Ga naar inhoud

windows verkenner reageert niet meer


geetn

Aanbevolen berichten

ComboFix 12-03-22.01 - Gauthier 28/03/2012 11:33:47.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3692.2523 [GMT 2:00]

Gestart vanuit: c:\users\Gauthier\Desktop\ComboFix.exe

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-28 ))))))))))))))))))))))))))))))

.

.

2012-03-28 09:36 . 2012-03-28 09:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-27 17:12 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8EB4502-323C-4C1B-959A-BB27FEA363F1}\mpengine.dll

2012-03-26 08:20 . 2012-03-26 08:20 -------- d-----w- c:\programdata\McAfee

2012-03-26 08:20 . 2012-03-26 08:20 -------- d-----w- c:\programdata\McAfee Security Scan

2012-03-26 08:20 . 2012-03-26 08:20 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2012-03-21 16:15 . 2012-03-21 16:15 -------- d-----w- c:\users\Gauthier\AppData\Local\FSP

2012-03-21 16:13 . 2012-03-21 16:54 -------- d-----w- c:\program files\FSP

2012-03-19 09:10 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-19 09:10 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-19 09:10 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-16 11:38 . 2012-03-21 20:26 -------- d-----w- c:\program files (x86)\BrowserCompanion

2012-03-16 11:38 . 2012-03-19 13:58 -------- d-----w- c:\programdata\PopCap Games

2012-03-16 11:37 . 2012-03-16 11:38 -------- d-----w- c:\program files (x86)\Toggle Downloader

2012-03-16 11:35 . 2012-03-16 16:50 -------- d-----w- c:\program files (x86)\Zylom Games

2012-03-16 11:35 . 2012-03-16 11:35 -------- d-----w- c:\programdata\Zylom

2012-03-14 07:22 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 07:22 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 07:22 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 07:22 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 07:22 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 07:22 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 07:21 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 07:21 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 07:21 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 07:21 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-29 09:11 . 2012-03-21 17:00 -------- d-----w- c:\users\Gauthier\AppData\Roaming\uTorrent

2012-02-28 11:32 . 2012-03-28 08:26 -------- d-----w- c:\program files\CCleaner

2012-02-27 16:56 . 2012-02-27 16:56 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-23 06:45 . 2011-11-21 17:09 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-02-24 17:48 . 2012-02-24 17:48 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-24 17:38 . 2011-12-24 09:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 07:18 . 2011-12-28 10:45 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-04 10:44 . 2012-02-17 09:29 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-17 09:29 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2011-12-30 06:26 . 2012-02-17 09:19 515584 ----a-w- c:\windows\system32\timedate.cpl

2011-12-30 05:27 . 2012-02-17 09:19 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-13 336384]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-01-13 1081416]

.

c:\users\Gauthier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Gauthier\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-21 1030600]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-13 361984]

S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-25 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS.exe [2011-12-01 22:22]

.

2012-03-27 c:\windows\Tasks\AutoKMSDaily.job

- c:\windows\AutoKMS.exe [2011-12-01 22:22]

.

2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

2012-03-28 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-11 2226280]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://search.toggle.com/?lang=nl

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {{22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

TCP: DhcpNameServer = 10.120.1.1 10.56.1.1 10.56.1.2

FF - ProfilePath - c:\users\Gauthier\AppData\Roaming\Mozilla\Firefox\Profiles\cu4a2aey.default\

FF - prefs.js: browser.search.selectedEngine - Toggle

FF - prefs.js: browser.startup.homepage - hxxp://search.toggle.com/?lang=nl

FF - prefs.js: keyword.URL - hxxp://search.toggle.com/?lang=nl&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-03-28 11:41:40

ComboFix-quarantined-files.txt 2012-03-28 09:41

.

Pre-Run: 77.966.860.288 bytes beschikbaar

Post-Run: 78.230.069.248 bytes beschikbaar

.

- - End Of File - - 386B5DAFCEF8AAC220E5A5D66BD0EB84

Link naar reactie
Delen op andere sites

  • Reacties 40
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe

c:\windows\Tasks\AutoKMS.job

c:\windows\Tasks\AutoKMSDaily.job

c:\windows\AutoKMS.exe

Folder::

c:\program files (x86)\BrowserCompanion

Driver::

Application Updater

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

  • 2 weken later...

Eigenlijk heb ik heel veel moeite gehad om combofix te laten lopen. Ik heb eerst een paar maal het programma opnieuw moeten downloaden tegen dat combofix ging en daarna heeft het bijna een dag geduurd tegen dat het klaar was met scannen.

Eenmaal mijn computer was afgesloten en terug is opgestart kon ik geen enkel programma meer openen uitzonderd "deze computer".

De log van combofix

ComboFix 12-04-11.03 - Gauthier 11/04/2012 20:19:58.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3692.2458 [GMT 2:00]

Gestart vanuit: c:\users\Gauthier\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Gauthier\Desktop\CFScript.txt

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

FILE ::

"c:\windows\AutoKMS.exe"

"c:\windows\Tasks\AutoKMS.job"

"c:\windows\Tasks\AutoKMSDaily.job"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\BrowserCompanion

c:\program files (x86)\BrowserCompanion\BCHelper.exe

c:\program files (x86)\BrowserCompanion\blabbers-ch.crx

c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi

c:\program files (x86)\BrowserCompanion\logo.ico

c:\program files (x86)\BrowserCompanion\sqlite3.dll

c:\program files (x86)\BrowserCompanion\tdataprotocol.dll

c:\program files (x86)\BrowserCompanion\toolbar.dll

c:\program files (x86)\BrowserCompanion\uninstall.exe

c:\program files (x86)\BrowserCompanion\updater.ini

c:\program files (x86)\BrowserCompanion\widgetserv.exe

c:\programdata\FullRemove.exe

c:\windows\AutoKMS.exe

c:\windows\SysWow64\~.inf

c:\windows\Tasks\AutoKMS.job

c:\windows\Tasks\AutoKMSDaily.job

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Application Updater

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-03-13 to 2012-04-13 ))))))))))))))))))))))))))))))

.

.

