c1173f2db28\stdole.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\78f495970511b726a0ca7b8119360e25\PresentationFontCache.ni.exe + 2012-05-09 01:26 . 2012-05-09 01:26 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\1a359e9b908a2565c546a8ca04b241c2\PresentationCFFRasterizer.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\9d57c4bbbc0b3243046fc7839da71b00\Microsoft.WSMan.Runtime.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\d6578432220dbabf2b15027681327bf8\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\66deb65a87750efddf62d1e0c0655352\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4b6402dc918e41b8de8c501f29833d91\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\28545d2b6a0aaef4aa168f9808603bc5\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\1d8a17a2c1416a8ad4d6ad2a28b4c5fd\Microsoft.Windows.Diagnosis.SDEngine.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\0abc7256549c204f39af7dcc52c9e5d5\Microsoft.Windows.Diagnosis.SDHost.ni.dll + 2012-05-09 01:19 . 2012-05-09 01:19 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\3c3a6cce983114e7406e0a6e6116ecd8\Microsoft.VisualC.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6ab0575bf49b60fd4b697d47e1754072\Microsoft.MediaCenter.iTv.Hosting.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\1569a004b1f41193818e3b3777f2c73d\LoadMxf.ni.exe + 2012-05-09 16:52 . 2012-05-09 16:52 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\3ee98e8b2084e27d65953bbd7e362bf8\ehiUPnP.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\1cd9f92749d29b9fd61fcb1c4ae84294\ehiTVMSMusic.ni.dll + 2012-05-09 16:51 . 2012-05-09 16:51 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0811f67973c32efb2bfad62a4a2592b5\dfsvc.ni.exe + 2012-05-09 01:26 . 2012-05-09 01:26 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\ae9311dcb0e713330a2a86b04cf361dc\Accessibility.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\876f4df16291d2b14c21e2a14afb60c9\WindowsLiveWriter.ni.exe + 2012-05-09 16:46 . 2012-05-09 16:46 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4bd9d7d8d3686f779672029df66df150\WindowsLive.Writer.Passport.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\66d750f3f8dde0cc865f921497ab3545\System.Windows.Presentation.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2b97ccae44726f13c418f1406180c3e8\System.Web.DynamicData.Design.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\543b0e12423bcec010bdd2ac27c5dc04\System.ComponentModel.DataAnnotations.ni.dll + 2012-05-09 01:28 . 2012-05-09 01:28 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f34410ab8e82063735d876533db26c49\System.AddIn.Contract.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\d246780b91fd9f6393e85fb13bde94a6\stdole.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\d24744f15243e28ea541a459ff7ff5d5\PresentationFontCache.ni.exe + 2012-05-09 01:24 . 2012-05-09 01:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5a9d0ff936810991cedd098fe006a9be\PresentationCFFRasterizer.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\87a30ba337ed55d0905f19742e2985bc\napcrypt.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\9f2e8e0df9ff39ad21088f1d66cfadb1\Microsoft.WSMan.Runtime.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d797123d55bb7b823120d0a7ffbbc2a7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb8ad29814d9e5589bd400d38e7a0b10\Microsoft.Windows.Diagnosis.SDHost.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb42a0f25b7608b2675080081b03f6e5\Microsoft.Windows.Diagnosis.SDEngine.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\c6e9143be5afb36345875d56b61c444f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\91767cf3facefe10e00734c815e925ad\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\66cd99d2f576cde047074e98bd5e1848\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4308e1bdc640e1c3f1ea966e84e48900\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\06fcf2fbbe38d9425fc49d935498ec93\Microsoft.Vsa.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\55c57057dc81a5e8c5bde3a230f0bcb9\Microsoft.VisualC.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e3ef400b1f37e4d3b79a42a8a602ea02\Microsoft.Build.Framework.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2095344bf8c40f8baa94ba53a993fb4c\Microsoft.Build.Framework.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\dc93539af5a961641a26ada75f730136\ehiUserXp.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\53d03b0e238c77cf7e5ac88e02aecd2c\dfsvc.ni.exe + 2012-05-09 01:24 . 2012-05-09 01:24 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll - 2011-02-01 23:33 . 2011-02-01 23:33 24576 c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Drawing.resources.dll + 2012-04-11 01:19 . 2010-11-13 00:34 24576 c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Drawing.resources.dll + 2012-03-07 02:03 . 2012-03-07 02:03 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll + 2012-03-07 02:03 . 2012-03-07 02:03 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll - 2011-08-30 01:03 . 2011-08-30 01:03 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll + 2012-03-07 02:03 . 2012-03-07 02:03 34696 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll + 2012-04-11 02:17 . 2012-03-01 05:29 5120 c:\windows\SysWOW64\wmi.dll - 2009-07-14 00:19 . 2009-07-14 01:11 5120 c:\windows\SysWOW64\wmi.dll - 2009-07-14 00:41 . 2009-07-14 01:33 5120 c:\windows\system64\wmi.dll + 2012-04-11 02:17 . 2012-03-01 06:28 5120 c:\windows\system64\wmi.dll + 2012-06-13 06:06 . 2012-04-26 05:34 9216 c:\windows\system64\rdrmemptylst.exe - 2011-05-20 18:55 . 2011-05-20 18:55 9560 c:\windows\system64\NetworkList\Icons\{98A8768A-5ED5-45BA-8007-076E418025D6}_48.bin + 2011-05-20 18:55 . 2012-03-05 16:30 9560 c:\windows\system64\NetworkList\Icons\{98A8768A-5ED5-45BA-8007-076E418025D6}_48.bin + 2011-05-20 18:55 . 2012-03-05 16:30 4280 c:\windows\system64\NetworkList\Icons\{98A8768A-5ED5-45BA-8007-076E418025D6}_32.bin - 2011-05-20 18:55 . 2011-05-20 18:55 4280 c:\windows\system64\NetworkList\Icons\{98A8768A-5ED5-45BA-8007-076E418025D6}_32.bin - 2011-05-20 18:55 . 2011-05-20 18:55 2456 c:\windows\system64\NetworkList\Icons\{98A8768A-5ED5-45BA-8007-076E418025D6}_24.bin + 2011-05-20 18:55 . 2012-03-05 16:30 2456 c:\windows\system64\NetworkList\Icons\{98A8768A-5ED5-45BA-8007-076E418025D6}_24.bin + 2012-04-11 02:17 . 2012-03-01 06:28 5120 c:\windows\system32\wmi.dll - 2009-07-14 00:41 . 2009-07-14 01:33 5120 c:\windows\system32\wmi.dll + 2012-06-13 06:06 . 2012-04-26 05:34 9216 c:\windows\system32\rdrmemptylst.exe + 2011-05-20 18:55 . 2012-03-05 16:30 9560 c:\windows\system32\NetworkList\Icons\{98A8768A-5ED5-45BA-8007-076E418025D6}_48.bin - 2011-05-20 18:55 . 2011-05-20 18:55 9560 c:\windows\system32\NetworkList\Icons\{98A8768A-5ED5-45BA-8007-076E418025D6}_48.bin + 2011-05-20 18:55 . 2012-03-05 16:30 4280 c:\windows\system32\NetworkList\Icons\{98A8768A-5ED5-45BA-8007-076E418025D6}_32.bin - 2011-05-20 18:55 . 2011-05-20 18:55 4280 c:\windows\system32\NetworkList\Icons\{98A8768A-5ED5-45BA-8007-076E418025D6}_32.bin + 2011-05-20 18:55 . 2012-03-05 16:30 2456 c:\windows\system32\NetworkList\Icons\{98A8768A-5ED5-45BA-8007-076E418025D6}_24.bin - 2011-05-20 18:55 . 2011-05-20 18:55 2456 c:\windows\system32\NetworkList\Icons\{98A8768A-5ED5-45BA-8007-076E418025D6}_24.bin + 2012-07-02 18:09 . 2012-07-02 18:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-02 16:14 . 2012-03-02 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-02 18:09 . 2012-07-02 18:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-03-02 16:14 . 2012-03-02 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-09 16:50 . 2012-05-09 16:50 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\4b540b784465ca3f0742990e5af444e3\System.Xml.Serialization.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\fd866b4158c3bd2a26c875f2896c5573\dfsvc.ni.exe + 2012-04-23 22:18 . 2010-06-02 02:55 527192 c:\windows\SysWOW64\XAudio2_7.dll + 2012-04-23 22:18 . 2010-02-04 08:01 528216 c:\windows\SysWOW64\XAudio2_6.dll + 2012-04-23 22:18 . 2009-03-16 12:18 517448 c:\windows\SysWOW64\XAudio2_4.dll + 2012-04-23 22:18 . 2008-10-27 08:04 514384 c:\windows\SysWOW64\XAudio2_3.dll + 2012-04-23 22:18 . 2008-07-31 08:40 509448 c:\windows\SysWOW64\XAudio2_2.dll + 2012-04-23 22:18 . 2008-05-30 12:19 507400 c:\windows\SysWOW64\XAudio2_1.dll + 2012-04-23 22:18 . 2008-03-05 14:03 479752 c:\windows\SysWOW64\XAudio2_0.dll + 2012-04-23 22:18 . 2010-06-02 02:55 239960 c:\windows\SysWOW64\xactengine3_7.dll + 2012-04-23 22:18 . 2010-02-04 08:01 238936 c:\windows\SysWOW64\xactengine3_6.dll + 2012-04-23 22:18 . 2009-09-04 15:44 238936 c:\windows\SysWOW64\xactengine3_5.dll + 2012-04-23 22:18 . 2009-03-16 12:18 235352 c:\windows\SysWOW64\xactengine3_4.dll + 2012-04-23 22:18 . 2008-10-27 08:04 235856 c:\windows\SysWOW64\xactengine3_3.dll + 2012-04-23 22:18 . 2008-07-31 08:41 238088 c:\windows\SysWOW64\xactengine3_2.dll + 2012-04-23 22:18 . 2008-05-30 12:18 238088 c:\windows\SysWOW64\xactengine3_1.dll + 2012-04-23 22:18 . 2008-03-05 14:03 238088 c:\windows\SysWOW64\xactengine3_0.dll + 2012-04-23 22:18 . 2007-07-19 22:57 267112 c:\windows\SysWOW64\xactengine2_9.dll + 2012-04-23 22:18 . 2007-06-20 18:46 266088 c:\windows\SysWOW64\xactengine2_8.dll + 2012-04-23 22:18 . 2007-04-04 16:55 261480 c:\windows\SysWOW64\xactengine2_7.dll + 2012-04-23 22:17 . 2007-01-24 13:27 255848 c:\windows\SysWOW64\xactengine2_6.dll + 2012-04-23 22:17 . 2006-12-08 10:02 251672 c:\windows\SysWOW64\xactengine2_5.dll + 2012-04-23 22:17 . 2006-09-28 14:05 237848 c:\windows\SysWOW64\xactengine2_4.dll + 2012-04-23 22:17 . 2006-07-28 07:30 236824 c:\windows\SysWOW64\xactengine2_3.dll + 2012-04-23 22:17 . 2006-05-31 05:24 230168 c:\windows\SysWOW64\xactengine2_2.dll + 2012-04-23 22:18 . 2007-10-22 01:39 267272 c:\windows\SysWOW64\xactengine2_10.dll + 2012-04-11 02:17 . 2012-03-01 05:37 172544 c:\windows\SysWOW64\wintrust.dll + 2012-06-13 14:57 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll - 2012-02-17 00:22 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll + 2012-03-14 08:47 . 2012-02-17 05:34 826880 c:\windows\SysWOW64\rdpcore.dll + 2012-06-10 09:05 . 2012-06-10 09:05 144808 c:\windows\SysWOW64\mlfcache.dat + 2012-03-13 16:46 . 2012-03-13 16:46 250528 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe + 2012-03-13 16:46 . 2012-03-13 16:46 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.dll - 2012-02-17 00:22 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll + 2012-06-13 14:57 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll + 2012-04-11 02:17 . 2012-03-01 05:33 159232 c:\windows\SysWOW64\imagehlp.dll - 2011-05-21 21:02 . 2011-05-21 21:02 142848 c:\windows\SysWOW64\ieUnatt.exe + 2012-06-13 14:57 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe + 2012-06-13 14:57 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll - 2012-02-17 00:22 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll + 2012-04-23 22:18 . 2010-05-26 09:41 248672 c:\windows\SysWOW64\d3dx11_43.dll + 2012-04-23 22:18 . 2009-09-04 15:29 235344 c:\windows\SysWOW64\d3dx11_42.dll + 2012-04-23 22:18 . 2010-05-26 09:41 470880 c:\windows\SysWOW64\d3dx10_43.dll + 2012-04-23 22:18 . 2008-10-10 02:52 452440 c:\windows\SysWOW64\d3dx10_40.dll + 2012-04-23 22:18 . 2008-07-10 09:01 467984 c:\windows\SysWOW64\d3dx10_39.dll + 2012-04-23 22:18 . 2008-05-30 12:11 467984 c:\windows\SysWOW64\d3dx10_38.dll + 2012-04-23 22:18 . 2008-02-05 21:07 462864 c:\windows\SysWOW64\d3dx10_37.dll + 2012-04-23 22:18 . 2007-10-02 07:56 444776 c:\windows\SysWOW64\d3dx10_36.dll + 2012-04-23 22:18 . 2007-07-19 16:14 444776 c:\windows\SysWOW64\d3dx10_35.dll + 2012-04-23 22:18 . 2007-05-16 14:45 443752 c:\windows\SysWOW64\d3dx10_34.dll + 2012-04-23 22:17 . 2007-03-15 14:57 443752 c:\windows\SysWOW64\d3dx10_33.dll + 2012-04-23 22:17 . 2006-11-29 11:06 440080 c:\windows\SysWOW64\d3dx10.dll + 2012-06-13 06:06 . 2012-04-24 04:36 140288 c:\windows\SysWOW64\cryptsvc.dll + 2012-06-13 06:06 . 2012-04-24 04:36 103936 c:\windows\SysWOW64\cryptnet.dll + 2012-06-28 21:11 . 2012-06-28 21:11 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT + 2012-04-18 11:21 . 2012-04-18 11:20 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat + 2012-04-18 11:20 . 2010-08-13 23:19 461576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Toolbar\Applications\wlextension.dll + 2012-04-18 11:20 . 2010-08-13 23:19 131336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Toolbar\Applications\searchappextension.dll + 2012-04-18 11:20 . 2010-08-13 23:19 335112 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Toolbar\Applications\appmgr.dll + 2012-06-28 21:11 . 2012-06-28 21:11 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT + 2012-06-28 21:11 . 2012-06-28 21:11 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT + 2012-04-23 22:18 . 2007-04-04 16:54 107368 c:\windows\system64\xinput1_3.dll + 2012-04-23 22:18 . 2010-06-02 02:55 518488 c:\windows\system64\XAudio2_7.dll + 2012-04-23 22:18 . 2010-02-04 08:01 530776 c:\windows\system64\XAudio2_6.dll + 2012-04-23 22:18 . 2009-09-04 15:44 517960 c:\windows\system64\XAudio2_5.dll + 2012-04-23 22:18 . 2009-03-16 12:18 521560 c:\windows\system64\XAudio2_4.dll + 2012-04-23 22:18 . 2008-10-27 08:04 518480 c:\windows\system64\XAudio2_3.dll + 2012-04-23 22:18 . 2008-07-31 08:40 513544 c:\windows\system64\XAudio2_2.dll + 2012-04-23 22:18 . 2008-05-30 12:19 511496 c:\windows\system64\XAudio2_1.dll + 2012-04-23 22:18 . 2008-03-05 14:04 489480 c:\windows\system64\XAudio2_0.dll + 2012-04-23 22:18 . 2010-06-02 02:55 176984 c:\windows\system64\xactengine3_7.dll + 2012-04-23 22:18 . 2010-02-04 08:01 176984 c:\windows\system64\xactengine3_6.dll + 2012-04-23 22:18 . 2009-09-04 15:44 176968 c:\windows\system64\xactengine3_5.dll + 2012-04-23 22:18 . 2009-03-16 12:18 174936 c:\windows\system64\xactengine3_4.dll + 2012-04-23 22:18 . 2008-10-27 08:04 175440 c:\windows\system64\xactengine3_3.dll + 2012-04-23 22:18 . 2008-07-31 08:41 177672 c:\windows\system64\xactengine3_2.dll + 2012-04-23 22:18 . 2008-05-30 12:18 177672 c:\windows\system64\xactengine3_1.dll + 2012-04-23 22:18 . 2008-03-05 14:03 177672 c:\windows\system64\xactengine3_0.dll + 2012-04-23 22:18 . 2007-07-19 22:57 411496 c:\windows\system64\xactengine2_9.dll + 2012-04-23 22:18 . 2007-06-20 18:49 409960 c:\windows\system64\xactengine2_8.dll + 2012-04-23 22:18 . 2007-04-04 16:55 403304 c:\windows\system64\xactengine2_7.dll + 2012-04-23 22:17 . 2007-01-24 13:27 393576 c:\windows\system64\xactengine2_6.dll + 2012-04-23 22:17 . 2006-12-08 10:00 390424 c:\windows\system64\xactengine2_5.dll + 2012-04-23 22:17 . 2006-09-28 14:04 364824 c:\windows\system64\xactengine2_4.dll + 2012-04-23 22:17 . 2006-07-28 07:30 363288 c:\windows\system64\xactengine2_3.dll + 2012-04-23 22:17 . 2006-05-31 05:22 354072 c:\windows\system64\xactengine2_2.dll + 2012-04-23 22:18 . 2007-10-22 01:40 411656 c:\windows\system64\xactengine2_10.dll + 2012-06-21 15:01 . 2012-06-02 13:19 186752 c:\windows\system64\wuwebv.dll + 2012-06-21 15:01 . 2012-06-02 22:19 701976 c:\windows\system64\wuapi.dll - 2011-06-06 23:35 . 2010-11-20 13:27 220672 c:\windows\system64\wintrust.dll + 2012-04-11 02:17 . 2012-03-01 06:38 220672 c:\windows\system64\wintrust.dll + 2011-05-21 20:57 . 2012-07-01 11:07 264206 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2012-06-13 14:57 . 2012-05-18 01:58 237056 c:\windows\system64\url.dll - 2012-02-17 00:22 . 2011-12-14 07:03 237056 c:\windows\system64\url.dll + 2011-08-28 13:42 . 2009-02-27 02:42 863128 c:\windows\system64\spool\drivers\x64\msonpdrv.dll + 2012-06-13 06:06 . 2012-04-26 05:41 149504 c:\windows\system64\rdpcorekmts.dll - 2011-06-06 23:35 . 2010-11-20 13:27 149504 c:\windows\system64\rdpcorekmts.dll - 2011-06-06 23:35 . 2010-11-20 13:27 209920 c:\windows\system64\profsvc.dll + 2012-06-13 06:06 . 2012-05-01 05:40 209920 c:\windows\system64\profsvc.dll - 2011-02-01 23:34 . 2012-02-28 20:26 701992 c:\windows\system64\perfh013.dat + 2011-02-01 23:34 . 2012-07-02 16:42 701992 c:\windows\system64\perfh013.dat - 2009-07-14 02:36 . 2012-02-28 20:26 616476 c:\windows\system64\perfh009.dat + 2009-07-14 02:36 . 2012-07-02 16:42 616476 c:\windows\system64\perfh009.dat - 2011-02-01 23:34 . 2012-02-28 20:26 133766 c:\windows\system64\perfc013.dat + 2011-02-01 23:34 . 2012-07-02 16:42 133766 c:\windows\system64\perfc013.dat + 2009-07-14 02:36 . 2012-07-02 16:42 106598 c:\windows\system64\perfc009.dat - 2009-07-14 02:36 . 2012-02-28 20:26 106598 c:\windows\system64\perfc009.dat + 2011-07-20 18:14 . 2012-02-23 08:18 279656 c:\windows\system64\MpSigStub.exe + 2011-11-30 11:41 . 2012-03-13 16:46 465568 c:\windows\system64\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe + 2011-11-30 11:41 . 2012-03-13 16:46 376480 c:\windows\system64\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll - 2011-11-30 11:41 . 2011-11-30 11:41 376480 c:\windows\system64\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll - 2012-02-17 00:22 . 2011-12-14 07:00 818688 c:\windows\system64\jscript.dll + 2012-06-13 14:57 . 2012-05-18 01:55 818688 c:\windows\system64\jscript.dll + 2012-06-13 14:57 . 2012-05-18 01:55 173056 c:\windows\system64\ieUnatt.exe - 2011-05-21 21:02 . 2011-05-21 21:02 173056 c:\windows\system64\ieUnatt.exe - 2012-02-17 00:22 . 2011-12-14 06:53 248320 c:\windows\system64\ieui.dll + 2012-06-13 14:57 . 2012-05-18 01:47 248320 c:\windows\system64\ieui.dll - 2009-07-14 04:45 . 2012-02-17 01:02 424424 c:\windows\system64\FNTCACHE.DAT + 2009-07-14 04:45 . 2012-06-13 22:26 424424 c:\windows\system64\FNTCACHE.DAT - 2009-07-14 05:30 . 2011-12-29 12:50 143360 c:\windows\system64\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-04-25 19:54 143360 c:\windows\system64\DriverStore\infstrng.dat + 2012-06-13 06:06 . 