niks vinden, maar er is wel iets

Madje1992 · 21 september 2011

De laptop van mijn zusje is misschien net 1 maand oud.

Maar helaas loopt hij heel vaak vast, en kan er met McAfee of Malware Antibytes niet gescand worden. Telkens als we dat proberen loopt de hele laptop vast en mag je de laptop opnieuw opstarten.

Daarnaast zet dit virus McAfee ook steeds weer op non-actief. Het real-time scannen wordt steeds uitgezet.

En we kunnen het wel aanzetten, maar een paar minuten later is het weer uit.

Iemand een idee wat het beste gedaan kan worden???

Het gaat om een MSI CX640 met Windows 7 64 bits erop.

Het gaat hierbij dus niet om mijn eigen laptop.

Dasle · 21 september 2011

We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem.

1. Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.

2. Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Bijlage 12634)

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

Madje1992 · 22 september 2011

HijackThis opende de log niet dus heb ik met RSIT het geprobeerd en werkte. Eerste logje:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Charlotte at 2011-09-22 16:41:41

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 239 GB (88%) free of 272 GB

Total RAM: 4008 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:41:50, on 22-9-2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Users\Charlotte\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Charlotte\Desktop\RSIT.exe

C:\Program Files (x86)\trend micro\Charlotte.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI | MSN

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110921180325.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

O4 - HKCU\..\Run: [Google Update] "C:\Users\Charlotte\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3708872907-2703013417-2447342661-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3708872907-2703013417-2447342661-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: SRS PC Sound.lnk = C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\PHotkey\ASLDRSrv.exe

O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Program Files (x86)\PHotkey\GFNEXSrv.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10452 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3708872907-2703013417-2447342661-1001Core.job

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3708872907-2703013417-2447342661-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110921180325.dll [2011-03-13 78456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"=c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-04-27 113288]

"Nuance PDF Reader-reminder"=C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [2008-11-03 328992]

"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2011-07-13 1666144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2009-05-05 222496]

"Google Update"=C:\Users\Charlotte\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 136176]

"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

SRS PC Sound.lnk - C:\Program Files (x86)\SRS Labs\SRS Control Panel\SRSPanel_64.exe

C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OneNote 2010 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\windows\SysWOW64\nvinit.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2011-09-22 16:41:41 ----D---- C:\rsit

2011-09-22 16:36:07 ----D---- C:\Program Files (x86)\Trend Micro

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\wininet.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\wextract.exe

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\webcheck.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\vbscript.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\urlmon.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\url.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\SetIEInstalledDate.exe

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\RegisterIEPKEYs.exe

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\pngfilt.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\occache.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\msrating.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\msls31.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\mshtmler.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\mshtmled.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\mshtml.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\mshta.exe

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\msfeedssync.exe

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\msfeedsbs.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\msfeeds.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\licmgr10.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\jsproxy.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\jscript9.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\jscript.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\inseng.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\imgutil.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\iexpress.exe

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\ieUnatt.exe

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\ieui.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\iesysprep.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\iesetup.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\iertutil.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\iernonce.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\iepeers.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\ieframe.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\iedkcs32.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\ieapfltr.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\ieapfltr.dat

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\ieakui.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\ieaksie.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\ieakeng.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\IEAdvpack.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\ie4uinit.exe

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\icardie.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\dxtrans.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\dxtmsft.dll