2012-04-11 19:25 . 2012-04-11 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-04 15:30 . 2012-04-04 15:30 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-04-04 15:30 . 2012-04-04 15:30 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-04-04 15:27 . 2012-04-11 17:54 78848 ----a-w- c:\windows\KMSEmulator.exe

2012-04-04 15:13 . 2012-04-04 15:17 -------- d-----w- c:\users\Gauthier\AppData\Roaming\Nitro PDF

2012-04-04 15:12 . 2012-04-04 15:12 -------- d-----w- c:\programdata\Nitro PDF

2012-04-04 15:09 . 2012-04-04 15:10 -------- d-----w- c:\users\Gauthier\AppData\Roaming\Downloaded Installations

2012-04-04 14:57 . 2012-04-04 15:34 253351 ----a-w- c:\windows\SysWow64\~.tmp

2012-04-04 14:22 . 2010-08-03 13:30 196224 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll

2012-04-04 14:22 . 2012-04-04 14:22 -------- d-----w- c:\programdata\P4G

2012-03-26 08:20 . 2012-03-26 08:20 -------- d-----w- c:\programdata\McAfee

2012-03-26 08:20 . 2012-03-26 08:20 -------- d-----w- c:\programdata\McAfee Security Scan

2012-03-26 08:20 . 2012-03-26 08:20 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2012-03-21 16:15 . 2012-03-21 16:15 -------- d-----w- c:\users\Gauthier\AppData\Local\FSP

2012-03-21 16:13 . 2012-03-21 16:54 -------- d-----w- c:\program files\FSP

2012-03-19 09:10 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-19 09:10 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-19 09:10 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-16 11:38 . 2012-03-19 13:58 -------- d-----w- c:\programdata\PopCap Games

2012-03-16 11:35 . 2012-03-16 11:35 -------- d-----w- c:\programdata\Zylom

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 10:00 . 2011-11-21 17:09 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-03-14 03:27 . 2012-04-04 14:24 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3F0B9B0-7A49-4AD9-8A1E-8508F2A75BA2}\mpengine.dll

2012-02-27 16:56 . 2012-02-27 16:56 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-24 17:48 . 2012-02-24 17:48 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-24 17:38 . 2011-12-24 09:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 07:18 . 2011-12-28 10:45 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-14 07:21 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 07:21 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 07:21 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 07:21 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 07:22 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 07:22 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-14 07:22 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 06:38 . 2012-03-14 07:22 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-14 07:22 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-14 07:22 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-28_09.36.48 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-03-25 11:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-04-10 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-03-25 11:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-10 16:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-25 11:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-10 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-18 20:13 . 2012-04-15 20:35 36654 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-15 20:35 50576 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-11-21 17:13 . 2012-03-28 09:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-11-21 17:13 . 2012-04-11 20:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-11-21 17:13 . 2012-03-28 09:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-11-21 17:13 . 2012-04-11 20:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-28 09:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-11 20:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-04-04 14:22 . 2012-04-04 14:22 43302 c:\windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_76D1D93228F14F1540EB5E.exe

+ 2012-04-04 14:22 . 2012-04-04 14:22 43302 c:\windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_6FEFF9B68218417F98F549.exe

- 2011-08-21 03:00 . 2011-08-21 03:00 43302 c:\windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_6FEFF9B68218417F98F549.exe

+ 2011-11-21 17:10 . 2012-04-15 20:35 9768 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1205952837-813243677-3100779036-1002_UserData.bin

- 2012-03-25 11:20 . 2012-03-25 11:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-13 09:59 . 2012-04-13 09:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-13 09:59 . 2012-04-13 09:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-25 11:20 . 2012-03-25 11:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-02-18 22:40 . 2011-02-18 22:40 773968 c:\windows\SysWOW64\msvcr100.dll

+ 2011-02-19 21:03 . 2011-02-19 21:03 421200 c:\windows\SysWOW64\msvcp100.dll

- 2011-05-30 12:48 . 2011-05-30 12:48 421200 c:\windows\SysWOW64\msvcp100.dll

+ 2011-11-22 09:16 . 2012-04-11 17:53 284330 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-11-21 18:16 . 2012-04-13 15:01 236568 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2011-02-19 04:40 . 2012-04-11 19:31 712976 c:\windows\system32\perfh013.dat

- 2011-02-19 04:40 . 2012-03-28 09:22 712976 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2012-03-28 09:22 627420 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-11 19:31 627420 c:\windows\system32\perfh009.dat

+ 2011-02-19 04:40 . 2012-04-11 19:31 137316 c:\windows\system32\perfc013.dat

- 2011-02-19 04:40 . 2012-03-28 09:22 137316 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-04-11 19:31 110140 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-03-28 09:22 110140 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-04-11 20:33 433292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-25 11:19 433292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-11-21 16:21 . 2011-11-21 16:21 434252 c:\windows\MSVCRTD.DLL

- 2011-06-09 04:33 . 2011-06-09 04:33 434252 c:\windows\MSVCRTD.DLL

+ 2011-11-21 16:21 . 2011-11-21 16:21 348160 c:\windows\msvcr71.dll

- 2011-06-09 04:33 . 2011-06-09 04:33 348160 c:\windows\msvcr71.dll

+ 2011-11-15 15:47 . 2011-11-15 15:47 248320 c:\windows\Installer\29948.msi

+ 2011-11-21 16:22 . 2011-11-21 16:22 922624 c:\windows\Installer\29908.msi

+ 2011-11-25 13:05 . 2011-11-25 13:05 868864 c:\windows\Installer\297f7.msi

+ 2012-04-04 14:20 . 2012-04-04 14:20 103022 c:\windows\Installer\{D39F0676-163E-4595-A917-E28F99BBD4D2}\_F883AACBB6921F0F91A055.exe

+ 2012-04-04 14:20 . 2012-04-04 14:20 103022 c:\windows\Installer\{D39F0676-163E-4595-A917-E28F99BBD4D2}\_85333B24BDD97F0C55D35F.exe

+ 2012-04-04 14:20 . 2012-04-04 14:20 103022 c:\windows\Installer\{D39F0676-163E-4595-A917-E28F99BBD4D2}\_7B8B8B4239B13D70DDD544.exe

+ 2012-04-04 14:20 . 2012-04-04 14:20 103022 c:\windows\Installer\{D39F0676-163E-4595-A917-E28F99BBD4D2}\_6FEFF9B68218417F98F549.exe