2012-04-28 03:55 210944 c:\windows\system64\drivers\rdpwd.sys - 2011-06-06 23:35 . 2010-11-20 11:04 210944 c:\windows\system64\drivers\rdpwd.sys + 2012-03-19 03:17 . 2012-03-19 03:17 383808 c:\windows\system64\drivers\avgtdia.sys + 2012-02-22 03:25 . 2012-02-22 03:25 289872 c:\windows\system64\drivers\avgldx64.sys + 2011-12-23 11:31 . 2011-12-23 11:31 124496 c:\windows\system64\drivers\avgidsdrivera.sys + 2012-04-23 22:18 . 2010-05-26 09:41 276832 c:\windows\system64\d3dx11_43.dll + 2012-04-23 22:18 . 2009-09-04 15:29 285024 c:\windows\system64\d3dx11_42.dll + 2012-04-23 22:18 . 2010-05-26 09:41 511328 c:\windows\system64\d3dx10_43.dll + 2012-04-23 22:18 . 2009-03-09 13:27 520544 c:\windows\system64\d3dx10_41.dll + 2012-04-23 22:18 . 2008-10-10 02:52 519000 c:\windows\system64\d3dx10_40.dll + 2012-04-23 22:18 . 2008-07-10 09:00 540688 c:\windows\system64\d3dx10_39.dll + 2012-04-23 22:18 . 2008-05-30 12:11 540688 c:\windows\system64\d3dx10_38.dll + 2012-04-23 22:18 . 2008-02-05 21:07 529424 c:\windows\system64\d3dx10_37.dll + 2012-04-23 22:18 . 2007-10-02 07:56 508264 c:\windows\system64\d3dx10_36.dll + 2012-04-23 22:18 . 2007-07-19 16:14 508264 c:\windows\system64\d3dx10_35.dll + 2012-04-23 22:18 . 2007-05-16 14:45 506728 c:\windows\system64\d3dx10_34.dll + 2012-04-23 22:17 . 2007-03-15 14:57 506728 c:\windows\system64\d3dx10_33.dll + 2012-04-23 22:17 . 2006-11-29 11:06 469264 c:\windows\system64\d3dx10.dll + 2012-06-13 06:06 . 2012-04-24 05:37 184320 c:\windows\system64\cryptsvc.dll + 2012-06-13 06:06 . 2012-04-24 05:37 140288 c:\windows\system64\cryptnet.dll + 2012-04-23 22:18 . 2007-04-04 16:54 107368 c:\windows\system32\xinput1_3.dll + 2012-04-23 22:18 . 2010-06-02 02:55 518488 c:\windows\system32\XAudio2_7.dll + 2012-04-23 22:18 . 2010-02-04 08:01 530776 c:\windows\system32\XAudio2_6.dll + 2012-04-23 22:18 . 2009-09-04 15:44 517960 c:\windows\system32\XAudio2_5.dll + 2012-04-23 22:18 . 2009-03-16 12:18 521560 c:\windows\system32\XAudio2_4.dll + 2012-04-23 22:18 . 2008-10-27 08:04 518480 c:\windows\system32\XAudio2_3.dll + 2012-04-23 22:18 . 2008-07-31 08:40 513544 c:\windows\system32\XAudio2_2.dll + 2012-04-23 22:18 . 2008-05-30 12:19 511496 c:\windows\system32\XAudio2_1.dll + 2012-04-23 22:18 . 2008-03-05 14:04 489480 c:\windows\system32\XAudio2_0.dll + 2012-04-23 22:18 . 2010-06-02 02:55 176984 c:\windows\system32\xactengine3_7.dll + 2012-04-23 22:18 . 2010-02-04 08:01 176984 c:\windows\system32\xactengine3_6.dll + 2012-04-23 22:18 . 2009-09-04 15:44 176968 c:\windows\system32\xactengine3_5.dll + 2012-04-23 22:18 . 2009-03-16 12:18 174936 c:\windows\system32\xactengine3_4.dll + 2012-04-23 22:18 . 2008-10-27 08:04 175440 c:\windows\system32\xactengine3_3.dll + 2012-04-23 22:18 . 2008-07-31 08:41 177672 c:\windows\system32\xactengine3_2.dll + 2012-04-23 22:18 . 2008-05-30 12:18 177672 c:\windows\system32\xactengine3_1.dll + 2012-04-23 22:18 . 2008-03-05 14:03 177672 c:\windows\system32\xactengine3_0.dll + 2012-04-23 22:18 . 2007-07-19 22:57 411496 c:\windows\system32\xactengine2_9.dll + 2012-04-23 22:18 . 2007-06-20 18:49 409960 c:\windows\system32\xactengine2_8.dll + 2012-04-23 22:18 . 2007-04-04 16:55 403304 c:\windows\system32\xactengine2_7.dll + 2012-04-23 22:17 . 2007-01-24 13:27 393576 c:\windows\system32\xactengine2_6.dll + 2012-04-23 22:17 . 2006-12-08 10:00 390424 c:\windows\system32\xactengine2_5.dll + 2012-04-23 22:17 . 2006-09-28 14:04 364824 c:\windows\system32\xactengine2_4.dll + 2012-04-23 22:17 . 2006-07-28 07:30 363288 c:\windows\system32\xactengine2_3.dll + 2012-04-23 22:17 . 2006-05-31 05:22 354072 c:\windows\system32\xactengine2_2.dll + 2012-04-23 22:18 . 2007-10-22 01:40 411656 c:\windows\system32\xactengine2_10.dll - 2011-06-06 23:35 . 2010-11-20 13:27 220672 c:\windows\system32\wintrust.dll + 2012-04-11 02:17 . 2012-03-01 06:38 220672 c:\windows\system32\wintrust.dll + 2011-05-21 20:57 . 2012-07-01 11:07 264206 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2012-06-13 14:57 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll - 2012-02-17 00:22 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll + 2011-08-28 13:42 . 2009-02-27 02:42 863128 c:\windows\system32\spool\drivers\x64\msonpdrv.dll - 2011-06-06 23:35 . 2010-11-20 13:27 209920 c:\windows\system32\profsvc.dll + 2012-06-13 06:06 . 2012-05-01 05:40 209920 c:\windows\system32\profsvc.dll - 2011-02-01 23:34 . 2012-02-28 20:26 701992 c:\windows\system32\perfh013.dat + 2011-02-01 23:34 . 2012-07-02 16:42 701992 c:\windows\system32\perfh013.dat + 2009-07-14 02:36 . 2012-07-02 16:42 616476 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-02-28 20:26 616476 c:\windows\system32\perfh009.dat + 2011-02-01 23:34 . 2012-07-02 16:42 133766 c:\windows\system32\perfc013.dat - 2011-02-01 23:34 . 2012-02-28 20:26 133766 c:\windows\system32\perfc013.dat - 2009-07-14 02:36 . 2012-02-28 20:26 106598 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-07-02 16:42 106598 c:\windows\system32\perfc009.dat + 2011-07-20 18:14 . 2012-02-23 08:18 279656 c:\windows\system32\MpSigStub.exe + 2011-11-30 11:41 . 2012-03-13 16:46 465568 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe - 2011-11-30 11:41 . 2011-11-30 11:41 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll + 2011-11-30 11:41 . 2012-03-13 16:46 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll + 2012-06-13 14:57 . 2012-05-18 01:55 818688 c:\windows\system32\jscript.dll - 2012-02-17 00:22 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll - 2011-05-21 21:02 . 2011-05-21 21:02 173056 c:\windows\system32\ieUnatt.exe + 2012-06-13 14:57 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe + 2012-06-13 14:57 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll - 2012-02-17 00:22 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll + 2009-07-14 04:45 . 2012-06-13 22:26 424424 c:\windows\system32\FNTCACHE.DAT - 2009-07-14 04:45 . 2012-02-17 01:02 424424 c:\windows\system32\FNTCACHE.DAT - 2009-07-14 05:30 . 2011-12-29 12:50 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-04-25 19:54 143360 c:\windows\system32\DriverStore\infstrng.dat + 2012-06-13 06:06 . 2012-04-28 03:55 210944 c:\windows\system32\drivers\rdpwd.sys - 2011-06-06 23:35 . 2010-11-20 11:04 210944 c:\windows\system32\drivers\rdpwd.sys + 2012-03-19 03:17 . 2012-03-19 03:17 383808 c:\windows\system32\drivers\avgtdia.sys + 2012-02-22 03:25 . 2012-02-22 03:25 289872 c:\windows\system32\drivers\avgldx64.sys + 2011-12-23 11:31 . 2011-12-23 11:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys + 2012-04-23 22:18 . 2010-05-26 09:41 276832 c:\windows\system32\d3dx11_43.dll + 2012-04-23 22:18 . 2009-09-04 15:29 285024 c:\windows\system32\d3dx11_42.dll + 2012-04-23 22:18 . 2010-05-26 09:41 511328 c:\windows\system32\d3dx10_43.dll + 2012-04-23 22:18 . 2009-03-09 13:27 520544 c:\windows\system32\d3dx10_41.dll + 2012-04-23 22:18 . 2008-10-10 02:52 519000 c:\windows\system32\d3dx10_40.dll + 2012-04-23 22:18 . 2008-07-10 09:00 540688 c:\windows\system32\d3dx10_39.dll + 2012-04-23 22:18 . 2008-05-30 12:11 540688 c:\windows\system32\d3dx10_38.dll + 2012-04-23 22:18 . 2008-02-05 21:07 529424 c:\windows\system32\d3dx10_37.dll + 2012-04-23 22:18 . 2007-10-02 07:56 508264 c:\windows\system32\d3dx10_36.dll + 2012-04-23 22:18 . 2007-07-19 16:14 508264 c:\windows\system32\d3dx10_35.dll + 2012-04-23 22:18 . 2007-05-16 14:45 506728 c:\windows\system32\d3dx10_34.dll + 2012-04-23 22:17 . 2007-03-15 14:57 506728 c:\windows\system32\d3dx10_33.dll + 2012-04-23 22:17 . 2006-11-29 11:06 469264 c:\windows\system32\d3dx10.dll + 2012-06-13 06:06 . 2012-04-24 05:37 184320 c:\windows\system32\cryptsvc.dll + 2012-06-13 06:06 . 2012-04-24 05:37 140288 c:\windows\system32\cryptnet.dll - 2009-07-14 05:01 . 2012-03-02 16:13 395992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-02 18:08 395992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-04-18 15:28 . 2012-04-18 15:28 396760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-8192.dat + 2011-12-15 12:01 . 2011-12-15 12:01 226600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll + 2012-04-21 09:03 . 2012-04-21 09:03 616024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll + 2011-12-15 11:08 . 2011-12-15 11:08 156440 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.dll + 2011-12-15 12:01 . 2011-12-15 12:01 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll + 2012-05-08 21:14 . 2012-02-10 23:29 172320 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationHostDLL.dll + 2012-06-13 06:05 . 2012-04-23 22:33 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll + 2012-05-08 21:14 . 2012-01-04 03:34 486144 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll + 2011-12-15 11:08 . 2011-12-15 11:08 182056 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll + 2012-04-21 09:03 . 2012-04-21 09:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll + 2011-12-15 11:08 . 2011-12-15 11:08 156440 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll + 2011-12-15 11:08 . 2011-12-15 11:08 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll + 2011-12-15 11:08 . 2011-12-15 11:08 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll + 2011-12-15 11:08 . 2011-12-15 11:08 386824 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll + 2012-05-08 21:14 . 2012-02-10 23:31 131360 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll + 2012-06-13 06:05 . 2012-04-23 22:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll + 2012-05-08 21:14 . 2012-01-04 02:51 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll + 2012-05-08 21:14 . 2012-01-04 02:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll + 2012-05-08 21:14 . 2012-01-04 02:50 996624 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll - 2012-02-17 00:27 . 2012-02-17 00:27 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll + 2012-06-13 15:06 . 2012-06-13 15:06 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll + 2012-06-13 15:06 . 2012-06-13 15:06 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll - 2012-02-17 00:27 . 2012-02-17 00:27 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll - 2012-02-17 00:27 . 2012-02-17 00:27 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll + 2012-06-13 15:06 . 2012-06-13 15:06 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll + 2012-06-13 15:06 . 2012-06-13 15:06 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll - 2012-02-17 00:27 . 2012-02-17 00:27 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll - 2012-02-17 00:27 . 2012-02-17 00:27 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2012-06-13 15:06 . 2012-06-13 15:06 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2012-02-17 00:27 . 2012-02-17 00:27 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll + 2012-06-13 15:06 . 2012-06-13 15:06 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll + 2012-06-13 15:06 . 2012-06-13 15:06 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2012-02-17 00:27 . 2012-02-17 00:27 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2012-02-17 00:27 . 2012-02-17 00:27 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll + 2012-06-13 15:06 . 2012-06-13 15:06 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll + 2012-06-13 15:06 . 2012-06-13 15:06 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll - 2012-02-17 00:27 . 2012-02-17 00:27 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll - 2012-02-17 00:27 . 2012-02-17 00:27 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll + 2012-06-13 15:06 . 2012-06-13 15:06 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll + 2012-06-13 15:06 . 2012-06-13 15:06 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2012-02-17 00:27 . 2012-02-17 00:27 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2012-02-17 00:27 . 2012-02-17 00:27 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2012-06-13 15:06 . 2012-06-13 15:06 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2012-02-17 00:27 . 2012-02-17 00:27 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2012-06-13 15:06 . 2012-06-13 15:06 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2012-02-17 00:27 . 2012-02-17 00:27 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll + 2012-06-13 15:06 . 2012-06-13 15:06 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll + 2012-06-13 15:06 . 2012-06-13 15:06 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll - 2012-02-17 00:27 . 2012-02-17 00:27 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll - 2012-02-17 00:27 . 2012-02-17 00:27 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2012-06-13 15:06 . 2012-06-13 15:06 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2012-06-13 15:06 . 2012-06-13 15:06 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2012-02-17 00:27 . 2012-02-17 00:27 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2012-06-13 15:06 . 2012-06-13 15:06 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll - 2012-02-17 00:27 . 2012-02-17 00:27 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll + 2012-06-13 15:06 . 2012-06-13 15:06 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll - 2012-02-17 00:27 . 2012-02-17 00:27 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll - 2012-02-17 00:27 . 2012-02-17 00:27 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll + 2012-06-13 15:06 . 2012-06-13 15:06 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll + 2012-06-13 15:06 . 2012-06-13 15:06 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll - 2012-02-17 00:27 . 2012-02-17 00:27 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll - 2012-02-17 00:27 . 2012-02-17 00:27 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll + 2012-06-13 15:06 . 2012-06-13 15:06 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll + 2012-06-13 15:06 . 2012-06-13 15:06 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2012-06-13 15:06 . 2012-06-13 15:06 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2012-02-17 00:27 . 2012-02-17 00:27 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2012-02-17 00:27 . 2012-02-17 00:27 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2012-06-13 15:06 . 2012-06-13 15:06 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2012-02-17 00:27 . 2012-02-17 00:27 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll + 2012-06-13 15:06 . 2012-06-13 15:06 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll - 2012-02-17 00:27 . 2012-02-17 00:27 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2012-06-13 15:06 . 2012-06-13 15:06 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2012-02-17 00:27 . 2012-02-17 00:27 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2012-06-13 15:06 . 2012-06-13 15:06 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2012-06-13 15:06 . 2012-06-13 15:06 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll - 2012-02-17 00:27 . 2012-02-17 00:27 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll - 2012-02-17 00:27 . 2012-02-17 00:27 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll + 2012-06-13 15:06 . 2012-06-13 15:06 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll + 2012-06-13 15:06 . 2012-06-13 15:06 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2012-02-17 00:27 . 2012-02-17 00:27 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2012-02-17 00:27 . 2012-02-17 00:27 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll + 2012-06-13 15:06 . 2012-06-13 15:06 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll + 2012-06-13 15:06 . 2012-06-13 15:06 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll - 2012-02-17 00:27 . 2012-02-17 00:27 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll + 2012-06-13 15:06 . 2012-06-13 15:06 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll + 2012-06-13 15:06 . 2012-06-13 15:06 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll - 2012-02-17 00:27 . 2012-02-17 00:27 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll + 2012-06-13 15:06 . 2012-06-13 15:06 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2012-02-17 00:27 . 2012-02-17 00:27 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2012-06-13 15:06 . 2012-06-13 15:06 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll - 2012-02-17 00:27 . 2012-02-17 00:27 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll - 2012-02-17 00:27 . 2012-02-17 00:27 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll + 2012-06-13 15:06 . 2012-06-13 15:06 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll - 2012-02-17 00:27 . 2012-02-17 00:27 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll + 2012-06-13 15:06 . 2012-06-13 15:06 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll + 2012-06-13 15:06 . 2012-06-13 15:06 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll - 2012-02-17 00:27 . 2012-02-17 00:27 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll - 2012-02-17 00:27 . 2012-02-17 00:27 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2012-06-13 15:06 . 2012-06-13 15:06 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2012-06-13 15:06 . 2012-06-13 15:06 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll - 2012-02-17 00:27 . 2012-02-17 00:27 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll + 2012-06-13 15:06 . 2012-06-13 15:06 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2012-02-17 00:27 . 2012-02-17 00:27 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2012-06-13 15:06 . 2012-06-13 15:06 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2012-02-17 00:27 . 2012-02-17 00:27 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2012-06-13 15:06 . 2012-06-13 15:06 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll - 2012-02-17 00:27 . 