Rundll32.exe

kweezie wabbit · 17 oktober 2011

OK. Dan gaan we dieper graven.

Download ComboFix van één van deze locaties:

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier
Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

ceeszu · 17 oktober 2011

Helaas moet ik mconstateren dat de Rundll32.exe weer welig tieren in Windows Taakbeheer.

Het aantal processen is 188-190

Ceeszu

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 13:29]

.

2011-10-17 c:\windows\Tasks\SpeedUpMyPC.job

- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-10-12 07:23]

.

2011-10-17 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2011-02-08 17:22 1057712 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.kpnvandaag.nl/

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki...

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb68?u=92823106547538112

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMH&o=2420&locale=nl_NL&apn_uid=45c5971b-ca01-439c-8931-de6650852d1b&apn_ptnrs=^A31&apn_sauid=B2FE4502-421E-4AB8-BF1A-1D77593E86B4&apn_dtid=^YYYYYY^YY^NL&atb=sysid%3D1%3Aappid%3D315%3Auc76012506&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)

AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\uninstall.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Fighters\SPAMfighter\sfus.exe

c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe

c:\progra~2\Uniblue\DRIVER~1\driverscanner.exe

c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Voltooingstijd: 2011-10-17 11:02:42 - machine werd herstart

ComboFix-quarantined-files.txt 2011-10-17 09:02

.

Pre-Run: 673.851.301.888 bytes beschikbaar

Post-Run: 673.459.593.216 bytes beschikbaar

.

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 6AEACF9C6869E98A81AD5B2C7BA75BD6

kweezie wabbit · 17 oktober 2011

Dit log is niet volledig; het eerste gedeelte ontbreekt.

Kan je de volledige inhoud van het bestand C:\ComboFix.txt in je volgend bericht plaatsen.

ceeszu · 17 oktober 2011

bijdeze....... excuus

ComboFix 11-10-16.03 - Cees 17-10-2011 10:31:08.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.1713 [GMT 2:00]

Gestart vanuit: c:\users\Cees\Desktop\ComboFix.exe

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\program files (x86)\facemoods.com

c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoods.crx

c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoods.png

c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsApp.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsEng.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe

c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\uninstall.exe

c:\program files (x86)\facemoods.com\sqlite3.dll

c:\programdata\PCDr\5830\Downloads\0fc909b5-f105-4459-82f3-583c6ea5d734.dll

c:\programdata\PCDr\5830\Downloads\482517d4-aaa6-47f8-a7ad-de5cf6021ac2.dll

c:\programdata\PCDr\5830\Downloads\ca1d3e50-4692-4c3f-877c-4f9917ab37a5.dll

c:\programdata\PCDr\5830\Downloads\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll

c:\users\Public\Firefox Setup 6.0.2.exe

c:\users\Public\IE9-Windows7-x86-nld.exe

c:\windows\assembly\GAC_MSIL\Toolbar

c:\windows\assembly\GAC_MSIL\Toolbar\1.0.0.0__f2e11770db40f5b0\Toolbar.dll

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\dlumd10.dll

c:\windows\SysWow64\dlumd11.dll

c:\windows\SysWow64\dlumd9.dll

I:\autorun.inf

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-17 to 2011-10-17 ))))))))))))))))))))))))))))))

.

2011-10-17 08:45 . 2011-10-17 08:45 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04F7F782-9D4E-4A17-B4B0-047019BFB601}\offreg.dll

2011-10-17 08:20 . 2011-10-17 08:20 -------- d-----w- c:\program files (x86)\Conduit

2011-10-17 08:20 . 2011-10-17 08:20 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp

2011-10-17 08:20 . 2011-10-17 08:20 -------- d-----w- c:\program files (x86)\SFT_Netherlands

2011-10-16 10:27 . 2011-10-16 10:27 -------- d-----w- c:\users\Cees\AppData\Roaming\Malwarebytes

2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\programdata\Malwarebytes

2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-16 10:26 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iTunes

2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files (x86)\iTunes

2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iPod

2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files\Bonjour

2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files (x86)\Bonjour

2011-10-14 09:46 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04F7F782-9D4E-4A17-B4B0-047019BFB601}\mpengine.dll