+ 2012-04-04 14:20 . 2012-04-04 14:20 103022 c:\windows\Installer\{D39F0676-163E-4595-A917-E28F99BBD4D2}\_15E7EEE47E4D0E23B0FC40.exe

+ 2012-04-04 14:21 . 2012-04-04 14:21 326006 c:\windows\Installer\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}\_D41B5D49A78C548364FF5C.exe

+ 2012-04-04 14:21 . 2012-04-04 14:21 326006 c:\windows\Installer\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}\_853F67D554F05449430E7E.exe

+ 2012-04-04 14:25 . 2012-04-04 14:25 287934 c:\windows\Installer\{0969AF05-4FF6-4C00-9406-43599238DE0D}\_853F67D554F05449430E7E.exe

- 2011-08-20 12:21 . 2012-03-25 11:19 1593848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-08-20 12:21 . 2012-04-11 19:26 1593848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-11-21 21:40 . 2012-04-11 19:26 24317412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1205952837-813243677-3100779036-1002-8192.dat

+ 2011-11-22 13:14 . 2011-11-22 13:14 15005184 c:\windows\Installer\29ae8.msi

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-13 336384]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\users\Gauthier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Gauthier\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-21 1030600]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-13 361984]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

2012-04-15 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-11 2226280]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"combofix"="c:\combofix\CF31285.3XE" [2010-11-20 345088]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://search.toggle.com/?lang=nl

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.130.133 195.130.131.133

FF - ProfilePath - c:\users\Gauthier\AppData\Roaming\Mozilla\Firefox\Profiles\cu4a2aey.default\

FF - prefs.js: browser.search.selectedEngine - Toggle

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://search.toggle.com/?lang=nl&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\windows\AsScrPro.exe

c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

c:\program files (x86)\ASUS\Splendid\ACMON.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe

c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe

c:\program files (x86)\Internet Explorer\IELowutil.exe

.

**************************************************************************

.

Voltooingstijd: 2012-04-15 22:41:17 - machine werd herstart

ComboFix-quarantined-files.txt 2012-04-15 20:41

ComboFix2.txt 2012-03-28 09:41

.

Pre-Run: 76.332.265.472 bytes beschikbaar

Post-Run: 79.438.966.784 bytes beschikbaar

.

- - End Of File - - CEE4CA0DCFF9076B60E6C005DE5246DC

Link naar reactie
Delen op andere sites

Nog altijd hetzelfde. Nadat ik het scan met combofix had gedaan kon ik eerst geen enkel programma meer openen, alleen "deze computer" lukte nog. Maar dit is opgelost. Ik kan wel nog steeds het gebruik van sommige fn knoppen niet meer gebruiken en mijn windows verkenner reageert nog altijd niet.

Link naar reactie
Delen op andere sites

Er is iets dat ik niet helemaal begrijp : in bericht 13 zeg je dat de virusscanners (nog) niet actief zijn. Toch wijst alles in de logjes er op dat dit wel zo is ? Ergens klopt er dus iets niet ? TrendMicro en McAfee zijn toch geactiveerd nu, niet ?

Doe verder nog dit :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\KMSEmulator.exe

c:\windows\SysWow64\~.tmp

DDS::

mStart Page = hxxp://search.toggle.com/?lang=nl

Firefox::

FF - ProfilePath - c:\users\Gauthier\AppData\Roaming\Mozilla\Firefox\Profiles\cu4a2aey.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Normaal zijn de nog niet geinstalleerd, maar ik zal anders kijken om die bestandjes te wissen.

Logje:

ComboFix 12-04-11.03 - Gauthier 16/04/2012 19:13:40.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3692.2072 [GMT 2:00]

Gestart vanuit: c:\users\Gauthier\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Gauthier\Desktop\CFScript.txt

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

FILE ::

"c:\windows\KMSEmulator.exe"

"c:\windows\SysWow64\~.tmp"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\KMSEmulator.exe

c:\windows\SysWow64\~.tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-03-16 to 2012-04-16 ))))))))))))))))))))))))))))))

.

.

2012-04-16 17:17 . 2012-04-16 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-16 08:08 . 2012-04-16 08:08 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E7A543E-DC84-4E9D-9647-B9D9A6B1AF59}\offreg.dll

2012-04-15 21:06 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-15 21:06 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-15 21:06 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-15 21:03 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-15 21:03 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-15 21:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-15 21:03 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-15 21:03 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-15 21:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-15 21:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-15 20:50 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E7A543E-DC84-4E9D-9647-B9D9A6B1AF59}\mpengine.dll

2012-04-04 15:30 . 2012-04-04 15:30 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-04-04 15:30 . 2012-04-04 15:30 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-04-04 15:13 . 2012-04-04 15:17 -------- d-----w- c:\users\Gauthier\AppData\Roaming\Nitro PDF

2012-04-04 15:12 . 2012-04-04 15:12 -------- d-----w- c:\programdata\Nitro PDF

2012-04-04 15:09 . 2012-04-04 15:10 -------- d-----w- c:\users\Gauthier\AppData\Roaming\Downloaded Installations

2012-04-04 14:22 . 2010-08-03 13:30 196224 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll

2012-04-04 14:22 . 2012-04-04 14:22 -------- d-----w- c:\programdata\P4G

2012-03-26 08:20 . 2012-03-26 08:20 -------- d-----w- c:\programdata\McAfee

2012-03-26 08:20 . 2012-03-26 08:20 -------- d-----w- c:\programdata\McAfee Security Scan

2012-03-26 08:20 . 2012-03-26 08:20 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2012-03-21 16:15 . 2012-03-21 16:15 -------- d-----w- c:\users\Gauthier\AppData\Local\FSP

2012-03-21 16:13 . 2012-03-21 16:54 -------- d-----w- c:\program files\FSP

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 10:00 . 2011-11-21 17:09 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-04-04 13:56 . 2011-11-21 20:05 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-27 16:56 . 2012-02-27 16:56 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-24 17:48 . 2012-02-24 17:48 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-24 17:38 . 2011-12-24 09:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 08:18 . 2011-12-28 10:45 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-14 07:21 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 07:21 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 07:21 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 07:21 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 07:22 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 07:22 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-14 07:22 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 06:38 . 2012-03-14 07:22 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-14 07:22 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-14 07:22 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2012-04-13_10.00.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-15 21:07 . 2012-02-28 01:03 72704 c:\windows\SysWOW64\mshtmled.dll