2012-02-17 00:27 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll + 2012-06-13 15:06 . 2012-06-13 15:06 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2012-02-17 00:27 . 2012-02-17 00:27 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2012-02-17 00:27 . 2012-02-17 00:27 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll + 2012-06-13 15:06 . 2012-06-13 15:06 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll - 2012-02-17 00:27 . 2012-02-17 00:27 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll + 2012-06-13 15:06 . 2012-06-13 15:06 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - 2012-02-17 00:27 . 2012-02-17 00:27 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-06-13 15:06 . 2012-06-13 15:06 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll - 2012-02-17 00:27 . 2012-02-17 00:27 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2012-06-13 15:06 . 2012-06-13 15:06 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2012-06-13 15:06 . 2012-06-13 15:06 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2012-02-17 00:27 . 2012-02-17 00:27 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2012-02-17 00:27 . 2012-02-17 00:27 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-06-13 15:06 . 2012-06-13 15:06 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-06-13 15:06 . 2012-06-13 15:06 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - 2012-02-17 00:27 . 2012-02-17 00:27 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll + 2012-06-13 15:06 . 2012-06-13 15:06 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll - 2012-02-17 00:27 . 2012-02-17 00:27 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-06-13 15:05 . 2012-06-13 15:05 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2012-02-17 00:26 . 2012-02-17 00:26 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2012-02-17 00:26 . 2012-02-17 00:26 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2012-06-13 15:05 . 2012-06-13 15:05 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2012-06-13 15:06 . 2012-06-13 15:06 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll - 2012-02-17 00:27 . 2012-02-17 00:27 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2011-08-28 13:42 . 2012-06-13 15:07 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2011-08-28 13:42 . 2012-02-17 00:24 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2011-08-28 13:42 . 2012-06-13 15:07 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2011-08-28 13:42 . 2012-02-17 00:24 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2011-08-28 13:42 . 2012-02-17 00:24 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2011-08-28 13:42 . 2012-06-13 15:07 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2011-08-28 13:42 . 2012-06-13 15:07 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2011-08-28 13:42 . 2012-02-17 00:24 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2011-08-28 13:42 . 2012-02-17 00:24 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2011-08-28 13:42 . 2012-06-13 15:07 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2011-08-28 13:42 . 2012-06-13 15:07 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2011-08-28 13:42 . 2012-02-17 00:24 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2011-08-28 13:42 . 2012-06-13 15:07 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2011-08-28 13:42 . 2012-02-17 00:24 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2012-03-07 02:01 . 2012-03-07 02:01 217864 c:\windows\Installer\{90120000-006E-0413-0000-0000000FF1CE}\misc.exe - 2011-08-30 01:01 . 2011-08-30 01:01 217864 c:\windows\Installer\{90120000-006E-0413-0000-0000000FF1CE}\misc.exe + 2010-03-18 11:16 . 2010-03-18 11:16 181096 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_X86.dll + 2010-03-18 12:27 . 2010-03-18 12:27 225640 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_AMD64.dll + 2012-02-19 03:03 . 2012-02-19 03:03 949088 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgxpl.dll + 2012-02-22 03:25 . 2012-02-22 03:25 299472 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgtdix.sys + 2012-03-19 03:17 . 2012-03-19 03:17 383808 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgtdia.sys + 2012-03-09 19:39 . 2012-03-09 19:39 980352 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgssff11.dll + 2012-02-14 02:53 . 2012-02-14 02:53 502624 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgsrmx.dll + 2012-02-14 02:53 . 2012-02-14 02:53 951648 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgsrma.dll + 2012-02-14 02:53 . 2012-02-14 02:53 986464 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgscanx.exe + 2012-02-14 02:52 . 2012-02-14 02:52 769376 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgrkta.dll + 2012-02-14 02:53 . 2012-02-14 02:53 168800 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgppa.dll + 2012-02-18 03:04 . 2012-02-18 03:04 122208 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgpp.dll + 2012-02-14 02:52 . 2012-02-14 02:52 103776 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgmvflx.dll + 2012-02-14 02:53 . 2012-02-14 02:53 154464 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgmvfla.dll + 2012-02-20 03:04 . 2012-02-20 03:04 898912 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgdtiex.dll + 2012-02-14 02:52 . 2012-02-14 02:52 382816 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgdecider.dll + 2012-02-14 02:53 . 2012-02-14 02:53 873824 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgcmgr.exe + 2012-02-14 02:52 . 2012-02-14 02:52 630112 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgchjwa.dll + 2012-02-14 02:52 . 2012-02-14 02:52 226656 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgcertx.dll + 2012-02-14 02:52 . 2012-02-14 02:52 330080 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgcerta.dll + 2012-02-14 02:52 . 2012-02-14 02:52 513888 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgapix.dll + 2012-02-14 02:53 . 2012-02-14 02:53 900960 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgapia.dll + 2011-09-15 19:41 . 2011-09-15 19:41 408936 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\WINWORD.EXE + 2007-06-07 17:51 . 2007-06-07 17:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\SSGEN.DLL + 2007-06-07 17:51 . 2007-06-07 17:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL + 2008-03-19 04:27 . 2008-03-19 04:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OGALEGIT.DLL + 2000-05-24 04:45 . 2000-05-24 04:45 118784 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL + 2008-10-25 04:18 . 2008-10-25 04:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\IEAWSDC.DLL + 2006-10-27 13:35 . 2006-10-27 13:35 436512 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\UMOUTLOOKADDIN.DLL + 2006-10-26 18:13 . 2006-10-26 18:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACECNF.DLL + 2012-06-13 23:25 . 2012-06-13 23:25 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\fb43d84bc59b21e8a7f3e36d616eea90\UIAutomationTypes.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\26f12a0a3baed2a227cf30aaeae03913\UIAutomationProvider.ni.dll + 2012-05-09 17:02 . 2012-05-09 17:02 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\1c3c298326e9ac14796516ac1da09a16\UIAutomationClient.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\307eea660f877dc40ae90882ce554757\System.Xml.Linq.ni.dll + 2012-05-09 16:59 . 2012-05-09 16:59 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\b4afa252d0f0e27b0b5e8fcb2cc5b3a7\System.Windows.Input.Manipulations.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\8c0ee7b970cc4e8c2986c7898af71661\System.Transactions.ni.dll + 2012-06-13 23:24 . 2012-06-13 23:24 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll + 2012-05-09 17:01 . 2012-05-09 17:01 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\eb4fb369926faaffede7aaf317fd6532\System.ServiceModel.Channels.ni.dll + 2012-05-09 17:01 . 2012-05-09 17:01 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e5ab3c37897bb578bdbfe6b7e0558ad8\System.ServiceModel.Routing.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\e48b6a8c491a96d1bc601795532af605\System.Security.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\7590828d50338d512b11a4d3f87d69a2\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\21d5b44ef01ccfa69e79674a51707de0\System.Runtime.Remoting.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\5f2bfb0585061dc256ee9587d430959f\System.Numerics.ni.dll + 2012-05-09 17:01 . 2012-05-09 17:01 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\6996a415485a84fef2d2556b0462336f\System.Net.ni.dll + 2012-06-13 23:24 . 2012-06-13 23:24 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll + 2012-05-09 17:00 . 2012-05-09 17:00 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\92d266f677605e5475b7f39c063c4a9d\System.Management.Instrumentation.ni.dll + 2012-05-09 17:00 . 2012-05-09 17:00 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\07a0e1efc063042be3e8faf62b413a12\System.IO.Log.ni.dll + 2012-05-09 17:00 . 2012-05-09 17:00 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\7fd39b9a208214e6e5eba4e9396409f1\System.IdentityModel.Selectors.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\8e10d4f2a408dc5a9740f8d0df5cebac\System.EnterpriseServices.Wrapper.dll + 2012-05-09 16:56 . 2012-05-09 16:56 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\521f5bccf74318a4777597b0c01fda1e\System.Dynamic.ni.dll + 2012-05-09 17:00 . 2012-05-09 17:00 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\6a8bd7d373c988a585e90bb61c5ec8cc\System.DirectoryServices.Protocols.ni.dll + 2012-05-09 17:00 . 2012-05-09 17:00 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\78dd02d104bb15bc3820c06bd2876239\System.Device.ni.dll + 2012-05-09 16:59 . 2012-05-09 16:59 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\97d1aaf3733b107ecdbecb9d21050ff4\System.Data.DataSetExtensions.ni.dll + 2012-06-13 23:24 . 2012-06-13 23:24 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll + 2012-05-09 16:59 . 2012-05-09 16:59 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\a4f91f2dfd1656ef2e42917963f6bf50\System.ComponentModel.DataAnnotations.ni.dll + 2012-05-09 16:59 . 2012-05-09 16:59 871936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\b1c67ee2e0e6e78c31985069fbc82596\System.AddIn.ni.dll + 2012-05-09 16:59 . 2012-05-09 16:59 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\c69fb0f955adc7ca80cd5f2fd730edea\System.Activities.DurableInstancing.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\11fc863fa4f5092fca4f2ce25a9ac361\SMSvcHost.ni.exe + 2012-05-09 16:58 . 2012-05-09 16:58 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\50e8e826488639e549589ba34666933e\SMDiagnostics.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\722c0236432dd5ccc047481d3ebbd49e\PresentationFramework.Royale.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\6739c3715c9e38dbdfbfd57b424a3094\PresentationFramework.Aero.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\3e7359f5f0fb68565314f88f6ec2d67a\PresentationFramework.Luna.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\263748f3d18955b9e467710da1e8546f\PresentationFramework.Classic.ni.dll + 2012-06-13 15:04 . 2012-06-13 15:04 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\58441b4216f3051caa7041fa1cd9476d\Microsoft.VisualBasic.Compatibility.Data.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\097137b03ff37196b4b8ba62db34d64a\Microsoft.VisualBasic.Compatibility.Data.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\6480551111832c83ee88bcf756a72533\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\0e81a3996f7cbff23fc01bea4185a918\CustomMarshalers.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\7a9f70fa774076a7ec19bc03e7064d0d\UIAutomationClient.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\c477bbff1e4662263255a1bf17bd9c2a\System.Windows.Input.Manipulations.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dc86fe1c7a6e3a7ce9e9c1f13d9b1e8e\System.ServiceModel.Routing.ni.dll + 2012-05-09 01:08 . 2012-05-09 01:08 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5a4d233916a69d48fa12a9f7f103d893\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll + 2012-05-09 01:08 . 2012-05-09 01:08 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\dd25ddcfa0417d40e3f1385e30abcd6f\System.Net.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\08397796343d5730a29f42e61c7f6ee7\System.Management.Instrumentation.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\ff1250d2409bd16283c423650d6fd3f6\System.IO.Log.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\e60675d3ba7fa94924489dc8466ebff5\System.IdentityModel.Selectors.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll + 2012-05-09 16:48 . 2012-05-09 16:48 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll + 2012-05-09 01:08 . 2012-05-09 01:08 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\a9b1e597aaa263dea2cf8754440bd271\System.Dynamic.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e41e86da56bb60523251e0e08210a77b\System.DirectoryServices.Protocols.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\94d45f7f28d81304d7fa83bcea849141\System.DirectoryServices.AccountManagement.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4c50d8a951546d6dffdc8bcb23f47a7b\System.Device.ni.dll + 2012-05-09 16:49 . 2012-05-09 16:49 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\7803f4398a527a87d5cace8023e93e8b\System.Data.DataSetExtensions.ni.dll + 2012-05-09 01:08 . 2012-05-09 01:08 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll + 2012-05-09 01:08 . 2012-05-09 01:08 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\877ef74350e6d374ca8f80b489a8cc8e\System.ComponentModel.Composition.ni.dll + 2012-05-09 16:49 . 2012-05-09 16:49 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4330e93f9d0ef85f1a972e11c2ac5156\System.ComponentModel.DataAnnotations.ni.dll + 2012-05-09 16:49 . 2012-05-09 16:49 624128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\0c67d9fc14856eb7d8b4e405aef79960\System.AddIn.ni.dll + 2012-05-09 16:49 . 2012-05-09 16:49 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2b046f2d5f056b906d7b25b75ca23575\System.Activities.DurableInstancing.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\4847f66153121ec4ed532909f7c152be\SMSvcHost.ni.exe + 2012-05-09 16:48 . 2012-05-09 16:48 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll + 2012-05-09 01:11 . 2012-05-09 01:11 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ef6e3eb351fe12a5766be7c956c35d95\PresentationFramework.Classic.ni.dll + 2012-05-09 01:11 . 2012-05-09 01:11 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e49a124fdad0f1db135f03a49f18fb48\PresentationFramework.Royale.ni.dll + 2012-05-09 01:11 . 2012-05-09 01:11 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll + 2012-05-09 01:11 . 2012-05-09 01:11 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\141f0a8fbfb83604fa3dd43dbe8fa0f4\PresentationFramework.Luna.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8cc4dd9babffe370cf375925fba15f84\Microsoft.VisualBasic.Compatibility.Data.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\01c5ff7a1ea0463414736df5d449e0a9\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\ad7f43afb4f124acae4d503b40f591c1\WsatConfig.ni.exe + 2012-06-13 23:22 . 2012-06-13 23:22 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\f4d304fcbfda323997083a1f88b83719\WindowsFormsIntegration.ni.dll + 2012-05-09 01:26 . 2012-05-09 01:26 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\bf634b0e2e28466c6ed6ae1eb602b09f\UIAutomationTypes.ni.dll + 2012-05-09 01:26 . 2012-05-09 01:26 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\1ff8fb81d6f045f1dc6f50be95444292\UIAutomationProvider.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\1f36e020c3563e0ff414f13138e238e1\UIAutomationClient.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\681410f842337dccc72eb059738c3ced\TaskScheduler.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\de45d043775d8c805f6feca40d7a9ed2\System.Xml.Linq.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\72b4992e45d232251a273a59eb3333d5\System.Web.Routing.ni.dll + 2012-05-09 01:28 . 2012-05-09 01:28 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\76662ce36d2141e45513e64386073cc2\System.Web.RegularExpressions.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b905eb57b631a30c60caa4d68c186963\System.Web.Entity.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\e412dfbf1aa49bbe345a02a4d23104f5\System.Web.Entity.Design.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\815769f953ebe3f84439d522c97317b8\System.Web.DynamicData.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\c8144ee08dccdac183527e53c86aa901\System.Web.Abstractions.ni.dll + 2012-05-09 01:27 . 2012-05-09 01:27 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\ec95ad2463c5588fc8ef552b3f375ee6\System.Transactions.ni.dll + 2012-06-13 22:29 . 2012-06-13 22:29 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\f71d2f65d0f149c75ac7a569dbcc8500\System.ServiceProcess.ni.dll + 2012-05-09 01:25 . 2012-05-09 01:25 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\1875b50d0228f29aef00bed38ab594d6\System.Security.ni.dll + 2012-05-09 01:26 . 2012-05-09 01:26 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\807759890a40e4047c35a24e64dc76d5\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\3b3581851a728bef36f319e9d4c72499\System.Net.ni.dll + 2012-06-13 23:20 . 2012-06-13 23:20 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\d5d612f7d372f500e3062e3814e79d75\System.Messaging.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\599954438a668c94dd38e8e7e506ac2a\System.Management.Instrumentation.