PDA

Volledige versie bekijken : Computer loopt vast bij gebruik winrar


koelkast
9 January 2009, 17:09
Hallo,

Ik heb al enige maanden problemen met mijn laptop. Het begon allemaal toen ik voor het eerste servicepack 1 binnenhaalde. ergens in dat proces viel mijn computer uit en dat was heel vervelend.

Bij opnieuw opstarten kon hij geen datafiles meer vinden en kreeg ik de optie voor systeemherstel. Hier moest ik dan mijn besturingssysteem aanvinken maar die lijst was helemaal leeg.

Geen probleem, dan maar recovery en de fabriek instellingen terugplaatsen. Hopend dat ik van al mijn dingen nog wel ergens een kopie had.

Opnieuw geinstalleerd opgestart niets aan de hand. Computer begint met updaten en dit gaat lang goed. Ineens weer hetzelfde patroon, na gebruik programma of gewoon zomaar stopt mijn harde schijf met draaien lijkt het wel. Alles bevriest en ik kan helemaal niets meer.

Op een gegeven moment de partities verwijdert, alles opnieuw geinstalleerd en wonderbaarlijk liep mijn laptop weer als een zonnetje. Kon weer downloaden, uitpakken, zeg maar gewoon computeren zonder gezeik.

Zelfs servicepack 1 ging goed en niets aan de hand.

Gisterenavond na het downloaden van een film gebeurde het ineens weer. Tijdens het uitpakken van winrar op 26 procent stopte de comupter, bevroor helemaal en kon ik niets anders doen als uitschakelen en inschakelen.

Opnieuw opgestart en een andere rar file gekozen. Hier idem dito alleen op een ander percentage. Ik heb toen de prioriteit verlaagd van winrar maar ook dat hielp niet.

In veilige modus opgestart maar ook hier crasht winrar. En niets kan dan meer.

Ik heb volgens mij niet veel geinstalleerd eergisteren, gisteren en vandaag dus volgens mij kan het daar nietaan liggen. Ik heb norton 360 legaal erop (of althans nu nog een trial) en die geeft aan dat mijn computer schoon is.

Iedere keer mijn computer opnieuw installeren heeft weinig zin want dat met niet de bedoeling zijn.

Mijn systeemgegevens zijn:

Hewlet packard
Compaq presario c700 notebook pc
Classificatie 3.1
processor Intel pentium cual cpu T2330 @ 1,60 ghz 1,60 ghz
geheugen Ram 2 gb
type computer 32 bits besturingssysteem

De hijjack code


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:46, on 9-1-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &AOL-werkbalk Search - c:\program files\aol\aol toolbar 5.0\resources\nl-NL\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8638 bytes


Ik hoop dat iemand mij op weg kan helpen. Momenteel gebeurt het alleen met het uitpakken van bestanden. Als het net zo gaat als de vorige keren dan zal op een gegeven moment mijn computer op bijna iedere bewerking vastlopen.

Alvast bedankt

jap
koelkast
9 January 2009, 17:26
Ik zag dat iedereen een scan moest doen met dat malware programma dus heb ik dat ook even gedaan. Geen malware gevonden.

Malwarebytes' Anti-Malware 1.32
Database versie: 1634
Windows 6.0.6001 Service Pack 1

9-1-2009 16:24:46
mbam-log-2009-01-09 (16-24-46).txt

Scan type: Snelle Scan
Objecten gescand: 50989
Verstreken tijd: 4 minute(s), 0 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
koelkast
9 January 2009, 18:00
Heb ook een combofix scan gedaan.

hieronder het logje:

ComboFix 09-01-08.05 - Danpajo 2009-01-09 16:34:03.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2037.927 [GMT 1:00]
Gestart vanuit: c:\users\Danpajo\Downloads\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\OGACheckControl.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-09 to 2009-01-09 ))))))))))))))))))))))))))))))
.