2011-09-18 20:22:06 ----A---- C:\windows\SysWOW64\admparse.dll

2011-09-18 17:36:09 ----A---- C:\windows\SysWOW64\DWrite.dll

2011-09-18 17:36:08 ----A---- C:\windows\SysWOW64\d2d1.dll

2011-09-18 11:34:00 ----SHD---- C:\Config.Msi

2011-09-09 17:11:15 ----D---- C:\Program Files (x86)\Common Files\McAfee

2011-09-09 17:11:08 ----D---- C:\Program Files (x86)\McAfee.com

2011-09-09 17:11:07 ----D---- C:\Program Files (x86)\McAfee

2011-09-09 17:04:45 ----D---- C:\ProgramData\McAfee

2011-09-09 14:51:18 ----A---- C:\windows\SysWOW64\dfshim.dll

2011-09-09 14:51:09 ----A---- C:\windows\SysWOW64\mstscax.dll

2011-09-09 14:51:06 ----A---- C:\windows\SysWOW64\mfc40u.dll

2011-09-09 14:51:06 ----A---- C:\windows\SysWOW64\mfc40.dll

2011-09-09 14:51:06 ----A---- C:\windows\SysWOW64\d3d10warp.dll

2011-09-09 14:50:55 ----A---- C:\windows\SysWOW64\shell32.dll

2011-09-09 14:50:55 ----A---- C:\windows\SysWOW64\secproc_isv.dll

2011-09-09 14:50:54 ----A---- C:\windows\SysWOW64\secproc.dll

2011-09-09 14:50:54 ----A---- C:\windows\SysWOW64\RMActivate_isv.exe

2011-09-09 14:50:53 ----A---- C:\windows\SysWOW64\RMActivate.exe

2011-09-09 14:50:51 ----A---- C:\windows\SysWOW64\mscoree.dll

2011-09-09 14:50:49 ----A---- C:\windows\SysWOW64\mf.dll

2011-09-09 14:50:48 ----A---- C:\windows\SysWOW64\CertEnroll.dll

2011-09-09 14:50:45 ----A---- C:\windows\SysWOW64\wmp.dll

2011-09-09 14:50:42 ----A---- C:\windows\SysWOW64\PresentationHostProxy.dll

2011-09-09 14:50:42 ----A---- C:\windows\SysWOW64\PresentationHost.exe

2011-09-09 14:50:38 ----A---- C:\windows\SysWOW64\RacEngn.dll

2011-09-09 14:50:37 ----A---- C:\windows\SysWOW64\AuthFWSnapin.dll

2011-09-09 14:50:33 ----A---- C:\windows\SysWOW64\ExplorerFrame.dll

2011-09-09 14:50:32 ----A---- C:\windows\SysWOW64\ole32.dll

2011-09-09 14:50:29 ----A---- C:\windows\SysWOW64\vssapi.dll

2011-09-09 14:50:29 ----A---- C:\windows\SysWOW64\SearchFolder.dll

2011-09-09 14:50:29 ----A---- C:\windows\SysWOW64\d3d9.dll

2011-09-09 14:50:27 ----A---- C:\windows\SysWOW64\taskschd.dll

2011-09-09 14:50:27 ----A---- C:\windows\SysWOW64\crypt32.dll

2011-09-09 14:50:26 ----A---- C:\windows\SysWOW64\mstsc.exe

2011-09-09 14:50:25 ----A---- C:\windows\SysWOW64\wer.dll

2011-09-09 14:50:25 ----A---- C:\windows\SysWOW64\ntdll.dll

2011-09-09 14:50:24 ----A---- C:\windows\SysWOW64\msxml6.dll

2011-09-09 14:50:24 ----A---- C:\windows\SysWOW64\dwmcore.dll

2011-09-09 14:50:24 ----A---- C:\windows\SysWOW64\certcli.dll

2011-09-09 14:50:23 ----A---- C:\windows\SysWOW64\tcpmonui.dll

2011-09-09 14:50:23 ----A---- C:\windows\SysWOW64\odbc32.dll

2011-09-09 14:50:21 ----A---- C:\windows\SysWOW64\TSWorkspace.dll

2011-09-09 14:50:21 ----A---- C:\windows\SysWOW64\quartz.dll

2011-09-09 14:50:20 ----A---- C:\windows\SysWOW64\winhttp.dll

2011-09-09 14:50:20 ----A---- C:\windows\SysWOW64\tsmf.dll

2011-09-09 14:50:20 ----A---- C:\windows\SysWOW64\setupapi.dll

2011-09-09 14:50:20 ----A---- C:\windows\SysWOW64\dot3api.dll

2011-09-09 14:50:19 ----A---- C:\windows\SysWOW64\MSVidCtl.dll

2011-09-09 14:50:19 ----A---- C:\windows\SysWOW64\dbgeng.dll

2011-09-09 14:50:19 ----A---- C:\windows\SysWOW64\apphelp.dll

2011-09-09 14:50:18 ----A---- C:\windows\SysWOW64\WindowsCodecs.dll

2011-09-09 14:50:18 ----A---- C:\windows\SysWOW64\netlogon.dll

2011-09-09 14:50:18 ----A---- C:\windows\SysWOW64\netcfgx.dll

2011-09-09 14:50:18 ----A---- C:\windows\SysWOW64\d3d11.dll

2011-09-09 14:50:17 ----A---- C:\windows\SysWOW64\WMVDECOD.DLL

2011-09-09 14:50:17 ----A---- C:\windows\SysWOW64\webio.dll

2011-09-09 14:50:17 ----A---- C:\windows\SysWOW64\Query.dll

2011-09-09 14:50:16 ----A---- C:\windows\SysWOW64\WsmSvc.dll

2011-09-09 14:50:16 ----A---- C:\windows\SysWOW64\upnp.dll

2011-09-09 14:50:16 ----A---- C:\windows\SysWOW64\schannel.dll

2011-09-09 14:50:16 ----A---- C:\windows\SysWOW64\DShowRdpFilter.dll

2011-09-09 14:50:16 ----A---- C:\windows\SysWOW64\advapi32.dll

2011-09-09 14:50:15 ----A---- C:\windows\SysWOW64\netfxperf.dll

2011-09-09 14:50:15 ----A---- C:\windows\SysWOW64\msv1_0.dll

2011-09-09 14:50:15 ----A---- C:\windows\SysWOW64\msdrm.dll

2011-09-09 14:50:15 ----A---- C:\windows\SysWOW64\mmcndmgr.dll

2011-09-09 14:50:15 ----A---- C:\windows\SysWOW64\imapi2fs.dll

2011-09-09 14:50:14 ----A---- C:\windows\SysWOW64\usp10.dll

2011-09-09 14:50:14 ----A---- C:\windows\SysWOW64\shlwapi.dll

2011-09-09 14:50:14 ----A---- C:\windows\SysWOW64\SessEnv.dll

2011-09-09 14:50:14 ----A---- C:\windows\SysWOW64\PortableDeviceApi.dll

2011-09-09 14:50:14 ----A---- C:\windows\SysWOW64\authui.dll

2011-09-09 14:50:13 ----A---- C:\windows\SysWOW64\mcbuilder.exe

2011-09-09 14:50:12 ----A---- C:\windows\SysWOW64\xpsservices.dll

2011-09-09 14:50:12 ----A---- C:\windows\SysWOW64\userenv.dll

2011-09-09 14:50:12 ----A---- C:\windows\SysWOW64\drvstore.dll

2011-09-09 14:50:12 ----A---- C:\windows\SysWOW64\certmgr.dll

2011-09-09 14:50:11 ----A---- C:\windows\SysWOW64\WebClnt.dll

2011-09-09 14:50:11 ----A---- C:\windows\SysWOW64\comdlg32.dll

2011-09-09 14:50:10 ----A---- C:\windows\SysWOW64\cmd.exe

2011-09-09 14:50:08 ----A---- C:\windows\SysWOW64\Wldap32.dll

2011-09-09 14:50:08 ----A---- C:\windows\SysWOW64\win32spl.dll

2011-09-09 14:50:08 ----A---- C:\windows\SysWOW64\propsys.dll

2011-09-09 14:50:08 ----A---- C:\windows\SysWOW64\mfds.dll

2011-09-09 14:50:08 ----A---- C:\windows\SysWOW64\framedynos.dll

2011-09-09 14:50:07 ----A---- C:\windows\SysWOW64\user32.dll

2011-09-09 14:50:07 ----A---- C:\windows\SysWOW64\ncsi.dll

2011-09-09 14:50:06 ----A---- C:\windows\SysWOW64\azroles.dll

2011-09-09 14:50:05 ----A---- C:\windows\SysWOW64\themeui.dll

2011-09-09 14:50:05 ----A---- C:\windows\SysWOW64\taskeng.exe

2011-09-09 14:50:05 ----A---- C:\windows\SysWOW64\spp.dll

2011-09-09 14:50:05 ----A---- C:\windows\SysWOW64\mswsock.dll

2011-09-09 14:50:05 ----A---- C:\windows\SysWOW64\dhcpcore.dll

2011-09-09 14:50:05 ----A---- C:\windows\SysWOW64\credui.dll

2011-09-09 14:50:05 ----A---- C:\windows\splwow64.exe

2011-09-09 14:50:04 ----A---- C:\windows\SysWOW64\wintrust.dll

2011-09-09 14:50:04 ----A---- C:\windows\SysWOW64\NaturalLanguage6.dll

2011-09-09 14:50:04 ----A---- C:\windows\SysWOW64\msxml3.dll

2011-09-09 14:50:04 ----A---- C:\windows\SysWOW64\mfreadwrite.dll

2011-09-09 14:50:04 ----A---- C:\windows\SysWOW64\dxgi.dll

2011-09-09 14:50:04 ----A---- C:\windows\SysWOW64\dbghelp.dll

2011-09-09 14:50:04 ----A---- C:\windows\SysWOW64\basecsp.dll

2011-09-09 14:50:03 ----A---- C:\windows\SysWOW64\taskcomp.dll

2011-09-09 14:50:03 ----A---- C:\windows\SysWOW64\evr.dll

2011-09-09 14:50:02 ----A---- C:\windows\SysWOW64\WinSATAPI.dll

2011-09-09 14:50:02 ----A---- C:\windows\SysWOW64\calc.exe

2011-09-09 14:50:01 ----A---- C:\windows\SysWOW64\sqlsrv32.dll

2011-09-09 14:50:00 ----A---- C:\windows\SysWOW64\UIRibbon.dll

2011-09-09 14:50:00 ----A---- C:\windows\SysWOW64\sxs.dll

2011-09-09 14:50:00 ----A---- C:\windows\SysWOW64\cryptsvc.dll

2011-09-09 14:49:59 ----A---- C:\windows\SysWOW64\ws2_32.dll

2011-09-09 14:49:59 ----A---- C:\windows\SysWOW64\stobject.dll

2011-09-09 14:49:59 ----A---- C:\windows\SysWOW64\netshell.dll

2011-09-09 14:49:58 ----A---- C:\windows\SysWOW64\gdi32.dll

2011-09-09 14:49:57 ----A---- C:\windows\SysWOW64\prncache.dll

2011-09-09 14:49:57 ----A---- C:\windows\SysWOW64\comctl32.dll

2011-09-09 14:49:56 ----A---- C:\windows\SysWOW64\printui.dll

2011-09-09 14:49:56 ----A---- C:\windows\SysWOW64\msi.dll

2011-09-09 14:49:55 ----A---- C:\windows\SysWOW64\WSDApi.dll

2011-09-09 14:49:55 ----A---- C:\windows\SysWOW64\wmpeffects.dll

2011-09-09 14:49:55 ----A---- C:\windows\SysWOW64\rpchttp.dll

2011-09-09 14:49:55 ----A---- C:\windows\SysWOW64\net1.exe

2011-09-09 14:49:54 ----A---- C:\windows\SysWOW64\scansetting.dll

2011-09-09 14:49:53 ----A---- C:\windows\SysWOW64\MMDevAPI.dll

2011-09-09 14:49:53 ----A---- C:\windows\SysWOW64\davclnt.dll

2011-09-09 14:49:52 ----A---- C:\windows\SysWOW64\WMVCORE.DLL

2011-09-09 14:49:52 ----A---- C:\windows\SysWOW64\wlangpui.dll

2011-09-09 14:49:52 ----A---- C:\windows\SysWOW64\QSHVHOST.DLL

2011-09-09 14:49:52 ----A---- C:\windows\SysWOW64\aaclient.dll

2011-09-09 14:49:51 ----A---- C:\windows\SysWOW64\wpdshext.dll

2011-09-09 14:49:51 ----A---- C:\windows\SysWOW64\webservices.dll

2011-09-09 14:49:51 ----A---- C:\windows\SysWOW64\t2embed.dll

2011-09-09 14:49:51 ----A---- C:\windows\SysWOW64\pnidui.dll

2011-09-09 14:49:51 ----A---- C:\windows\SysWOW64\fde.dll

2011-09-09 14:49:50 ----A---- C:\windows\SysWOW64\wuapi.dll

2011-09-09 14:49:50 ----A---- C:\windows\SysWOW64\wscapi.dll

2011-09-09 14:49:50 ----A---- C:\windows\SysWOW64\SyncCenter.dll