- 2012-02-24 16:07 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll

+ 2012-04-15 21:07 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

- 2012-02-24 16:07 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

+ 2012-04-15 21:07 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll

- 2012-02-24 16:07 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll

- 2009-07-14 04:54 . 2012-04-10 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-04-16 13:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-04-10 16:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-16 13:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-16 13:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-10 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-04-16 08:03 50764 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-11-21 17:10 . 2012-04-16 08:04 10200 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1205952837-813243677-3100779036-1002_UserData.bin

+ 2012-04-15 21:07 . 2012-02-28 06:43 96256 c:\windows\system32\mshtmled.dll

- 2012-02-24 16:07 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll

+ 2012-04-15 21:07 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll

- 2012-02-24 16:07 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll

- 2012-02-24 16:07 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll

+ 2012-04-15 21:07 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll

+ 2009-07-14 04:46 . 2012-04-16 08:00 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-11-21 21:57 . 2011-11-21 21:57 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll

+ 2011-11-21 20:31 . 2011-11-21 20:31 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2012-02-24 16:34 . 2012-02-24 16:34 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2012-02-24 16:33 . 2012-02-24 16:33 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-04-15 20:57 . 2012-04-15 20:57 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2012-02-24 16:33 . 2012-02-24 16:33 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-04-15 20:57 . 2012-04-15 20:57 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-11-21 17:55 . 2012-04-15 21:09 34144 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe

- 2011-11-21 17:55 . 2012-03-19 09:06 34144 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe

- 2011-11-21 17:55 . 2012-03-19 09:06 42848 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe

+ 2011-11-21 17:55 . 2012-04-15 21:09 42848 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe

- 2011-11-21 17:55 . 2012-03-19 09:06 19296 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe

+ 2011-11-21 17:55 . 2012-04-15 21:09 19296 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe

+ 2010-10-20 15:20 . 2010-10-20 15:20 37280 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\SOCIALPROVIDER.DLL

+ 2011-01-12 18:11 . 2011-01-12 18:11 58712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\OUTLRPC.DLL

+ 2010-10-22 14:28 . 2010-10-22 14:28 40800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\OUTLACCT.DLL

+ 2012-04-16 08:27 . 2012-04-16 08:27 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll

+ 2012-04-16 08:27 . 2012-04-16 08:27 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll

+ 2012-04-16 08:27 . 2012-04-16 08:27 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll

+ 2012-04-16 08:21 . 2012-04-16 08:21 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll

+ 2012-04-16 08:14 . 2012-04-16 08:14 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll

+ 2012-04-16 08:11 . 2012-04-16 08:11 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe

+ 2012-04-16 08:11 . 2012-04-16 08:11 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9a3f2f7233160bfcb2fd278d05da630c\UIAutomationProvider.ni.dll

+ 2012-04-16 08:35 . 2012-04-16 08:35 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\931e299528cf8cb4c1b7321e5be5fb1e\System.Windows.Presentation.ni.dll

+ 2012-04-16 08:34 . 2012-04-16 08:34 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\89383b658e1538a95c9004e5b30fff39\System.Web.ApplicationServices.ni.dll

+ 2012-04-16 08:34 . 2012-04-16 08:34 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5173df5175ccade890b8e0117297fdae\System.ServiceModel.Channels.ni.dll

+ 2012-04-16 08:31 . 2012-04-16 08:31 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\541d664486e505282e6805462b288507\System.AddIn.Contract.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\bf2bfecb57a7987d05968d7494512ce8\Microsoft.VisualC.ni.dll

+ 2012-04-16 08:29 . 2012-04-16 08:29 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\cbc5e9834f47c0aaa4808764ac2afd11\Accessibility.ni.dll

+ 2012-04-15 20:36 . 2012-04-15 20:36 9560 c:\windows\system32\NetworkList\Icons\{DA12A26D-8FF1-45E3-8CCD-3766EDE9F1BF}_48.bin

+ 2012-04-15 20:36 . 2012-04-15 20:36 4280 c:\windows\system32\NetworkList\Icons\{DA12A26D-8FF1-45E3-8CCD-3766EDE9F1BF}_32.bin

+ 2012-04-15 20:36 . 2012-04-15 20:36 2456 c:\windows\system32\NetworkList\Icons\{DA12A26D-8FF1-45E3-8CCD-3766EDE9F1BF}_24.bin

- 2012-04-13 09:59 . 2012-04-13 09:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-16 07:57 . 2012-04-16 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-16 07:57 . 2012-04-16 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-13 09:59 . 2012-04-13 09:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-04-16 08:35 . 2012-04-16 08:35 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\1d9f36e98e17e1f594b25f42269801ac\System.Xml.Serialization.ni.dll

+ 2012-04-16 08:29 . 2012-04-16 08:29 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\ae8a2abe6e9b5931480460c20967b216\dfsvc.ni.exe

- 2012-02-24 16:07 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll

+ 2012-04-15 21:07 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll

+ 2012-04-15 21:07 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll

- 2012-02-24 16:07 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll

+ 2012-04-15 21:07 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll

- 2012-02-24 16:07 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll

+ 2011-11-21 18:16 . 2012-04-16 16:09 238890 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2012-02-24 16:07 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll

+ 2012-04-15 21:07 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll

+ 2011-02-19 04:40 . 2012-04-16 16:11 713210 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2012-04-16 16:11 627654 c:\windows\system32\perfh009.dat

+ 2011-02-19 04:40 . 2012-04-16 16:11 137550 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-04-16 16:11 110374 c:\windows\system32\perfc009.dat

- 2012-02-24 16:07 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll

+ 2012-04-15 21:07 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll

+ 2012-04-15 21:07 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll

- 2012-02-24 16:07 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll

- 2009-07-14 05:01 . 2012-04-11 20:33 433292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-04-15 21:09 433292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-11-21 21:57 . 2011-11-21 21:57 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll

+ 2011-11-21 20:31 . 2011-11-21 20:31 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll

+ 2011-11-21 20:31 . 2011-11-21 20:31 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2012-02-24 16:33 . 2012-02-24 16:33 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-04-15 20:57 . 2012-04-15 20:57 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-04-15 20:57 . 2012-04-15 20:57 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2012-02-24 16:33 . 2012-02-24 16:33 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

- 2012-02-24 16:33 . 2012-02-24 16:33 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-03-21 03:29 . 2012-03-21 03:29 133120 c:\windows\Installer\ca5c6d3.msp

+ 2012-02-09 05:27 . 2012-02-09 05:27 231424 c:\windows\Installer\ca5c68e.msp

- 2011-11-21 17:55 . 2012-03-19 09:06 415584 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe

+ 2011-11-21 17:55 . 2012-04-15 21:09 415584 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe

+ 2011-11-21 17:55 . 2012-04-15 21:09 303456 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe

- 2011-11-21 17:55 . 2012-03-19 09:06 303456 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe

- 2011-11-21 17:55 . 2012-03-19 09:06 571232 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe

+ 2011-11-21 17:55 . 2012-04-15 21:09 571232 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe

+ 2011-11-21 17:55 . 2012-04-15 21:09 326496 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe

- 2011-11-21 17:55 . 2012-03-19 09:06 326496 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe

+ 2011-11-21 17:55 . 2012-04-15 21:09 469856 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe

- 2011-11-21 17:55 . 2012-03-19 09:06 469856 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe

+ 2011-11-21 17:55 . 2012-04-15 21:09 178528 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe

- 2011-11-21 17:55 . 2012-03-19 09:06 178528 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe

+ 2010-10-20 13:46 . 2010-10-20 13:46 130944 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\TRANSMGR.DLL

+ 2010-12-21 04:59 . 2010-12-21 04:59 375152 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\SHAREPOINTPROVIDER.DLL

+ 2010-10-22 14:28 . 2010-10-22 14:28 567152 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\RTFHTML.DLL

+ 2011-03-18 22:19 . 2011-03-18 22:19 390032 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\OUTLPH.DLL

+ 2010-10-20 14:19 . 2010-10-20 14:19 166240 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\OUTLCTL.DLL

+ 2010-12-27 23:52 . 2010-12-27 23:52 365968 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\OMSXP32.DLL

+ 2010-10-20 14:19 . 2010-10-20 14:19 186728 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\IMPMAIL.DLL

+ 2011-03-17 09:26 . 2011-03-17 09:26 219520 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\ENVELOPE.DLL

+ 2010-10-22 14:28 . 2010-10-22 14:28 183672 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\CONTAB32.DLL

+ 2012-04-16 08:27 . 2012-04-16 08:27 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d05858dd730eef93a5e4a3cc88dd4ec3\WindowsFormsIntegration.ni.dll

+ 2012-04-16 08:19 . 2012-04-16 08:19 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll

+ 2012-04-16 08:19 . 2012-04-16 08:19 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll

+ 2012-04-16 08:27 . 2012-04-16 08:27 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll

+ 2012-04-16 08:18 . 2012-04-16 08:18 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll

+ 2012-04-16 08:19 . 2012-04-16 08:19 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll

+ 2012-04-16 08:18 . 2012-04-16 08:18 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll

+ 2012-04-16 08:26 . 2012-04-16 08:26 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\73874670b92afbde73b23e8a1200eede\System.ServiceProcess.ni.dll

+ 2012-04-16 08:26 . 2012-04-16 08:26 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll

+ 2012-04-16 08:26 . 2012-04-16 08:26 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll

+ 2012-04-16 08:13 . 2012-04-16 08:13 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll

+ 2012-04-16 08:18 . 2012-04-16 08:18 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2012-04-16 08:18 . 2012-04-16 08:18 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\b73b4f0282ef46505b3e59702ded433b\System.Runtime.Remoting.ni.dll

+ 2012-04-16 08:13 . 2012-04-16 08:13 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\ae0089b9135614de304ebe288fa6fca8\System.Messaging.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll

+ 2012-04-16 08:18 . 2012-04-16 08:18 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll

+ 2012-04-16 08:13 . 2012-04-16 08:13 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll

+ 2012-04-16 08:21 . 2012-04-16 08:21 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll

+ 2012-04-16 08:21 . 2012-04-16 08:21 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll

+ 2012-04-16 08:21 . 2012-04-16 08:21 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll

+ 2012-04-16 08:21 . 2012-04-16 08:21 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll

+ 2012-04-16 08:21 . 2012-04-16 08:21 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll

+ 2012-04-16 08:11 . 2012-04-16 08:11 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe

+ 2012-04-16 08:18 . 2012-04-16 08:18 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll

+ 2012-04-16 08:17 . 2012-04-16 08:17 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll

+ 2012-04-16 08:17 . 2012-04-16 08:17 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll

+ 2012-04-16 08:17 . 2012-04-16 08:17 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll

+ 2012-04-16 08:17 . 2012-04-16 08:17 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll

+ 2012-04-16 08:14 . 2012-04-16 08:14 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\480ae0610a44148c6532d3d134f9956f\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2012-04-16 08:13 . 2012-04-16 08:13 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2012-04-16 08:11 . 2012-04-16 08:11 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll

+ 2012-04-16 08:35 . 2012-04-16 08:35 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\2e1468ce2858baafbab0482a638eb251\WindowsFormsIntegration.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3229ca959686fc6c4e3ef5a9dd285cd4\UIAutomationTypes.ni.dll

+ 2012-04-16 08:35 . 2012-04-16 08:35 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\fa5ac28e670cb4917e8f3f22c059724b\UIAutomationClient.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\706f0cbe7c279c059b52ad8b4bd248d8\System.Xml.Linq.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\77cd8b170b07f428c98896e35eb556f3\System.Windows.Input.Manipulations.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\678637ab7a50a87b13c287992ef7fbd8\System.Transactions.ni.dll

+ 2012-04-16 08:34 . 2012-04-16 08:34 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9a1e3b04442d5c7ec79946335b412b8b\System.ServiceProcess.ni.dll