2009-01-09 16:19 . 2009-01-09 16:19 <DIR> d-------- c:\users\Danpajo\AppData\Roaming\Malwarebytes
2009-01-09 16:19 . 2009-01-09 16:19 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-09 16:19 . 2009-01-09 16:19 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-09 16:19 . 2009-01-04 18:41 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-09 16:19 . 2009-01-04 18:41 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-08 17:17 . 2009-01-08 17:47 <DIR> d-------- c:\users\Danpajo\AppData\Roaming\vlc
2009-01-08 17:16 . 2009-01-08 17:16 <DIR> d-------- c:\program files\VideoLAN
2008-12-30 15:38 . 2008-12-30 15:38 <DIR> d--h----- c:\users\All Users\CanonBJ
2008-12-30 15:38 . 2008-12-30 15:38 <DIR> d--h----- c:\programdata\CanonBJ
2008-12-30 15:38 . 2008-12-30 15:38 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-12-30 15:21 . 2008-12-30 15:21 <DIR> d-------- c:\users\All Users\AOL OCP
2008-12-30 15:21 . 2008-12-30 15:21 <DIR> d-------- c:\users\All Users\AOL
2008-12-30 15:21 . 2008-12-30 15:21 <DIR> d-------- c:\programdata\AOL OCP
2008-12-30 15:21 . 2008-12-30 15:21 <DIR> d-------- c:\programdata\AOL
2008-12-29 22:03 . 2008-12-30 22:03 <DIR> d-------- c:\users\Danpajo\AppData\Roaming\LimeWire
2008-12-27 15:02 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2008-12-27 14:57 . 2008-12-27 14:57 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-27 14:55 . 2008-12-27 14:55 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-12-27 14:52 . 2008-12-27 22:54 <DIR> d-------- c:\users\All Users\Microsoft Help
2008-12-27 14:52 . 2008-12-27 22:54 <DIR> d-------- c:\programdata\Microsoft Help
2008-12-27 14:51 . 2008-12-27 14:51 <DIR> dr-h----- C:\MSOCache
2008-12-27 09:14 . 2008-05-27 05:59 106,605 --a------ c:\windows\System32\StructuredQuerySchema.bin
2008-12-27 09:14 . 2008-05-27 06:17 34,816 --a------ c:\windows\System32\msscb.dll
2008-12-27 09:14 . 2008-05-27 05:59 18,904 --a------ c:\windows\System32\StructuredQuerySchemaTrivial.b in
2008-12-27 09:14 . 2008-05-27 06:17 11,776 --a------ c:\windows\System32\msshooks.dll
2008-12-27 08:42 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-12-26 22:47 . 2008-12-26 22:47 <DIR> d-------- C:\PerfLogs
2008-12-26 22:15 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-26 22:14 . 2008-01-19 08:32 5,714,432 --a------ c:\windows\System32\logon.scr
2008-12-26 22:13 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-26 22:12 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-26 22:12 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-12-26 22:12 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-26 22:12 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-26 22:11 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-26 22:11 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-26 22:10 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-26 22:10 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-26 22:10 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-26 22:10 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-26 20:51 . 2008-12-26 20:52 <DIR> d-------- c:\users\All Users\Lavasoft
2008-12-26 20:51 . 2008-12-26 20:52 <DIR> d-------- c:\programdata\Lavasoft
2008-12-26 20:51 . 2008-12-26 20:51 <DIR> d-------- c:\program files\Lavasoft
2008-12-26 20:51 . 2008-12-26 20:51 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-26 16:20 . 2008-12-26 16:20 269,312 --a------ c:\windows\System32\es.dll
2008-12-26 16:03 . 2008-12-26 16:03 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-26 12:27 . 2008-12-26 12:27 <DIR> d-------- c:\users\Danpajo\DoctorWeb
2008-12-26 12:08 . 2009-01-09 15:40 <DIR> d-------- c:\users\Danpajo\Tracing
2008-12-26 12:07 . 2008-12-26 12:07 <DIR> d-------- c:\program files\Microsoft Sync Framework
2008-12-26 12:05 . 2008-12-26 12:05 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-26 12:03 . 2008-12-26 12:03 <DIR> d-------- c:\program files\Windows Live SkyDrive
2008-12-26 12:03 . 2008-12-26 12:03 <DIR> d-------- c:\program files\Microsoft
2008-12-26 12:02 . 2008-12-26 12:02 <DIR> d-------- c:\windows\PCHEALTH
2008-12-26 12:02 . 2008-12-26 12:07 <DIR> d-------- c:\program files\Windows Live
2008-12-26 11:43 . 2008-12-26 11:43 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-26 11:43 . 2008-12-26 11:43 272,896 --a------ c:\windows\System32\polstore.dll
2008-12-26 11:43 . 2008-12-26 11:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-26 11:43 . 2008-12-26 11:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-12-26 11:43 . 2008-12-26 11:43 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.d ll
2008-12-26 11:43 . 2008-12-26 11:43 61,440 --a------ c:\windows\System32\winipsec.dll
2008-12-26 11:43 . 2008-12-26 11:43 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-12-26 11:40 . 2008-12-26 11:40 428,544 --a------ c:\windows\System32\EncDec.dll
2008-12-26 11:40 . 2008-12-26 11:40 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-26 11:40 . 2008-12-26 11:40 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-12-26 11:40 . 2008-12-26 11:40 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-12-26 11:40 . 2008-12-26 11:40 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-12-26 11:40 . 2008-12-26 11:40 80,896 --a------ c:\windows\System32\MSNP.ax
2008-12-26 11:40 . 2008-12-26 11:40 69,632 --a------ c:\windows\System32\Mpeg2Data.ax
2008-12-26 11:40 . 2008-12-26 11:40 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-12-26 11:39 . 2008-12-26 11:39 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-26 11:38 . 2008-12-26 11:38 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-26 11:38 . 2008-12-26 11:38 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-12-26 11:38 . 2008-12-26 11:38 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-26 11:38 . 2008-12-26 11:38 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-26 11:37 . 2008-12-26 11:37 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-12-26 11:37 . 2008-12-26 11:37 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-26 11:36 . 2008-12-26 11:36 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-26 11:36 . 2008-12-26 11:36 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-12-26 11:34 . 2008-12-26 11:34 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-26 11:32 . 2008-12-26 11:32 2,927,104 --a------ c:\windows\explorer.exe
2008-12-26 11:30 . 2008-12-26 11:30 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-26 11:26 . 2008-12-26 11:26 988,216 --a------ c:\windows\System32\winload.exe
2008-12-26 11:26 . 2008-12-26 11:26 927,288 --a------ c:\windows\System32\winresume.exe
2008-12-26 11:26 . 2008-12-26 11:26 615,992 --a------ c:\windows\System32\ci.dll
2008-12-26 11:26 . 2008-12-26 11:26 378,368 --a------ c:\windows\System32\srcore.dll
2008-12-26 11:26 . 2008-12-26 11:26 318,464 --a------ c:\windows\System32\rstrui.exe
2008-12-26 11:26 . 2008-12-26 11:26 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2008-12-26 11:26 . 2008-12-26 11:26 40,960 --a------ c:\windows\System32\srclient.dll
2008-12-26 11:26 . 2008-12-26 11:26 19,000 --a------ c:\windows\System32\kd1394.dll
2008-12-26 11:26 . 2008-12-26 11:26 14,848 --a------ c:\windows\System32\srdelayed.exe
2008-12-26 11:26 . 2008-12-26 11:26 6,656 --a------ c:\windows\System32\kbd106n.dll
2008-12-26 11:25 . 2008-12-26 11:25 1,314,816 --a------ c:\windows\System32\quartz.dll
2008-12-26 11:18 . 2008-12-26 11:18 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-12-26 11:16 . 2008-12-26 12:07 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-12-26 11:16 . 2008-12-26 11:16 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-26 11:16 . 2008-12-26 11:16 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BC F6}
2008-12-26 11:16 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-12-26 11:16 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-12-26 11:01 . 2008-12-26 11:45 <DIR> d-------- c:\program files\Norton 360
2008-12-26 10:59 . 2009-01-09 09:50 <DIR> d-------- c:\program files\Symantec
2008-12-26 10:59 . 2009-01-09 09:50 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-12-26 10:59 . 2009-01-09 09:50 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-12-26 10:59 . 2009-01-09 09:50 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-12-26 10:20 . 2008-12-26 10:20 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-12-26 10:19 . 2008-12-26 10:19 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-12-26 10:19 . 2008-12-26 10:19 443,392 --a------ c:\windows\System32\win32spl.dll
2008-12-26 10:19 . 2008-12-26 10:19 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-12-26 10:19 . 2008-12-26 10:19 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-12-26 10:19 . 2008-12-26 10:19 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2008-12-26 10:19 . 2008-12-26 10:19 37,888 --a------ c:\windows\System32\printcom.dll
2008-12-26 10:19 . 2008-12-26 10:19 14,848 --a------ c:\windows\System32\wshrm.dll
2008-12-26 10:18 . 2008-12-26 10:18 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-26 10:18 . 2008-12-26 10:18 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-26 10:18 . 2008-12-26 10:18 98,816 --a------ c:\windows\System32\mfps.dll