2011-09-09 14:49:50 ----A---- C:\windows\SysWOW64\netdiagfx.dll

2011-09-09 14:49:49 ----A---- C:\windows\SysWOW64\WinSCard.dll

2011-09-09 14:49:49 ----A---- C:\windows\SysWOW64\pla.dll

2011-09-09 14:49:49 ----A---- C:\windows\SysWOW64\msasn1.dll

2011-09-09 14:49:48 ----A---- C:\windows\SysWOW64\winsta.dll

2011-09-09 14:49:48 ----A---- C:\windows\SysWOW64\rdpcore.dll

2011-09-09 14:49:48 ----A---- C:\windows\SysWOW64\MSMPEG2ENC.DLL

2011-09-09 14:49:48 ----A---- C:\windows\SysWOW64\imapi2.dll

2011-09-09 14:49:47 ----A---- C:\windows\SysWOW64\ntshrui.dll

2011-09-09 14:49:47 ----A---- C:\windows\SysWOW64\gameux.dll

2011-09-09 14:49:47 ----A---- C:\windows\SysWOW64\DXPTaskRingtone.dll

2011-09-09 14:49:46 ----A---- C:\windows\SysWOW64\WMPEncEn.dll

2011-09-09 14:49:46 ----A---- C:\windows\SysWOW64\winmm.dll

2011-09-09 14:49:46 ----A---- C:\windows\SysWOW64\shsvcs.dll

2011-09-09 14:49:46 ----A---- C:\windows\SysWOW64\onex.dll

2011-09-09 14:49:45 ----A---- C:\windows\SysWOW64\netiohlp.dll

2011-09-09 14:49:45 ----A---- C:\windows\SysWOW64\hbaapi.dll

2011-09-09 14:49:45 ----A---- C:\windows\SysWOW64\autofmt.exe

2011-09-09 14:49:44 ----A---- C:\windows\SysWOW64\samcli.dll

2011-09-09 14:49:44 ----A---- C:\windows\SysWOW64\proquota.exe

2011-09-09 14:49:44 ----A---- C:\windows\SysWOW64\IPHLPAPI.DLL

2011-09-09 14:49:44 ----A---- C:\windows\SysWOW64\autochk.exe

2011-09-09 14:49:43 ----A---- C:\windows\SysWOW64\msutb.dll

2011-09-09 14:49:42 ----A---- C:\windows\SysWOW64\thumbcache.dll

2011-09-09 14:49:42 ----A---- C:\windows\SysWOW64\msinfo32.exe

2011-09-09 14:49:42 ----A---- C:\windows\SysWOW64\autoconv.exe

2011-09-09 14:49:42 ----A---- C:\windows\SysWOW64\AudioSes.dll

2011-09-09 14:49:41 ----A---- C:\windows\SysWOW64\tcpipcfg.dll

2011-09-09 14:49:41 ----A---- C:\windows\SysWOW64\srchadmin.dll

2011-09-09 14:49:41 ----A---- C:\windows\SysWOW64\schtasks.exe

2011-09-09 14:49:41 ----A---- C:\windows\SysWOW64\regapi.dll

2011-09-09 14:49:41 ----A---- C:\windows\SysWOW64\powercpl.dll

2011-09-09 14:49:41 ----A---- C:\windows\SysWOW64\mimefilt.dll

2011-09-09 14:49:41 ----A---- C:\windows\SysWOW64\ipsmsnap.dll

2011-09-09 14:49:41 ----A---- C:\windows\SysWOW64\framedyn.dll

2011-09-09 14:49:41 ----A---- C:\windows\SysWOW64\eapphost.dll

2011-09-09 14:49:40 ----A---- C:\windows\SysWOW64\wcncsvc.dll

2011-09-09 14:49:40 ----A---- C:\windows\SysWOW64\msihnd.dll

2011-09-09 14:49:40 ----A---- C:\windows\SysWOW64\mscorier.dll

2011-09-09 14:49:40 ----A---- C:\windows\SysWOW64\AuxiliaryDisplayCpl.dll

2011-09-09 14:49:39 ----A---- C:\windows\SysWOW64\QAGENT.DLL

2011-09-09 14:49:39 ----A---- C:\windows\SysWOW64\netid.dll

2011-09-09 14:49:38 ----A---- C:\windows\SysWOW64\wdc.dll

2011-09-09 14:49:38 ----A---- C:\windows\SysWOW64\StructuredQuery.dll

2011-09-09 14:49:38 ----A---- C:\windows\SysWOW64\scesrv.dll

2011-09-09 14:49:38 ----A---- C:\windows\SysWOW64\actxprxy.dll

2011-09-09 14:49:37 ----A---- C:\windows\SysWOW64\WMNetMgr.dll

2011-09-09 14:49:37 ----A---- C:\windows\SysWOW64\wlanpref.dll

2011-09-09 14:49:37 ----A---- C:\windows\SysWOW64\Vault.dll

2011-09-09 14:49:37 ----A---- C:\windows\SysWOW64\untfs.dll

2011-09-09 14:49:37 ----A---- C:\windows\SysWOW64\RpcRtRemote.dll

2011-09-09 14:49:37 ----A---- C:\windows\SysWOW64\Robocopy.exe

2011-09-09 14:49:37 ----A---- C:\windows\SysWOW64\rastls.dll

2011-09-09 14:49:37 ----A---- C:\windows\SysWOW64\nci.dll

2011-09-09 14:49:35 ----A---- C:\windows\SysWOW64\taskmgr.exe

2011-09-09 14:49:35 ----A---- C:\windows\SysWOW64\mtxclu.dll

2011-09-09 14:49:35 ----A---- C:\windows\SysWOW64\DxpTaskSync.dll

2011-09-09 14:49:35 ----A---- C:\windows\SysWOW64\Display.dll

2011-09-09 14:49:34 ----A---- C:\windows\SysWOW64\XpsRasterService.dll

2011-09-09 14:49:34 ----A---- C:\windows\SysWOW64\userinit.exe

2011-09-09 14:49:34 ----A---- C:\windows\SysWOW64\termmgr.dll

2011-09-09 14:49:34 ----A---- C:\windows\SysWOW64\puiobj.dll

2011-09-09 14:49:33 ----A---- C:\windows\SysWOW64\eudcedit.exe

2011-09-09 14:49:31 ----A---- C:\windows\SysWOW64\wiadefui.dll

2011-09-09 14:49:31 ----A---- C:\windows\SysWOW64\sppcomapi.dll

2011-09-09 14:49:31 ----A---- C:\windows\SysWOW64\shsetup.dll

2011-09-09 14:49:31 ----A---- C:\windows\SysWOW64\rasppp.dll

2011-09-09 14:49:31 ----A---- C:\windows\SysWOW64\logoncli.dll

2011-09-09 14:49:31 ----A---- C:\windows\SysWOW64\cabview.dll

2011-09-09 14:49:30 ----A---- C:\windows\SysWOW64\FirewallControlPanel.dll

2011-09-09 14:49:29 ----A---- C:\windows\SysWOW64\themecpl.dll

2011-09-09 14:49:29 ----A---- C:\windows\SysWOW64\SensorsCpl.dll

2011-09-09 14:49:28 ----A---- C:\windows\SysWOW64\PhotoScreensaver.scr

2011-09-09 14:49:28 ----A---- C:\windows\SysWOW64\hgcpl.dll

2011-09-09 14:49:28 ----A---- C:\windows\SysWOW64\FWPUCLNT.DLL

2011-09-09 14:49:28 ----A---- C:\windows\SysWOW64\dnscmmc.dll

2011-09-09 14:49:26 ----A---- C:\windows\SysWOW64\tapisrv.dll

2011-09-09 14:49:26 ----A---- C:\windows\SysWOW64\scecli.dll

2011-09-09 14:49:26 ----A---- C:\windows\SysWOW64\mscories.dll

2011-09-09 14:49:26 ----A---- C:\windows\SysWOW64\mscms.dll

2011-09-09 14:49:26 ----A---- C:\windows\SysWOW64\mprddm.dll

2011-09-09 14:49:26 ----A---- C:\windows\SysWOW64\localsec.dll

2011-09-09 14:49:26 ----A---- C:\windows\SysWOW64\fontext.dll

2011-09-09 14:49:25 ----A---- C:\windows\SysWOW64\SndVolSSO.dll

2011-09-09 14:49:25 ----A---- C:\windows\SysWOW64\iasacct.dll

2011-09-09 14:49:24 ----A---- C:\windows\SysWOW64\wlanui.dll

2011-09-09 14:49:24 ----A---- C:\windows\SysWOW64\w32tm.exe

2011-09-09 14:49:24 ----A---- C:\windows\SysWOW64\VAN.dll

2011-09-09 14:49:24 ----A---- C:\windows\SysWOW64\usercpl.dll

2011-09-09 14:49:24 ----A---- C:\windows\SysWOW64\SndVol.exe

2011-09-09 14:49:24 ----A---- C:\windows\SysWOW64\qedit.dll

2011-09-09 14:49:24 ----A---- C:\windows\SysWOW64\qdvd.dll

2011-09-09 14:49:24 ----A---- C:\windows\SysWOW64\prntvpt.dll

2011-09-09 14:49:24 ----A---- C:\windows\SysWOW64\PerfCenterCPL.dll

2011-09-09 14:49:24 ----A---- C:\windows\SysWOW64\netcenter.dll

2011-09-09 14:49:24 ----A---- C:\windows\SysWOW64\batmeter.dll

2011-09-09 14:49:23 ----A---- C:\windows\SysWOW64\spwizeng.dll

2011-09-09 14:49:23 ----A---- C:\windows\SysWOW64\azroleui.dll

2011-09-09 14:49:23 ----A---- C:\windows\SysWOW64\accessibilitycpl.dll

2011-09-09 14:49:22 ----A---- C:\windows\SysWOW64\zipfldr.dll

2011-09-09 14:49:22 ----A---- C:\windows\SysWOW64\MSAC3ENC.DLL

2011-09-09 14:49:22 ----A---- C:\windows\SysWOW64\fdeploy.dll

2011-09-09 14:49:21 ----A---- C:\windows\SysWOW64\networkmap.dll

2011-09-09 14:49:21 ----A---- C:\windows\SysWOW64\netjoin.dll

2011-09-09 14:49:21 ----A---- C:\windows\SysWOW64\cryptui.dll

2011-09-09 14:49:21 ----A---- C:\windows\SysWOW64\adsldp.dll

2011-09-09 14:49:20 ----A---- C:\windows\SysWOW64\wusa.exe

2011-09-09 14:49:20 ----A---- C:\windows\SysWOW64\prnfldr.dll

2011-09-09 14:49:20 ----A---- C:\windows\SysWOW64\MCEWMDRMNDBootstrap.dll

2011-09-09 14:49:20 ----A---- C:\windows\SysWOW64\Faultrep.dll

2011-09-09 14:49:19 ----A---- C:\windows\SysWOW64\sud.dll

2011-09-09 14:49:19 ----A---- C:\windows\SysWOW64\photowiz.dll

2011-09-09 14:49:19 ----A---- C:\windows\SysWOW64\OnLineIDCpl.dll

2011-09-09 14:49:19 ----A---- C:\windows\SysWOW64\msieftp.dll

2011-09-09 14:49:19 ----A---- C:\windows\SysWOW64\MediaMetadataHandler.dll

2011-09-09 14:49:19 ----A---- C:\windows\SysWOW64\credssp.dll

2011-09-09 14:49:19 ----A---- C:\windows\SysWOW64\ActionCenter.dll

2011-09-09 14:49:18 ----A---- C:\windows\SysWOW64\iprtrmgr.dll

2011-09-09 14:49:18 ----A---- C:\windows\SysWOW64\iasrad.dll

2011-09-09 14:49:18 ----A---- C:\windows\SysWOW64\dot3cfg.dll

2011-09-09 14:49:18 ----A---- C:\windows\SysWOW64\defaultlocationcpl.dll

2011-09-09 14:49:17 ----A---- C:\windows\SysWOW64\sisbkup.dll

2011-09-09 14:49:17 ----A---- C:\windows\SysWOW64\shwebsvc.dll

2011-09-09 14:49:17 ----A---- C:\windows\SysWOW64\ifsutil.dll

2011-09-09 14:49:17 ----A---- C:\windows\SysWOW64\ftp.exe

2011-09-09 14:49:17 ----A---- C:\windows\SysWOW64\efscore.dll

2011-09-09 14:49:16 ----A---- C:\windows\SysWOW64\syncui.dll

2011-09-09 14:49:16 ----A---- C:\windows\SysWOW64\autoplay.dll

2011-09-09 14:49:16 ----A---- C:\windows\SysWOW64\ActionCenterCPL.dll

2011-09-09 14:49:15 ----A---- C:\windows\SysWOW64\wmpmde.dll

2011-09-09 14:49:15 ----A---- C:\windows\SysWOW64\rtutils.dll

2011-09-09 14:49:15 ----A---- C:\windows\SysWOW64\ntlanman.dll

2011-09-09 14:49:15 ----A---- C:\windows\SysWOW64\dskquoui.dll

2011-09-09 14:49:15 ----A---- C:\windows\SysWOW64\DeviceCenter.dll

2011-09-09 14:49:14 ----A---- C:\windows\SysWOW64\systemcpl.dll

2011-09-09 14:49:14 ----A---- C:\windows\SysWOW64\SmartcardCredentialProvider.dll