+ 2012-04-16 08:34 . 2012-04-16 08:34 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4808a59d1eb0e6484162f9a4a2eda748\System.ServiceModel.Routing.ni.dll

+ 2012-04-15 21:01 . 2012-04-15 21:01 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\68e9fba708d531093efed0d06fc255ae\System.Security.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8242a11970b6c106bc860a168fbf0d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4017661cfa4a173b878d7e2a949c3a9e\System.Runtime.Remoting.ni.dll

+ 2012-04-15 21:01 . 2012-04-15 21:01 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\db65b5a04bb376ef4df08803ec27c12e\System.Numerics.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\89e476c433069af1957535a158feac9a\System.Net.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\0a7f81c69a451afc1c29f406af951b4e\System.Messaging.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\04fec0e57becb283fbeddf031f2e201a\System.Management.Instrumentation.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\5495c14e5629c89453853fa2a6e6fd3a\System.IO.Log.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\6886e37c6d37f6d2523fe10dd02ce983\System.IdentityModel.Selectors.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\dfa641de28b73dda041bf7f47972b5eb\System.EnterpriseServices.Wrapper.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\dfa641de28b73dda041bf7f47972b5eb\System.EnterpriseServices.ni.dll

+ 2012-04-15 21:01 . 2012-04-15 21:01 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\7612a70db260ea55fe72f57cee028092\System.Dynamic.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\d754996afc55c4ad30377765fb1af5f7\System.DirectoryServices.Protocols.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\cf4a74f7bb940cfede8c0758026211a9\System.DirectoryServices.AccountManagement.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\77372a2fb9e95c02b2d76efcbed718bd\System.Device.ni.dll

+ 2012-04-16 08:31 . 2012-04-16 08:31 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\623ae2e1d7735e14f9adb9d830f29d29\System.Data.DataSetExtensions.ni.dll

+ 2012-04-15 21:01 . 2012-04-15 21:01 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6757251401cd9c17d5e608db6e5f964a\System.Configuration.ni.dll

+ 2012-04-16 08:31 . 2012-04-16 08:31 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\522ff751bd7c2d6560abd743c967eeef\System.Configuration.Install.ni.dll

+ 2012-04-16 08:31 . 2012-04-16 08:31 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\90cc58de90e1d3cbb4a4c06600096331\System.ComponentModel.DataAnnotations.ni.dll

+ 2012-04-15 21:02 . 2012-04-15 21:02 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\521d371ccd63aba119d74e1352fda6dc\System.ComponentModel.Composition.ni.dll

+ 2012-04-16 08:31 . 2012-04-16 08:31 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\4281a2e60037fa6e043569d2b70ed864\System.AddIn.ni.dll

+ 2012-04-16 08:31 . 2012-04-16 08:31 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\8e122e72de21cfbf2e41e6a338844415\System.Activities.DurableInstancing.ni.dll

+ 2012-04-16 08:29 . 2012-04-16 08:29 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\abec8eb49acd9d3dad8066795b9d095d\SMSvcHost.ni.exe

+ 2012-04-16 08:30 . 2012-04-16 08:30 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4e6da16e44ef441e463e006185b1b5d8\SMDiagnostics.ni.dll

+ 2012-04-15 21:02 . 2012-04-15 21:02 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ec80c61fa0d532d78f0b50eec27a4a1f\PresentationFramework.Classic.ni.dll

+ 2012-04-15 21:02 . 2012-04-15 21:02 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ec69ab111679b2775127815726f87a7d\PresentationFramework.Luna.ni.dll

+ 2012-04-15 21:02 . 2012-04-15 21:02 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e5cd234a62bbdaafdd21857a7cc3a28a\PresentationFramework.Royale.ni.dll

+ 2012-04-15 21:02 . 2012-04-15 21:02 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c5b741f270fccb3b527b4fc3a8431f3\PresentationFramework.Aero.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f730eb20c2189e35b0f0d0739c893057\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2012-04-16 08:29 . 2012-04-16 08:29 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\b25cf7ec03eb047aecbe2fcc842b3471\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2012-04-16 08:29 . 2012-04-16 08:29 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\ed336359eb1b1312b935f4692e71474b\CustomMarshalers.ni.dll

- 2012-02-24 16:07 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll

+ 2012-04-15 21:07 . 2012-02-28 01:11 1127424 c:\windows\SysWOW64\wininet.dll

- 2012-02-24 16:07 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll

+ 2012-04-15 21:07 . 2012-02-28 01:12 1103360 c:\windows\SysWOW64\urlmon.dll

+ 2012-04-15 21:07 . 2012-02-28 01:18 1799168 c:\windows\SysWOW64\jscript9.dll

- 2012-02-24 16:07 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll

+ 2012-04-15 21:07 . 2012-02-28 01:04 1792000 c:\windows\SysWOW64\iertutil.dll

+ 2012-04-15 21:07 . 2012-02-28 01:27 9705984 c:\windows\SysWOW64\ieframe.dll

+ 2012-04-15 21:07 . 2012-02-28 06:49 1390080 c:\windows\system32\wininet.dll

- 2012-02-24 16:07 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll

- 2012-02-24 16:07 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll

+ 2012-04-15 21:07 . 2012-02-28 06:50 1345536 c:\windows\system32\urlmon.dll

+ 2012-04-15 21:07 . 2012-02-28 06:56 2311168 c:\windows\system32\jscript9.dll

- 2012-02-24 16:07 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll

+ 2012-04-15 21:07 . 2012-02-28 06:43 2144256 c:\windows\system32\iertutil.dll

+ 2009-07-14 04:45 . 2012-04-16 08:00 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2012-03-19 09:17 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-11-21 20:31 . 2011-11-21 20:31 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll

+ 2011-11-21 21:57 . 2011-11-21 21:57 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll

+ 2011-11-21 21:57 . 2011-11-21 21:57 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll

+ 2011-11-21 21:57 . 2011-11-21 21:57 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll

+ 2011-11-21 21:57 . 2011-11-21 21:57 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll

+ 2011-11-21 20:31 . 2011-11-21 20:31 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll

+ 2011-11-21 20:31 . 2011-11-21 20:31 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll

+ 2011-11-21 20:31 . 2011-11-21 20:31 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll

+ 2011-11-21 20:31 . 2011-11-21 20:31 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

- 2012-02-24 16:35 . 2012-02-24 16:35 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

- 2012-02-24 16:33 . 2012-02-24 16:33 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-04-15 20:57 . 2012-04-15 20:57 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

- 2012-02-24 16:34 . 2012-02-24 16:34 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2012-04-15 20:57 . 2012-04-15 20:57 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2012-02-24 16:33 . 2012-02-24 16:34 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-04-15 20:58 . 2012-04-15 20:58 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-03-21 03:30 . 2012-03-21 03:30 1868288 c:\windows\Installer\ca5c6cc.msp

+ 2012-03-07 13:01 . 2012-03-07 13:01 1924608 c:\windows\Installer\ca5c697.msp

+ 2012-04-01 14:27 . 2012-04-01 14:27 3448832 c:\windows\Installer\ca5c677.msp

- 2011-11-21 17:55 . 2012-03-19 09:06 1479520 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe

+ 2011-11-21 17:55 . 2012-04-15 21:09 1479520 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe

- 2011-11-21 17:55 . 2012-03-19 09:06 1858400 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe

+ 2011-11-21 17:55 . 2012-04-15 21:09 1858400 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe

+ 2011-11-21 17:55 . 2012-04-15 21:09 3792736 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe

- 2011-11-21 17:55 . 2012-03-19 09:06 3792736 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe

- 2011-11-21 17:55 . 2012-03-19 09:06 1449312 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe

+ 2011-11-21 17:55 . 2012-04-15 21:09 1449312 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe

+ 2010-12-27 23:52 . 2010-12-27 23:52 1104256 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.6029\OMSMAIN.DLL

+ 2012-04-16 08:14 . 2012-04-16 08:14 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll

+ 2012-04-16 08:27 . 2012-04-16 08:27 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll

+ 2012-04-16 08:13 . 2012-04-16 08:13 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll

+ 2012-04-16 08:17 . 2012-04-16 08:17 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll

+ 2012-04-16 08:27 . 2012-04-16 08:27 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\455d5edfdc989057a8fea7bc88a02ef6\System.Windows.Forms.DataVisualization.ni.dll

+ 2012-04-16 08:27 . 2012-04-16 08:27 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bd044dc068adc34e430faa820e5c5e44\System.Web.Services.ni.dll

+ 2012-04-16 08:27 . 2012-04-16 08:27 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll

+ 2012-04-16 08:26 . 2012-04-16 08:26 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll

+ 2012-04-16 08:26 . 2012-04-16 08:26 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll

+ 2012-04-16 08:18 . 2012-04-16 08:18 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll

+ 2012-04-16 08:18 . 2012-04-16 08:18 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll

+ 2012-04-16 08:20 . 2012-04-16 08:20 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7668fa73a73410f2e00d341a8684e28a\System.Printing.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll

+ 2012-04-16 08:18 . 2012-04-16 08:18 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll

+ 2012-04-16 08:18 . 2012-04-16 08:18 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll

+ 2012-04-16 08:18 . 2012-04-16 08:18 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll

+ 2012-04-16 08:19 . 2012-04-16 08:19 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll

+ 2012-04-16 08:19 . 2012-04-16 08:19 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll

+ 2012-04-16 08:13 . 2012-04-16 08:13 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll

+ 2012-04-16 08:12 . 2012-04-16 08:12 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll

+ 2012-04-16 08:21 . 2012-04-16 08:21 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll

+ 2012-04-16 08:21 . 2012-04-16 08:21 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll

+ 2012-04-16 08:21 . 2012-04-16 08:21 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\26671ab09e54e0ecfd23012e32cb6383\System.Activities.Presentation.ni.dll

+ 2012-04-16 08:21 . 2012-04-16 08:21 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll

+ 2012-04-16 08:20 . 2012-04-16 08:20 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9c49a7b6fb133a307e3804ca7ba35d16\ReachFramework.ni.dll

+ 2012-04-16 08:17 . 2012-04-16 08:17 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll

+ 2012-04-16 08:13 . 2012-04-16 08:13 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll

+ 2012-04-16 08:14 . 2012-04-16 08:14 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll

+ 2012-04-16 08:14 . 2012-04-16 08:14 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\10bfd23b78a3492727e8b11e2fcbb990\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2012-04-16 08:13 . 2012-04-16 08:13 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll

+ 2012-04-16 08:24 . 2012-04-16 08:24 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll

+ 2012-04-16 08:12 . 2012-04-16 08:12 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll

+ 2012-04-15 21:02 . 2012-04-15 21:02 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0c7b3ff43f1b29cad7dde24bdbd5b79\WindowsBase.ni.dll

+ 2012-04-16 08:35 . 2012-04-16 08:35 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\75c3f67e1911f5b2b7f0e2d7349d7d3f\UIAutomationClientsideProviders.ni.dll

+ 2012-04-15 21:01 . 2012-04-15 21:01 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll

+ 2012-04-15 21:01 . 2012-04-15 21:01 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll

+ 2012-04-16 08:35 . 2012-04-16 08:35 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\c2ed38a4852d1795a28630b943132a8f\System.Windows.Forms.DataVisualization.ni.dll

+ 2012-04-16 08:34 . 2012-04-16 08:34 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ed3c3da0975b58d65c97de64ad12b67f\System.Web.Services.ni.dll

+ 2012-04-16 08:34 . 2012-04-16 08:34 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\ebf81a3c4b84173e4c261b53c36dc2c7\System.Speech.ni.dll

+ 2012-04-16 08:34 . 2012-04-16 08:34 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\bd56724925a1ac99f75696295cbb078a\System.ServiceModel.Discovery.ni.dll

+ 2012-04-16 08:34 . 2012-04-16 08:34 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1a9500e548a617a7ff96d4260554e4d5\System.ServiceModel.Activities.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\ca261c617636f2ff269d6233b19f97b8\System.Runtime.Serialization.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e4f2a7b1e685e937ccefac6ff0a36b27\System.Runtime.DurableInstancing.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\03109a409036c6e939bc9881f9e60b37\System.Printing.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\eef171dee81858018c3956485fff7ba7\System.Management.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\38f1dee7d3bebfb9bf83898f598ea4c2\System.IdentityModel.ni.dll

+ 2012-04-15 21:01 . 2012-04-15 21:01 1653248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c958d61dd28474ec780db9d18d266ae\System.Drawing.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\45e9729f55f25e4c70f7ea3cfc0a8087\System.DirectoryServices.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d6ca9981841735085e10843bb7187573\System.Deployment.ni.dll

+ 2012-04-15 21:02 . 2012-04-15 21:02 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\b0df867e9242cf4d254ec8eb8da97332\System.Data.ni.dll

+ 2012-04-15 21:01 . 2012-04-15 21:01 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\32fffd4b8760322bc2e35c2417676b7f\System.Data.SqlXml.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\f4087e23c683a35e4628d9f829aaa41d\System.Data.Services.Client.ni.dll

+ 2012-04-15 21:02 . 2012-04-15 21:02 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\a791cec82d0c142b843025f25c8277f9\System.Data.Linq.ni.dll

+ 2012-04-15 21:01 . 2012-04-15 21:01 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll

+ 2012-04-16 08:31 . 2012-04-16 08:31 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\004bf96bf646e4f1126b919316be5c2f\System.Activities.ni.dll

+ 2012-04-16 08:31 . 2012-04-16 08:31 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\2456337e1ae6411ec64b9d18042d5c13\System.Activities.Presentation.ni.dll

+ 2012-04-16 08:31 . 2012-04-16 08:31 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\3206d2885d46ae9513c1489d7bc97b9c\System.Activities.Core.Presentation.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\ccc1a34a0a532480e00219ca5645ffeb\ReachFramework.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\dee17bfe2a1b329bd8bb2199446dda83\PresentationUI.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f1451a88d3bc4ab55d1cde85ceb4cd35\Microsoft.VisualBasic.Activities.Compiler.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7a3431124b8ded91068710226c0a00d4\Microsoft.VisualBasic.ni.dll

+ 2012-04-16 08:30 . 2012-04-16 08:30 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\363a87c6f2b70055eb822596173ba1ac\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2012-04-16 08:29 . 2012-04-16 08:29 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ba7e3823b1a01f31e53be9b57b392035\Microsoft.Transactions.Bridge.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\ddba6895bf4a65312155228d9744c912\Microsoft.JScript.ni.dll

+ 2012-04-15 21:01 . 2012-04-15 21:01 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\409a7c3f32302875f33d0910cc484bac\Microsoft.CSharp.ni.dll

+ 2012-04-15 21:07 . 2012-02-28 01:52 12281856 c:\windows\SysWOW64\mshtml.dll

+ 2009-07-14 02:34 . 2012-04-16 07:56 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2012-04-15 21:07 . 2012-02-28 07:34 17790976 c:\windows\system32\mshtml.dll

+ 2011-12-02 19:39 . 2012-04-15 21:03 57249312 c:\windows\system32\MRT.exe

+ 2012-04-15 21:07 . 2012-02-28 07:02 10888704 c:\windows\system32\ieframe.dll

+ 2011-11-21 21:40 . 2012-04-15 21:09 24317412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1205952837-813243677-3100779036-1002-8192.dat

- 2011-11-21 21:40 . 2012-04-11 19:26 24317412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1205952837-813243677-3100779036-1002-8192.dat

+ 2012-03-07 13:03 . 2012-03-07 13:03 26386944 c:\windows\Installer\ca5c6b4.msp

+ 2011-11-21 22:42 . 2011-11-21 22:42 33189888 c:\windows\Installer\ca5c661.msp

+ 2012-04-15 21:00 . 2012-04-15 21:00 11880448 c:\windows\assembly\NativeImages_v4.0.30319_64\System\a9e29e892ad68ac0b88f0480746a0d0b\System.ni.dll

+ 2012-04-16 08:20 . 2012-04-16 08:20 17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f850dba642b0cc845d9a7d8ac300e243\System.Windows.Forms.ni.dll

+ 2012-04-16 08:26 . 2012-04-16 08:26 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll

+ 2012-04-16 08:23 . 2012-04-16 08:23 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll

+ 2012-04-16 08:12 . 2012-04-16 08:12 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll

+ 2012-04-16 08:17 . 2012-04-16 08:17 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll

+ 2012-04-16 08:15 . 2012-04-16 08:15 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll

+ 2012-04-15 21:00 . 2012-04-15 21:00 19355648 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\d9d8d4f8fc868d07be41d4ffb46d7364\mscorlib.ni.dll

+ 2012-04-15 21:02 . 2012-04-15 21:02 13138944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33eae86e0a5d9bcc4d0e4e469e2ac36a\System.Windows.Forms.ni.dll

+ 2012-04-16 08:34 . 2012-04-16 08:34 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a526845de91a382b6ea05b02eddc6f3e\System.ServiceModel.ni.dll

+ 2012-04-16 08:33 . 2012-04-16 08:33 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\32e0d99cfda10e64d7583bb65444cab3\System.Data.Entity.ni.dll

+ 2012-04-15 21:03 . 2012-04-15 21:03 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bd3685e578c22d17625390d847973de0\PresentationFramework.ni.dll

+ 2012-04-15 21:02 . 2012-04-15 21:02 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\008fbb2e42b3c2569ff58d651575ff29\PresentationCore.ni.dll

+ 2012-04-15 21:01 . 2012-04-15 21:01 14414336 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-13 336384]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Gauthier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Gauthier\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-21 1030600]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-13 361984]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

2012-04-16 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Gauthier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-11 2226280]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.130.133 195.130.131.133

FF - ProfilePath - c:\users\Gauthier\AppData\Roaming\Mozilla\Firefox\Profiles\cu4a2aey.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-04-16 19:25:01

ComboFix-quarantined-files.txt 2012-04-16 17:24

ComboFix2.txt 2012-04-15 20:41

ComboFix3.txt 2012-03-28 09:41

.

Pre-Run: 77.120.475.136 bytes beschikbaar

Post-Run: 76.865.789.952 bytes beschikbaar

.

- - End Of File - - 16BB221A5B63F76A5F0FA0203AAC2082

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.