2008-12-26 10:18 . 2008-12-26 10:18 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-26 10:18 . 2008-12-26 10:18 53,248 --a------ c:\windows\System32\rrinstaller.exe
2008-12-26 10:18 . 2008-12-26 10:18 24,576 --a------ c:\windows\System32\mfpmp.exe
2008-12-26 10:18 . 2008-12-26 10:18 2,048 --a------ c:\windows\System32\mferror.dll
2008-12-26 10:17 . 2008-12-26 10:17 1,645,568 --a------ c:\windows\System32\connect.dll
2008-12-26 10:17 . 2008-12-26 10:17 738,304 --a------ c:\windows\System32\inetcomm.dll
2008-12-26 10:17 . 2008-12-26 10:17 84,480 --a------ c:\windows\System32\INETRES.dll
2008-12-26 10:16 . 2008-12-26 10:16 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-26 10:14 . 2008-12-26 10:14 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-12-26 10:14 . 2008-12-26 10:14 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-12-26 10:14 . 2008-12-26 10:14 1,334,272 --a------ c:\windows\System32\msxml6.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-27 14:00 --------- d-----w c:\program files\MSBuild
2008-12-27 09:27 --------- d-----w c:\program files\HP
2008-12-26 22:00 174 --sha-w c:\program files\desktop.ini
2008-12-26 21:49 --------- d-----w c:\program files\Windows Sidebar
2008-12-26 21:49 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-26 21:49 --------- d-----w c:\program files\Windows Mail
2008-12-26 21:49 --------- d-----w c:\program files\Windows Journal
2008-12-26 21:49 --------- d-----w c:\program files\Windows Defender
2008-12-26 21:49 --------- d-----w c:\program files\Windows Collaboration
2008-12-26 21:49 --------- d-----w c:\program files\Windows Calendar
2008-12-26 21:30 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-26 21:30 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-26 20:37 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-26 20:29 --------- d-----w c:\program files\Apoint2K
2008-12-26 20:23 --------- d-----w c:\program files\CONEXANT
2008-12-26 15:03 --------- d-----w c:\program files\Java
2008-12-26 10:38 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-12-26 10:38 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-26 10:38 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-12-26 10:38 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-26 10:38 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-12-26 10:38 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-12-26 10:18 --------- d-----w c:\programdata\Symantec
2008-12-26 08:27 --------- d-sh--w c:\programdata\Sjablonen
2008-12-26 08:27 --------- d-sh--w c:\programdata\Menu Start
2008-12-26 08:27 --------- d-sh--w c:\programdata\Favorieten
2008-12-26 08:27 --------- d-sh--w c:\programdata\Documenten
2008-12-26 08:27 --------- d-sh--w c:\programdata\Bureaublad
2008-12-26 08:27 --------- d-sh--w c:\programdata\Application Data
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-10-09 02:33 27,176 ----a-w c:\windows\snuvcdsm.exe
2008-10-09 02:28 195,112 ----a-w c:\windows\System32\csnp2uvc.dll
2008-06-30 12:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( snapshot_2008-12-27_12.51.42.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-27 14:00:39 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f 11d50a3a\adodb.dll
+ 2008-12-27 14:00:37 65,536 ----a-w c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856a d364e35\DAO.DLL
+ 2008-12-27 14:00:41 4,608 ----a-w c:\windows\assembly\GAC\Extensibility\7.0.3300.0__ b03f5f7f11d50a3a\extensibility.dll
+ 2008-12-27 14:00:37 1,215,328 ----a-w c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf385 6ad364e35\IACore.dll
+ 2008-12-27 14:00:37 82,784 ----a-w c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3 856ad364e35\IALoader.dll
+ 2008-12-27 14:00:26 31,560 ----a-w c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce 111e9429c\IPDMCTRL.DLL
+ 2008-12-27 14:00:38 8,007,680 ----a-w c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300. 0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-12-27 14:00:26 16,712 ----a-w c:\windows\assembly\GAC\Microsoft.Office.InfoPath. Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Of fice.InfoPath.Permission.dll
+ 2008-12-27 13:58:00 80,696 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.A ccess.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Off ice.interop.access.dao.dll
+ 2008-12-27 13:59:13 1,612,592 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.A ccess\12.0.0.0__71e9bce111e9429c\Microsoft.Office. Interop.Access.dll
+ 2008-12-27 13:59:13 1,276,720 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.E xcel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.I nterop.Excel.dll
+ 2008-12-27 13:59:14 150,320 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.G raph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.I nterop.Graph.dll
+ 2008-12-27 14:00:27 404,296 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.I nfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Micro soft.Office.Interop.InfoPath.SemiTrust.dll
+ 2008-12-27 13:59:15 88,896 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.I nfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.O ffice.Interop.InfoPath.Xml.dll
+ 2008-12-27 13:59:15 146,232 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.I nfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Offic e.Interop.InfoPath.dll
+ 2008-12-27 14:00:04 17,208 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.O neNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office .Interop.OneNote.dll
+ 2008-12-27 13:59:14 920,376 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.O utlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office .Interop.Outlook.dll
+ 2008-12-27 13:59:14 35,648 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.O utlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft .Office.Interop.OutlookViewCtl.dll
+ 2008-12-27 21:48:38 250,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.P owerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Off ice.Interop.PowerPoint.dll
+ 2008-12-27 13:59:14 232,248 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.P ublisher\12.0.0.0__71e9bce111e9429c\Microsoft.Offi ce.Interop.Publisher.dll
+ 2008-12-27 13:59:14 20,280 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.S martTag\12.0.0.0__71e9bce111e9429c\Microsoft.Offic e.Interop.SmartTag.dll
+ 2008-12-27 21:44:16 783,744 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.W ord\12.0.0.0__71e9bce111e9429c\Microsoft.Office.In terop.Word.dll
+ 2008-12-27 14:00:37 13,312 ----a-w c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.33 00.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-12-27 13:59:14 371,496 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Form s\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop .Forms.dll
+ 2008-12-27 13:59:14 64,288 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0 .0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-12-27 14:00:37 229,376 ----a-w c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf 3856ad364e35\MSCOMCTL.DLL
+ 2008-12-27 14:00:39 4,096 ----a-w c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f 5f7f11d50a3a\msdatasrc.dll
+ 2008-12-27 13:59:14 416,544 ----a-w c:\windows\assembly\GAC\office\12.0.0.0__71e9bce11 1e9429c\OFFICE.DLL
+ 2008-12-27 13:57:56 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.Access\12.0.0.0__71e9bce111e9429c\Polic y.11.0.Microsoft.Office.Interop.Access.dll
+ 2008-12-27 13:58:01 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy .11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-12-27 13:59:35 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy .11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-12-27 14:00:28 12,616 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c \Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml .dll
+ 2008-12-27 14:00:27 12,616 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Pol icy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2008-12-27 14:00:06 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Poli cy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2008-12-27 14:00:04 12,632 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e942 9c\Policy.11.0.Microsoft.Office.Interop.OutlookVie wCtl.dll
+ 2008-12-27 14:00:06 12,112 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\P olicy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-12-27 14:00:18 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Po licy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2008-12-27 13:59:55 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Pol icy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2008-12-27 14:00:23 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy. 11.0.Microsoft.Office.Interop.Word.dll
+ 2008-12-27 13:59:56 12,080 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe. Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Mic rosoft.Vbe.Interop.dll
+ 2008-12-27 13:59:56 11,544 ----a-w c:\windows\assembly\GAC\Policy.11.0.office\12.0.0. 0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-12-27 14:00:37 16,384 ----a-w c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7 f11d50a3a\stdole.dll
+ 2008-12-27 21:44:35 120,408 ----a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPa th.Client.Internal.Host.Interop\12.0.0.0__71e9bce1 11e9429c\Microsoft.Office.Infopath.Client.Internal .Host.Interop.dll
+ 2008-12-27 14:00:46 367,400 ----a-w c:\windows\assembly\GAC_32\Microsoft.VisualStudio. Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7 f11d50a3a\Microsoft.VisualStudio.Tools.Application s.InteropAdapter.dll
+ 2008-12-27 21:44:35 611,392 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.Info Path.Client.Internal.Host\12.0.0.0__71e9bce111e942 9c\Microsoft.Office.Infopath.Client.Internal.Host. dll
+ 2008-12-27 14:00:26 43,840 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.Info Path.FormControl\12.0.0.0__71e9bce111e9429c\micros oft.office.infopath.formcontrol.dll
+ 2008-12-27 14:00:28 39,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.Info Path.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Off ice.InfoPath.Vsta.dll
+ 2008-12-27 14:00:26 60,200 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.Info Path\12.0.0.0__71e9bce111e9429c\Microsoft.Office.I nfopath.dll
+ 2008-12-27 14:00:36 211,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudi o.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d5 0a3a\Microsoft.VisualStudio.Tools.Applications.Ada pter.dll
+ 2008-12-27 14:00:36 105,248 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudi o.Tools.Applications.AddInManager\8.0.0.0__b03f5f7 f11d50a3a\Microsoft.VisualStudio.Tools.Application s.AddInManager.dll
+ 2008-12-27 14:00:36 330,520 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudi o.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f1 1d50a3a\Microsoft.VisualStudio.Tools.Applications. Blueprints.dll
+ 2008-12-27 14:00:37 39,712 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudi o.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f 7f11d50a3a\Microsoft.VisualStudio.Tools.Applicatio ns.ComRPCChannel.dll
+ 2008-12-27 14:00:37 39,704 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudi o.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d 50a3a\Microsoft.VisualStudio.Tools.Applications.Co ntract.dll
+ 2008-12-27 14:00:36 72,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudi o.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f1 1d50a3a\Microsoft.VisualStudio.Tools.Applications. DesignTime.dll
+ 2008-12-27 14:00:37 47,832 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract \2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.d ll
+ 2008-12-27 14:00:37 39,624 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0_ _b03f5f7f11d50a3a\System.AddIn.dll
+ 2009-01-07 19:37:41 116,040 ----a-w c:\windows\Downloaded Program Files\LMIBroker.exe
+ 2007-08-06 11:07:30 71,248 ----a-w c:\windows\Downloaded Program Files\LMIProxyHelper.exe
+ 2008-09-24 11:02:06 2,782,536 ----a-w c:\windows\Downloaded Program Files\RACtrl.dll
+ 2007-07-18 13:54:38 245,408 ----a-w c:\windows\Downloaded Program Files\unicows.dll
+ 2006-10-27 14:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 20:18:12 162,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 14:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 14:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 14:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 14:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-26 19:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-26 19:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 19:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 19:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 19:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-26 19:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 19:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 19:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 14:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 19:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-26 19:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 19:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 19:13:20 56,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 19:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 19:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 14:40:34 208,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-26 19:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 14:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 18:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-26 20:30:42 65,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 14:16:36 133,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 19:12:52 189,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\CONTACTPICKER.D LL
+ 2006-10-26 19:55:32 87,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-26 23:48:08 234,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-27 14:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 13:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 13:04:58 75,576 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-26 18:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 14:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 19:02:12 2,526,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 14:37:44 338,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2006-10-27 14:38:02 6,191,400 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMG R.DLL
+ 2006-10-27 14:37:44 284,448 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-26 23:47:54 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEAUDITSERV ICE.EXE
+ 2006-10-27 14:37:40 34,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY .DLL
+ 2006-10-27 14:37:44 300,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVECALENDART OOL.DLL
+ 2006-10-26 23:47:44 33,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 14:37:56 2,689,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVECOMMONCOM PONENTS.DLL
+ 2006-10-27 14:38:00 3,508,544 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVECOMMUNICA TIONSSERVICES.DLL
+ 2006-10-27 14:37:40 117,584 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVECOMMUNICA TIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 14:37:50 768,304 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVECOMPONENT MGR.DLL
+ 2006-10-27 14:37:52 1,359,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DL L
+ 2006-10-26 23:48:24 377,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWE RTOOL.DLL
+ 2006-10-27 14:37:58 3,071,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTS HARETOOL.DLL
+ 2006-10-27 14:37:44 284,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEFETCHSERV ICES.DLL
+ 2006-10-26 23:48:00 197,920 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-26 23:48:18 317,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR. EXE
+ 2006-10-26 23:48:40 1,555,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-26 23:47:42 31,016 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEMONITOR.E XE
+ 2006-10-26 23:47:40 22,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-26 23:48:02 224,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEPROJECTTO OLSET.DLL
+ 2006-10-27 14:38:04 7,053,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVERESOURCE. DLL
+ 2006-10-26 23:48:42 2,210,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVESHELLEXTE NSIONS.DLL
+ 2006-10-26 23:48:18 363,304 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVESKETCHTOO L.DLL
+ 2006-10-26 23:47:40 16,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVESTDURLLAU NCHER.EXE
+ 2006-10-27 14:37:56 2,738,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVESTORAGEMG R.DLL
+ 2006-10-27 14:37:38 35,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVESYSTEMMOD E.DLL
+ 2006-10-26 23:48:02 222,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVESYSTEMSER VICES.DLL
+ 2006-10-27 14:37:50 1,163,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS .DLL
+ 2006-10-27 14:38:00 4,746,536 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVETRANSCEIV ER.DLL
+ 2006-10-27 14:37:54 1,396,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWO RK.DLL
+ 2006-10-26 23:48:34 955,680 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 14:37:40 268,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSE RTOOL2.DLL
+ 2006-10-26 23:48:26 572,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFO RMSERVICES.DLL
+ 2006-10-27 14:37:48 631,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\GROOVEWEBSERVIC ES.DLL
+ 2006-10-26 19:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-26 19:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 14:10:08 1,439,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 14:10:10 5,456,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 14:10:10 5,281,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-26 20:42:00 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2008-12-27 14:00:26 609,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2008-12-27 14:00:26 118,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2006-10-26 18:55:10 828,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 19:55:48 340,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 14:04:08 497,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 14:01:34 10,371,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-26 20:18:06 66,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2007-03-23 00:03:50 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 13:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 18:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 19:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-26 20:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 19:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 12:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 14:04:10 9,581,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 18:50:04 672,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 12:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 18:55:12 832,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 18:55:06 538,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 19:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-26 19:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 19:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-26 19:00:08 274,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-26 19:00:12 998,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 19:00:10 285,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 14:16:46 2,939,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 19:34:12 660,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 19:34:10 192,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 19:32:42 604,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 14:39:36 687,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 14:03:04 1,018,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-26 19:24:54 98,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-26 19:24:50 72,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-26 19:24:58 1,165,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 14:03:06 6,579,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-26 19:23:00 782,720 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-26 19:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-09-15 15:25:18 3,611,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-07-26 17:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 14:16:44 594,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 14:16:48 12,813,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 14:16:40 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 14:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-26 20:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 14:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 14:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2008-12-27 13:59:14 248,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-26 19:09:36 136,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 13:05:00 77,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-26 19:55:54 413,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 14:04:06 624,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 19:09:44 590,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 20:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 20:42:12 744,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 13:04:44 19,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-26 19:55:44 263,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 19:55:44 272,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-26 19:13:00 503,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 19:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 20:18:16 502,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-07-28 14:21:58 277,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 13:57:08 2,330,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 13:04:48 29,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 13:05:04 126,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-10-26 13:05:02 86,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 13:04:56 58,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 13:04:48 27,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 13:04:54 51,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 13:04:44 19,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 13:04:58 76,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-09-29 23:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-26 22:00:12 1,841,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-10-26 21:58:38 3,732,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 14:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2008-12-27 13:59:15 781,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 14:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 13:05:08 1,181,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-26 20:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-26 13:05:08 530,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2007-10-05 19:37:38 17,927,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-08-28 22:38:10 500,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-08-28 22:38:46 9,584,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-10-05 19:44:24 14,168,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\OART.DLL
+ 2007-10-02 18:51:22 8,436,776 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-08-28 22:06:16 467,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-28 22:06:44 7,990,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2008-12-27 21:45:03 251,272 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\PPTPIA.DLL
+ 2007-08-28 23:38:22 2,016,656 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\PPTVIEW.EXE
+ 2007-08-24 02:43:28 138,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-28 22:39:14 625,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 02:43:36 593,296 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-28 22:16:00 350,064 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 16:56:32 17,490,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-08-24 04:14:14 13,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119 E20000000000000000F01FEC\12.0.6215\XLCALL32.DLL
+ 2008-12-27 21:53:00 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-12-27 21:54:43 1,165,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-27 21:54:43 20,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-27 21:54:43 159,504 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-27 21:54:43 184,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-27 21:54:43 217,864 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-27 21:54:44 18,704 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-27 21:54:44 35,088 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-27 21:54:43 845,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-27 21:54:43 922,384 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-27 21:54:43 272,648 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-27 21:54:44 888,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-27 21:54:43 1,172,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-12-27 11:43:33 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-01-09 14:39:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2008-12-27 11:43:33 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-01-09 14:39:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2006-11-02 09:46:13 41,472 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
- 2008-12-27 11:44:38 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-09 14:40:32 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-09 14:40:32 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2008-12-27 11:44:38 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at
+ 2009-01-09 14:40:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at
+ 2009-01-09 14:40:27 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
+ 2006-11-02 09:46:03 172,544 ----a-w c:\windows\System32\CNBLM3_2.DLL
+ 2006-11-02 09:46:03 17,920 ----a-w c:\windows\System32\CNHIPRO.DLL
+ 2006-11-02 09:46:03 49,664 ----a-w c:\windows\System32\CNHL170S.DLL
+ 2006-11-02 09:46:11 70,656 ----a-w c:\windows\System32\CNHW170S.DLL
- 2008-12-27 10:52:49 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-01-09 14:39:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-12-27 10:52:49 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-09 14:39:35 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-27 10:52:49 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-09 14:39:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-26 14:46:41 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.da t
+ 2009-01-09 15:33:13 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.da t
- 2006-11-02 09:46:14 219,648 ----a-w c:\windows\System32\drivers\UMDF\WpdFs.dll
+ 2008-01-19 07:37:09 220,160 ----a-w c:\windows\System32\drivers\UMDF\WpdFs.dll
- 2007-12-12 03:56:25 73,216 ----a-w c:\windows\System32\drivers\usbccgp.sys
+ 2008-01-19 05:53:29 73,216 ----a-w c:\windows\System32\drivers\usbccgp.sys
- 2006-11-02 09:14:58 18,944 ----a-w c:\windows\System32\drivers\usbprint.sys
+ 2008-01-19 06:14:40 18,944 ----a-w c:\windows\System32\drivers\usbprint.sys
+ 2008-01-19 06:14:09 35,328 ----a-w c:\windows\System32\drivers\usbscan.sys
- 2007-12-12 02:47:13 55,296 ----a-w c:\windows\System32\drivers\USBSTOR.SYS
+ 2008-01-19 05:53:22 55,296 ----a-w c:\windows\System32\drivers\USBSTOR.SYS
+ 2007-08-23 00:03:38 1,195,888 ----a-w c:\windows\System32\FM20.DLL
+ 2006-10-26 13:10:06 33,088 ----a-w c:\windows\System32\FM20ENU.DLL
- 2008-12-26 21:54:19 281,432 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-12-27 22:07:30 384,016 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32_FlashUt il.exe
+ 2009-01-06 17:31:26 84,661 ----a-w c:\windows\System32\Macromed\Flash\uninstall_plugi n.exe
+ 2006-07-24 09:50:38 125,744 ----a-w c:\windows\System32\MSSTDFMT.DLL
- 2008-12-27 11:40:27 100,640 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-09 14:44:03 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-27 11:40:27 126,270 ----a-w c:\windows\System32\perfc013.dat
+ 2009-01-09 14:44:03 126,854 ----a-w c:\windows\System32\perfc013.dat
- 2008-12-27 11:40:27 586,568 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-09 14:44:03 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-27 11:40:27 666,366 ----a-w c:\windows\System32\perfh013.dat
+ 2009-01-09 14:44:03 667,352 ----a-w c:\windows\System32\perfh013.dat
+ 2007-08-06 11:07:30 8,784 ----a-w c:\windows\System32\ractrlkeyhook.dll
+ 2006-07-24 09:50:40 39,728 ----a-w c:\windows\System32\SCP32.DLL
- 2008-12-27 10:49:19 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-12-27 21:55:26 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 09:46:03 97,280 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNB_027 0.DLL
+ 2006-11-02 08:27:31 259,584 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBBR27 0.DLL
+ 2006-11-02 09:46:03 500,736 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBDR3_ 5.DLL
+ 2006-11-02 09:46:03 9,216 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBFUS. DLL
+ 2006-11-02 09:46:03 26,624 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBJOP7 I.DLL
+ 2006-11-02 09:46:03 8,704 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBLH.D LL
+ 2006-09-21 06:25:25 2,134,016 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBLR.D LL
+ 2006-11-02 08:27:48 144,896 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBP_27 0.DLL
+ 2006-09-18 21:35:01 23,280 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBP0.D AT
+ 2006-09-18 21:35:01 27,140 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBP1.D AT
+ 2006-09-18 21:35:01 30,320 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBP2.D AT
+ 2006-11-02 08:27:53 274,432 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBPCOM M.DLL
+ 2006-11-02 09:46:11 89,600 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBPV3. DLL
+ 2006-11-02 09:46:03 46,080 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBSD3. DLL
+ 2006-11-02 09:46:03 200,192 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBSM3. DLL
+ 2006-11-02 09:46:03 44,032 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBSQ3. DLL
+ 2006-09-21 06:25:28 1,599,488 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBSR.D LL
+ 2006-11-02 09:46:03 52,736 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBSS3. DLL
+ 2006-11-02 09:46:03 1,787,392 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBUI3. DLL
+ 2006-09-21 06:25:28 6,067,712 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBUR.D LL
+ 2006-11-02 09:46:03 11,776 ----a-w c:\windows\System32\spool\drivers\w32x86\3\CNBWI3. DLL
+ 2006-10-26 18:56:16 864,080 ----a-w c:\windows\System32\spool\drivers\w32x86\3\msonpdr v.dll
+ 2006-10-26 18:56:14 67,408 ----a-w c:\windows\System32\spool\drivers\w32x86\3\msonpui .dll
+ 2006-10-26 18:56:16 864,080 ----a-w c:\windows\System32\spool\drivers\w32x86\msonpdrv. dll
+ 2006-10-26 18:56:14 67,408 ----a-w c:\windows\System32\spool\drivers\w32x86\msonpui.d ll
+ 2006-11-02 09:46:03 70,144 ----a-w c:\windows\System32\spool\prtprocs\w32x86\CNBPP3.D LL
+ 2006-10-26 18:56:12 33,104 ----a-w c:\windows\System32\spool\prtprocs\w32x86\msonpppr .dll
+ 2006-07-24 09:50:40 47,920 ----a-w c:\windows\System32\VBAME.DLL
- 2008-12-27 10:45:25 3,670 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-237440480-1246173279-1719117380-1000_UserData.bin
+ 2009-01-09 14:41:25 5,486 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-237440480-1246173279-1719117380-1000_UserData.bin
- 2008-12-27 11:45:33 54,154 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-01-09 14:41:24 54,984 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-01-02 22:43:15 1,838 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-12-27 11:45:29 32,510 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-01-09 08:54:37 36,076 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2008-12-27 00:59:17 73,666 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S3.bin
+ 2009-01-09 14:21:03 181,598 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S3.bin
+ 2009-01-07 11:29:47 110,032 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S4.bin
- 2008-12-27 08:34:14 150,307,656 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001 c50b5_blobs.bin
+ 2008-12-27 14:02:33 150,319,984 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001 c50b5_blobs.bin
- 2008-12-26 08:39:20 95,744 ----a-w c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a 1e18e3b_8.0.50727.42_none_dc990e4797f81af1\ATL80.d ll
+ 2008-12-27 14:02:27 95,744 ----a-w c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a 1e18e3b_8.0.50727.42_none_dc990e4797f81af1\ATL80.d ll
- 2008-12-26 08:39:21 40,960 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0CHS.dll
+ 2008-12-27 14:02:30 40,960 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0CHS.dll
- 2008-12-26 08:39:21 45,056 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0CHT.dll
+ 2008-12-27 14:02:30 45,056 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0CHT.dll
- 2008-12-26 08:39:21 65,536 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0DEU.dll
+ 2008-12-27 14:02:30 65,536 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0DEU.dll
- 2008-12-26 08:39:21 57,344 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0ENU.dll
+ 2008-12-27 14:02:30 57,344 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0ENU.dll
- 2008-12-26 08:39:21 61,440 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0ESP.dll
+ 2008-12-27 14:02:30 61,440 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0ESP.dll
- 2008-12-26 08:39:21 61,440 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0FRA.dll
+ 2008-12-27 14:02:30 61,440 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0FRA.dll
- 2008-12-26 08:39:21 61,440 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0ITA.dll
+ 2008-12-27 14:02:30 61,440 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0ITA.dll
- 2008-12-26 08:39:21 49,152 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0JPN.dll
+ 2008-12-27 14:02:30 49,152 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0JPN.dll
- 2008-12-26 08:39:21 49,152 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0KOR.dll
+ 2008-12-27 14:02:30 49,152 ----a-w c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc8 0KOR.dll
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" [2007-09-13 222504]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [BU]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{527381F8-1F27-49AF-9616-1B4925921F00}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{D64A5F25-1063-48DA-BACC-9062AC7DC139}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{72E9DB74-D6D3-4DF0-8D70-5DBC44BC5DC6}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{F8226D1D-CFC7-4AB9-8279-34EE4648FDE5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5CFE1B83-3240-434D-A3A9-04E22E9D76C6}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6F4A0743-2DC4-43EB-AA0B-37B7B806E823}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{60E3A09D-F4C3-4100-8DD1-9D779BEB0A13}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AB38271B-C172-4F9E-A804-7BA02F9AB541}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EFB2A4D2-48CA-432E-9239-10FFBB6CA200}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2C16433D-747C-4954-957B-458B5FAC3C1F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{260DAEDC-47A3-4456-90AC-D33DC2C136D1}"= UDP:d:\program files\LimeWire\LimeWire.exe:LimeWire
"{132D5659-AC75-41F8-9E96-7164353F3947}"= TCP:d:\program files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsd efs\20081220.001\IDSvix86.sys [2008-12-26 270384]
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mo n.sys [2008-01-13 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-26 99376]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symn disv.sys [2008-06-13 41008]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-12-26 149352]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Presario&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Presario&pf=laptop
IE: &AOL-werkbalk Search - c:\program files\aol\aol toolbar 5.0\resources\nl-NL\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Danpajo\AppData\Roaming\Mozilla\Firefox\P rofiles\7zcgddew.default\
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 16:36:41
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2009-01-09 16:39:24
ComboFix-quarantined-files.txt 2009-01-09 15:39:19
ComboFix2.txt 2008-12-27 12:06:12
ComboFix3.txt 2008-12-26 15:04:27