2011-09-09 14:49:14 ----A---- C:\windows\SysWOW64\sethc.exe

2011-09-09 14:49:14 ----A---- C:\windows\SysWOW64\riched20.dll

2011-09-09 14:49:14 ----A---- C:\windows\SysWOW64\OobeFldr.dll

2011-09-09 14:49:14 ----A---- C:\windows\SysWOW64\ntprint.dll

2011-09-09 14:49:14 ----A---- C:\windows\SysWOW64\nshwfp.dll

2011-09-09 14:49:13 ----A---- C:\windows\SysWOW64\NAPHLPR.DLL

2011-09-09 14:49:13 ----A---- C:\windows\SysWOW64\blackbox.dll

2011-09-09 14:49:13 ----A---- C:\windows\SysWOW64\activeds.dll

2011-09-09 14:49:12 ----A---- C:\windows\SysWOW64\wmpsrcwp.dll

2011-09-09 14:49:12 ----A---- C:\windows\SysWOW64\nshipsec.dll

2011-09-09 14:49:12 ----A---- C:\windows\SysWOW64\nlaapi.dll

2011-09-09 14:49:12 ----A---- C:\windows\SysWOW64\netplwiz.dll

2011-09-09 14:49:12 ----A---- C:\windows\SysWOW64\migisol.dll

2011-09-09 14:49:12 ----A---- C:\windows\SysWOW64\httpapi.dll

2011-09-09 14:49:12 ----A---- C:\windows\SysWOW64\fms.dll

2011-09-09 14:49:12 ----A---- C:\windows\SysWOW64\dpx.dll

2011-09-09 14:49:12 ----A---- C:\windows\SysWOW64\cdosys.dll

2011-09-09 14:49:12 ----A---- C:\windows\SysWOW64\asycfilt.dll

2011-09-09 14:49:11 ----A---- C:\windows\SysWOW64\wuwebv.dll

2011-09-09 14:49:11 ----A---- C:\windows\SysWOW64\wlanmsm.dll

2011-09-09 14:49:11 ----A---- C:\windows\SysWOW64\wavemsp.dll

2011-09-09 14:49:11 ----A---- C:\windows\SysWOW64\ReAgent.dll

2011-09-09 14:49:11 ----A---- C:\windows\SysWOW64\provsvc.dll

2011-09-09 14:49:11 ----A---- C:\windows\SysWOW64\msftedit.dll

2011-09-09 14:49:11 ----A---- C:\windows\SysWOW64\isoburn.exe

2011-09-09 14:49:11 ----A---- C:\windows\SysWOW64\dot3ui.dll

2011-09-09 14:49:10 ----A---- C:\windows\SysWOW64\wvc.dll

2011-09-09 14:49:10 ----A---- C:\windows\SysWOW64\wtsapi32.dll

2011-09-09 14:49:10 ----A---- C:\windows\SysWOW64\wimgapi.dll

2011-09-09 14:49:10 ----A---- C:\windows\SysWOW64\tzutil.exe

2011-09-09 14:49:10 ----A---- C:\windows\SysWOW64\PkgMgr.exe

2011-09-09 14:49:10 ----A---- C:\windows\SysWOW64\ocsetup.exe

2011-09-09 14:49:10 ----A---- C:\windows\SysWOW64\mstask.dll

2011-09-09 14:49:10 ----A---- C:\windows\SysWOW64\dsuiext.dll

2011-09-09 14:49:10 ----A---- C:\windows\SysWOW64\dfrgui.exe

2011-09-09 14:49:09 ----A---- C:\windows\twain_32.dll

2011-09-09 14:49:09 ----A---- C:\windows\SysWOW64\twext.dll

2011-09-09 14:49:09 ----A---- C:\windows\SysWOW64\shdocvw.dll

2011-09-09 14:49:09 ----A---- C:\windows\SysWOW64\setupugc.exe

2011-09-09 14:49:09 ----A---- C:\windows\SysWOW64\qcap.dll

2011-09-09 14:49:08 ----A---- C:\windows\SysWOW64\uxlib.dll

2011-09-09 14:49:08 ----A---- C:\windows\SysWOW64\ssText3d.scr

2011-09-09 14:49:08 ----A---- C:\windows\SysWOW64\slwga.dll

2011-09-09 14:49:08 ----A---- C:\windows\SysWOW64\qasf.dll

2011-09-09 14:49:07 ----A---- C:\windows\SysWOW64\wmdrmsdk.dll

2011-09-09 14:49:07 ----A---- C:\windows\SysWOW64\nslookup.exe

2011-09-09 14:49:07 ----A---- C:\windows\SysWOW64\msvfw32.dll

2011-09-09 14:49:07 ----A---- C:\windows\SysWOW64\mciavi32.dll

2011-09-09 14:49:07 ----A---- C:\windows\SysWOW64\DevicePairingFolder.dll

2011-09-09 14:49:07 ----A---- C:\windows\SysWOW64\clusapi.dll

2011-09-09 14:49:07 ----A---- C:\windows\SysWOW64\audiodev.dll

2011-09-09 14:49:06 ----A---- C:\windows\SysWOW64\WPDShServiceObj.dll

2011-09-09 14:49:06 ----A---- C:\windows\SysWOW64\wimserv.exe

2011-09-09 14:49:06 ----A---- C:\windows\SysWOW64\TSpkg.dll

2011-09-09 14:49:06 ----A---- C:\windows\SysWOW64\rpcrt4.dll

2011-09-09 14:49:06 ----A---- C:\windows\SysWOW64\msscp.dll

2011-09-09 14:49:06 ----A---- C:\windows\SysWOW64\diskraid.exe

2011-09-09 14:49:05 ----A---- C:\windows\SysWOW64\remotepg.dll

2011-09-09 14:49:05 ----A---- C:\windows\SysWOW64\rdpencom.dll

2011-09-09 14:49:05 ----A---- C:\windows\SysWOW64\raschap.dll

2011-09-09 14:49:05 ----A---- C:\windows\SysWOW64\perfmon.exe

2011-09-09 14:49:05 ----A---- C:\windows\SysWOW64\drmmgrtn.dll

2011-09-09 14:49:05 ----A---- C:\windows\SysWOW64\acppage.dll

2011-09-09 14:49:05 ----A---- C:\windows\bfsvc.exe

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\wpdwcn.dll

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\wmpdxm.dll

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\vpnikeapi.dll

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\vdsbas.dll

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\UserAccountControlSettings.dll