2011-10-13 22:03 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 22:03 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 22:03 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 22:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-13 22:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-13 22:03 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 22:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-13 22:03 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 22:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-13 10:07 . 2011-10-13 10:07 388096 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-13 10:07 . 2011-10-13 10:07 -------- d-----w- c:\program files (x86)\Trend Micro

2011-10-13 10:04 . 2011-10-13 10:15 -------- d-----w- C:\HiJack

2011-10-12 19:33 . 2011-10-12 19:33 -------- d-----w- c:\windows\Downloaded Program Files

2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- C:\procexp

2011-10-12 13:53 . 2011-10-12 13:53 -------- d-----w- c:\programdata\Uniblue

2011-10-12 13:27 . 2011-10-12 13:27 -------- d-----w- c:\users\Cees\AppData\Roaming\TeamViewer

2011-10-12 13:25 . 2011-10-12 13:25 -------- d-----w- c:\program files (x86)\TeamViewer

2011-10-11 08:44 . 2011-10-17 08:59 -------- d-----w- c:\users\Cees\AppData\Local\Temp

2011-10-09 09:26 . 2011-10-09 09:26 -------- d-----w- c:\users\Cees\AppData\Roaming\OpenOffice.org

2011-10-09 09:24 . 2011-10-09 09:46 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2011-10-09 09:05 . 2011-10-09 09:05 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-10-07 09:42 . 2011-10-07 09:42 -------- d-----w- c:\windows\system32\Macromed

2011-10-06 14:08 . 2011-10-06 14:08 -------- d-----w- c:\program files\DisplayLink iPad Software

2011-10-06 12:31 . 2011-10-06 12:32 -------- d-----w- c:\program files\DisplayLink Graphics

2011-10-06 12:30 . 2011-10-06 12:31 -------- d-----w- c:\program files\DisplayLink Core Software

2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd9.dll

2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd11.dll

2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd10.dll

2011-10-06 11:42 . 2011-10-17 08:20 -------- d-----w- c:\users\Cees\AppData\Local\Conduit

2011-10-06 11:33 . 2011-10-06 12:34 -------- d-----w- c:\users\Cees\AppData\Local\IM

2011-10-06 11:32 . 2011-10-06 11:41 -------- d-----w- c:\programdata\IM

2011-10-06 11:32 . 2011-10-06 11:32 -------- d-----w- c:\programdata\IncrediMail

2011-10-06 11:31 . 2011-10-06 11:38 -------- d-----w- c:\program files (x86)\DealPly

2011-10-06 11:31 . 2011-10-06 11:31 -------- d-----w- c:\program files (x86)\FoxTabMusicConverter

2011-10-04 06:47 . 2011-10-04 06:47 -------- d-----w- C:\TOP Algemeen

2011-10-04 06:36 . 2011-10-04 06:38 -------- dc-h--w- c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\DriverCure

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\PC Unleashed Online

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\program files (x86)\Common Files\PC Unleashed Online

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\programdata\PC Unleashed Online

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\program files (x86)\PC Unleashed Online

2011-09-30 07:05 . 2011-10-09 09:44 -------- d-----w- C:\TOP A1

2011-09-28 14:57 . 2011-09-28 14:57 -------- d-----w- c:\users\Cees\AppData\Local\G DATA

2011-09-28 14:55 . 2011-09-28 14:55 106488 ----a-w- c:\windows\system32\drivers\GRD.sys

2011-09-28 13:34 . 2011-09-28 13:34 58584 ----a-w- c:\windows\system32\drivers\PktIcpt.sys

2011-09-28 11:02 . 2011-09-28 11:02 -------- d-----w- C:\8be34f6062bcac1fa9f472b1

2011-09-21 22:47 . 2011-09-21 22:47 -------- d-----w- c:\programdata\251FF

2011-09-19 13:58 . 2011-09-19 13:58 -------- d-----w- c:\programdata\iMesh

2011-09-19 13:57 . 2011-09-19 14:01 -------- dc-h--w- c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 09:42 . 2011-09-07 09:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-28 13:32 . 2011-06-05 19:31 47320 ----a-w- c:\windows\system32\drivers\GDBehave.sys

2011-09-28 13:32 . 2011-06-05 19:30 102616 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys

2011-09-28 13:32 . 2011-06-05 19:30 63704 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys

2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-23 09:54 . 2011-07-23 09:54 53248 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-07-19 16:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-07-19 16:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1c94aa0d-7416-4289-b2ba-834282060870}"= "c:\program files (x86)\SFT_Netherlands\prxtbSFT_.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{1c94aa0d-7416-4289-b2ba-834282060870}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1c94aa0d-7416-4289-b2ba-834282060870}]

2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\SFT_Netherlands\prxtbSFT_.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{1c94aa0d-7416-4289-b2ba-834282060870}"= "c:\program files (x86)\SFT_Netherlands\prxtbSFT_.dll" [2011-03-28 176936]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{1c94aa0d-7416-4289-b2ba-834282060870}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-15 5500800]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"DriverScanner"="c:\progra~2\Uniblue\DRIVER~1\launcher.exe" [2011-09-05 338296]

"SpeedUpMyPC"="c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" [2011-09-09 67960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]

"ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-10-25 1287120]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-02-16 112608]

"Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-06-21 225280]

"sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2011-09-16 1197192]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

.

c:\users\Cees\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

regwiz.lnk - c:\program files (x86)\eSupport.com\RegistryWizard\regwiz.exe [2010-11-24 3422240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 GFI_ReportCenter35;GFI ReportCenter 3.5;c:\program files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe [2009-06-16 111912]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]

R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [2011-02-02 121480]

R3 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-02-16 1034208]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-11-24 21712]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]

R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]

R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-02-04 162328]

R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-24 140672]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]

S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848]

S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-02-16 1050592]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-16 632800]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2011-09-16 1302152]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-17 c:\windows\Tasks\DriverScanner.job

- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-10-12 14:20]

.

2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33]

.

2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33]

.

2011-10-03 c:\windows\Tasks\PC Unleashed Defrag.job

- c:\program files (x86)\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27]

.

2011-10-13 c:\windows\Tasks\PC Unleashed Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2011-10-03 c:\windows\Tasks\PC Unleashed Update Version3.job

- c:\program files (x86)\Common Files\PC Unleashed Online\UUS3\Update3.exe [2011-09-06 18:27]

.

2011-10-03 c:\windows\Tasks\PC Unleashed.job

- c:\program files (x86)\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27]

.

2011-10-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-10-13 c:\windows\Tasks\PTSchedule.job

- c:\program files (x86)\PC Tools Utilities\pt.exe [2011-06-06 07:02]

.

2011-10-17 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 13:29]

.

2011-10-17 c:\windows\Tasks\SpeedUpMyPC.job

- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-10-12 07:23]

.

2011-10-17 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2011-02-08 17:22 1057712 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.kpnvandaag.nl/

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki...

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb68?u=92823106547538112

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMH&o=2420&locale=nl_NL&apn_uid=45c5971b-ca01-439c-8931-de6650852d1b&apn_ptnrs=^A31&apn_sauid=B2FE4502-421E-4AB8-BF1A-1D77593E86B4&apn_dtid=^YYYYYY^YY^NL&atb=sysid%3D1%3Aappid%3D315%3Auc76012506&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)

AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\uninstall.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Fighters\SPAMfighter\sfus.exe

c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe

c:\progra~2\Uniblue\DRIVER~1\driverscanner.exe

c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Voltooingstijd: 2011-10-17 11:02:42 - machine werd herstart

ComboFix-quarantined-files.txt 2011-10-17 09:02

.

Pre-Run: 673.851.301.888 bytes beschikbaar

Post-Run: 673.459.593.216 bytes beschikbaar

.

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 6AEACF9C6869E98A81AD5B2C7BA75BD6

kape · 17 oktober 2011

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\SysWow64\ConduitEngine.tmp

Folder::

c:\program files (x86)\Conduit

c:\users\Cees\AppData\Local\Conduit

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}

C:\8be34f6062bcac1fa9f472b1

c:\programdata\251FF

c:\programdata\iMesh

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{1c94aa0d-7416-4289-b2ba-834282060870}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1c94aa0d-7416-4289-b2ba-834282060870}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{1c94aa0d-7416-4289-b2ba-834282060870}]

[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

Firefox::

FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

ceeszu · 17 oktober 2011

Hai, het blijft teleurstellend, weer zo'n 190-200 processen en het overgrote deel dus rundll32.exe.Ik moet zeggen de strijdlustigheid van u kent geen grenzen, bravo.

Hier dan weer de Combofix.txt, succes......

ComboFix 11-10-16.03 - Cees 17-10-2011 16:20:04.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.1484 [GMT 2:00]

Gestart vanuit: c:\users\Cees\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Cees\Desktop\CFScript.txt

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWow64\ConduitEngine.tmp"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\8be34f6062bcac1fa9f472b1

c:\8be34f6062bcac1fa9f472b1\$shtdwn$.req

c:\8be34f6062bcac1fa9f472b1\mrt.exe._p

c:\8be34f6062bcac1fa9f472b1\mrtstub.exe

c:\program files (x86)\Conduit

c:\program files (x86)\Conduit\Community Alerts\Alert.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\{1D0AB230-E7BC-41CB-A50C-F282273E897B}

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\48AD9CFF\2550D3FE\sfse_update.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\4C082224\2550D3FE\prep.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\4F68E0B0\2550D3FE\sfabook.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\53A1CE10\2550D3FE\uninstall.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\5866AD46\7F936AD3\FighterSuiteService.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\632C6714\7F936AD3\MsgSys.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\65AF38B5\2550D3FE\SFImport.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\6CBD2928\2550D3FE\lazymail.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\794E02E3\2550D3FE\sfsg.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_BG.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_CS.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_DA.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_DE.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_EL.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_EN.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_ES.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_FI.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_FR.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_HU.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_IT.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_JA.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_NL.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_NO.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_PL.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_PT.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_RU.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_SV.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_TH.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_TR.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_TW.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_VI.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_ZH.xml

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\add.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\addgrey.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\change.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\changegrey.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\checked.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\checked_off.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\delete.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\deletegrey.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\filter_blacklist.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\filter_language.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\filter_settings.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\filter_whitelist.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\import.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\importgrey.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\unchecked.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\am.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\br.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\cn.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\cz.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\de.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\dk.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\es.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\et.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\fi.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\fr.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\gb.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\gr.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\hu.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\il.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\it.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\jp.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\kr.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\nl.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\no.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\pl.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\pt.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\ru.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\sa.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\se.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\sy.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\th.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\Thumbs.db

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\tr.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\tw.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\vn.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_exchange.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_express.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_localexchange.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_move_express.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_move_mozilla.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_outlook.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_thunderbird.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\about.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\arrow.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\arrow_up.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\bg_gradient_stretch.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\bg_stretch.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\check.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\connect_server.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\download.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\error.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\feature.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\help.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\help.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\id_card.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\lightbox_pro.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\lightbox_trial.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\logo.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\pro.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\support.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\support.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_bg.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_ch.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_cs.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_da.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_de.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_el.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_en.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_es.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_fi.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_fr.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_it.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_ja.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_nl.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_no.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_pl.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_pt.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_ru.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_se.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_th.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_tw.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_vi.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_pro_da.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_pro_en.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\topshadow.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\trial.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\unipb.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\unipb.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\update.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\01.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\02.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\03.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\04.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\05.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\06.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\navbg.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\navbg_current.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\navbg_disable.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\38B9805F\settings_connection.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\38B9805F\settings_language.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\38B9805F\settings_tabicon_general.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\38B9805F\settings_tray.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\38B9805F\settings_update.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\38B9805F\Thumbs.db

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\Config.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\EmptyFolder.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\productkey.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\Recheck.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\TellFriend.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\toolbar.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\Unblock.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\5AE03A8D\ext_01.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\5AE03A8D\ext_02.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\5AE03A8D\ext_03.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\5AE03A8D\ext_04.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\5DB9F531\logo.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_community.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_details.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_pro.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_productkey.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_productkeyhistory.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_renew.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_tabicon_licensesettings.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\buyfullversion.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\btn_buy_now.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\btn_buy_now_down.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\legend_overview_01.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\legend_overview_01_active.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\overview_status.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\statistics_blocked.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\statistics_blocked_by_user.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\statistics_processed.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\statistics_spam_ratio.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\statistics_time_saved.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\tip_overview.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\tip_overview.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\valid_check.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\valid_expired.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\B18E0ACD\arrow.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\B18E0ACD\congrats.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\B18E0ACD\logo.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\B18E0ACD\microsoft.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\about_lightbox.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\account.css

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\account.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\bwl.css

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\bwl.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\clients.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\filter.css

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\filter.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\framework.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\global.css

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\layout.css

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\msg_lightbox.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\msg_lightbox_single_btn.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\outlook.css

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\outlook.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\overview.css

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\overview.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\settings.css

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\settings.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\showmsg.css

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\showmsg.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\splash.css

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\splash.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\trial_lightbox.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\update_lightbox.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\waiting.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\whitelist.css

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\whitelist.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8851A40E\2550D3FE\core.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_01.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_01s.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_02.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_02s.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_03.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_03s.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_04.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_04s.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_05.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_05s.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\programlist.css

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\programlist.html

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\smallarrow.png

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\B795D5F\2550D3FE\spamcfg.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\BE7ED5EA\7F936AD3\FighterLauncher.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\C9979B15\2550D3FE\sfhtml.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\d_\temp\builds\5\Sources\INSTAL~1\Input\Binaries\sfus.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\D0140EE4\2550D3FE\sfagent.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\D1D102C4\2550D3FE\SPAMfighterCfg.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\DCB7B8D6\2550D3FE\sfaccounts.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\F1FF8008\2550D3FE\sfse.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\FEF6F376\7F936AD3\sfhtml.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\3D592B89\1CF56704\license.russian.rtf

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\661D9F4\1CF56704\license.english.rtf

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\accountsettings.dib

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\blacklistdomain.dib

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\blacklistemail.dib

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\block.dib

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\config.dib

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\emptyfolder.dib

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\logosmall.bmp

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\recheck.dib

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\tellfriend.dib

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\unblock.dib

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\whitelistdomain.dib

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\whitelistemail.dib

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\8F70647E\aim.ico

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\8F70647E\aim_new.ico

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\8F70647E\buy.ico

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\8F70647E\logo.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\8F70647E\name.gif

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\8F70647E\uninstall.ico

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\BG.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\DA.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\DE.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\EL.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\EN.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\ES.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\FI.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\FR.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\IT.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\JA.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\NL.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\NO.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\PL.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\PT.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\RU.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\SV.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\ZH.HTM

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\99A306F\1CF56704\license.danish.rtf

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\B8386780\1CF56704\license.german.rtf

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\mIDEFunc.dll\mEXEFunc.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\mMSI.dll\mMSIExec.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\instance.dat

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\live_mail\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\live_mail\69AF52FB\2550D3FE\LiveMailToolbar.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\live_mail\C2CC5F6B\2550D3FE\LiveKit.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\mia.lib

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\OFFLINE\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\OFFLINE\mMSI.dll\mMSIExec.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\20D20DEC\AC2BCC48\sfol0000.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\5210E975\AE0A5FB5\sfsg.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\77024C1A\2E56BF77\sfoltool.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\9C2AE21E\AE0A5FB5\SFImport.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\A8A75B0B\AE0A5FB5\core.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\B3898E4F\AE0A5FB5\SFABook.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\BADB837F\AC2BCC48\sfoltool.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\BE801A91\AE0A5FB5\sfse_update.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\C0D228ED\AE0A5FB5\sfse.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\F8C78E2F\2E56BF77\sfol0000.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook_express\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook_express\A642F876\B123ACF5\sfoe0001.dll

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.dat

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.exe

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.lan

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.lnk

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.msi

c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.res

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.dat

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.exe

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.lnk

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.msi

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.par

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.res

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\instance.dat

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\mia.lib

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\OFFLINE\{71C01C2D-E157-4490-AEA7-088A4E791A2E}

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\OFFLINE\mDown.dll\mDownExec.dll

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll

c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\OFFLINE\mMSI.dll\mMSIExec.dll

c:\programdata\251FF

c:\programdata\251FF\{7D6FEDE7-56B4-43DF-872D-59E8C7BA4571}.swf

c:\programdata\iMesh

c:\programdata\iMesh\Creatives.xml

c:\programdata\iMesh\CreativesFiles\1.gif

c:\programdata\iMesh\CreativesFiles\10.gif

c:\programdata\iMesh\CreativesFiles\1040.gif

c:\programdata\iMesh\CreativesFiles\1043.gif

c:\programdata\iMesh\CreativesFiles\1044.gif

c:\programdata\iMesh\CreativesFiles\1050.gif

c:\programdata\iMesh\CreativesFiles\1054.gif

c:\programdata\iMesh\CreativesFiles\1055.gif

c:\programdata\iMesh\CreativesFiles\1057.gif

c:\programdata\iMesh\CreativesFiles\1058.gif

c:\programdata\iMesh\CreativesFiles\1060.gif

c:\programdata\iMesh\CreativesFiles\1062.gif

c:\programdata\iMesh\CreativesFiles\1063.gif

c:\programdata\iMesh\CreativesFiles\1070.gif

c:\programdata\iMesh\CreativesFiles\11.gif

c:\programdata\iMesh\CreativesFiles\12.gif

c:\programdata\iMesh\CreativesFiles\13.gif

c:\programdata\iMesh\CreativesFiles\14.gif

c:\programdata\iMesh\CreativesFiles\15.gif

c:\programdata\iMesh\CreativesFiles\16.gif

c:\programdata\iMesh\CreativesFiles\17.gif

c:\programdata\iMesh\CreativesFiles\18.gif

c:\programdata\iMesh\CreativesFiles\19.gif

c:\programdata\iMesh\CreativesFiles\2.gif

c:\programdata\iMesh\CreativesFiles\20.gif

c:\programdata\iMesh\CreativesFiles\21.gif

c:\programdata\iMesh\CreativesFiles\22.gif

c:\programdata\iMesh\CreativesFiles\23.gif

c:\programdata\iMesh\CreativesFiles\24.gif

c:\programdata\iMesh\CreativesFiles\25.gif

c:\programdata\iMesh\CreativesFiles\26.gif

c:\programdata\iMesh\CreativesFiles\27.gif

c:\programdata\iMesh\CreativesFiles\28.gif

c:\programdata\iMesh\CreativesFiles\29.gif

c:\programdata\iMesh\CreativesFiles\3.gif

c:\programdata\iMesh\CreativesFiles\30.gif

c:\programdata\iMesh\CreativesFiles\31.gif

c:\programdata\iMesh\CreativesFiles\32.gif

c:\programdata\iMesh\CreativesFiles\33.gif

c:\programdata\iMesh\CreativesFiles\34.gif

c:\programdata\iMesh\CreativesFiles\35.gif

c:\programdata\iMesh\CreativesFiles\36.gif

c:\programdata\iMesh\CreativesFiles\37.gif

c:\programdata\iMesh\CreativesFiles\38.gif

c:\programdata\iMesh\CreativesFiles\4.gif

c:\programdata\iMesh\CreativesFiles\5.gif

c:\programdata\iMesh\CreativesFiles\6.gif

c:\programdata\iMesh\CreativesFiles\7.gif

c:\programdata\iMesh\CreativesFiles\8.gif

c:\programdata\iMesh\CreativesFiles\9.gif

c:\programdata\iMesh\CreativesFiles\Thumbs.db

c:\programdata\iMesh\Player.swf

c:\users\Cees\AppData\Local\Conduit

c:\users\Cees\AppData\Local\Conduit\CT2724386\IncrediMail_MediaBar_2AutoUpdaterHelper.exe

c:\users\Cees\AppData\Local\Conduit\CT3031769\SFT_NetherlandsAutoUpdateHelper.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-17 to 2011-10-17 ))))))))))))))))))))))))))))))

.

2011-10-17 14:59 . 2011-10-17 14:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04F7F782-9D4E-4A17-B4B0-047019BFB601}\offreg.dll

2011-10-17 14:54 . 2011-10-17 14:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-10-17 14:54 . 2011-10-17 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-17 11:48 . 2011-10-17 11:51 -------- d-----w- C:\Aanvraag activiteiten TOP

2011-10-17 08:20 . 2011-10-17 08:20 -------- d-----w- c:\program files (x86)\ConduitEngine