Pre-Run: 42.226.536.448 bytes beschikbaar
Post-Run: 41,907,339,264 bytes beschikbaar

636 --- E O F --- 2008-12-27 21:54:55
[/CODE]

En hieronder volgt mijn nieuwe hijjack log:

[CODE]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:08, on 9-1-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &AOL-werkbalk Search - c:\program files\aol\aol toolbar 5.0\resources\nl-NL\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8728 bytes


volgens mij heb ik de stappen nu wel gedaan!!!
koelkast
10 January 2009, 10:05
Hallo,

Ik ben nog even verder gegaan met mijn computer en van alles geprobeert.

Als ik grote bestanden kopieer of verplaats is er niets aan de hand.

Programma's installeren geen probleem. Het zit hem in het uitpakken van bestanden. Heb zelfs geprobeerd een ander uitpakprogramma te vinden en die geinstalleerd. zelfs deze liep vast.

Ook inpakken lukt niet. Ik hoop dat iemand iets zinnigs zou kunnen zeggen over deze situatie want ik snap er werkelijk waar niets meer van.

Heb ook gekeken naar de cpu en het geheugenverbruik. Het geheugenverbruik komt niet boven de 50 procent en de cpu blijft rond de 10 procent. En ineens. doet mijn computer niets mer.

Suggesties?

Note:als je telkens zelf opnieuw gaat posten staat je post niet meer op 0 en word deze over het hoofd gezien door ons. Wacht even op hulp nu.
ghost
10 January 2009, 10:58
Suggestie , ja in het vervolg wacht je op een spyware slayer ,voor alleer je combofix gebruikt . Je kunt uw pc helemaal mee om zeep helpen daarmee.
Je bent niet de eerste die zoiets doet zenne , met alle gevolgen nadien.....
Welk ander uitpak progje heb je al gebruikt , en welke versie winrar heb je ?
Als je al een verouderd winrar hebt , kunt je beter eens de nieuwere versie pakken.
koelkast
10 January 2009, 11:37
Okidoki, ik zag in veel replies dat de eerste suggestie was om dat te doen vandaar. Zal in het vervolg meer geduld tonen.

Ik gebruik winrar versie 3,80

Daarna heb ik 7 zip gedownload en ook hier gebeurde hetzelfde.

Heb dezelfde files uitgepakt op een andere computer en die gaf geen probleem.
Rosty
10 January 2009, 12:40
Hoi,

probeer eens volgende: verwijder winrar volledig van het systeem.

* Leeg de Cache and Cookies in IE: Sluit Internet Explorer.
Ga naar Configuratiescherm > Internet Opties > tab Algemeen
Klik de Cookies verwijderen knop
Klik op de Bestanden verwijderen knop ernaast
Vink aan: Ook alle off line items verwijderen, klik OK* Leeg de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is): Ga naar Extra > Opties.
Klik Privacy in het menu.
Klik op de knop Wissen (Geschiedenis, Cookies, Cache).
Klik OK om het venster opnieuw te sluiten. * Leeg andere Temporary files + Prullenbak Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
Laat het je systeem scannen op bestanden die moeten verwijderd worden
Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden'en 'prullenbak'staan aangevinkt.
Klik daarna op OK.
* Defragmenteer de harde schijf eens
Dit raad ik je aan om in veilige modus (http://users.pandora.be/marcvn/spyware/1378056.htm) te doen. Indien je opstart in veilige modus is handig dat je al het onderstaande opslaat en/of uit print omdat je de verdere instructies niet kunt terug vinden in veilige modus:
Ga naar Start -- Uitvoeren
Typ in: dfrg.msc en druk op Ok.
Druk nu op 'Defragmenteren'.
Als dit klaar is kan je de PC weer herstarten.

Download F-Secure Blacklight (ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe):
Plaats het op je Bureaublad.
Dubbelklik op blbeta.exe.
Klik op "I accept the agreement".
Klik op "Next".
Klik op "Scan" en als het programma klaar is klik je daarna op "Next".
Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven.
Laat nog niks hernoemen.
Op je Bureaublad staat een bestand met de naam fsbl.xxxxxxx.log (de x-en staan voor getallen)
Dit is het logje dat Blacklight gemaakt heeft. Post het in je volgende antwoord a.u.b.
koelkast
10 January 2009, 19:03
hallo,

heb alles gedaan zoals gezegd, Scan erop los gelaten maar er werd niets gevonden.

Verder nog suggesties, Alvast bedankt dat je nu de moeite hebt genomen mij te helpen.
koelkast
10 January 2009, 19:21
inmiddels loopt mijn computer op veel meer handelingen vast.
Rosty
11 January 2009, 09:24
Wat heb je intussen al zelf allemaal gedaan?

Download Dr.Web CureIt en plaats het op je bureaublad: cureit.exe (ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe).

Dubbelklik op cureit.exe, en klik daarna op Start om het programma een snelle scan te laten uitvoeren.
Deze snelle scan zal de bestanden scannen die momenteel in het geheugen geladen zijn.
Wordt er wat gevonden, dan laat je CureIt dit repareren.
- Verschijnt er een venster met een aanbieding tot kopen met 50% korting, dan klik je deze weg met het kruisje.
Daarna zal het hoofdvenster zichtbaar worden.
- Kies bovenaan in het menu Optie voor Taal en wijzig deze naar Dutch (Nederlands), indien deze anders ingesteld staat.
- In het menu Opties kies je voor Instellingen veranderen (F9).
Op het tabblad "Scan" haal je het vinkje weg bij Heuristic Analyse.
Druk op Toepassen.
Op het tabblad "Bestandstypen" moet bij Scan mode geselecteerd zijn: Alle bestanden.
Op het tabblad "Acties" stel je het volgende in bij Malware:
-Adware: Verplaats
-Dialers: Verplaats
-Jokes: Rapportage
-Riskware: Rapportage
-Hacktools: Verplaats
Nog steeds op het tabblad "Acties" stel je het volgende in bij Objecten:
- Geïnfecteerde objecten: Repareer
- Onrepareerbare: Verplaats
- Verdachte objecten: Rapportage
Haal dan het vinkje weg bij: Prompt bij actie.
Druk op Toepassen.
Druk daarna op OK.
Terug in het hoofdvenster kan je selecteren welke scan je wil uitvoeren.
- Selecteer Volledige scan
Klik op de groene pijl aan de rechterkant om de scan te starten.
Indien de geïnfecteerde bestanden niet kunnen gedesinfecteerd worden, zullen deze verplaatst worden naar de map %userprofile%\DoctorWeb\Quarantine.
- Als de scan klaar is kies je in het menu voor Bestand voor Rapportagelijst opslaan en sla je de log op op je bureaublad.
- Sluit daarna Dr.Web Cureit.

Herstart je computer.
Dit moet je zeker uitvoeren, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen of verwijderen na een herstart.

Als de computer opnieuw gestart is, kopieer en plak je de inhoud van de log die je eerder hebt opgeslagen op je bureaublad, in je volgende post.
Post ook een nieuwe hijackthislog.
koelkast
11 January 2009, 11:12
Oke, bedankt alvast voor je responce.

Ik heb zelf gedaan de zaken zoals hierboven beschreven. Daarnaast heb ik alle nieuwe programma's van de laatste paar weken ook verwijdert in de hoop dat daar wat fout zat.

Het mocht niet baten. Ik krijg het nu ook niet meer voor elkaar om mijn D schijf op virussen te scannen of te defragmenteren.

Zal dalijk de rapportage hier neerzetten.

jap
koelkast
11 January 2009, 13:48
Snik computer liep vast aan het einde van de test, de laatste millimeter en toen bevroor hij. Tot dan toe niks gevonden. Ik begin op nieuw.
koelkast
11 January 2009, 16:27
na 2e scan liep hij wederom op het zelfde punt vast.

Het enige wat hij als iets raar aan gaf was combofix die ik middels jullie site heb gedownload.

Sugesties?
koelkast
11 January 2009, 17:33
ik kan de log van dr cureit niet plaatsen, dan crashed de website. Het is ook zo vreselijk lang. het .txt bestand is 2,5 mb.

Ik kan wel mijn nieuwe hijjack log plaatsen.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:35, on 11-1-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Danpajo\Desktop\cureit.exe
C:\Users\Danpajo\AppData\Local\Temp\RarSFX2\_start .exe
C:\Users\Danpajo\AppData\Local\Temp\RarSFX2\setup. exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\Taskmgr.exe
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &AOL-werkbalk Search - c:\program files\aol\aol toolbar 5.0\resources\nl-NL\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8123 bytes


En nu?

Ik zou het andere logje kunnen mailen ofzo.
Rosty
11 January 2009, 23:05
Kun je het als bijlage posten?
koelkast
11 January 2009, 23:40
Uploaden ging niet, probeer het met een link uploaden.

Werkt ook niet Goed, een uur later doen we het maar zo.


http://www.havealookhere.com/logvirusscan.doc

geloof dat het werkt.
Rosty
12 January 2009, 09:42
Malware is het niet hoor. Misschien eens raad vragen in het software gedeelte hier.
koelkast
12 January 2009, 11:29
Ok, bedankt dan voor je hulp. Ik ga daar vanmiddag achteraan.