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\QUTIL.DLL

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\onexui.dll

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\olepro32.dll

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\ocsetapi.dll

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\networkexplorer.dll

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\NAPCRYPT.DLL

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\iTVData.dll

2011-09-09 14:49:04 ----A---- C:\windows\SysWOW64\input.dll

2011-09-09 14:49:03 ----A---- C:\windows\SysWOW64\runonce.exe

2011-09-09 14:49:03 ----A---- C:\windows\SysWOW64\msvidc32.dll

2011-09-09 14:49:03 ----A---- C:\windows\SysWOW64\MFPlay.dll

2011-09-09 14:49:03 ----A---- C:\windows\SysWOW64\logagent.exe

2011-09-09 14:49:03 ----A---- C:\windows\SysWOW64\eapp3hst.dll

2011-09-09 14:49:03 ----A---- C:\windows\SysWOW64\dxdiagn.dll

2011-09-09 14:49:02 ----A---- C:\windows\SysWOW64\wudriver.dll

2011-09-09 14:49:02 ----A---- C:\windows\SysWOW64\wmpshell.dll

2011-09-09 14:49:02 ----A---- C:\windows\SysWOW64\wmdrmdev.dll

2011-09-09 14:49:02 ----A---- C:\windows\SysWOW64\unimdmat.dll

2011-09-09 14:49:02 ----A---- C:\windows\SysWOW64\shacct.dll

2011-09-09 14:49:02 ----A---- C:\windows\SysWOW64\msiexec.exe

2011-09-09 14:49:02 ----A---- C:\windows\SysWOW64\lsmproxy.dll

2011-09-09 14:49:02 ----A---- C:\windows\SysWOW64\d3d10level9.dll

2011-09-09 14:49:02 ----A---- C:\windows\SysWOW64\bitsadmin.exe

2011-09-09 14:49:01 ----A---- C:\windows\SysWOW64\sqlcese30.dll

2011-09-09 14:49:01 ----A---- C:\windows\SysWOW64\rdpd3d.dll

2011-09-09 14:49:01 ----A---- C:\windows\SysWOW64\PortableDeviceSyncProvider.dll

2011-09-09 14:49:01 ----A---- C:\windows\SysWOW64\pdh.dll

2011-09-09 14:49:01 ----A---- C:\windows\SysWOW64\OpcServices.dll

2011-09-09 14:49:01 ----A---- C:\windows\SysWOW64\mprapi.dll

2011-09-09 14:49:01 ----A---- C:\windows\SysWOW64\iscsium.dll

2011-09-09 14:49:01 ----A---- C:\windows\SysWOW64\cscapi.dll

2011-09-09 14:49:01 ----A---- C:\windows\SysWOW64\Bubbles.scr

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\WPDSp.dll

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\WMPhoto.dll

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\utildll.dll

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\tsgqec.dll

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\srvcli.dll

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\Ribbons.scr

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\QSVRMGMT.DLL

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\PortableDeviceStatus.dll

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\olethk32.dll

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\ncryptui.dll

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\Mystify.scr

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\mapistub.dll

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\mapi32.dll

2011-09-09 14:49:00 ----A---- C:\windows\SysWOW64\logman.exe

2011-09-09 14:48:59 ----A---- C:\windows\SysWOW64\WMVSDECD.DLL

2011-09-09 14:48:59 ----A---- C:\windows\SysWOW64\WMADMOD.DLL

2011-09-09 14:48:59 ----A---- C:\windows\SysWOW64\wiavideo.dll

2011-09-09 14:48:59 ----A---- C:\windows\SysWOW64\takeown.exe

2011-09-09 14:48:59 ----A---- C:\windows\SysWOW64\iyuv_32.dll

2011-09-09 14:48:59 ----A---- C:\windows\SysWOW64\fphc.dll

2011-09-09 14:48:59 ----A---- C:\windows\SysWOW64\dot3msm.dll

2011-09-09 14:48:59 ----A---- C:\windows\SysWOW64\avifil32.dll

2011-09-09 14:48:58 ----A---- C:\windows\SysWOW64\wmdrmnet.dll

2011-09-09 14:48:58 ----A---- C:\windows\SysWOW64\sppinst.dll

2011-09-09 14:48:58 ----A---- C:\windows\SysWOW64\qdv.dll

2011-09-09 14:48:58 ----A---- C:\windows\SysWOW64\msyuv.dll

2011-09-09 14:48:58 ----A---- C:\windows\SysWOW64\msnetobj.dll

2011-09-09 14:48:58 ----A---- C:\windows\SysWOW64\imagehlp.dll

2011-09-09 14:48:58 ----A---- C:\windows\SysWOW64\EhStorAPI.dll

2011-09-09 14:48:57 ----A---- C:\windows\SysWOW64\wsnmp32.dll

2011-09-09 14:48:57 ----A---- C:\windows\SysWOW64\WMSPDMOD.DLL

2011-09-09 14:48:57 ----A---- C:\windows\SysWOW64\vfwwdm32.dll

2011-09-09 14:48:57 ----A---- C:\windows\SysWOW64\sspicli.dll

2011-09-09 14:48:57 ----A---- C:\windows\SysWOW64\QCLIPROV.DLL

2011-09-09 14:48:57 ----A---- C:\windows\SysWOW64\pdhui.dll

2011-09-09 14:48:57 ----A---- C:\windows\SysWOW64\MuiUnattend.exe

2011-09-09 14:48:57 ----A---- C:\windows\SysWOW64\msrle32.dll

2011-09-09 14:48:57 ----A---- C:\windows\SysWOW64\cmstp.exe

2011-09-09 14:48:57 ----A---- C:\windows\SysWOW64\cca.dll

2011-09-09 14:48:56 ----A---- C:\windows\SysWOW64\wkscli.dll

2011-09-09 14:48:56 ----A---- C:\windows\SysWOW64\tsbyuv.dll

2011-09-09 14:48:56 ----A---- C:\windows\SysWOW64\spbcd.dll

2011-09-09 14:48:56 ----A---- C:\windows\SysWOW64\setupcln.dll

2011-09-09 14:48:56 ----A---- C:\windows\SysWOW64\relog.exe

2011-09-09 14:48:56 ----A---- C:\windows\SysWOW64\netiougc.exe

2011-09-09 14:48:56 ----A---- C:\windows\SysWOW64\msorcl32.dll

2011-09-09 14:48:56 ----A---- C:\windows\SysWOW64\iscsicli.exe

2011-09-09 14:48:56 ----A---- C:\windows\SysWOW64\iasrecst.dll

2011-09-09 14:48:56 ----A---- C:\windows\SysWOW64\AzSqlExt.dll

2011-09-09 14:48:55 ----A---- C:\windows\SysWOW64\wmpps.dll

2011-09-09 14:48:55 ----A---- C:\windows\SysWOW64\syssetup.dll

2011-09-09 14:48:55 ----A---- C:\windows\SysWOW64\secproc_ssp_isv.dll

2011-09-09 14:48:55 ----A---- C:\windows\SysWOW64\secproc_ssp.dll

2011-09-09 14:48:55 ----A---- C:\windows\SysWOW64\resutils.dll

2011-09-09 14:48:55 ----A---- C:\windows\SysWOW64\rastapi.dll

2011-09-09 14:48:55 ----A---- C:\windows\SysWOW64\netbtugc.exe

2011-09-09 14:48:55 ----A---- C:\windows\SysWOW64\mydocs.dll

2011-09-09 14:48:55 ----A---- C:\windows\SysWOW64\itircl.dll

2011-09-09 14:48:55 ----A---- C:\windows\SysWOW64\diskpart.exe

2011-09-09 14:48:55 ----A---- C:\windows\SysWOW64\CertPolEng.dll

2011-09-09 14:48:55 ----A---- C:\windows\SysWOW64\amstream.dll

2011-09-09 14:48:54 ----A---- C:\windows\SysWOW64\wuapp.exe

2011-09-09 14:48:54 ----A---- C:\windows\SysWOW64\WerFaultSecure.exe

2011-09-09 14:48:54 ----A---- C:\windows\SysWOW64\tlscsp.dll

2011-09-09 14:48:54 ----A---- C:\windows\SysWOW64\secur32.dll

2011-09-09 14:48:54 ----A---- C:\windows\SysWOW64\RMActivate_ssp_isv.exe

2011-09-09 14:48:54 ----A---- C:\windows\SysWOW64\RMActivate_ssp.exe

2011-09-09 14:48:54 ----A---- C:\windows\SysWOW64\ReAgentc.exe

2011-09-09 14:48:54 ----A---- C:\windows\SysWOW64\netutils.dll

2011-09-09 14:48:54 ----A---- C:\windows\SysWOW64\mciqtz32.dll

2011-09-09 14:48:54 ----A---- C:\windows\SysWOW64\findstr.exe

2011-09-09 14:48:54 ----A---- C:\windows\SysWOW64\eappgnui.dll

2011-09-09 14:48:53 ----A---- C:\windows\SysWOW64\netapi32.dll

2011-09-09 14:48:53 ----A---- C:\windows\SysWOW64\muifontsetup.dll

2011-09-09 14:48:53 ----A---- C:\windows\SysWOW64\mobsync.exe

2011-09-09 14:48:53 ----A---- C:\windows\SysWOW64\cabinet.dll

2011-09-09 14:48:52 ----A---- C:\windows\SysWOW64\sppc.dll

2011-09-09 14:48:52 ----A---- C:\windows\SysWOW64\spopk.dll

2011-09-09 14:48:52 ----A---- C:\windows\SysWOW64\shimgvw.dll

2011-09-09 14:48:52 ----A---- C:\windows\SysWOW64\luainstall.dll

2011-09-09 14:48:52 ----A---- C:\windows\SysWOW64\iccvid.dll

2011-09-09 14:48:50 ----A---- C:\windows\SysWOW64\unlodctr.exe

2011-09-09 14:48:50 ----A---- C:\windows\SysWOW64\rdprefdrvapi.dll

2011-09-09 14:48:50 ----A---- C:\windows\SysWOW64\msdmo.dll

2011-09-09 14:48:49 ----A---- C:\windows\SysWOW64\UIRibbonRes.dll

2011-09-09 14:48:49 ----A---- C:\windows\SysWOW64\odbcconf.dll

2011-09-09 14:48:49 ----A---- C:\windows\SysWOW64\inetmib1.dll

2011-09-09 14:48:49 ----A---- C:\windows\SysWOW64\browcli.dll

2011-09-09 14:48:48 ----A---- C:\windows\SysWOW64\wups.dll

2011-09-09 14:48:48 ----A---- C:\windows\SysWOW64\perfts.dll

2011-09-09 14:48:48 ----A---- C:\windows\SysWOW64\imm32.dll

2011-09-09 14:48:47 ----A---- C:\windows\SysWOW64\wshbth.dll

2011-09-09 14:48:47 ----A---- C:\windows\SysWOW64\TRAPI.dll

2011-09-09 14:48:47 ----A---- C:\windows\SysWOW64\schedcli.dll

2011-09-09 14:48:47 ----A---- C:\windows\SysWOW64\napdsnap.dll

2011-09-09 14:48:47 ----A---- C:\windows\SysWOW64\elsTrans.dll

2011-09-09 14:48:47 ----A---- C:\windows\SysWOW64\dsauth.dll

2011-09-09 14:48:47 ----A---- C:\windows\SysWOW64\cscdll.dll

2011-09-09 14:48:47 ----A---- C:\windows\SysWOW64\bitsperf.dll

2011-09-09 14:48:46 ----A---- C:\windows\SysWOW64\wsdchngr.dll

2011-09-09 14:48:46 ----A---- C:\windows\SysWOW64\sscore.dll

2011-09-09 14:48:46 ----A---- C:\windows\SysWOW64\shgina.dll

2011-09-09 14:48:46 ----A---- C:\windows\SysWOW64\riched32.dll

2011-09-09 14:48:43 ----A---- C:\windows\SysWOW64\wshirda.dll

2011-09-09 14:48:42 ----A---- C:\windows\SysWOW64\spwmp.dll

2011-09-09 14:48:42 ----A---- C:\windows\SysWOW64\C_ISCII.DLL

2011-09-09 14:48:42 ----A---- C:\windows\SysWOW64\browseui.dll

2011-09-09 14:48:41 ----A---- C:\windows\SysWOW64\wmploc.DLL

2011-09-09 14:48:41 ----A---- C:\windows\SysWOW64\shunimpl.dll

2011-09-09 14:48:41 ----A---- C:\windows\SysWOW64\KBDTUQ.DLL

2011-09-09 14:48:41 ----A---- C:\windows\SysWOW64\KBDTUF.DLL

2011-09-09 14:48:41 ----A---- C:\windows\SysWOW64\KBDSG.DLL

2011-09-09 14:48:41 ----A---- C:\windows\SysWOW64\kbdlk41a.dll

2011-09-09 14:48:41 ----A---- C:\windows\SysWOW64\KBDGR1.DLL

2011-09-09 14:48:41 ----A---- C:\windows\SysWOW64\KBDGKL.DLL

2011-09-09 14:48:41 ----A---- C:\windows\SysWOW64\dxmasf.dll

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\spwizres.dll

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\pifmgr.dll

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\nlsbres.dll

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDUS.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDUGHR1.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDTURME.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDTAJIK.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDSF.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDPO.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDNEPR.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDMON.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDMAORI.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDLT1.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDINTEL.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDINTAM.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDINORI.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDINMAR.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDINKAN.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDINHIN.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDINBEN.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDGEO.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDCZ1.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDBULG.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDBLR.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\KBDBASH.DLL

2011-09-09 14:48:40 ----A---- C:\windows\SysWOW64\dpnaddr.dll

2011-09-09 14:47:36 ----A---- C:\windows\SysWOW64\wdscore.dll

2011-09-09 14:47:28 ----A---- C:\windows\SysWOW64\sqmapi.dll

2011-09-09 14:47:17 ----A---- C:\windows\SysWOW64\wbemcomn.dll

2011-09-09 13:29:55 ----A---- C:\windows\SysWOW64\esent.dll

2011-09-09 13:29:54 ----A---- C:\windows\SysWOW64\fsutil.exe

2011-09-09 13:07:33 ----D---- C:\windows\SysWOW64\Wat

2011-08-29 09:32:40 ----A---- C:\windows\SysWOW64\prevhost.exe

2011-08-29 09:32:33 ----A---- C:\windows\SysWOW64\tzres.dll

2011-08-29 09:32:15 ----A---- C:\windows\SysWOW64\xmllite.dll

2011-08-29 09:32:12 ----A---- C:\windows\SysWOW64\odbcjt32.dll

2011-08-29 09:32:11 ----A---- C:\windows\SysWOW64\odbctrac.dll

2011-08-29 09:32:11 ----A---- C:\windows\SysWOW64\odbccu32.dll

2011-08-29 09:32:11 ----A---- C:\windows\SysWOW64\odbccr32.dll

2011-08-29 09:32:11 ----A---- C:\windows\SysWOW64\odbccp32.dll

2011-08-29 09:32:01 ----A---- C:\windows\SysWOW64\KernelBase.dll

2011-08-29 09:32:01 ----A---- C:\windows\SysWOW64\kernel32.dll

2011-08-29 09:32:00 ----AH---- C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-08-29 09:32:00 ----A---- C:\windows\SysWOW64\setup16.exe

2011-08-29 09:32:00 ----A---- C:\windows\SysWOW64\ntvdm64.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2011-08-29 09:31:59 ----AH---- C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2011-08-29 09:31:59 ----A---- C:\windows\SysWOW64\wow32.dll