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\fd51741bfd973ad507bbd141e98932f8\System.IO.Log.ni.dll + 2012-05-09 16:51 . 2012-05-09 16:51 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\ef6abe121bb11bff2514bfdfb7e76b7a\System.IdentityModel.Selectors.ni.dll + 2012-05-09 01:27 . 2012-05-09 01:27 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\d50cde53634ccbb5e0231738784ff4b8\System.EnterpriseServices.Wrapper.dll + 2012-06-13 22:29 . 2012-06-13 22:29 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\fbc02e9f5a14bb93082ebc88bc577413\System.Drawing.Design.ni.dll + 2012-05-09 01:28 . 2012-05-09 01:28 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\4bb1134d9b166434327385ddf3c5dd54\System.DirectoryServices.Protocols.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\7c4ce1b8a2f83ef29aa6d5f126ab5b71\System.Data.Services.Design.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\19d1414f1ca718ce4d0c07e7305b3450\System.Data.DataSetExtensions.ni.dll + 2012-06-13 22:29 . 2012-06-13 22:29 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\a88ca70ab9641b8236149bc5dd8d1564\System.Configuration.Install.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\9536bb262c4f1ea389d287ab669767d4\System.ComponentModel.DataAnnotations.ni.dll + 2012-05-09 01:28 . 2012-05-09 01:28 890880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\84262138e2e9f34c88fd282caa82baa5\System.AddIn.ni.dll + 2012-05-09 01:28 . 2012-05-09 01:28 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\176899be7b920fb20408ff49e636a776\System.AddIn.Contract.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\ee0608cd62dfb37016016884fc39e425\sysglobl.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\9fa1abf006689e262527ae50d452e97e\SMSvcHost.ni.exe + 2012-05-09 16:51 . 2012-05-09 16:51 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\2eac9c598de3341eba5c16787c74f220\SMDiagnostics.ni.dll + 2012-05-09 01:28 . 2012-05-09 01:28 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\89de197bdde5984658045ade41c2c9b9\PresentationFramework.Classic.ni.dll + 2012-05-09 01:28 . 2012-05-09 01:28 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\7ffb91db770d0b09921f623bc5d68b4f\PresentationFramework.Luna.ni.dll + 2012-05-09 01:28 . 2012-05-09 01:28 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\4f3567165e2a444fc9a62980c4d0ea82\PresentationFramework.Aero.ni.dll + 2012-05-09 01:28 . 2012-05-09 01:28 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\205bb33cef9ae6b906ceadd6f2861c86\PresentationFramework.Royale.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\2f1bad2fb963482a02443d5e7fece2b6\napsnap.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\bb4947f0ecc925a7bcfd129b6eec8f9b\napinit.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\5f0ae15f9d1cade37fbfaacff7e64bff\naphlpr.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\5346ceca518baf5e5fa3fed9f900f792\napcrypt.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\8f792883d0adad8c7beccf24aed65817\MSBuild.ni.exe + 2012-06-13 23:21 . 2012-06-13 23:21 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\67240ddde494b9cc05cd732ccd099668\MMCFxCommon.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\b78beede8a3c9720095dde4a4a162acc\Microsoft.WSMan.Management.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\83222514e209f186ad3a1c3794168bfd\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\a843956bb452503139683304de4cc8f6\Microsoft.Vsa.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\c56d6513e4b239b1b1dbe29b0588321a\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\fb0d102ca78bd05fe7064b9e6be30fc7\Microsoft.PowerShell.ConsoleHost.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b21fa6ff448b99a97319e18c166c03e2\Microsoft.PowerShell.Security.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6c3fe42a14ac5b48ebd43be290973d24\Microsoft.PowerShell.GraphicalHost.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\2572e94f9d0b412cdc529c8d74fdb689\Microsoft.PowerShell.Commands.Diagnostics.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f04ccbbf5199d2b264f1b1175be44686\Microsoft.MediaCenter.Mheg.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f015188310f7613f819fcf032f98705a\Microsoft.MediaCenter.iTv.Media.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e29cbd30a31d3c8dae19eb17f70c4ec4\Microsoft.MediaCenter.iTv.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6dbd502a13b5e3caae0b1f2b4847612f\Microsoft.MediaCenter.Playback.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\514667153fd74307d21e7f50b79858c9\Microsoft.MediaCenter.Interop.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\409dae089f2e041343cff71f822cd505\Microsoft.MediaCenter.ITVVM.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\18367b9a0b9e9261d1d9e371230af87c\Microsoft.MediaCenter.Sports.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\803188573fb19785a94284e097c48a67\Microsoft.ManagementConsole.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\d68a27daca73749e4438a47e61643c3c\Microsoft.Build.Utilities.v3.5.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\3151235c1c38db94fd44e3c6f290ff38\Microsoft.Build.Utilities.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\cf5e9b5d10682467a9e03358a6d6258f\Microsoft.Build.Framework.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0f233d0eb396065719e83ab573a72cc5\Microsoft.Build.Framework.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\2416af06edb993f98a751acb69f67016\Microsoft.Build.Conversion.v3.5.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 107520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\69286d5692277a166404cb897a8b2e7a\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\74e4adc90675c3b1365825c7e78b5ce9\Mcx2Dvcs.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\4a1f9a648a3928d42b77a91666d9aa8a\mcupdate.ni.exe + 2012-05-09 16:52 . 2012-05-09 16:52 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\40d70417c04f9ccb5fdecb5b9be5a6a3\mcstoredb.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4ae6ccc32dafb4e3765b9db05585bd48\mcplayerinterop.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\b0db345fd62a84c98fd8b0bf3c72e8bb\mcGlidHostObj.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\3fc113fe40d0145cd87afca2d107bf6d\MCESidebarCtrl.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\bc5df15ee827e248dd6f819874a85718\EventViewer.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\584d419d4c837ea19f7f450a807b0273\ehRecObj.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\20c3505378a50f4859c9b2e7dcbb5fa2\ehiWUapi.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\2f9f48ad6496c9103043db1c21a651fd\ehiwmp.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0955237aa3c1cb3a643248b8c58ec34c\ehiUserXp.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\7998173654fa518876cc97e37b86d465\ehiiTv.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\6c97aa6908f96ac9816ce74e4f6251ac\ehiExtens.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\a501747a95523297a8a1f119df8b1642\ehiBmlDataCarousel.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\414bbac4e1d7761a336bb9d74b9b243a\ehiActivScp.ni.dll + 2012-06-13 23:20 . 2012-06-13 23:20 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\08c9aa18b306aa47ddc0ae4a63b05d04\ehExtHost.ni.exe + 2012-05-09 16:51 . 2012-05-09 16:51 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\ff7ef4caed03d6934669d1a39877a8ac\ehCIR.ni.dll + 2012-05-09 16:51 . 2012-05-09 16:51 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\b7916689137fd0bc9ba1ba5a27e2a38a\CustomMarshalers.ni.dll + 2012-05-09 16:51 . 2012-05-09 16:51 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\cc6e6febcd804604bf4d92d0eb8ec6ae\ComSvcConfig.ni.exe + 2012-05-09 16:51 . 2012-05-09 16:51 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\d18719c2df1334364cac199bb9c86adf\BDATunePIA.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\9d60139fdead64a892985181d663989f\WsatConfig.ni.exe + 2012-06-13 23:25 . 2012-06-13 23:25 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\62cec20b82795b936aa2ebe09cf390b3\WindowsLiveLocal.WriterPlugin.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f061177fad83e0d31527ca85a7b9447d\WindowsLive.Writer.FileDestinations.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ebda5533597f76b6f088db06a3c9bf89\WindowsLive.Writer.Controls.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dbbb5914ff727ce0f6793177c4da31ba\WindowsLive.Writer.Interop.SHDocVw.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c9819eac00ff9d58e19599438e5ac742\WindowsLive.Writer.Api.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1c69dc861cc74197d32851f14e7072a\WindowsLive.Writer.HtmlEditor.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a4ebb53e20a38dcf5d65f12abffd64a8\WindowsLive.Writer.Interop.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9b8dc38b0c2427faeb5e306a453d251a\WindowsLive.Writer.BlogClient.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8c2ee846c46973e97e706f39bb72e2e8\WindowsLive.Writer.SpellChecker.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8aaba9a485b995efaac2c1a59051e676\WindowsLive.Writer.Mshtml.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\853c1f1b75d33bbc710d95042876c71b\WindowsLive.Writer.Interop.Mshtml.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7039bba7ff166706ab0b2cd61ff38302\WindowsLive.Writer.Instrumentation.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4f6aeeee01549f796d40a3af7b166d86\WindowsLive.Writer.HtmlParser.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\26a195621994dccb5a5f9c06ce1e5fd7\WindowsLive.Writer.Extensibility.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0ccb4a3228a1ca615f849ebfe8d4daee\WindowsLive.Writer.BrowserControl.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\ad66e359fad3f5ace031f71737b111a0\WindowsLive.Client.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\779b08c46960a1824503aa6f089673fa\UIAutomationClient.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\f3e052584df9c614407da662dd3c3df3\TaskScheduler.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\06e4119a0a3484bb0ca667a16145ce74\System.Web.Routing.ni.dll + 2012-05-09 01:25 . 2012-05-09 01:25 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\2b129372a27469195acbe3b6b81786ef\System.Web.RegularExpressions.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4f13c2c06fb97f6659473f02802b377b\System.Web.Extensions.Design.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3701488fb9e601ebe963db25b784d684\System.Web.Entity.Design.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a09cc9877f51f16a4610b702155e8b70\System.Web.DynamicData.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c6aad1edcc51862ceb26b6b65dad1490\System.Web.Abstractions.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\0b5f082230e3486412e0fa333290e85a\System.Net.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\8280490a2939075b726fd051d9010cc0\System.Management.Instrumentation.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\a03191ed937f6c1dc827b53d94ea0176\System.IO.Log.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\100d39c2f8985cb93e26feef86ba5212\System.IdentityModel.Selectors.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.Wrapper.dll + 2012-05-09 01:24 . 2012-05-09 01:24 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\912a0776c2bfd35ff76bd0b8ba977ed4\System.Drawing.Design.ni.dll + 2012-05-09 01:25 . 2012-05-09 01:25 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55545e89f96539ef93375524d1145a6f\System.DirectoryServices.Protocols.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4d73a7649876bb6e54a01ccbf235919b\System.DirectoryServices.AccountManagement.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\4665930daf80e181c25371066401cce1\System.Data.Services.Design.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a29fff52e2c3d13ec15e8701027ab17\System.Data.Entity.Design.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\940f62a5d077405e0b324422afb6ff2c\System.Data.DataSetExtensions.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\498d2033c60fe5b777cf923b71b25972\System.Configuration.Install.ni.dll + 2012-05-09 01:28 . 2012-05-09 01:28 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\a90ec436f1d2c5cb0133a53c2e47d61a\System.AddIn.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\1ed79278fe139272e868e3a53d736f22\sysglobl.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1b0b19607668635281fa260707f4352f\SMSvcHost.ni.exe + 2012-05-09 16:46 . 2012-05-09 16:46 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll + 2012-05-09 01:25 . 2012-05-09 01:25 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae55e761d480fe15781156d1311a1837\PresentationFramework.Classic.ni.dll + 2012-05-09 01:25 . 2012-05-09 01:25 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll + 2012-05-09 01:25 . 2012-05-09 01:25 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7df1f379457aa5f39183903d115b5479\PresentationFramework.Royale.ni.dll + 2012-05-09 01:25 . 2012-05-09 01:25 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\496bc57a53989bb83ec58865fa34be1d\PresentationFramework.Luna.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\acfafa161ea232928cb02b01c50acf1c\napsnap.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\0abec246c5ca6ec4858bfd3ab84da0ec\napinit.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\e0c40329b9cdd7f141a3702d79eb4bda\naphlpr.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\74a8b6419deb005337a1e43ec2502134\MSBuild.ni.exe + 2012-06-13 23:25 . 2012-06-13 23:25 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1e03b7c2539c5376f0665a4aba04efbd\MMCFxCommon.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\070505350ec9daa3343b3cd2bc8cf59e\Microsoft.WSMan.Management.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1e639225ba30d7f182b893ddacea506b\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d4c36b363fcd1ca494218e74ba606e99\Microsoft.PowerShell.Commands.Diagnostics.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ba2ca86f5d270f493501848843d2f227\Microsoft.PowerShell.Commands.Management.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\607324a312b1c6d7fbede8300e8cee91\Microsoft.PowerShell.GraphicalHost.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1f1185444c8a12ace85ba4c2d49f41f8\Microsoft.PowerShell.Security.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\12715b7e3e89758161053520b57764b2\Microsoft.PowerShell.ConsoleHost.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\622b582866fca37f113bd97ae4c6d1f6\Microsoft.ManagementConsole.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7e59b3b84ca3c61adfc0dc74a65ea177\Microsoft.Build.Utilities.v3.5.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\07e346ee0e3f7433f2de7a72fadd6713\Microsoft.Build.Utilities.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\432160eff3b1f9301c6a74c2e647e03d\Microsoft.Build.Engine.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\8297305de86377d0070a983d99a7f943\Microsoft.Build.Conversion.v3.5.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\541a5bb4d0f8490e506f885a4b435566\mcstoredb.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\02577b78c6ed2f9bda301de888dccad8\EventViewer.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\5ae5c6732ef8e7115baaeb66fd69cdd2\ehRecObj.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\c4a5ce4f89c53b9601d13d22d01cf0bf\ehiVidCtl.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\cbf3a07d3ab873b19f47d6a24f06c796\ehiProxy.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\5cc4a5672758f4732ef430b3431f47fc\ehiExtens.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\a6b8eb80cfbdd927b2fa4ecb69fc0209\ehExtHost32.ni.exe + 2012-05-09 16:46 . 2012-05-09 16:46 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\3912b69593af13d0922279a063e5af66\ComSvcConfig.ni.exe + 2012-05-09 16:45 . 2012-05-09 16:45 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\e1c3540ffb669448747187f76c6ebe82\BDATunePIA.ni.dll - 2011-06-28 17:34 . 2010-11-12 23:33 446464 c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll + 2011-06-28 17:34 . 2010-11-13 00:34 446464 c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll + 2012-06-13 06:05 . 2012-04-23 22:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2011-02-01 23:33 . 2011-02-01 23:33 544768 c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Design.resources.dll + 2012-06-13 06:06 . 2010-11-12 23:33 544768 c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.Design.resources.dll + 2012-05-08 21:14 . 2012-01-04 02:50 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll - 2011-06-06 23:34 . 2010-11-05 01:53 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll - 2011-06-06 23:35 . 2010-11-05 01:53 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2012-05-08 21:14 . 2012-02-10 23:31 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2012-05-27 08:01 . 2012-05-27 08:01 405176 c:\windows\assembly\GAC_MSIL\Newtonsoft.Json.Net20\4.0.0.0__30ad4fe6b2a6aeed\Newtonsoft.Json.Net20.dll + 2012-05-27 08:01 . 2012-05-27 08:01 110232 c:\windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.dll - 2012-01-10 21:47 . 2012-01-10 21:47 110232 c:\windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.dll + 2012-05-27 08:01 . 2012-05-27 08:01 546968 c:\windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack.Shell\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.Shell.dll - 2012-01-10 21:47 . 2012-01-10 21:47 546968 c:\windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack.Shell\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.Shell.dll + 2012-03-07 02:03 . 2012-03-07 02:03 608136 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll + 2012-02-05 12:45 . 2012-04-22 19:39 877952 c:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll + 2012-05-08 21:14 . 2012-02-10 23:29 358912 c:\windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll - 2011-06-06 23:35 . 2010-11-05 01:52 358912 c:\windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-05-08 21:14 . 2012-02-10 23:31 372736 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll - 2011-06-06 23:35 . 2010-11-05 01:53 372736 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-03-07 02:03 . 2012-03-07 02:03 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll + 2012-03-07 02:03 . 2012-03-07 02:03 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll - 2011-08-30 01:03 . 2011-08-30 01:03 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll + 2012-03-07 02:03 . 2012-03-07 02:03 149368 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll + 2012-06-13 14:57 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll + 2012-06-13 14:57 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll + 2012-05-27 08:01 . 2012-03-22 11:43 2557952 c:\windows\SysWOW64\QtCore4.dll + 2012-06-13 06:06 . 2012-05-04 10:03 3913072 c:\windows\SysWOW64\ntoskrnl.exe + 2012-06-13 06:06 . 2012-05-04 10:03 3968368 c:\windows\SysWOW64\ntkrnlpa.exe + 2012-06-13 06:06 . 2012-04-07 11:26 2342400 c:\windows\SysWOW64\msi.dll + 2012-06-13 14:57 . 2012-05-17 22:45 1800192 c:\windows\SysWOW64\jscript9.dll + 2012-06-13 14:57 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll + 2012-06-13 14:57 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll + 2011-07-07 01:28 . 2011-07-07 01:28 1193320 c:\windows\SysWOW64\FM20.DLL + 2012-05-08 21:15 . 2012-03-03 05:31 1077248 c:\windows\SysWOW64\DWrite.dll + 2012-04-23 22:18 . 2010-05-26 09:41 1998168 c:\windows\SysWOW64\D3DX9_43.dll + 2012-04-23 22:18 . 2009-09-04 15:29 1892184 c:\windows\SysWOW64\D3DX9_42.dll + 2012-04-23 22:18 . 2009-03-09 13:27 4178264 c:\windows\SysWOW64\D3DX9_41.dll + 2012-04-23 22:18 . 2008-10-10 02:52 4379984 c:\windows\SysWOW64\D3DX9_40.dll + 2012-04-23 22:18 . 2008-07-10 09:00 3851784 c:\windows\SysWOW64\D3DX9_39.dll + 2012-04-23 22:18 . 2008-05-30 12:11 3850760 c:\windows\SysWOW64\D3DX9_38.dll + 2012-04-23 22:18 . 2008-03-05 13:56 3786760 c:\windows\SysWOW64\D3DX9_37.dll + 2012-04-23 22:18 . 2007-10-12 13:14 3734536 c:\windows\SysWOW64\d3dx9_36.dll + 2012-04-23 22:18 . 2007-07-19 16:14 3727720 c:\windows\SysWOW64\d3dx9_35.dll + 2012-04-23 22:18 . 2007-05-16 14:45 3497832 c:\windows\SysWOW64\d3dx9_34.dll + 2012-04-23 22:17 . 2007-03-12 14:42 3495784 c:\windows\SysWOW64\d3dx9_33.dll + 2012-04-23 22:17 . 2006-09-28 14:05 2414360 c:\windows\SysWOW64\d3dx9_31.dll + 2012-04-23 22:18 . 2010-05-26 09:41 1868128 c:\windows\SysWOW64\d3dcsx_43.dll + 2012-04-23 22:18 . 2009-09-04 15:29 5501792 c:\windows\SysWOW64\d3dcsx_42.dll + 2012-04-23 22:18 . 2010-05-26 09:41 2106216 c:\windows\SysWOW64\D3DCompiler_43.dll + 2012-04-23 22:18 . 2009-09-04 15:29 1974616 c:\windows\SysWOW64\D3DCompiler_42.dll + 2012-04-23 22:18 . 2008-10-10 02:52 2036576 c:\windows\SysWOW64\D3DCompiler_40.dll + 2012-04-23 22:18 . 2008-07-10 09:00 1493528 c:\windows\SysWOW64\D3DCompiler_39.dll + 2012-04-23 22:18 . 2008-05-30 12:11 1491992 c:\windows\SysWOW64\D3DCompiler_38.dll + 2012-04-23 22:18 . 2008-03-05 13:56 1420824 c:\windows\SysWOW64\D3DCompiler_37.dll + 2012-04-23 22:18 . 2007-10-12 13:14 1374232 c:\windows\SysWOW64\D3DCompiler_36.dll + 2012-04-23 22:18 . 2007-07-19 16:14 1358192 c:\windows\SysWOW64\D3DCompiler_35.dll + 2012-04-23 22:18 . 2007-05-16 14:45 1124720 c:\windows\SysWOW64\D3DCompiler_34.dll + 2012-04-23 22:17 . 2007-03-12 14:42 1123696 c:\windows\SysWOW64\D3DCompiler_33.dll + 2012-06-13 06:06 . 2012-04-24 04:36 1158656 c:\windows\SysWOW64\crypt32.dll + 2012-04-18 11:20 . 2012-04-18 11:20 1000000 c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\Search Enhancement Pack\Search Box Extension\searchhs.dat + 2012-04-18 11:20 . 2010-08-06 22:40 1048064 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Toolbar\Applications\bingrewardsclient.dll + 2012-06-21 15:01 . 2012-06-02 22:15 2622464 c:\windows\system64\wucltux.dll + 2012-06-21 15:01 . 2012-06-02 22:19 2428952 c:\windows\system64\wuaueng.dll + 2012-06-13 14:57 . 2012-05-18 01:59 1392128 c:\windows\system64\wininet.dll + 2012-06-13 06:06 . 2012-05-15 01:32 3146752 c:\windows\system64\win32k.sys + 2012-06-13 14:57 . 2012-05-18 01:59 1346048 c:\windows\system64\urlmon.dll - 2009-07-14 00:03 . 2009-07-14 01:41 1402880 c:\windows\system64\spool\drivers\x64\3\JNWDRV.dll + 2012-05-08 21:14 . 2012-03-31 05:40 1402880 c:\windows\system64\spool\drivers\x64\3\JNWDRV.dll + 2012-03-14 08:47 . 2012-02-17 06:38 1031680 c:\windows\system64\rdpcore.dll - 2011-06-06 23:35 . 2010-11-20 13:27 1031680 c:\windows\system64\rdpcore.dll + 2012-06-13 06:06 . 2012-05-04 11:06 5559664 c:\windows\system64\ntoskrnl.exe + 2012-06-13 06:06 . 2012-04-07 12:31 3216384 c:\windows\system64\msi.dll + 2012-06-13 14:57 . 2012-05-18 02:06 2311680 c:\windows\system64\jscript9.dll + 2012-06-13 14:57 . 2012-05-18 01:54 2144768 c:\windows\system64\iertutil.dll + 2012-05-08 21:15 . 2012-03-03 06:35 1544704 c:\windows\system64\DWrite.dll + 2012-05-08 21:14 . 2012-03-30 11:35 1918320 c:\windows\system64\drivers\tcpip.sys + 2012-04-23 22:18 . 2010-05-26 09:41 2401112 c:\windows\system64\D3DX9_43.dll + 2012-04-23 22:18 . 2009-09-04 15:29 2475352 c:\windows\system64\D3DX9_42.dll + 2012-04-23 22:18 . 2009-03-09 13:27 5425496 c:\windows\system64\D3DX9_41.dll + 2012-04-23 22:18 . 2008-10-10 02:52 5631312 c:\windows\system64\D3DX9_40.dll + 2012-04-23 22:18 . 2008-07-10 09:00 4992520 c:\windows\system64\D3DX9_39.dll + 2012-04-23 22:18 . 2008-05-30 12:11 4991496 c:\windows\system64\D3DX9_38.dll + 2012-04-23 22:18 . 2008-03-05 13:56 4910088 c:\windows\system64\D3DX9_37.dll + 2012-04-23 22:18 . 2007-10-12 13:14 5081608 c:\windows\system64\d3dx9_36.dll + 2012-04-23 22:18 . 2007-07-19 16:14 5073256 c:\windows\system64\d3dx9_35.dll + 2012-04-23 22:18 . 2007-05-16 14:45 4496232 c:\windows\system64\d3dx9_34.dll + 2012-04-23 22:17 . 2007-03-12 14:42 4494184 c:\windows\system64\d3dx9_33.dll + 2012-04-23 22:17 . 2006-09-28 14:05 3977496 c:\windows\system64\d3dx9_31.dll + 2012-04-23 22:18 . 2010-05-26 09:41 1907552 c:\windows\system64\d3dcsx_43.dll + 2012-04-23 22:18 . 2009-09-04 15:29 5554512 c:\windows\system64\d3dcsx_42.dll + 2012-04-23 22:18 . 2010-05-26 09:41 2526056 c:\windows\system64\D3DCompiler_43.dll + 2012-04-23 22:18 . 2009-09-04 15:29 2582888 c:\windows\system64\D3DCompiler_42.dll + 2012-04-23 22:18 . 2009-03-09 13:27 2430312 c:\windows\system64\D3DCompiler_41.dll + 2012-04-23 22:18 . 2008-10-10 02:52 2605920 c:\windows\system64\D3DCompiler_40.dll + 2012-04-23 22:18 . 2008-07-10 09:00 1942552 c:\windows\system64\D3DCompiler_39.dll + 2012-04-23 22:18 . 2008-05-30 12:11 1941528 c:\windows\system64\D3DCompiler_38.dll + 2012-04-23 22:18 . 2008-03-05 13:56 1860120 c:\windows\system64\D3DCompiler_37.dll + 2012-04-23 22:18 . 2007-10-12 13:14 2006552 c:\windows\system64\D3DCompiler_36.dll + 2012-04-23 22:18 . 2007-07-19 16:14 1985904 c:\windows\system64\D3DCompiler_35.dll + 2012-04-23 22:18 . 2007-05-16 14:45 1401200 c:\windows\system64\D3DCompiler_34.dll + 2012-04-23 22:17 . 2007-03-12 14:42 1400176 c:\windows\system64\D3DCompiler_33.dll + 2012-06-13 06:06 . 2012-04-24 05:37 1462272 c:\windows\system64\crypt32.dll + 2012-06-13 14:57 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll + 2012-06-13 06:06 . 2012-05-15 01:32 3146752 c:\windows\system32\win32k.sys + 2012-06-13 14:57 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll + 2012-05-08 21:14 . 2012-03-31 05:40 1402880 c:\windows\system32\spool\drivers\x64\3\JNWDRV.dll - 2009-07-14 00:03 . 2009-07-14 01:41 1402880 c:\windows\system32\spool\drivers\x64\3\JNWDRV.dll + 2012-03-14 08:47 . 2012-02-17 06:38 1031680 c:\windows\system32\rdpcore.dll - 2011-06-06 23:35 . 2010-11-20 13:27 1031680 c:\windows\system32\rdpcore.dll + 2012-06-13 06:06 . 2012-05-04 11:06 5559664 c:\windows\system32\ntoskrnl.exe + 2012-06-13 06:06 . 2012-04-07 12:31 3216384 c:\windows\system32\msi.dll + 2012-06-13 14:57 . 2012-05-18 02:06 2311680 c:\windows\system32\jscript9.dll + 2012-06-13 14:57 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll + 2012-05-08 21:15 . 2012-03-03 06:35 1544704 c:\windows\system32\DWrite.dll + 2012-05-08 21:14 . 2012-03-30 11:35 1918320 c:\windows\system32\drivers\tcpip.sys + 2012-04-23 22:18 . 2010-05-26 09:41 2401112 c:\windows\system32\D3DX9_43.dll + 2012-04-23 22:18 . 2009-09-04 15:29 2475352 c:\windows\system32\D3DX9_42.dll + 2012-04-23 22:18 . 2009-03-09 13:27 5425496 c:\windows\system32\D3DX9_41.dll + 2012-04-23 22:18 . 2008-10-10 02:52 5631312 c:\windows\system32\D3DX9_40.dll + 2012-04-23 22:18 . 2008-07-10 09:00 4992520 c:\windows\system32\D3DX9_39.dll + 2012-04-23 22:18 . 2008-05-30 12:11 4991496 c:\windows\system32\D3DX9_38.dll + 2012-04-23 22:18 . 2008-03-05 13:56 4910088 c:\windows\system32\D3DX9_37.dll + 2012-04-23 22:18 . 2007-10-12 13:14 5081608 c:\windows\system32\d3dx9_36.dll + 2012-04-23 22:18 . 2007-07-19 16:14 5073256 c:\windows\system32\d3dx9_35.dll + 2012-04-23 22:18 . 2007-05-16 14:45 4496232 c:\windows\system32\d3dx9_34.dll + 2012-04-23 22:17 . 2007-03-12 14:42 4494184 c:\windows\system32\d3dx9_33.dll + 2012-04-23 22:17 . 2006-09-28 14:05 3977496 c:\windows\system32\d3dx9_31.dll + 2012-04-23 22:18 . 2010-05-26 09:41 1907552 c:\windows\system32\d3dcsx_43.dll + 2012-04-23 22:18 . 2009-09-04 15:29 5554512 c:\windows\system32\d3dcsx_42.dll + 2012-04-23 22:18 . 2010-05-26 09:41 2526056 c:\windows\system32\D3DCompiler_43.dll + 2012-04-23 22:18 . 2009-09-04 15:29 2582888 c:\windows\system32\D3DCompiler_42.dll + 2012-04-23 22:18 . 2009-03-09 13:27 2430312 c:\windows\system32\D3DCompiler_41.dll + 2012-04-23 22:18 . 2008-10-10 02:52 2605920 c:\windows\system32\D3DCompiler_40.dll + 2012-04-23 22:18 . 2008-07-10 09:00 1942552 c:\windows\system32\D3DCompiler_39.dll + 2012-04-23 22:18 . 2008-05-30 12:11 1941528 c:\windows\system32\D3DCompiler_38.dll + 2012-04-23 22:18 . 2008-03-05 13:56 1860120 c:\windows\system32\D3DCompiler_37.dll + 2012-04-23 22:18 . 2007-10-12 13:14 2006552 c:\windows\system32\D3DCompiler_36.dll + 2012-04-23 22:18 . 2007-07-19 16:14 1985904 c:\windows\system32\D3DCompiler_35.dll + 2012-04-23 22:18 . 2007-05-16 14:45 1401200 c:\windows\system32\D3DCompiler_34.dll + 2012-04-23 22:17 . 2007-03-12 14:42 1400176 c:\windows\system32\D3DCompiler_33.dll + 2012-06-13 06:06 . 2012-04-24 05:37 1462272 c:\windows\system32\crypt32.dll + 2009-07-14 04:45 . 2012-06-23 10:02 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-02-17 01:04 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2011-05-20 18:46 . 2012-03-02 05:02 1752696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-05-20 18:46 . 2012-06-30 18:57 1752696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-06-10 23:28 . 2012-07-02 13:29 3119796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2155248324-3539292037-1374523505-1000-12288.dat + 2012-01-19 11:08 . 2012-01-19 11:08 1369872 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll + 2012-01-19 11:08 . 2012-01-19 11:08 6429992 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll + 2012-01-19 11:52 . 2012-01-19 11:52 3825952 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll + 2012-03-15 11:17 . 2012-03-15 11:17 5029672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll + 2011-12-15 11:08 . 2011-12-15 11:08 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll + 2011-12-15 12:01 . 2011-12-15 12:01 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll + 2011-12-15 12:01 . 2011-12-15 12:01 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll + 2011-12-15 12:01 . 2011-12-15 12:01 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll + 2011-12-15 12:01 . 2011-12-15 12:01 1512712 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll + 2011-12-15 12:01 . 2011-12-15 12:01 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll + 2012-05-08 21:14 . 2012-02-10 23:29 2256152 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - 2011-06-28 17:34 . 2011-03-29 22:32 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll + 2012-06-13 06:06 . 2012-03-21 22:30 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll - 2012-02-16 19:43 . 2011-10-31 23:15 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll + 2012-05-08 21:14 . 2012-01-04 03:34 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll + 2012-06-13 06:06 . 2012-03-21 22:30 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll - 2011-06-06 23:34 . 2010-11-05 01:56 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll + 2012-05-08 21:14 . 2012-01-04 03:34 9992464 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - 2011-10-14 03:05 . 2011-07-08 22:31 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll + 2012-05-08 21:14 . 2012-01-04 03:34 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll + 2012-05-08 21:14 . 2012-01-04 03:34 1577232 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll + 2012-05-08 21:14 . 2012-01-04 03:34 1756432 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll + 2012-01-19 11:08 . 2012-01-19 11:08 1369872 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll + 2012-01-19 11:08 . 2012-01-19 11:08 6429992 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll + 2012-01-19 11:08 . 2012-01-19 11:08 3790112 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll + 2012-03-15 11:17 . 2012-03-15 11:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll + 2011-12-15 11:08 . 2011-12-15 11:08 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll + 2011-12-15 11:08 . 2011-12-15 11:08 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll + 2011-12-15 11:08 . 2011-12-15 11:08 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll + 2011-12-15 11:08 . 2011-12-15 11:08 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll + 2012-05-08 21:14 . 2012-02-10 23:31 1737496 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll - 2011-06-28 17:34 . 2011-03-29 22:33 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll + 2012-06-13 06:06 . 2012-03-21 22:32 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll + 2012-05-08 21:14 . 2012-01-04 02:51 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll - 2012-02-16 19:43 . 2011-10-31 23:16 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll + 2012-06-13 06:06 . 2012-03-21 22:32 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll - 2011-06-06 23:34 . 2010-11-05 01:58 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll + 2012-05-08 21:14 . 2012-01-04 02:51 5925136 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - 2011-10-14 03:05 . 2011-07-08 22:33 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2012-05-08 21:14 . 2012-01-04 02:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2012-06-13 15:06 . 2012-06-13 15:06 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2012-06-13 15:06 . 2012-06-13 15:06 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll - 2012-02-17 00:27 . 2012-02-17 00:27 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll + 2012-06-13 15:06 . 2012-06-13 15:06 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll + 2012-06-13 15:06 . 2012-06-13 15:06 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2012-06-13 15:06 . 2012-06-13 15:06 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll - 2012-02-17 00:27 . 2012-02-17 00:27 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll + 2012-06-13 15:06 . 2012-06-13 15:06 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll - 2012-02-17 00:27 . 2012-02-17 00:27 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2012-06-13 15:06 . 2012-06-13 15:06 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll - 2012-02-17 00:27 . 2012-02-17 00:27 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll + 2012-06-13 15:06 . 2012-06-13 15:06 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll - 2012-02-17 00:27 . 2012-02-17 00:27 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll + 2012-06-13 15:06 . 2012-06-13 15:06 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll - 2012-02-17 00:27 . 2012-02-17 00:27 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll - 2012-02-17 00:27 . 2012-02-17 00:27 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll + 2012-06-13 15:06 . 2012-06-13 15:06 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll + 2012-06-13 15:06 . 2012-06-13 15:06 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll - 2012-02-17 00:27 . 2012-02-17 00:27 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll + 2012-06-13 15:06 . 2012-06-13 15:06 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll - 2012-02-17 00:27 . 2012-02-17 00:27 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll + 2012-06-13 15:06 . 2012-06-13 15:06 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll + 2012-06-13 15:06 . 2012-06-13 15:06 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2012-06-13 15:06 . 2012-06-13 15:06 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll - 2012-02-17 00:27 . 2012-02-17 00:27 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2012-06-13 15:06 . 2012-06-13 15:06 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2012-06-13 15:05 . 2012-06-13 15:05 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - 2012-02-17 00:26 . 2012-02-17 00:26 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll + 2012-06-13 15:06 . 2012-06-13 15:06 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2012-06-13 15:05 . 2012-06-13 15:05 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-06-13 15:06 . 2012-06-13 15:06 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll - 2012-02-17 00:27 . 2012-02-17 00:27 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2012-04-27 06:11 . 2012-04-27 06:11 8451072 c:\windows\Installer\dd1ae5.msi + 2012-05-04 09:43 . 2012-05-04 09:43 8449024 c:\windows\Installer\a55e963.msi + 2011-09-15 17:40 . 2011-09-15 17:40 4760064 c:\windows\Installer\98fbe4.msp + 2011-09-15 17:40 . 2011-09-15 17:40 7959552 c:\windows\Installer\98fbdc.msp + 2011-09-15 17:34 . 2011-09-15 17:34 8499712 c:\windows\Installer\98fbb8.msp + 2012-04-10 20:48 . 2012-04-10 20:48 8399360 c:\windows\Installer\86323.msi + 2012-04-10 20:50 . 2012-04-10 20:50 8544256 c:\windows\Installer\8631b.msi + 2012-04-04 20:38 . 2012-04-04 20:38 2831360 c:\windows\Installer\81c60e1.msp + 2012-04-28 19:44 . 2012-04-28 19:44 9101824 c:\windows\Installer\81c60c9.msp + 2012-04-28 19:44 . 2012-04-28 19:44 9586176 c:\windows\Installer\81c60b1.msp + 2012-04-30 12:38 . 2012-04-30 12:38 5011456 c:\windows\Installer\81c608a.msp + 2012-04-04 20:38 . 2012-04-04 20:38 3620864 c:\windows\Installer\81c604e.msp + 2012-03-15 00:24 . 2012-03-15 00:24 1795584 c:\windows\Installer\81c6036.msp + 2012-04-28 19:43 . 2012-04-28 19:43 8459264 c:\windows\Installer\81c601e.msp + 2012-02-17 06:45 . 2012-02-17 06:45 2299392 c:\windows\Installer\81c6006.msp + 2012-05-29 08:13 . 2012-05-29 08:13 8449024 c:\windows\Installer\69544.msi + 2012-06-12 12:01 . 2012-06-12 12:01 8449024 c:\windows\Installer\68933.msi + 2012-06-19 13:26 . 2012-06-19 13:26 2871808 c:\windows\Installer\5ea47.msi + 2012-05-30 05:17 . 2012-05-30 05:17 5010432 c:\windows\Installer\4569cdc.msp + 2012-04-22 20:46 . 2012-04-22 20:46 1187328 c:\windows\Installer\4569cc5.msp + 2012-03-15 12:26 . 2012-03-15 12:26 4212736 c:\windows\Installer\4569cbb.msp + 2012-05-16 06:28 . 2012-05-16 06:28 8449024 c:\windows\Installer\43e5f.msi + 2012-01-22 08:20 . 2012-01-22 08:20 1707520 c:\windows\Installer\3d3b20.msp + 2012-03-26 22:28 . 2012-03-26 22:28 5009920 c:\windows\Installer\3d3b15.msp + 2012-03-23 12:59 . 2012-03-23 12:59 7899648 c:\windows\Installer\3d3afd.msp + 2011-11-01 11:34 . 2011-11-01 11:34 1169920 c:\windows\Installer\3d3ae5.msp + 2012-02-29 22:45 . 2012-02-29 22:45 4989440 c:\windows\Installer\264d2cb.msp + 2012-05-01 10:08 . 2012-05-01 10:08 9351168 c:\windows\Installer\1dff1.msi + 2011-08-28 13:42 . 2012-06-13 15:07 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2011-08-28 13:42 . 2012-02-17 00:24 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2011-08-28 13:42 . 2012-02-17 00:24 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2011-08-28 13:42 . 2012-06-13 15:07 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2012-02-19 03:03 . 2012-02-19 03:03 1442656 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgxpla.dll + 2012-02-22 03:27 . 2012-02-22 03:27 1962816 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgwd.dll + 2012-02-16 02:57 . 2012-02-16 02:57 2636640 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avguiadv.dll + 2012-02-18 03:05 . 2012-02-18 03:05 4347744 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgui.exe + 2012-02-16 02:57 . 2012-02-16 02:57 2575712 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgtray.exe + 2012-02-28 09:36 . 2012-02-28 09:36 9460064 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\AVGTBInstall.exe + 2012-02-14 02:53 . 2012-02-14 02:53 1987936 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgssiea.dll + 2012-02-14 02:53 . 2012-02-14 02:53 1408352 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgssie.dll + 2012-02-14 02:53 . 2012-02-14 02:53 1721696 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgscana.exe + 2012-02-23 02:36 . 2012-02-23 02:36 2039648 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgnsa.exe + 2012-02-14 02:52 . 2012-02-14 02:52 5104992 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\AVGIDSAgent.exe + 2012-02-14 02:52 . 2012-02-14 02:52 1601888 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgemca.exe + 2012-02-20 03:04 . 2012-02-20 03:04 1321824 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgdtiea.dll + 2012-02-14 02:53 . 2012-02-14 02:53 2680160 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgdiagex.exe + 2012-02-16 02:57 . 2012-02-16 02:57 1261408 c:\windows\Installer\$PatchCache$\Managed\C2876669BBECA2D46815A520EAAC0843\12.0.2127\avgabout.dll + 2012-04-08 09:27 . 2012-04-08 09:27 5158992 c:\windows\Installer\$PatchCache$\Managed\965E9A3EC929617428117D2DDA4C764E\12.0.2169\AVGIDSAgent.exe + 2011-08-17 08:49 . 2011-08-17 08:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\WRD12CNV.DLL + 2009-10-09 21:10 . 2009-10-09 21:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\VBE6.DLL + 2011-07-07 01:58 . 2011-07-07 01:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\OGL.DLL + 2006-10-26 18:25 . 2006-10-26 18:25 2172688 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PSRCHFEA.DLL + 2012-05-09 16:57 . 2012-05-09 16:57 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e41f5739292f4771c64a55940369efd2\WindowsBase.ni.dll + 2012-06-13 23:23 . 2012-06-13 23:23 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll + 2012-05-09 17:02 . 2012-05-09 17:02 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\6ee9d76d9f1e618cd6fb94b13355bcc9\UIAutomationClientsideProviders.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\28ca4f076264ab07f1d00a6c9623dc49\System.Xml.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\df013cbfec0defc7e9997cdaa90b89bc\System.Xaml.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll + 2012-05-09 17:01 . 2012-05-09 17:01 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bc6df78c506c89659ab7be738179b2ba\System.Web.Services.ni.dll + 2012-05-09 17:01 . 2012-05-09 17:01 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\cd7c3aed4408c3554c30a8f0236b90e1\System.Speech.ni.dll + 2012-05-09 17:01 . 2012-05-09 17:01 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\94289b88c5b494f572cd7114fa995487\System.ServiceModel.Activities.ni.dll + 2012-05-09 17:01 . 2012-05-09 17:01 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\2dbc7aabd92cc0d470acb455c498d919\System.ServiceModel.Discovery.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\affb28e2d9cc3c19de0758e7e8c68e8f\System.Runtime.Serialization.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\b37e6f4b1d742031f328504eb99d0f6c\System.Runtime.DurableInstancing.ni.dll + 2012-06-13 23:24 . 2012-06-13 23:24 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll + 2012-05-09 16:59 . 2012-05-09 16:59 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\682ea473b36fc9043d982c4f5a667568\System.Printing.ni.dll + 2012-05-09 17:00 . 2012-05-09 17:00 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\b83f2453b4538b2e80fe09cfd94dce00\System.Management.ni.dll + 2012-05-09 17:00 . 2012-05-09 17:00 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\60bf6251873ef465abcebeb9a24b7932\System.IdentityModel.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\8e10d4f2a408dc5a9740f8d0df5cebac\System.EnterpriseServices.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 2303488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\dadeee26c90fecbf3196eba10dc077b4\System.Drawing.ni.dll + 2012-06-13 23:24 . 2012-06-13 23:24 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll + 2012-05-09 17:00 . 2012-05-09 17:00 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\a68116468a194678fd04167067134712\System.DirectoryServices.AccountManagement.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\3a737af86a6a819af97a6d1a04c0e944\System.DirectoryServices.ni.dll + 2012-06-13 23:24 . 2012-06-13 23:24 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll + 2012-06-13 15:04 . 2012-06-13 15:04 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\8fce722dc334f83b7695e7f64a629986\System.Deployment.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\0ec8effb7b9d03ae69d37922813bc880\System.Data.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\0eb72df497fad5c273ff16f88b0fb950\System.Data.SqlXml.ni.dll + 2012-05-09 17:00 . 2012-05-09 17:00 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\536e12016ad3adc78e0708b77e6b9219\System.Data.Services.Client.ni.dll + 2012-05-09 17:00 . 2012-05-09 17:00 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\86553c1d7f3e66c17fc3e0274de7a2de\System.Data.Linq.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\6aea67f24827961ce1d48356715389d8\System.Configuration.ni.dll + 2012-05-09 16:59 . 2012-05-09 16:59 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\eac19ca5a18a6d08cd247e68b618ba68\System.ComponentModel.Composition.ni.dll + 2012-05-09 16:59 . 2012-05-09 16:59 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\3869077874ba987242c791b3a18b2f8b\System.Activities.ni.dll + 2012-06-13 23:24 . 2012-06-13 23:24 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll + 2012-05-09 16:59 . 2012-05-09 16:59 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\96083298999a677341c98fc2bf01b248\System.Activities.Core.Presentation.ni.dll + 2012-05-09 16:59 . 2012-05-09 16:59 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\fe1704ff12348776e6b70dd4a2c69163\ReachFramework.ni.dll + 2012-06-13 23:24 . 2012-06-13 23:24 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll + 2012-06-13 23:24 . 2012-06-13 23:24 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll + 2012-06-13 15:04 . 2012-06-13 15:04 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\32bece98175466e5a63d120d96e33269\PresentationUI.ni.dll + 2012-06-13 15:04 . 2012-06-13 15:04 1843712 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\f866554cae3c9bf97ef2fa2e90f4ebda\Microsoft.VisualBasic.Compatibility.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 1843712 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\e4d308f69077903e24de92fe4fc06d29\Microsoft.VisualBasic.Compatibility.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll + 2012-06-13 15:04 . 2012-06-13 15:04 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\44f8907ea08f9c7ff390b17a925a98fd\Microsoft.VisualBasic.ni.dll + 2012-05-09 16:57 . 2012-05-09 16:57 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\16425c121db8083cbaa51f619c9e51e7\Microsoft.VisualBasic.Activities.Compiler.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\5284682fcf04815a86233bcaf696da66\Microsoft.Transactions.Bridge.ni.dll + 2012-05-09 17:01 . 2012-05-09 17:01 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4b1d24a96b3882f9e77445e48a7c59ee\Microsoft.JScript.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\1ff62486cdefbfc2dab41b686a9aa4e2\Microsoft.CSharp.ni.dll + 2012-06-13 15:06 . 2012-06-13 15:06 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\24ed0e1df6a605cdb2088f87ae2ab8ff\UIAutomationClientsideProviders.ni.dll + 2012-05-09 01:08 . 2012-05-09 01:08 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll + 2012-05-09 01:08 . 2012-05-09 01:08 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b37cc0aa41e7feaba9f290da4da91d71\System.Web.Services.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\f368c85283c4e6c9650dd1c8d369dcc5\System.Speech.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ec057796972ce41b751eaa3a8306fbcb\System.ServiceModel.Discovery.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5055b60e339143bbace5871f5fe4b114\System.ServiceModel.Activities.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll + 2012-06-13 15:06 . 2012-06-13 15:06 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\0fe1e56d17858b6156a3a46330f75f27\System.DirectoryServices.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll + 2012-05-09 01:09 . 2012-05-09 01:09 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll + 2012-05-09 01:08 . 2012-05-09 01:08 2550272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\fdb98c6d783fe167c1dc0022f27b7cd6\System.Data.SqlXml.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\b894a1df3e6d58ada8f1aa303465ca23\System.Data.Services.Client.ni.dll + 2012-05-09 01:09 . 2012-05-09 01:09 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\82c0c56ff8259e1440cfd0d5727a26d8\System.Data.Linq.ni.dll + 2012-05-09 01:08 . 2012-05-09 01:08 7069184 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll + 2012-05-09 16:49 . 2012-05-09 16:49 4129280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\51025a1c89f6fd752a5396a059d608b2\System.Activities.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll + 2012-05-09 16:49 . 2012-05-09 16:49 1546752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\66893548d2b2cad29cabf3b3578f356f\System.Activities.Core.Presentation.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\42a7f127f3fda82fb12c6a6e144d08c1\Microsoft.VisualBasic.Activities.Compiler.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2ed0173a2e75b1a3943bd2d96649a50c\Microsoft.VisualBasic.Compatibility.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9a37f4e64ce5b856ac3892fef064c7de\Microsoft.Transactions.Bridge.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\cfcc92c125ddfaabad24abe61cfc0471\Microsoft.JScript.ni.dll + 2012-05-09 01:09 . 2012-05-09 01:09 1616896 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\9912b6d76c1017b5af6ef24730f550ca\Microsoft.CSharp.ni.dll + 2012-05-09 01:25 . 2012-05-09 01:25 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\4bcc5a6e9e9d25e068fc304bd7eda6af\WindowsBase.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\783df1ee260d3df406fa80afa38502d4\UIAutomationClientsideProviders.ni.dll + 2012-05-09 01:25 . 2012-05-09 01:25 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\24d1b7ccbedaa3602bae6a6acea9929e\System.Xml.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\70cc5e8a5a3372fe0b104c1b20392cd2\System.WorkflowServices.ni.dll + 2012-06-13 22:29 . 2012-06-13 22:29 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\aa638ba79250284eb4af4adaa4a4117b\System.Workflow.Runtime.ni.dll + 2012-06-13 22:29 . 2012-06-13 22:29 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\996dc2af3b9e5c111130935f298908c6\System.Workflow.ComponentModel.ni.dll + 2012-06-13 22:29 . 2012-06-13 22:29 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\178797db84abae2eeaed835bd28ca52c\System.Workflow.Activities.ni.dll + 2012-06-13 22:29 . 2012-06-13 22:29 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\a32734087cd0db5607d5744ca63235d7\System.Web.Services.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\af7689e8cbec5d2755497be23c30e293\System.Web.Mobile.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\768ea257d75839979b4efb2d49d653f6\System.Web.Extensions.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2c47bc5d426a7cf9ffef1425eda08184\System.Web.Extensions.Design.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\ca51f026916139f886519fdf6d6c73e9\System.Speech.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\56ee9b5f220583c1c7374a61ad904044\System.ServiceModel.Web.ni.dll + 2012-05-09 16:51 . 2012-05-09 16:51 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\265531568722647aab229a2cec195b3d\System.Runtime.Serialization.ni.dll + 2012-05-09 01:27 . 2012-05-09 01:27 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\2a02b172fa4cf3d93ce7388b67b2a199\System.Runtime.Remoting.ni.dll + 2012-06-13 22:28 . 2012-06-13 22:28 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\b964519964d302b4977e1380d8d15f1a\System.Printing.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\fd4a8227569e64d657b80483da8ffe78\System.Management.ni.dll + 2012-05-09 16:51 . 2012-05-09 16:51 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\d1f21a29e79e73b5401fae156f339f67\System.IdentityModel.ni.dll + 2012-05-09 01:27 . 2012-05-09 01:27 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\d50cde53634ccbb5e0231738784ff4b8\System.EnterpriseServices.ni.dll + 2012-06-13 22:27 . 2012-06-13 22:27 2318848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\222eb8aa336953a6b0216db2b0c4770d\System.Drawing.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\39d16229a3d5c6e7c1594ef10758bf75\System.DirectoryServices.AccountManagement.ni.dll + 2012-05-09 01:27 . 2012-05-09 01:27 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\152ef61928f1c300fdad8fa6d5905880\System.DirectoryServices.ni.dll + 2012-06-13 22:27 . 2012-06-13 22:27 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6e4e9b07f376d445df1718c0011fa99b\System.Deployment.ni.dll + 2012-05-09 01:27 . 2012-05-09 01:27 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\ea1848ec07c70f3d3c3445f4fbdae87a\System.Data.ni.dll + 2012-05-09 01:25 . 2012-05-09 01:25 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\7f6f74f1cc0ea6c40a2d6707b12af818\System.Data.SqlXml.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\0679fe5f3f9164f499e50cdade962ba3\System.Data.Services.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\2e9de1acfb7974cad94b747442ca325f\System.Data.Services.Client.ni.dll + 2012-05-09 01:28 . 2012-05-09 01:28 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\97429a1c70c94c49850be3f944a32a2e\System.Data.OracleClient.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\2ec3d436b861d35c586b710a570e170d\System.Data.Linq.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7b5364bc524988f7ca5b8c20a24119d\System.Data.Entity.Design.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\766ce7ee1a2e4f2a85fd90e7572f5d53\System.Core.ni.dll + 2012-05-09 01:19 . 2012-05-09 01:19 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\193d03ca60573c92f92d9b07fa5bc243\System.Configuration.ni.dll + 2012-06-13 22:28 . 2012-06-13 22:28 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\1f88a3693c8ddd527a130aff49dc58b3\ReachFramework.ni.dll + 2012-06-13 22:28 . 2012-06-13 22:28 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\b91c32fab08ba62d8c7681cc596895be\PresentationUI.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\4fbff79b8ebf082d08c0080923ff5036\PresentationBuildTasks.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\ac1ba76ed19d668ce53a74593f040453\Narrator.ni.exe + 2012-06-13 23:22 . 2012-06-13 23:22 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\df2557ab1b8e4389d846e13dc82eba57\MMCEx.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\61812970c4743b686a67f28687e1dcb6\MIGUIControls.ni.dll + 2012-06-13 23:22 . 2012-06-13 23:22 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\1586ee919f86130df9771cf9b8d95d3a\Microsoft.VisualBasic.ni.dll + 2012-05-09 16:51 . 2012-05-09 16:51 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\28ba52bc122353647f1b547506e2df7c\Microsoft.Transactions.Bridge.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f5790625975320b1ffad63b476da9132\Microsoft.PowerShell.Commands.Management.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ca7e936eed0de2436d87b2601ee3a20a\Microsoft.PowerShell.Editor.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6caa366471176a065a96d77e8ba01eeb\Microsoft.PowerShell.Commands.Utility.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3040e2de07177c0a6a66a49de61fdc59\Microsoft.PowerShell.GPowerShell.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c057be8bb6614cce013af3721fe34983\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll + 2012-06-13 23:20 . 2012-06-13 23:20 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b2afc0af3d89ae00e973b4e6e9db382c\Microsoft.MediaCenter.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\73bfbdccdc1b0ae87f70a0ec594fee3c\Microsoft.MediaCenter.Bml.ni.dll + 2012-06-13 23:20 . 2012-06-13 23:20 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\653e1ee01f10d658d52ca42e17e74283\Microsoft.MediaCenter.UI.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\260d83ee2128a3388051cf416d4450b0\Microsoft.MediaCenter.Shell.ni.dll + 2012-05-09 16:54 . 2012-05-09 16:54 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\094f6a515ca31504f96b4bad5848d692\Microsoft.JScript.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\dac69844e6333484159a4cf544190906\Microsoft.Ink.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4b362e9e25c33e371f06403edec8849a\Microsoft.Build.Tasks.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\33730d136a34d2f4e56a0322f49ee9b6\Microsoft.Build.Tasks.v3.5.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\f1a0df6a86ceb708c5e50338f12b77ba\Microsoft.Build.Engine.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\6b727c7aa69ae3e04a869908bfbae696\Microsoft.Build.Engine.ni.dll + 2012-06-13 23:20 . 2012-06-13 23:20 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\cc4844e7242c1e35d145bf2439f944c5\mcstore.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\596902addad034f4df2caf291b12d61d\mcepg.ni.dll + 2012-05-09 16:52 . 2012-05-09 16:52 2184192 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\cdad46cd58389f53308b735e6f29ce1f\ehiVidCtl.ni.dll + 2012-05-09 16:51 . 2012-05-09 16:51 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\0423915e377ec85d71ac216fafa77ab0\ehiProxy.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fe29ec14034fcf7bd83f609ee5327f03\WindowsLive.Writer.Localization.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ccb5629a16edaafb40d3bdec51c70451\WindowsLive.Writer.ApplicationFramework.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\81c0c8525a9f6ff5c97e95a331eba69c\WindowsLive.Writer.CoreServices.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 7025152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\369eb9f2556436aadf9bc93610124d3b\WindowsLive.Writer.PostEditor.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\3b452cde57280624e1085699fe8beb03\UIAutomationClientsideProviders.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 7967232 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 5452800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll + 2012-06-13 22:31 . 2012-06-13 22:31 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\88bfc62ac0195a8ae673c444a3339505\System.Workflow.Runtime.ni.dll + 2012-06-13 22:31 . 2012-06-13 22:31 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\cfb739be21092d5b8f7b4fde529e6aaa\System.Workflow.ComponentModel.ni.dll + 2012-06-13 22:31 . 2012-06-13 22:31 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a815fffab98375c1919df68b5b292725\System.Workflow.Activities.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4a90802e36dee6e10d9bf54832cbf549\System.Web.Mobile.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c45efc7ec92c1da8e67eb597559ec39c\System.Web.Extensions.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\a8495b797e6f7adddc5811a4e1f97db5\System.Management.Automation.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ef0d8a4790c24a3a091170958bc7b976\System.DirectoryServices.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 6610944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\e2073751227120ce228e00e26dfe5fca\System.Data.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e9774272e9fc6ca49e6c616a31783040\System.Data.SqlXml.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\3285887b33030a7ce453573d3bed4e95\System.Data.Services.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\330d3ad45a00455b537047183e128def\System.Data.Services.Client.ni.dll + 2012-05-09 01:25 . 2012-05-09 01:25 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\fdfc5f89534872f4e53471d78cb7f151\System.Data.OracleClient.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\2fe1658f05b0a96fe25c956a31d27b06\System.Data.Linq.ni.dll + 2012-05-09 16:48 . 2012-05-09 16:48 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\163517c8a195fb48f7ef6ee17c585bdb\PresentationUI.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b3f13707cbd5d48aabaa9ef5264c8a30\PresentationBuildTasks.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\17add09c98fa34255142d42697db53df\Narrator.ni.exe + 2012-06-13 23:26 . 2012-06-13 23:26 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\21abde8efab609732b2ade3f05234e79\MMCEx.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\0e7da0df83f0619e3b0e0a7d7ee05fa3\MIGUIControls.ni.dll + 2012-06-13 23:26 . 2012-06-13 23:26 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cd9e47effec6549cdec61eb3aef99f7c\Microsoft.Transactions.Bridge.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7a1acd4156c9dbdd408dc126e19e2af0\Microsoft.PowerShell.Commands.Utility.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\77b5496d214dd5034294b058c0bb0e8d\Microsoft.PowerShell.GPowerShell.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\72765e5fab12761eb6d3f58180fa34d7\Microsoft.PowerShell.Editor.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll + 2012-05-09 16:47 . 2012-05-09 16:47 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\e3d2577e00aef6bc9b3e235eb83634f3\Microsoft.JScript.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Microsoft.Ink.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3893fa9a19b52dee8b2cc424840d5d08\Microsoft.Build.Tasks.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1d2250044b1ecff755e26ed12f6d27cb\Microsoft.Build.Tasks.v3.5.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6b66f52dbd8f87e53c3c9a1de7ca5bba\Microsoft.Build.Engine.ni.dll + 2012-06-13 23:25 . 2012-06-13 23:25 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\3a4e56a8d1075cf0af0619c383b3e592\mcstore.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\69b8de21b08c3412422c5918399ed702\mcepg.ni.dll + 2012-05-08 21:14 . 2012-02-10 23:31 1253376 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll - 2011-06-06 23:36 . 2010-11-05 01:53 1253376 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll - 2012-02-16 19:43 . 2011-10-31 23:16 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2012-05-08 21:14 . 2012-01-04 02:51 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - 2011-06-28 17:34 . 2011-03-29 22:33 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2012-06-13 06:06 . 2012-03-21 22:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2011-06-06 23:34 . 2010-11-05 01:58 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2012-06-13 06:06 . 2012-03-21 22:32 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2012-05-08 21:14 . 2012-02-10 23:31 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2012-05-08 21:14 . 2012-02-10 23:29 2256152 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll + 2012-05-08 21:14 . 2012-02-10 23:29 3998208 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2011-10-14 03:05 . 2011-07-08 22:31 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-05-08 21:14 . 2012-01-04 03:34 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-05-08 21:14 . 2012-02-10 23:31 1737496 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll + 2012-05-08 21:14 . 2012-02-10 23:31 4218880 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2011-06-06 23:36 . 2010-11-05 01:53 4218880 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2011-10-14 03:05 . 2011-07-08 22:33 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-05-08 21:14 . 2012-01-04 02:50 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-03-07 02:03 . 2012-03-07 02:03 1279864 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll + 2012-06-13 14:57 . 2012-05-17 23:11 12314624 c:\windows\SysWOW64\mshtml.dll + 2009-07-14 02:34 . 2012-06-21 15:13 10747904 c:\windows\system64\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:34 . 2012-02-17 01:01 10747904 c:\windows\system64\SMI\Store\Machine\SCHEMA.DAT + 2012-06-13 14:57 . 2012-05-18 02:47 17807360 c:\windows\system64\mshtml.dll + 2011-05-23 07:31 . 2012-06-13 15:02 58957832 c:\windows\system64\MRT.exe + 2012-06-13 14:57 . 2012-05-18 02:16 10924032 c:\windows\system64\ieframe.dll - 2009-07-14 02:34 . 2012-02-17 01:01 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2012-06-21 15:13 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2012-06-13 14:57 . 2012-05-18 02:47 17807360 c:\windows\system32\mshtml.dll + 2011-05-23 07:31 . 2012-06-13 15:02 58957832 c:\windows\system32\MRT.exe + 2012-06-13 14:57 . 2012-05-18 02:16 10924032 c:\windows\system32\ieframe.dll + 2011-05-20 22:06 . 2012-07-02 18:08 62327396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2155248324-3539292037-1374523505-1000-8192.dat + 2011-05-21 22:29 . 2012-05-04 15:12 66692572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2155248324-3539292037-1374523505-1000-4096.dat - 2011-05-21 22:29 . 2012-03-02 16:13 66692572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2155248324-3539292037-1374523505-1000-4096.dat + 2011-11-21 23:42 . 2011-11-21 23:42 33189888 c:\windows\Installer\c4197.msp + 2011-09-15 17:38 . 2011-09-15 17:38 10838528 c:\windows\Installer\98fbd1.msp + 2011-09-15 17:37 . 2011-09-15 17:37 14140416 c:\windows\Installer\98fbc5.msp + 2011-09-15 17:42 . 2011-09-15 17:42 38326272 c:\windows\Installer\98f9ca.msp + 2011-09-15 17:42 . 2011-09-15 17:42 14895104 c:\windows\Installer\98f9a3.msp + 2012-01-19 12:20 . 2012-01-19 12:20 11997696 c:\windows\Installer\81c6099.msp + 2011-12-15 12:54 . 2011-12-15 12:54 39732736 c:\windows\Installer\81c6073.msp + 2012-05-09 01:01 . 2012-05-09 01:01 20343808 c:\windows\Installer\81c5ff0.msp + 2011-09-15 19:42 . 2011-09-15 19:42 18115432 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\WWLIB.DLL + 2012-05-09 01:08 . 2012-05-09 01:08 11880448 c:\windows\assembly\NativeImages_v4.0.30319_64\System\935aea6e7eae16674abdd96a68ec97af\System.ni.dll + 2012-06-13 23:24 . 2012-06-13 23:24 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll + 2012-06-13 15:05 . 2012-06-13 15:05 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\d9f25602d3fabd454ee8f8c0b7cd987f\System.Windows.Forms.ni.dll + 2012-05-09 17:01 . 2012-05-09 17:01 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\c4cc7eb7733c4221c32caccfd66ae320\System.ServiceModel.ni.dll + 2012-05-09 17:00 . 2012-05-09 17:00 18479616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9df4e7ae75baa7bbb1af30c8061a6e9b\System.Data.Entity.ni.dll + 2012-05-09 16:56 . 2012-05-09 16:56 10440192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\b64f213e823a591607c45fac4997801e\System.Core.ni.dll + 2012-06-13 23:24 . 2012-06-13 23:24 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll + 2012-05-09 16:58 . 2012-05-09 16:58 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\34c2013b5f730680bd610d6a98d2977f\PresentationFramework.ni.dll + 2012-06-13 23:23 . 2012-06-13 23:23 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll + 2012-05-09 16:57 . 2012-05-09 16:57 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\4464e9df7184e3393b4cbb0f6dc286ba\PresentationCore.ni.dll + 2012-05-09 01:08 . 2012-05-09 01:08 19353600 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\6087fce8f76d9af69af496cb10b7d1ee\mscorlib.ni.dll + 2012-06-13 15:06 . 2012-06-13 15:06 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll + 2012-05-09 16:50 . 2012-05-09 16:50 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\7aa839fb16503243d6ae454ab334bcf4\System.Data.Entity.ni.dll + 2012-06-13 15:06 . 2012-06-13 15:06 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll + 2012-06-13 15:06 . 2012-06-13 15:06 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll + 2012-05-09 01:08 . 2012-05-09 01:08 14412800 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll + 2012-05-09 01:19 . 2012-05-09 01:19 10624512 c:\windows\assembly\NativeImages_v2.0.50727_64\System\c40ec0f4cd203c880298f94c0427dd54\System.ni.dll + 2012-06-13 22:28 . 2012-06-13 22:28 17383424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\dc5bb74eefdbf954cdfb70dd534d5564\System.Windows.Forms.ni.dll + 2012-06-13 22:29 . 2012-06-13 22:29 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\95f38e7485bbe2b73b6055c45196fedd\System.Web.ni.dll + 2012-05-09 16:51 . 2012-05-09 16:51 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\f74b2d1b8cf279ff6bfe479f79e70fe9\System.ServiceModel.ni.dll + 2012-05-09 16:53 . 2012-05-09 16:53 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\00c4a761d0a5cafc00f34d763fe76ac4\System.Management.Automation.ni.dll + 2012-06-13 22:29 . 2012-06-13 22:29 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\582144c0ee317038621aebc626187b56\System.Design.ni.dll + 2012-05-09 16:55 . 2012-05-09 16:55 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\daaff9fe9c85fc171d426a3cb6766dbb\System.Data.Entity.ni.dll + 2012-06-13 22:28 . 2012-06-13 22:28 19198464 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\47054c4d5b7e522c21a9d57797410302\PresentationFramework.ni.dll + 2012-06-13 22:27 . 2012-06-13 22:27 16543232 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3a9d13514a8c4c710fa5ce8e9b5393fe\PresentationCore.ni.dll + 2012-05-09 01:19 . 2012-05-09 01:19 15570944 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\f73f0a9c9a83dcd3ff428be509a7992f\mscorlib.ni.dll + 2012-06-13 23:21 . 2012-06-13 23:21 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\0c1f96a4136efe532bbb8eb91d3de300\ehshell.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 12436480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll + 2012-05-09 16:46 . 2012-05-09 16:46 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll + 2012-06-13 22:30 . 2012-06-13 22:30 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll + 2012-05-09 01:24 . 2012-05-09 01:24 11492864 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll + 2011-09-15 17:34 . 2011-09-15 17:34 428804608 c:\windows\Installer\98fbaa.msp . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-04 12:34 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-06-04 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-08 98304] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-11-01 593920] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-04 1107552] . c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176] R2 HitmanPro36CrusaderBoot;HitmanPro 3.6 Crusader (Boot);c:\program files\HitmanPro\HitmanPro.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-06-04 935008] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Inhoud van de 'Gedeelde Taken' map . 2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 11:38] . 2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 11:38] . 2012-06-16 c:\windows\Tasks\HPCeeScheduleForYVONNE-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-06-30 c:\windows\Tasks\HPCeeScheduleForYvonne.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] 2012-05-08 13:15 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: network.proxy.type - 0 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HitmanPro36CrusaderBoot] "ImagePath"="\"c:\program files\HitmanPro\HitmanPro.exe\" /crusader:boot" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20, 35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b "{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,6b,7c, 1a,82,e9,65,3d,9d,e9,17,af,a2,b0,e5,ab . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c0,1e,2d,53,55,1d,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe . ************************************************************************** . Voltooingstijd: 2012-07-02 20:13:26 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-02 18:13 ComboFix2.txt 2012-03-02 16:18 . Pre-Run: 913.428.520.960 bytes beschikbaar Post-Run: 913.300.541.440 bytes beschikbaar . - - End Of File - - 793E14F4B75AAB142E442B7CF82F1802

Hij had toch nog een infectie gevonden :-(, maar die is succesvol verwijderd [TABLE=width: 128] [TR] [TD=colspan: 2]Scan "De hele computer scannen" is voltooid.[/TD] [/TR] [TR] [TD=colspan: 2]Infecties;"1";"1";"0"[/TD] [/TR] [TR] [TD=colspan: 2]Voor scan geselecteerde mappen:;"De hele computer scannen"[/TD] [/TR] [TR] [TD=colspan: 2]Scan is gestart:;"vrijdag 29 juni 2012, 16:55:04"[/TD] [/TR] [TR] [TD=colspan: 2]Scan voltooid:;"vrijdag 29 juni 2012, 17:03:24 (8 min. 20 seconde (n))"[/TD] [/TR] [TR] [TD=colspan: 2]Totaal gescande objecten:;"1551502"[/TD] [/TR] [TR] [TD=colspan: 2]Gebruiker:;"Yvonne"[/TD] [/TR] [TR] [TD][/TD] [TD][/TD] [/TR] [TR] [TD]Infecties[/TD] [TD][/TD] [/TR] [TR] [TD=colspan: 2];"Bestand";"Infectie";"Resultaat"[/TD] [/TR] [TR] [TD=colspan: 2];"C:\ProgramData\ijmmwxfo.exe";"Trojaans paard Downloader.Agent2.BCVI";"Verplaatst naar de quarantaine"[/TD] [/TR] [/TABLE]

Hoi Kape, Ja ik bedacht me naderhand inderdaad dat het handiger was geweest om ná het verwijderen van Norton en McAfee een hijackthis-log te maken. Maarja, toen was ik alweer op pad. Bij deze voor de tweede maal: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:27:45, on 28-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro 3.6 Crusader (Boot) (HitmanPro36CrusaderBoot) - Unknown owner - C:\Program Files\HitmanPro\HitmanPro.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11683 bytes

Hoi Kape, Ik moet nog even die tools laten draaien voor het verwijderen van de virusscanners, maar heb niet echt veel tijd nu. De virus moest ik er wel even snel afhalen. Hierbij alvast de logjes van Hijackthis en MBAM. Of zou ik weer aparte logjes moeten doen, maar het verwijderen van de overbodige virusscanners? Groetjes Yvonne Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:55:14, on 28-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (file missing) O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro 3.6 Crusader (Boot) (HitmanPro36CrusaderBoot) - Unknown owner - C:\Program Files\HitmanPro\HitmanPro.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12074 bytes Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.orgDatabaseversie: v2012.06.21.10 Windows 7 Service Pack 1 x64 NTFS (Veilige modus) Internet Explorer 9.0.8112.16421 Yvonne :: YVONNE-HP [administrator] 28-6-2012 16:44:03 mbam-log-2012-06-28 (16-44-03).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 233451 Verstreken tijd: 6 minuut/minuten, 1 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:\Users\Yvonne\0.23471927456506214.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)

Beste Kape, Ik had eerder nog geen tijd om te reageren, maar helaas ben ik in de tussentijd ook getroffen door het UKASH-virus-ding. Graag wil ik ook nog wel even terugkomen op je opmerking dat ik 3 virusscanners heb. Dat klopt inderdaad. Ik dacht dat omdat de abonnementen van die anderen niet verlengd had dat ze dan ook geen functie meer hadden. Maar nu we het er toch over hebben. Kun je me zeggen welke van de 3 het beste is of aangeven waar ik objectieve goed onderbouwde info kan vinden. (AVG is op het moment inderdaad de active scanner) Groetjes Yvonne Hierbij alvast een log van Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:00:14, on 27-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Safe mode Running processes: C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKCU\..\Run: [ijmmwxfotlkqfxp] C:\ProgramData\ijmmwxfo.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro 3.6 Crusader (Boot) (HitmanPro36CrusaderBoot) - Unknown owner - C:\Program Files\HitmanPro\HitmanPro.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12010 bytes ---------- Post toegevoegd om 19:11 ---------- Vorige post was om 19:08 ---------- Nou heb er ook voor de volledigheid ook maar vast een MBAM-log gemaakt: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.orgDatabaseversie: v2012.06.21.10 Windows 7 Service Pack 1 x64 FAT (Veilige modus) Internet Explorer 9.0.8112.16421 Yvonne :: YVONNE-HP [administrator] 27-6-2012 21:02:59 mbam-log-2012-06-27 (21-09-53).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 233458 Verstreken tijd: 6 minuut/minuten, 1 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:\Users\Yvonne\0.23471927456506214.exe (Trojan.Agent.Gen) -> Geen actie ondernomen. (einde)

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:17:30, on 22-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAT4ML6W\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro 3.6 Crusader (Boot) (HitmanPro36CrusaderBoot) - Unknown owner - C:\Program Files\HitmanPro\HitmanPro.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12477 bytes

Beste, Ik heb vandaag MBAM een volledige scan laten draaien. Hij gaf aan dat er geen detecties waren. (Heb vandaag ook het programma geupdate vóór de scan). Aan het einde krijg ik toch een waarschuwing AVG. Zie de bijgevoegde foto. inmiddels heb ik het bestand in quarantaine geplaatst. Zou je mij kunnen adviseren over te nemen vervolgstappen of ben ik nu toch "gedekt"? Met vriendelijke groet, Yvonne Hierbij de LOG: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.06.21.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Yvonne :: YVONNE-HP [administrator] 21-6-2012 23:23:45 mbam-log-2012-06-21 (23-23-45).txt Scantype: Volledige scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 413755 Verstreken tijd: 58 minuut/minuten, Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)

Hallo, Ik ben blijkbaar iets vergeten te doen (de pc opnieuw opstarten ))) eh sorry) Hier dan het logje: ComboFix 12-03-01.02 - Yvonne 02-03-2012 17:08:16.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2771 [GMT 1:00] Gestart vanuit: c:\users\Yvonne\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\~rJqTsIIgix2BHg c:\programdata\~rJqTsIIgix2BHgr c:\programdata\boost_interprocess\20120302164729.125600 c:\programdata\boost_interprocess\20120302164729.125600\Nobu64AgentService c:\programdata\boost_interprocess\20120302164729.125600\Nobu64TrayIcon c:\programdata\rJqTsIIgix2BHg C:\Thumbs.db c:\users\Werner\1-g.jpg c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk c:\users\Yvonne\Desktop\System Check.lnk c:\users\Yvonne\unhide.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))) . . 2012-03-02 16:13 . 2012-03-02 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-16 19:44 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-16 19:44 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-16 19:44 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-16 19:44 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-16 19:43 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-16 19:43 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-16 19:43 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-16 19:43 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-05 12:45 . 2012-02-05 12:45 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-27 22:46 . 2012-01-05 17:48 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-01-27 22:16 . 2012-01-05 17:38 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-01-06 05:15 . 2012-01-27 13:02 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1666A426-072C-4E85-8B19-A7C57A7FC154}\mpengine.dll 2011-12-10 14:24 . 2012-01-05 20:50 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-07 09:39 . 2011-07-20 18:14 279096 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-08 98304] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2011-10-12 3151000] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-11-01 593920] . c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176] R2 HitmanPro36CrusaderBoot;HitmanPro 3.6 Crusader (Boot);c:\program files\HitmanPro\HitmanPro.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [2011-05-19 1143416] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110716.031\IDSvia64.sys [2011-07-07 488056] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-20 136824] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 11:38] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 11:38] . 2012-02-17 c:\windows\Tasks\HPCeeScheduleForYVONNE-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-02-19 c:\windows\Tasks\HPCeeScheduleForYvonne.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HitmanPro36CrusaderBoot] "ImagePath"="\"c:\program files\HitmanPro\HitmanPro.exe\" /crusader:boot" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe . ************************************************************************** . Voltooingstijd: 2012-03-02 17:18:02 - machine werd herstart ComboFix-quarantined-files.txt 2012-03-02 16:18 . Pre-Run: 927.900.758.016 bytes beschikbaar Post-Run: 927.808.307.200 bytes beschikbaar . - - End Of File - - 9C0A1F9AB195CA7555B8A371109ED33E

Eventueel, als we er zo niet uit komen, kan ik morgen via de pc van iemand anders de log plaatsen. Ik kan de log wel vie 'deze computer' op een Yang plaatsen.

Beste, Ik heb niet zo goed nieuws. Combofix is inmiddels klaar en heeft een log gemaakt, maar ik kan nu geen programma's meer openen. Geen internet, geen paint, geen word, geen youtubeconverter, geen calculator. Ik kan de log dan ook niet posten. Gelukkig heb ik wel internet op mijn mobiel . Ik zag aan het begin van combofix dat er een systeemherstelpunt werd aangemaakt. Configuratiescherm kan ik wel nog openen. Ik neem aan dat ik alles weer moet terug zetten. Zie foto voor de meldingen die ik kreeg. Hopelijk is het voldoende leesbaar. In afwachting van een antwoord doe ik nu verder even niets. Met vriendelijke groet, Yvonne

Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 3/1/2012 9:25:35 PM Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\, D:\, Q:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 3/1/2012 10:00:50 PM C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:2356 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:2467 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:2468 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:2786 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:5997 Ontdekt: Trace.TrackingCookie.ads.pubmatic.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:5999 Ontdekt: Trace.TrackingCookie.ads.pubmatic.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15780 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15788 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15789 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15790 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15791 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15792 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15793 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16620 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16621 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16622 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16623 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16624 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16711 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16712 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16713 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\hp\hpqware\Skype\x86\WizInstaller.exe Ontdekt: Virus.Win32.Ramnit!IK C:\hp\hpqware\WT_OemOrigin\x86\WizInstaller.exe Ontdekt: Virus.Win32.Zbot!IK C:\Program Files (x86)\HP Games\Pizza Chef 2\PizzaChef2.exe Ontdekt: Virus.Win32.Zbot!IK C:\Program Files (x86)\HP Games\Pizza Chef 2\wtap.dll Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\APP\Applications\HP\LightScribeLSS\1.18.20.1\HPDC732.exe Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\APP\Applications\HP\PictureMover\3.5\x86\WizInstaller.exe Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSDVD\4.2.1.4725\src\HPDUtil.dll Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSDVD\4.2.1.4725\WizInstaller\x86\WizInstaller.exe Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSDVDMenuPack\4.2.1.4412\WizInstaller\x86\WizInstaller.exe Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSMovieThemes\4.2.1.4412\WizInstaller\x86\WizInstaller.exe Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSMusic\4.2.1.4517\WizInstaller\x86\WizInstaller.exe Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSPhoto\4.2.1.4513\WizInstaller\x86\WizInstaller.exe Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSVideo\4.2.1.4522\WizInstaller\x86\WizInstaller.exe Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\HP\HPSmartMenu\3.1.2.4\HPSmartMenu\WizInstaller\x86\WizInstaller.exe Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\Others\MusicStation\1.0.1.5\Omnifone\WizInstaller\x86\WizInstaller.exe Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\DRV\Graphics\ATI\unified\8.773\src\mfc80u.dll Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\DRV\Graphics\ATI\unified\8.773\src\msvcp80.dll Ontdekt: Virus.Win32.Zbot!IK C:\swsetup\DRV\Graphics\ATI\unified\8.773\src\msvcr80.dll Ontdekt: Virus.Win32.Zbot!IK C:\SYSTEM.SAV\util\HPQSI.exe Ontdekt: Virus.Win32.Zbot!IK C:\Users\Yvonne\AppData\Local\Microsoft\Toolbar\Applications\bingrewardsclient.dll Ontdekt: Virus.Win32.Zbot!IK C:\Users\Yvonne\AppData\Local\Microsoft\Toolbar\BackUp\bingrewardsclient.dll Ontdekt: Virus.Win32.Zbot!IK C:\Users\Yvonne\AppData\Local\Temp\AF42.tmp Ontdekt: Trojan.Win32.Tibs!IK C:\Users\Yvonne\AppData\Local\Temp\mozupd.exe Ontdekt: Trojan.Win32.Tibs!IK C:\Users\Yvonne\AppData\Local\Temp\scrwaxnemo.exe Ontdekt: Trojan.Crypt!IK C:\Users\Yvonne\AppData\Local\Temp\snreoxwcma.exe Ontdekt: Trojan.Crypt!IK C:\Users\Yvonne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe Ontdekt: Virus.Win32.Ramnit!IK Gescand Bestanden: 432171 Sporen: 405133 Cookies: 475 Processen: 60 Gevonden Bestanden: 26 Sporen: 0 Cookies: 21 Processen: 0 Registersleutels: 0 Scan Geëindigd: 1-3-2012 23:53:23 Scantijd: 1:52:33 C:\Users\Yvonne\AppData\Local\Temp\scrwaxnemo.exe Verwijderd Trojan.Crypt!IK C:\Users\Yvonne\AppData\Local\Temp\snreoxwcma.exe Verwijderd Trojan.Crypt!IK C:\Users\Yvonne\AppData\Local\Temp\AF42.tmp Verwijderd Trojan.Win32.Tibs!IK C:\Users\Yvonne\AppData\Local\Temp\mozupd.exe Verwijderd Trojan.Win32.Tibs!IK C:\hp\hpqware\WT_OemOrigin\x86\WizInstaller.exe Verwijderd Virus.Win32.Zbot!IK C:\Program Files (x86)\HP Games\Pizza Chef 2\PizzaChef2.exe Verwijderd Virus.Win32.Zbot!IK C:\Program Files (x86)\HP Games\Pizza Chef 2\wtap.dll Verwijderd Virus.Win32.Zbot!IK C:\swsetup\APP\Applications\HP\LightScribeLSS\1.18.20.1\HPDC732.exe Verwijderd Virus.Win32.Zbot!IK C:\swsetup\APP\Applications\HP\PictureMover\3.5\x86\WizInstaller.exe Verwijderd Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSDVD\4.2.1.4725\src\HPDUtil.dll Verwijderd Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSDVD\4.2.1.4725\WizInstaller\x86\WizInstaller.exe Verwijderd Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSDVDMenuPack\4.2.1.4412\WizInstaller\x86\WizInstaller.exe Verwijderd Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSMovieThemes\4.2.1.4412\WizInstaller\x86\WizInstaller.exe Verwijderd Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSMusic\4.2.1.4517\WizInstaller\x86\WizInstaller.exe Verwijderd Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSPhoto\4.2.1.4513\WizInstaller\x86\WizInstaller.exe Verwijderd Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\CyberLink\HPMSVideo\4.2.1.4522\WizInstaller\x86\WizInstaller.exe Verwijderd Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\HP\HPSmartMenu\3.1.2.4\HPSmartMenu\WizInstaller\x86\WizInstaller.exe Verwijderd Virus.Win32.Zbot!IK C:\swsetup\APP\Multimedia\Others\MusicStation\1.0.1.5\Omnifone\WizInstaller\x86\WizInstaller.exe Verwijderd Virus.Win32.Zbot!IK C:\swsetup\DRV\Graphics\ATI\unified\8.773\src\mfc80u.dll Verwijderd Virus.Win32.Zbot!IK C:\swsetup\DRV\Graphics\ATI\unified\8.773\src\msvcp80.dll Verwijderd Virus.Win32.Zbot!IK C:\swsetup\DRV\Graphics\ATI\unified\8.773\src\msvcr80.dll Verwijderd Virus.Win32.Zbot!IK C:\SYSTEM.SAV\util\HPQSI.exe Verwijderd Virus.Win32.Zbot!IK C:\Users\Yvonne\AppData\Local\Microsoft\Toolbar\Applications\bingrewardsclient.dll Verwijderd Virus.Win32.Zbot!IK C:\Users\Yvonne\AppData\Local\Microsoft\Toolbar\BackUp\bingrewardsclient.dll Verwijderd Virus.Win32.Zbot!IK C:\hp\hpqware\Skype\x86\WizInstaller.exe Verwijderd Virus.Win32.Ramnit!IK C:\Users\Yvonne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe Verwijderd Virus.Win32.Ramnit!IK C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16620 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16621 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16622 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16623 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16624 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15788 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15789 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15790 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15791 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15792 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15793 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:5997 Verwijderd Trace.TrackingCookie.ads.pubmatic.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:5999 Verwijderd Trace.TrackingCookie.ads.pubmatic.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:2786 Verwijderd Trace.TrackingCookie.adbrite.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:15780 Verwijderd Trace.TrackingCookie.adbrite.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:2467 Verwijderd Trace.TrackingCookie.doubleclick.net!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:2356 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:2468 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16711 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16712 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7083eusd.default\cookies.sqlite:16713 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 Verwijderd Bestanden: 26 Sporen: 0 Cookies: 21