2011-08-29 09:31:59 ----A---- C:\windows\SysWOW64\user.exe

2011-08-29 09:31:59 ----A---- C:\windows\SysWOW64\instnm.exe

2011-08-29 09:31:07 ----A---- C:\windows\SysWOW64\ntoskrnl.exe

2011-08-29 09:31:05 ----A---- C:\windows\SysWOW64\ntkrnlpa.exe

2011-08-29 09:30:59 ----A---- C:\windows\SysWOW64\kerberos.dll

2011-08-29 09:30:51 ----A---- C:\windows\SysWOW64\poqexec.exe

2011-08-29 09:30:46 ----A---- C:\windows\explorer.exe

2011-08-29 09:30:45 ----A---- C:\windows\SysWOW64\explorer.exe

2011-08-29 09:30:41 ----A---- C:\windows\SysWOW64\sbe.dll

2011-08-29 09:30:41 ----A---- C:\windows\SysWOW64\EncDec.dll

2011-08-29 09:30:41 ----A---- C:\windows\SysWOW64\CPFilters.dll

2011-08-29 09:30:35 ----A---- C:\windows\SysWOW64\tquery.dll

2011-08-29 09:30:35 ----A---- C:\windows\SysWOW64\mssrch.dll

2011-08-29 09:30:33 ----A---- C:\windows\SysWOW64\SearchProtocolHost.exe

2011-08-29 09:30:33 ----A---- C:\windows\SysWOW64\SearchIndexer.exe

2011-08-29 09:30:33 ----A---- C:\windows\SysWOW64\SearchFilterHost.exe

2011-08-29 09:30:33 ----A---- C:\windows\SysWOW64\mssvp.dll

2011-08-29 09:30:33 ----A---- C:\windows\SysWOW64\mssphtb.dll

2011-08-29 09:30:33 ----A---- C:\windows\SysWOW64\mssph.dll

2011-08-29 09:30:32 ----A---- C:\windows\SysWOW64\msscntrs.dll

2011-08-29 09:30:20 ----A---- C:\windows\SysWOW64\XpsGdiConverter.dll

2011-08-29 09:30:01 ----A---- C:\windows\SysWOW64\XpsPrint.dll

2011-08-29 09:29:56 ----A---- C:\windows\SysWOW64\mfc42u.dll

2011-08-29 09:29:56 ----A---- C:\windows\SysWOW64\mfc42.dll

2011-08-29 09:29:09 ----A---- C:\windows\SysWOW64\fontsub.dll

2011-08-29 09:29:09 ----A---- C:\windows\SysWOW64\atmlib.dll

2011-08-29 09:29:09 ----A---- C:\windows\SysWOW64\atmfd.dll

2011-08-29 09:28:44 ----A---- C:\windows\SysWOW64\dnscacheugc.exe

2011-08-29 09:28:44 ----A---- C:\windows\SysWOW64\dnsapi.dll

2011-08-29 09:28:41 ----A---- C:\windows\SysWOW64\d3d10_1core.dll

2011-08-29 09:28:40 ----A---- C:\windows\SysWOW64\d3d10_1.dll

2011-08-29 09:28:07 ----A---- C:\windows\SysWOW64\oleaut32.dll

2011-08-29 09:28:04 ----A---- C:\windows\SysWOW64\drvinst.exe

2011-08-29 09:28:04 ----A---- C:\windows\SysWOW64\devrtl.dll

2011-08-29 09:28:04 ----A---- C:\windows\SysWOW64\devobj.dll

2011-08-29 09:28:04 ----A---- C:\windows\SysWOW64\cfgmgr32.dll

2011-08-29 09:27:56 ----A---- C:\windows\SysWOW64\inetcomm.dll

2011-08-05 22:36:20 ----D---- C:\Program Files (x86)\Common Files\DESIGNER

2011-08-05 22:36:00 ----D---- C:\Program Files (x86)\Microsoft.NET

2011-08-05 22:33:26 ----D---- C:\Program Files (x86)\Microsoft Analysis Services

2011-08-05 22:30:59 ----D---- C:\ProgramData\Microsoft Help

2011-08-05 22:29:57 ----RHD---- C:\MSOCache

2011-08-05 12:39:49 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared

2011-08-05 12:10:05 ----D---- C:\Users\Charlotte\AppData\Roaming\Malwarebytes

2011-08-05 12:10:01 ----A---- C:\windows\SysWOW64\drivers\mbamswissarmy.sys

2011-08-05 12:10:00 ----D---- C:\ProgramData\Malwarebytes

2011-08-05 12:09:57 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-05 12:08:00 ----D---- C:\Users\Charlotte\AppData\Roaming\Macromedia

2011-08-05 12:04:49 ----D---- C:\Users\Charlotte\AppData\Roaming\Virtual Desktop Manager

2011-08-05 12:00:46 ----D---- C:\Users\Charlotte\AppData\Roaming\Adobe

2011-08-05 11:59:36 ----D---- C:\Users\Charlotte\AppData\Roaming\FLEXnet

2011-08-05 11:59:16 ----D---- C:\Users\Charlotte\AppData\Roaming\Identities

2011-08-05 11:55:38 ----D---- C:\ProgramData\Farstone

2011-08-05 11:55:27 ----D---- C:\ProgramData\Remind

2011-08-05 11:55:11 ----D---- C:\Users\Charlotte\AppData\Roaming\Zeon

2011-08-05 11:55:10 ----D---- C:\ProgramData\Nuance

2011-08-05 11:55:09 ----D---- C:\ProgramData\ScanSoft

2011-08-05 11:55:08 ----D---- C:\ProgramData\FLEXnet

2011-08-05 11:55:08 ----D---- C:\Program Files (x86)\Nuance

2011-08-05 11:55:06 ----D---- C:\ProgramData\Downloaded Installations

2011-08-05 11:53:08 ----D---- C:\Program Files (x86)\Microsoft Office

2011-08-05 11:51:37 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2011-08-05 11:51:02 ----A---- C:\windows\SysWOW64\d3dx9_32.dll

2011-08-05 11:49:54 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-08-05 11:49:18 ----D---- C:\Program Files (x86)\Microsoft

2011-08-05 11:49:04 ----D---- C:\Program Files (x86)\Windows Live SkyDrive

2011-08-05 11:48:50 ----D---- C:\Program Files (x86)\Windows Live

2011-08-05 11:48:32 ----D---- C:\windows\PCHEALTH

2011-08-05 11:47:49 ----D---- C:\Program Files (x86)\Common Files\Windows Live

2011-08-05 11:43:11 ----A---- C:\windows\silentOnce.tmp

2011-08-05 11:43:00 ----SD---- C:\Users\Charlotte\AppData\Roaming\Microsoft

2011-08-05 11:43:00 ----D---- C:\Users\Charlotte\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 3 months======

2011-09-22 16:41:43 ----D---- C:\windows\TEMP

2011-09-22 16:41:07 ----D---- C:\windows\Prefetch

2011-09-22 16:36:07 ----SHD---- C:\windows\Installer

2011-09-22 16:36:07 ----RD---- C:\Program Files (x86)

2011-09-22 16:31:11 ----A---- C:\windows\SysWOW64\log.txt

2011-09-22 16:29:06 ----D---- C:\ProgramData\NVIDIA

2011-09-21 22:16:27 ----RD---- C:\Program Files

2011-09-21 22:12:19 ----SD---- C:\ProgramData\Microsoft

2011-09-21 19:21:08 ----D---- C:\windows\SysWOW64\drivers

2011-09-21 19:00:20 ----D---- C:\windows\system32

2011-09-21 19:00:20 ----D---- C:\windows\inf

2011-09-20 19:55:59 ----D---- C:\windows\Microsoft.NET

2011-09-20 19:55:48 ----RSD---- C:\windows\assembly

2011-09-20 18:24:49 ----D---- C:\windows\winsxs

2011-09-18 20:48:47 ----D---- C:\windows\SysWOW64\NV

2011-09-18 20:48:45 ----D---- C:\Windows

2011-09-18 20:44:49 ----D---- C:\windows\SysWOW64

2011-09-18 20:44:48 ----D---- C:\windows\SysWOW64\nl-NL

2011-09-18 20:44:48 ----D---- C:\windows\SysWOW64\migration

2011-09-18 20:44:47 ----D---- C:\windows\SysWOW64\wbem

2011-09-18 20:44:47 ----D---- C:\windows\SysWOW64\en-US

2011-09-18 20:44:46 ----D---- C:\windows\PolicyDefinitions

2011-09-18 20:44:45 ----D---- C:\Program Files (x86)\Internet Explorer

2011-09-18 20:32:51 ----D---- C:\Program Files (x86)\Windows Sidebar

2011-09-18 20:32:51 ----D---- C:\Program Files (x86)\Windows Portable Devices

2011-09-18 20:32:51 ----D---- C:\Program Files (x86)\Windows Photo Viewer

2011-09-18 20:32:51 ----D---- C:\Program Files (x86)\Windows Media Player

2011-09-18 20:32:51 ----D---- C:\Program Files (x86)\Windows Mail

2011-09-18 20:32:48 ----D---- C:\windows\servicing

2011-09-18 20:32:47 ----D---- C:\windows\ehome

2011-09-18 20:32:41 ----D---- C:\windows\SysWOW64\oobe

2011-09-18 20:32:41 ----D---- C:\windows\SysWOW64\da-DK

2011-09-18 20:32:40 ----D---- C:\windows\SysWOW64\sppui

2011-09-18 20:32:40 ----D---- C:\windows\SysWOW64\Setup

2011-09-18 20:32:40 ----D---- C:\windows\SysWOW64\manifeststore

2011-09-18 20:32:40 ----D---- C:\windows\SysWOW64\es-ES

2011-09-18 20:32:40 ----D---- C:\windows\SysWOW64\cs-CZ

2011-09-18 20:32:40 ----D---- C:\windows\SysWOW64\AdvancedInstallers

2011-09-18 20:32:37 ----D---- C:\windows\SysWOW64\migwiz

2011-09-18 20:32:37 ----D---- C:\windows\SysWOW64\Dism

2011-09-18 20:31:36 ----RSD---- C:\windows\Fonts

2011-09-18 20:31:35 ----D---- C:\windows\AppPatch

2011-09-18 20:23:34 ----D---- C:\windows\Logs

2011-09-18 18:34:01 ----D---- C:\Program Files (x86)\Common Files\microsoft shared

2011-09-18 18:22:00 ----A---- C:\windows\SysWOW64\msclmd.dll

2011-09-18 18:07:28 ----SHD---- C:\System Volume Information

2011-09-18 17:56:51 ----D---- C:\windows\debug

2011-09-18 16:44:35 ----D---- C:\windows\rescache

2011-09-18 10:26:13 ----D---- C:\Program Files (x86)\Windows Defender

2011-09-18 10:26:13 ----D---- C:\Program Files (x86)\Common Files\System

2011-09-18 10:26:11 ----D---- C:\windows\SysWOW64\XPSViewer

2011-09-18 10:26:11 ----D---- C:\windows\SysWOW64\winrm

2011-09-18 10:26:11 ----D---- C:\windows\SysWOW64\WCN

2011-09-18 10:26:11 ----D---- C:\windows\SysWOW64\sysprep

2011-09-18 10:26:11 ----D---- C:\windows\SysWOW64\slmgr

2011-09-18 10:26:11 ----D---- C:\windows\SysWOW64\Printing_Admin_Scripts

2011-09-18 10:26:11 ----D---- C:\windows\SysWOW64\MUI

2011-09-18 10:26:11 ----D---- C:\windows\SysWOW64\DriverStore

2011-09-18 10:26:11 ----D---- C:\windows\SysWOW64\drivers\UMDF

2011-09-18 10:26:10 ----D---- C:\windows\SysWOW64\sv-SE

2011-09-18 10:26:04 ----D---- C:\windows\SysWOW64\com

2011-09-18 10:26:04 ----D---- C:\windows\IME

2011-09-18 10:25:30 ----D---- C:\windows\SysWOW64\nb-NO

2011-09-18 10:24:57 ----D---- C:\windows\SysWOW64\it-IT

2011-09-18 10:24:57 ----D---- C:\windows\it-IT

2011-09-18 10:24:21 ----D---- C:\windows\SysWOW64\el-GR

2011-09-18 10:24:13 ----D---- C:\windows\en-US

2011-09-18 10:23:41 ----D---- C:\windows\fr-FR

2011-09-18 10:23:40 ----D---- C:\windows\SysWOW64\fr-FR

2011-09-18 10:23:09 ----D---- C:\windows\Speech

2011-09-18 10:22:54 ----D---- C:\windows\SysWOW64\fi-FI

2011-09-16 13:11:57 ----D---- C:\windows\SysWOW64\de-DE

2011-09-16 13:11:57 ----D---- C:\windows\de-DE

2011-09-11 09:49:20 ----D---- C:\windows\Tasks

2011-09-10 09:06:00 ----D---- C:\ProgramData\Norton

2011-09-09 17:14:40 ----A---- C:\windows\win.ini

2011-09-09 17:11:15 ----D---- C:\Program Files (x86)\Common Files

2011-09-09 17:10:01 ----HD---- C:\ProgramData

2011-08-06 19:47:52 ----SHD---- C:\$Recycle.Bin

2011-08-05 22:33:26 ----D---- C:\windows\ShellNew

2011-08-05 12:06:42 ----D---- C:\Utility

2011-08-05 12:00:12 ----D---- C:\windows\SoftwareDistribution

2011-08-05 11:58:11 ----D---- C:\log

2011-08-05 11:55:27 ----D---- C:\Program Files (x86)\msi

2011-08-05 11:43:00 ----RD---- C:\Users

2011-08-05 11:41:19 ----SHD---- C:\Recovery

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys []

R0 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys []

R0 mfewfpk;McAfee Inc. mfewfpk; C:\windows\system32\drivers\mfewfpk.sys []

R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys []

R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys []

R1 mfenlfk;McAfee NDIS Light Filter; C:\windows\system32\DRIVERS\mfenlfk.sys []

R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys []

R2 PEGAGFN;PEGAGFN; \??\C:\Program Files (x86)\PHotkey\PEGAGFN.sys [2010-12-10 14344]

R3 acpials;ALS Sensor Filter; C:\windows\system32\DRIVERS\acpials.sys []

R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys []

R3 cfwids;McAfee Inc. cfwids; C:\windows\system32\drivers\cfwids.sys []

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys []

R3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64; C:\windows\system32\DRIVERS\fspad_wlh64.sys []

R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys []

R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys []

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys []

R3 MEIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys []

R3 mfeapfk;McAfee Inc. mfeapfk; C:\windows\system32\drivers\mfeapfk.sys []

R3 mfeavfk;McAfee Inc. mfeavfk; C:\windows\system32\drivers\mfeavfk.sys []

R3 mfefirek;McAfee Inc. mfefirek; C:\windows\system32\drivers\mfefirek.sys []

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\nusb3hub.sys []

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\windows\system32\DRIVERS\nusb3xhc.sys []

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\windows\System32\Drivers\BTHport.sys []

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\windows\System32\Drivers\BTHUSB.sys []

S3 FARMNTIO;FARMNTIO; \??\c:\windows\system32\drivers\farmntio.sys []

S3 mfeavfk01;McAfee Inc.; C:\windows\SysWOW64\drivers\mfeavfk01.sys []

S3 mferkdet;McAfee Inc. mferkdet; C:\windows\system32\drivers\mferkdet.sys []

S3 MGHwCtrl;MGHwCtrl; \??\c:\Utility\Silent\MGHwCtrl.sys []

S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys []

S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [2010-12-10 104968]

R2 CxAudMsg;@C:\windows\system32\CxAudMsg64.exe,-100; C:\windows\system32\CxAudMsg64.exe []

R2 GFNEXSrv;GFNEX Service; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [2010-12-10 159752]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-10-05 325656]

R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2011-03-13 197960]

R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]

R2 mfevtp;McAfee Validation Trust Protection Service; C:\windows\system32\mfevtps.exe []

R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvvsvc.exe []

R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-24 378984]

R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2011-06-23 501768]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

---------- Post toegevoegd om 16:44 ---------- Vorige post was om 16:43 ----------

Tweede log (info)

info.txt logfile of random's system information tool 1.09 2011-09-22 16:41:52

======Uninstall list======

Adobe Flash Player 10 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex

Alcor Micro USB Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{48106FE4-B1AF-4941-BF3D-83E6C4B7CAF3}\setup.exe -runfromtemp

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly

BurnRecovery-->C:\Program Files (x86)\InstallShield Installation Information\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}\setup.exe -runfromtemp -l0x0009 -removeonly

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{28857979-5507-4C10-A922-FF709A19D38C}" "1043" "0"

EasyFace2-->C:\Program Files (x86)\InstallShield Installation Information\{94DE7548-E449-4F7D-804F-0C5CDC3A1E6A}\setup.exe -runfromtemp -l0x0009 -removeonly

EasyViewer-->"C:\Program Files (x86)\InstallShield Installation Information\{EECD7B96-1416-4D3A-B12D-0D2512120C36}\setup.exe" -runfromtemp -l0x0409 -removeonly

EasyViewer-->MsiExec.exe /X{EECD7B96-1416-4D3A-B12D-0D2512120C36}

HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}

Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm

Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall

Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall

Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}

Malwarebytes' Anti-Malware versie 1.51.2.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

McAfee AntiVirus Plus-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0413-0000-0000000FF1CE}" "{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0413-0000-0000000FF1CE}" "{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0413-0000-0000000FF1CE}" "{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0413-0000-0000000FF1CE}" "{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0413-0000-0000000FF1CE}" "{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0413-0000-0000000FF1CE}" "{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0413-0000-0000000FF1CE}" "{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0413-1000-0000000FF1CE}" "{B9427E36-0B0A-48F4-8A51-1C178708A28E}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0413-0000-0000000FF1CE}" "{D3B92058-CF96-445F-A297-F7ED19C4E841}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0413-0000-0000000FF1CE}" "{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" "1043" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0413-0000-0000000FF1CE}" "{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" "1043" "0"

Microsoft Office Access MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0015-0413-0000-0000000FF1CE}

Microsoft Office Excel MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0016-0413-0000-0000000FF1CE}

Microsoft Office Home and Student 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL

Microsoft Office OneNote MUI (Dutch) 2010-->MsiExec.exe /X{90140000-00A1-0413-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Dutch) 2010-->MsiExec.exe /X{90140000-001A-0413-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0018-0413-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2010-->MsiExec.exe /X{90140000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proofing (Dutch) 2010-->MsiExec.exe /X{90140000-002C-0413-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0019-0413-0000-0000000FF1CE}

Microsoft Office Shared MUI (Dutch) 2010-->MsiExec.exe /X{90140000-006E-0413-0000-0000000FF1CE}

Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}

Microsoft Office Word MUI (Dutch) 2010-->MsiExec.exe /X{90140000-001B-0413-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

MSI Remind Manager-->MsiExec.exe /I{89F17DC5-A776-4DF4-8CD1-FAEF29BCE51A}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

Nuance PDF Reader-->MsiExec.exe /X{B480904D-F73F-4673-B034-8A5F492C9184}

NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask

PHotkey-->C:\Program Files (x86)\InstallShield Installation Information\{24047BE4-329D-46F7-9689-8684C7A1CFBB}\setup.exe -runfromtemp -l0x0009 -removeonly

Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\setup.exe" -runfromtemp -l0x0409 -removeonly

Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}

Security Update for Microsoft Excel 2010 (KB2553070)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{294BAA9E-9209-497F-A71F-7E52EFB194D4}" "1043" "0"

Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1043" "0"

Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}" "1043" "0"

Security Update for Microsoft Office 2010 (KB2584066)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EEB4DDD0-08EA-4787-BDAB-D38D67A35CD5}" "1043" "0"

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{337A3FB9-281D-4EC8-9CC1-7F6DDAC2359F}" "1043" "0"

Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1043" "0"

Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1043" "0"

Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1043" "0"

Update for Microsoft Outlook Social Connector (KB2583935)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0413-0000-0000000FF1CE}" "{57EA56B8-02F2-4081-9C4A-13978F801479}" "1043" "0"

Update for Microsoft Outlook Social Connector (KB2583935)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EDF9874C-9E37-4110-9FC3-094247E114DF}" "1043" "0"

Windows Live - Hulpprogramma voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Live aanmeldhulp-->MsiExec.exe /I{1BD6AE96-4742-4498-9D03-9451C7E5A214}

Windows Live Call-->MsiExec.exe /I{C20C2630-B3A7-44BA-BDD0-31E256AE490E}

Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}

Windows Live Mail-->MsiExec.exe /I{2869F5EA-93C3-48E5-80DF-DB696BC84A91}

Windows Live Messenger-->MsiExec.exe /X{CC38A00D-7EED-46CE-9281-D1D97B81F22A}

Windows Live Movie Maker-->MsiExec.exe /X{32061277-9F45-4C3B-8299-D106D5A502ED}

Windows Live Photo Gallery-->MsiExec.exe /X{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}

Windows Live Sync-->MsiExec.exe /X{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}

Windows Live Writer-->MsiExec.exe /X{35CA031C-D3CD-4A28-8D9B-C71466C4F045}

WinFlash-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B39AA98E-C966-46C9-ACA2-D2586E300988}\Setup.exe" -l0x9

XW204E-->"C:\Program Files (x86)\InstallShield Installation Information\{5BFF7DE6-C3F0-40F8-AC32-75D628E46C6B}\setup.exe" -runfromtemp -l0x0409

======System event log======

Computer Name: WIN-GHQKFMUJGPO

Event Code: 7036

Message: De Windows Search-service heeft nu de status stopped.

Record Number: 1578

Source Name: Service Control Manager

Time Written: 20110321185749.798176-000

Event Type: Informatie

User:

Computer Name: WIN-GHQKFMUJGPO

Event Code: 7040

Message: Het opstarttype van de service Windows Search is gewijzigd van auto start in disabled.

Record Number: 1577

Source Name: Service Control Manager

Time Written: 20110321185748.394174-000

Event Type: Informatie

User: CharlotteDeij\Administrator

Computer Name: WIN-GHQKFMUJGPO

Event Code: 104

Message: Logboekbestand Setup is gewist.

Record Number: 1576

Source Name: Microsoft-Windows-Eventlog

Time Written: 20110321185738.815757-000

Event Type: Informatie

User: CharlotteDeij\Administrator

Computer Name: WIN-GHQKFMUJGPO

Event Code: 104

Message: Logboekbestand Application is gewist.

Record Number: 1575

Source Name: Microsoft-Windows-Eventlog

Time Written: 20110321185738.472556-000

Event Type: Informatie

User: CharlotteDeij\Administrator

Computer Name: WIN-GHQKFMUJGPO

Event Code: 104

Message: Logboekbestand System is gewist.

Record Number: 1574

Source Name: Microsoft-Windows-Eventlog

Time Written: 20110321185738.441356-000

Event Type: Informatie

User: CharlotteDeij\Administrator

=====Application event log=====

Computer Name: WIN-GHQKFMUJGPO

Event Code: 1532

Message: De User Profile-service is gestopt.

Record Number: 483

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20110321185756.194187-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEM

Computer Name: WIN-GHQKFMUJGPO

Event Code: 36

Message:

Record Number: 482

Source Name: NIS

Time Written: 20110321185756.000000-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEM

Computer Name: WIN-GHQKFMUJGPO

Event Code: 1003

Message: De Windows Search-service is gestart.

Record Number: 481

Source Name: Microsoft-Windows-Search

Time Written: 20110321185752.000000-000

Event Type: Informatie

User:

Computer Name: WIN-GHQKFMUJGPO

Event Code: 1013

Message: De Windows Search-service is normaal gestopt.

Record Number: 480

Source Name: Microsoft-Windows-Search

Time Written: 20110321185749.000000-000

Event Type: Informatie

User:

Computer Name: WIN-GHQKFMUJGPO

Event Code: 103

Message: Windows (1600) Windows: De database-engine heeft een nieuwe sessie (0) stopgezet.

Record Number: 479

Source Name: ESENT

Time Written: 20110321185749.000000-000

Event Type: Informatie

User:

=====Security event log=====

Computer Name: WIN-GHQKFMUJGPO

Event Code: 4672

Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Bevoegdheden: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 654

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110321185752.075780-000

Event Type: Controle geslaagd

User:

Computer Name: WIN-GHQKFMUJGPO

Event Code: 4624

Message: Er is een account aangemeld.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: WIN-GHQKFMUJGPO$

Accountdomein: WORKGROUP

Aanmeldings-id: 0x3e7

Aanmeldingstype: 5

Nieuwe aanmelding:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Procesgegevens:

Proces-id: 0x278

Naam proces: C:\Windows\system32\services.exe

Netwerkgegevens:

Naam van werkstation:

Netwerkadres van bron: -

Poort van bron: -

Gedetailleerde verificatiegegevens:

Aanmeldingsproces: Advapi

Verificatiepakket: Negotiate

Doorgezette services: -

Pakketnaam (alleen NTLM): -

Sleutellengte: 0

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

Record Number: 653

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110321185752.075780-000

Event Type: Controle geslaagd

User:

Computer Name: WIN-GHQKFMUJGPO

Event Code: 4738

Message: Er is een gebruikersaccount gewijzigd.

Onderwerp:

Beveiligings-id: S-1-5-21-3708872907-2703013417-2447342661-500

Accountnaam: Administrator

Accountdomein: WIN-GHQKFMUJGPO

Aanmeldings-id: 0x2628d

Doelaccount:

Beveiligings-id: S-1-5-21-3708872907-2703013417-2447342661-500

Accountnaam: Administrator

Accountdomein: WIN-GHQKFMUJGPO

Gewijzigde kenmerken:

SAM-accountnaam: -

Weergavenaam: -

Principal-naam van gebruiker: -

Basismap: -

Basisstation: -

Pad naar script: -

Pad naar profiel: -

Gebruikerswerkstations: -

Wachtwoord voor het laatst ingesteld: -

Account verloopt op: -

Primaire groeps-id: -

Mag overdragen aan: -

Oude UAC-waarde: 0x210

Nieuwe UAC-waarde: 0x211

Gebruikersaccountbeheer:

Account uitgeschakeld

Gebruikersparameters: -

SID-geschiedenis: -

Aantal uren aangemeld: -

Aanvullende gegevens:

Bevoegdheden: -

Record Number: 652

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110321185747.364572-000

Event Type: Controle geslaagd

User:

Computer Name: WIN-GHQKFMUJGPO

Event Code: 4725

Message: Er is een gebruikersaccount uitgeschakeld.

Onderwerp:

Beveiligings-id: S-1-5-21-3708872907-2703013417-2447342661-500

Accountnaam: Administrator

Accountdomein: WIN-GHQKFMUJGPO

Aanmeldings-id: 0x2628d

Doelaccount:

Beveiligings-id: S-1-5-21-3708872907-2703013417-2447342661-500

Accountnaam: Administrator

Accountdomein: WIN-GHQKFMUJGPO

Record Number: 651

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110321185747.364572-000

Event Type: Controle geslaagd

User:

Computer Name: WIN-GHQKFMUJGPO

Event Code: 1102

Message: Het controlelogboek is gewist.

Onderwerp:

Beveiligings-id: S-1-5-21-3708872907-2703013417-2447342661-500

Accountnaam: Administrator

Domeinnaam: WIN-GHQKFMUJGPO

Aanmeldings-id: 0x2628d

Record Number: 650

Source Name: Microsoft-Windows-Eventlog

Time Written: 20110321185738.768957-000

Event Type: Controle geslaagd

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=2a07

"configsetroot"=%SystemRoot%\ConfigSetRoot

-----------------EOF-----------------

Asus · 22 september 2011

Mooi zo !...

Ik verwittig onze malware-specialisten, zodra ze online zijn analyseren ze je logje en begeleiden ze je stap voor stap door het ganse proces...

kape · 22 september 2011

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Madje1992 · 24 september 2011

ComboFix 11-09-24.04 - Charlotte 24-09-2011 21:41:53.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4008.2488 [GMT 2:00]

Gestart vanuit: c:\users\Charlotte\Desktop\ComboFix.exe

AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfeeFirewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\FD.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-24 to 2011-09-24 ))))))))))))))))))))))))))))))

.

2011-09-22 14:41 . 2011-09-22 14:41 -------- d-----w- C:\rsit

2011-09-22 14:36 . 2011-09-22 14:41 -------- d-----w- c:\program files (x86)\Trend Micro

2011-09-22 14:36 . 2011-09-22 14:36 388096 ----a-r- c:\users\Charlotte\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-21 17:45 . 2011-09-21 17:45 -------- d-----w- c:\users\Charlotte\AppData\Local\ElevatedDiagnostics

2011-09-21 13:22 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBAD0E26-3605-40E3-9E34-CF3D8C06715D}\mpengine.dll

2011-09-18 18:44 . 2011-09-18 18:44 -------- d-----w- c:\windows\SysWow64\wbem\en-US

2011-09-18 18:44 . 2011-09-18 18:44 -------- d-----w- c:\windows\system32\wbem\en-US

2011-09-18 16:07 . 2011-09-18 16:07 -------- d-----w- c:\windows\system32\SPReview

2011-09-18 16:05 . 2011-09-18 16:05 -------- d-----w- c:\windows\system32\EventProviders

2011-09-18 15:36 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2011-09-18 15:36 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2011-09-18 15:36 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-09-18 15:36 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-09-18 15:36 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-09-18 14:49 . 2011-09-18 14:49 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-09-11 07:49 . 2011-03-13 09:20 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-09-11 07:49 . 2011-03-13 09:45 158832 ----a-w- c:\windows\system32\mfevtps.exe

2011-09-09 15:11 . 2011-09-11 17:26 -------- d-----w- c:\program files (x86)\McAfee

2011-09-09 15:04 . 2011-09-09 15:16 -------- d-----w- c:\programdata\McAfee

2011-09-09 12:49 . 2010-11-20 13:33 95616 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2011-09-09 12:48 . 2010-11-20 13:27 392192 ----a-w- c:\windows\system32\WMPhoto.dll

2011-09-09 12:47 . 2010-11-20 13:34 2560 ----a-w- c:\windows\system32\drivers\nl-NL\rdpwd.sys.mui

2011-09-09 12:47 . 2010-11-20 13:33 3584 ----a-w- c:\windows\system32\drivers\nl-NL\tsusbflt.sys.mui

2011-09-09 12:47 . 2010-11-20 13:27 3072 ----a-w- c:\windows\system32\drivers\nl-NL\Dot4usb.sys.mui

2011-09-09 12:47 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-09-09 12:47 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll

2011-09-09 12:47 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll

2011-09-09 12:47 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-09-09 12:47 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll

2011-09-09 12:47 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-09-09 12:44 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-09-09 12:44 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2011-09-09 12:44 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2011-09-09 11:30 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-09-09 11:30 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-09-09 11:30 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-09-09 11:30 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-09-09 11:30 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-09-09 11:30 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-09-09 11:30 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-09-09 11:30 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2011-09-09 11:30 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2011-09-09 11:30 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe

2011-09-09 11:29 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-09-09 11:29 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2011-09-09 11:29 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2011-09-09 11:29 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2011-09-09 11:29 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-09-09 11:29 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-09-09 11:29 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-09-09 11:29 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-09-09 11:29 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-09-09 11:29 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe

2011-09-09 11:29 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2011-09-09 11:07 . 2011-09-09 11:07 -------- d-----w- c:\windows\SysWow64\Wat

2011-09-09 11:07 . 2011-09-09 11:07 -------- d-----w- c:\windows\system32\Wat

2011-08-29 18:57 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2011-08-29 07:37 . 2011-08-29 07:37 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin

2011-08-29 07:31 . 2011-07-16 05:21 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-08-29 07:30 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll

2011-08-29 07:29 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-08-29 07:29 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-08-29 07:29 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-08-29 07:29 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-08-29 07:29 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-08-29 07:29 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll

2011-08-29 07:29 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-08-29 07:29 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-08-29 07:29 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-08-29 07:29 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll

2011-08-29 07:29 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2011-08-29 07:27 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-08-29 07:27 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe

2011-08-29 07:27 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-08-29 07:27 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-08-29 07:27 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-21 17:21 . 2011-08-05 10:10 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-18 16:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-09-18 16:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-08-31 15:00 . 2011-08-05 10:09 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-05 09:43 . 2011-08-05 09:43 6 ----a-w- c:\windows\silentOnce.tmp

2011-07-16 04:26 . 2011-08-29 07:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-07-13 1666144]

.

c:\users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SRS PC Sound.lnk - c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2011-1-14 1939800]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\farmntio.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MGHwCtrl;MGHwCtrl;c:\utility\Silent\MGHwCtrl.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]

S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe [2010-12-10 159752]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]

S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys [2010-12-10 14344]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-24 378984]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3708872907-2703013417-2447342661-1001Core.job

- c:\users\Charlotte\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 20:46]

.

2011-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3708872907-2703013417-2447342661-1001UA.job

- c:\users\Charlotte\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 20:46]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\system32\nvinitx.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\PHotkey\ASLDRSrv.exe

c:\program files (x86)\PHotkey\PHotkey.exe

c:\program files (x86)\PHotkey\MsgTranAgt.exe

c:\program files (x86)\PHotkey\MsOsd.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Voltooingstijd: 2011-09-24 21:53:58 - machine werd herstart

ComboFix-quarantined-files.txt 2011-09-24 19:53

.

Pre-Run: 250.205.503.488 bytes beschikbaar

Post-Run: 250.356.977.664 bytes beschikbaar

.

- - End Of File - - CE602D10890C97645642F1A1E42B908A

kape · 25 september 2011

Mooi zo ... nu het volgende :

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht,

Madje1992 · 25 september 2011

Malware Antimalware, loopt nog steeds vast bij het scannen

kape · 25 september 2011

Wijzig de naam van het bestand mbam.exe van Malwarebytes eens in 12345.exe. En probeer dan eens of scannen wél lukt ?

Madje1992 · 26 september 2011

Dat heeft heel veel geholpen. Ik zal zo snel mogelijk het logje erop zetten

Inloggen

niks vinden, maar er is wel iets

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie