wermgr springt tussen procesor door

Spillie001 · 10 mei 2012

Sorry dat het zolang duurde, mijn adaptor was kapot en ik heb een nieuwe moeten bestellen -.-.

ik heb gedaan wat er stond in het laatste bericht en volgensmij is het opgelost.

ik zal dit markeren als opgelost en als het probleem dan nog voorvalt dan zal ik opnieuw melden.

Maar alvast bedankt voor jullie steun!!

groetjes Sander S.

Spillie001 · 11 mei 2012

ik heb gisteren een bericht gestuurd dat ik dan ging melden of het opgelost was maar dat is nog altijd niet het geval -.-

ik heb precies gedaan wat jullie zeiden.

ik ben zeker de enigste met dit probleem? En nu?

groetjes Sander

kape · 11 mei 2012

Als je gedaan hebt wat in het laatste bericht stond, heb je één ding over het hoofd gezien : het logje van Combofix in je volgende bericht hangen ;-)

Spillie001 · 15 mei 2012

Ow sorry, je hebt gelijk xd iets over het hoofd gezien.

Hier heb je het, sorry nogmaals.

ComboFix 12-05-09.01 - Gebruiker 15/05/2012 18:10:49.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4010.2054 [GMT 2:00]

Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe

AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

(((((((((((((((((((((((((((((((((( Andeare Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\CFLog

c:\cflog\CrashLog_20120512.txt

C:\prefs.js

c:\users\Roll-Trans\AppData\Roaming\chrtmp

c:\windows\system32\drivers\etc\hosts.ics

.

---- Voorgaande Run -------

.

C:\CFLog

c:\cflog\CrashLog_20120325.txt

c:\cflog\CrashLog_20120409.txt

c:\cflog\CrashLog_20120412.txt

c:\cflog\CrashLog_20120414.txt

c:\cflog\CrashLog_20120415.txt

c:\cflog\CrashLog_20120416.txt

c:\cflog\CrashLog_20120417.txt

c:\cflog\CrashLog_20120422.txt

c:\cflog\CrashLog_20120503.txt

c:\program files (x86)\Complitly

c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx

c:\program files (x86)\Complitly\FireFoxExtensionWithFF8Fix.exe

c:\program files (x86)\Complitly\FireFoxUninstaller.exe

c:\program files (x86)\Complitly\InstTracker.exe

c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest

c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png

c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul

c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js

c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul

c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js

c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js

c:\program files (x86)\Complitly\support@Complitly.com\install.rdf

c:\program files (x86)\Complitly\System.Data.SQLite.dll

c:\program files (x86)\Complitly\unins000.dat

c:\program files (x86)\Complitly\unins000.exe

c:\programdata\a6a4bfb325190c9aebf3ab6db4896329_c

c:\users\Roll-Trans\AppData\Local\Microsoft\Windows\Temporary Internet Files\tbinst

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-04-15 to 2012-05-15 ))))))))))))))))))))))))))))))

.

2012-05-15 16:13 . 2012-05-15 16:13 -------- d-----w- c:\users\Roll-Trans\AppData\Local\temp

2012-05-15 16:13 . 2012-05-15 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-12 11:55 . 2012-05-12 11:55 -------- d-----w- c:\users\Roll-Trans\AppData\Local\AVG Secure Search

2012-05-12 10:23 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEFA59DC-441B-4A89-8DE4-21BE11006F26}\mpengine.dll

2012-05-04 22:21 . 2012-05-04 22:21 0 ----a-w- c:\windows\SysWow64\sho27D2.tmp

2012-05-03 10:36 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-01 09:52 . 2012-05-01 09:52 -------- d-----w- c:\users\Gebruiker\AppData\Local\AVG Secure Search

2012-04-29 09:00 . 2012-04-29 16:13 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

2012-04-28 21:35 . 2012-04-28 21:40 -------- d-----w- C:\.VentrilicaCache

2012-04-28 21:13 . 2012-04-28 21:13 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes

2012-04-28 21:13 . 2012-04-28 21:13 -------- d-----w- c:\programdata\Malwarebytes

2012-04-28 21:13 . 2012-04-28 21:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-28 21:13 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-28 18:15 . 2012-04-28 18:15 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-28 18:15 . 2012-04-28 18:15 -------- d-----w- c:\program files (x86)\Trend Micro

2012-04-28 14:00 . 2012-04-28 18:06 -------- d-----w- c:\program files (x86)\Uniblue

2012-04-23 15:56 . 2012-04-28 20:58 -------- d-----w- c:\program files (x86)\BrowserCompanion

2012-04-23 14:09 . 2012-04-23 16:02 -------- d-----w- c:\users\Roll-Trans\Incomplete

2012-04-23 14:07 . 2012-04-23 16:07 -------- d-----w- c:\users\Roll-Trans\Shared

2012-04-23 14:07 . 2012-04-23 14:19 -------- d-----w- c:\users\Roll-Trans\AppData\Roaming\LimeWire Music

2012-04-23 14:07 . 2012-04-23 14:07 -------- d-----w- c:\programdata\LimeWire Music

2012-04-23 14:07 . 2012-04-23 16:06 -------- d-----w- c:\program files (x86)\LimeWire Music

2012-04-23 14:07 . 2012-04-28 20:58 -------- d-----w- c:\users\Roll-Trans\AppData\Roaming\Complitly

2012-04-20 22:49 . 2012-04-20 22:49 0 ----a-w- c:\windows\SysWow64\sho1CCB.tmp

2012-04-19 16:04 . 2012-04-19 16:04 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\14eda2b71cd1e4601\MeshBetaRemover.exe

2012-04-18 12:05 . 2000-07-21 09:05 12288 ----a-w- c:\windows\SysWow64\Msda734d.rra

2012-04-18 12:04 . 2012-04-18 12:05 -------- d-----w- c:\program files (x86)\CADdy++ - SEE Electrical School

2012-04-18 11:10 . 2012-04-18 11:10 -------- d-----w- c:\program files (x86)\Common Files\Bcgsoft

2012-04-18 11:08 . 2004-07-14 10:54 676864 ----a-w- c:\windows\SysWow64\drivers\hardlock.sys

2012-04-18 11:06 . 2004-03-25 18:00 212992 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll

2012-04-18 10:28 . 2012-04-18 10:28 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f745793e1cd1d4d01\DSETUP.dll

2012-04-18 10:28 . 2012-04-18 10:28 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f745793e1cd1d4d01\DXSETUP.exe

2012-04-18 10:28 . 2012-04-18 10:28 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f745793e1cd1d4d01\dsetup32.dll

2012-04-17 18:42 . 2012-04-28 20:59 -------- d-----w- C:\Firefox

2012-04-17 18:32 . 2012-04-17 18:32 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-04-17 18:31 . 2012-04-17 18:31 -------- d-----w- c:\program files (x86)\Java

2012-04-17 18:22 . 2012-04-17 18:22 -------- d-----w- c:\program files (x86)\SIW

2012-04-16 18:49 . 2012-05-12 06:09 -------- d-----w- c:\users\UpdatusUser

2012-04-16 18:45 . 2012-03-01 00:02 1466176 ----a-w- c:\windows\system32\nvgenco64.dll

2012-04-16 18:45 . 2012-03-01 00:02 1737536 ----a-w- c:\windows\system32\nvdispco64.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-17 18:31 . 2011-09-09 19:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-30 21:13 . 2012-03-30 21:13 723294 ----a-w- c:\windows\unins000.exe

2012-03-28 20:19 . 2012-03-28 20:19 0 ----a-w- c:\windows\SysWow64\sho82D4.tmp

2012-03-27 19:27 . 2012-03-27 19:27 0 ----a-w- c:\windows\SysWow64\sho80DF.tmp

2012-03-20 18:44 . 2011-04-27 13:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-20 18:44 . 2011-04-18 11:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-16 19:07 . 2012-03-16 19:07 0 ----a-w- c:\windows\SysWow64\sho2FCD.tmp

2012-02-29 20:59 . 2011-04-07 21:19 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-02-29 20:59 . 2011-04-07 21:19 2515790 ----a-w- c:\windows\system32\nvcoproc.bin

2012-02-17 21:50 . 2012-02-17 21:50 0 ----a-w- c:\windows\SysWow64\shoFDB6.tmp

2012-02-17 06:38 . 2012-03-14 11:21 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 11:21 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 11:21 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 11:21 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-04-29 18:10 2067328 ----a-w- c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-29 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-04-11 742264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-12-31 398848]

"LogMeIn Hamachi Ui"="d:\documents\Sander\Hacks\hamachi-2-ui.exe" [2012-02-28 1987976]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-04-29 1116544]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 CECFLPKT;CECFLPKT;c:\program files (x86)\ChiconyCam\CECPLFKT.exe [2010-09-09 84592]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-07-15 1188616]

R3 BTMCOM;Bluetooth Serial Port;c:\windows\System32\Drivers\btmcom.sys [x]

R3 BTMHID;BTMHID;c:\windows\system32\drivers\btmhid.sys [x]

R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 X6va005;X6va005;c:\users\GEBRUI~1\AppData\Local\Temp\005A44F.tmp [x]

R3 X6va006;X6va006;c:\users\GEBRUI~1\AppData\Local\Temp\0069EA1.tmp [x]

R3 X6va007;X6va007;c:\users\GEBRUI~1\AppData\Local\Temp\007EE83.tmp [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-07-16 679176]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\documents\Sander\Hacks\hamachi-2.exe [2012-02-28 2343816]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2010-11-18 32768]

S2 ScrybeUpdater;Scrybe-updateprogramma;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

S2 VmbService;Vodafone Mobile Broadband-service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-12-31 9216]

S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-04-29 932736]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-07-26 4150536]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-02 1028096]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 15:10]

.

2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 15:10]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.be/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download all by FlashGet3 - c:\users\Gebruiker\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - c:\users\Gebruiker\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: ????3?? - c:\users\Gebruiker\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: ????3?????? - c:\users\Gebruiker\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm

TCP: Interfaces\{E7485B09-FD06-4E7F-97AD-D11FB237855F}: NameServer = 81.169.62.171 81.169.62.171

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

Toolbar-!{2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)

Toolbar-!{94709E6D-4459-4223-9730-18F5763CA1E6} - (no file)

Toolbar-10 - (no file)

Toolbar-!{2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)

Toolbar-!{94709E6D-4459-4223-9730-18F5763CA1E6} - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\GEBRUI~1\AppData\Local\Temp\005A44F.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]

"ImagePath"="\??\c:\users\GEBRUI~1\AppData\Local\Temp\0069EA1.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]

"ImagePath"="\??\c:\users\GEBRUI~1\AppData\Local\Temp\007EE83.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:9c,42,ad,5b,33,26,cd,01

.

[HKEY_USERS\S-1-5-21-235152614-3330405856-1564481352-1001\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]

@="c:\\Users\\Gebruiker\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"

"contexts"=dword:00000022

.

[HKEY_USERS\S-1-5-21-235152614-3330405856-1564481352-1001\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]

@="c:\\Users\\Gebruiker\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"

"contexts"=dword:000000f3

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-05-15 18:17:23

ComboFix-quarantined-files.txt 2012-05-15 16:17

.

Pre-Run: 173.888.593.920 bytes beschikbaar

Post-Run: 173.838.565.376 bytes beschikbaar

.

- - End Of File - - 9C595417ED7103B3E22EA738FF54DF46

kweezie wabbit · 17 mei 2012

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\SysWow64\sho27D2.tmp

c:\windows\SysWow64\sho1CCB.tmp

c:\windows\SysWow64\sho82D4.tmp

c:\windows\SysWow64\sho80DF.tmp

c:\windows\SysWow64\sho2FCD.tmp

c:\windows\SysWow64\shoFDB6.tmp

C:\Users\Gebruiker\AppData\Local\Temp\005A44F.tmp

C:\Users\Gebruiker\AppData\Local\Temp\0069EA1.tmp

C:\Users\Gebruiker\AppData\Local\Temp\007EE83.tmp

c:\windows\SysWOW64\Drivers\X6va008

Folder::

c:\program files (x86)\BrowserCompanion

Driver::

X6va005

X6va006

X6va007

X6va008

DDS::

IE: ????3?? - c:\users\Gebruiker\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: ????3?????? - c:\users\Gebruiker\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]

[-HKEY_USERS\S-1-5-21-235152614-3330405856-1564481352-1001\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]

[-HKEY_USERS\S-1-5-21-235152614-3330405856-1564481352-1001\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Spillie001 · 9 juni 2012

het lukt niet, denk ik--

hij wil de bestands locatie van ComboFix openen, het staat er nergens ...

ik heb wel al het CFScript

---------- Post toegevoegd om 17:05 ---------- Vorige post was om 17:01 ----------

oke, ik heb me vergist

het is gelukt, maar ik moet combofix al1 nog updaten.

w8 secondje

Spillie001 · 10 juni 2012

hallo

ik heb het logje, maar ik denkt dat ik CFScript er niet heb ingedaan.

ik zal nu de eerste log geven.

ondertussen start de andere op met CFScript

ComboFix 12-06-09.02 - Gebruiker 10/06/2012 10:28:03.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4010.2247 [GMT 2:00]

Gestart vanuit: d:\pc help\ComboFix.exe

AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\CFLog

c:\cflog\CrashLog_20120528.txt

c:\cflog\CrashLog_20120604.txt

c:\users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\{030B45A6-CBA5-4775-A5F4-926BF2D54BC4}.xps

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-10 to 2012-06-10 ))))))))))))))))))))))))))))))

.

2012-06-10 08:36 . 2012-06-10 08:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-10 08:36 . 2012-06-10 08:36 -------- d-----w- c:\users\Roll-Trans\AppData\Local\temp

2012-06-10 08:36 . 2012-06-10 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-09 15:05 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1896FCF9-DF5D-41C4-8020-3A7D305A4990}\mpengine.dll

2012-06-09 15:05 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-04 12:44 . 2012-06-04 12:44 -------- d-----w- c:\windows\SysWow64\siscardplugins

2012-06-02 08:19 . 2012-06-02 08:19 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio

2012-05-25 20:31 . 2012-05-25 20:31 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\dvdcss

2012-05-16 13:39 . 2012-05-16 13:39 115200 ----a-w- c:\windows\system32\beidpkcs11.dll

2012-05-16 13:38 . 2012-05-16 13:38 270848 ----a-w- c:\windows\system32\beid35cardlayer.dll

2012-05-16 13:38 . 2012-05-16 13:38 273408 ----a-w- c:\windows\system32\beid35DlgsWin32.dll

2012-05-16 13:38 . 2012-05-16 13:38 147456 ----a-w- c:\windows\system32\beid35common.dll

2012-05-16 13:33 . 2012-05-16 13:33 360448 ----a-w- c:\windows\SysWow64\beid35applayer.dll

2012-05-16 13:32 . 2012-05-16 13:32 102400 ----a-w- c:\windows\SysWow64\Belgium Identity Card PKCS11.dll

2012-05-16 13:32 . 2012-05-16 13:32 102400 ----a-w- c:\windows\SysWow64\beidpkcs11.dll

2012-05-16 13:32 . 2012-05-16 13:32 200704 ----a-w- c:\windows\SysWow64\beid35cardlayer.dll

2012-05-16 13:32 . 2012-05-16 13:32 266240 ----a-w- c:\windows\SysWow64\beid35DlgsWin32.dll

2012-05-16 13:32 . 2012-05-16 13:32 200704 ----a-w- c:\windows\SysWow64\beidlib.dll

2012-05-16 13:31 . 2012-05-16 13:31 126976 ----a-w- c:\windows\SysWow64\beid35common.dll

2012-05-16 13:31 . 2012-05-16 13:31 512000 ----a-w- c:\windows\system32\beid_ff_pkcs11.dll

2012-05-16 13:29 . 2012-05-16 13:29 352256 ----a-w- c:\windows\SysWow64\beid_ff_pkcs11.dll

2012-05-12 11:55 . 2012-05-12 11:55 -------- d-----w- c:\users\Roll-Trans\AppData\Local\AVG Secure Search

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-04 22:21 . 2012-05-04 22:21 0 ----a-w- c:\windows\SysWow64\sho27D2.tmp

2012-04-28 18:15 . 2012-04-28 18:15 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-26 12:48 . 2012-04-26 12:48 71680 ----a-w- c:\windows\system32\frapsv64.dll

2012-04-26 12:48 . 2012-04-26 12:48 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

2012-04-20 22:49 . 2012-04-20 22:49 0 ----a-w- c:\windows\SysWow64\sho1CCB.tmp

2012-04-17 18:31 . 2011-09-09 19:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-04 13:56 . 2012-04-28 21:13 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-30 21:13 . 2012-03-30 21:13 723294 ----a-w- c:\windows\unins000.exe

2012-03-28 20:19 . 2012-03-28 20:19 0 ----a-w- c:\windows\SysWow64\sho82D4.tmp

2012-03-27 19:27 . 2012-03-27 19:27 0 ----a-w- c:\windows\SysWow64\sho80DF.tmp

2012-03-20 18:44 . 2011-04-27 13:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-20 18:44 . 2011-04-18 11:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-16 19:07 . 2012-03-16 19:07 0 ----a-w- c:\windows\SysWow64\sho2FCD.tmp

.

((((((((((((((((((((((((((((( SnapShot@2012-05-15_16.14.10 )))))))))))))))))))))))))))))))))))))))))

.

- 2011-12-07 15:51 . 2011-12-07 15:51 11776 c:\windows\SysWOW64\siscardplugins\siscardplugin1_BE_EID_35__ACS ACR38U__.dll

+ 2012-05-16 13:33 . 2012-05-16 13:33 11776 c:\windows\SysWOW64\siscardplugins\siscardplugin1_BE_EID_35__ACS ACR38U__.dll

- 2012-05-14 20:45 . 2012-05-14 20:45 13366 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2012-06-09 20:23 . 2012-06-09 20:23 13366 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2009-07-14 04:54 . 2012-05-15 15:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-06-10 08:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-06-10 08:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-15 15:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-10 08:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-15 15:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-06-10 08:15 64998 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-10 08:15 42122 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-08-24 15:48 . 2012-06-10 08:15 18832 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-235152614-3330405856-1564481352-1001_UserData.bin

- 2009-07-14 05:30 . 2012-04-17 18:46 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2012-06-04 12:44 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2011-08-24 11:13 . 2012-06-04 11:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-24 11:13 . 2012-05-13 05:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-08-24 11:13 . 2012-06-04 11:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-08-24 11:13 . 2012-05-13 05:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-04 11:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-13 05:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-06-04 12:45 94576 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-06-02 08:04 . 2012-06-03 07:43 34144 c:\windows\Installer\{90140000-0057-0000-0000-0000000FF1CE}\oisicon.exe

+ 2012-06-02 08:04 . 2012-06-03 07:43 42848 c:\windows\Installer\{90140000-0057-0000-0000-0000000FF1CE}\msouc.exe

+ 2012-06-02 08:04 . 2012-06-03 07:43 19296 c:\windows\Installer\{90140000-0057-0000-0000-0000000FF1CE}\cagicon.exe

+ 2011-02-04 12:40 . 2011-02-04 12:40 49488 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\VBAJET32.DLL

+ 2010-10-20 11:45 . 2010-10-20 11:45 29528 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\THOCRAPI.DLL

+ 2010-12-20 23:29 . 2010-12-20 23:29 82848 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\PEOPLEDATAHANDLER.DLL

+ 2010-10-20 14:04 . 2010-10-20 14:04 15776 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\OMUOPTINPS.DLL

+ 2010-10-20 14:05 . 2010-10-20 14:05 20880 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\MUOPTIN.DLL

+ 2011-03-11 16:47 . 2011-03-11 16:47 15248 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\MSOCFUIU.DLL

+ 2011-03-11 16:46 . 2011-03-11 16:46 18832 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\MSOCFU.DLL

+ 2010-12-20 23:29 . 2010-12-20 23:29 58232 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\EXP_XPS.DLL

+ 2010-12-20 23:48 . 2010-12-20 23:48 44992 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACERCLR.DLL

+ 2010-02-28 02:44 . 2010-02-28 02:44 75672 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\WFAUTH.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 95576 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VIEWMODL.DLL

+ 2010-02-25 09:07 . 2010-02-25 09:07 49488 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VBAJET32.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 96624 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VAOSOLX.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 78208 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\TLIMPT.EXE

+ 2010-02-28 03:10 . 2010-02-28 03:10 50584 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\SUMINFO.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 60304 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\PROPMGR.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 78728 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\PROJIMPT.EXE

+ 2010-03-22 18:36 . 2010-03-22 18:36 82848 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\PEOPLEDATAHANDLER.DLL

+ 2010-03-22 18:36 . 2010-03-22 18:36 45984 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\OSETUPPS.DLL

+ 2010-02-28 03:10 . 2010-02-28 03:10 78224 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ORGWIZ.EXE

+ 2010-03-22 18:36 . 2010-03-22 18:36 15776 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\OMUOPTINPS.DLL

+ 2010-02-28 00:13 . 2010-02-28 00:13 20880 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MUOPTIN.DLL

+ 2010-03-01 03:17 . 2010-03-01 03:17 14736 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MSOCFUIU.DLL

+ 2010-01-10 17:48 . 2010-01-10 17:48 18832 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MSOCFU.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 15248 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\IMWIZ.DLL

+ 2010-03-22 18:36 . 2010-03-22 18:36 58232 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\EXP_XPS.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 38280 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\EDITORS.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 83912 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\DBSHARE.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 41864 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\CODEEDIT.DLL

+ 2010-03-22 18:51 . 2010-03-22 18:51 44480 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACERCLR.DLL

+ 2010-03-22 18:51 . 2010-03-22 18:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEODTXT.DLL

+ 2010-03-22 18:51 . 2010-03-22 18:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEODEXL.DLL

+ 2010-03-22 18:51 . 2010-03-22 18:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEODDBS.DLL

+ 2010-03-23 08:54 . 2010-03-23 08:54 37776 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEERR.DLL

+ 2012-06-02 08:03 . 2012-06-02 08:03 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.VisOcx\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.VisOcx.dll

+ 2012-06-02 08:03 . 2012-06-02 08:03 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Visio\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Visio.dll

+ 2012-06-02 08:03 . 2012-06-02 08:03 11672 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Visio.SaveAsWeb\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Visio.SaveAsWeb.dll

+ 2012-06-02 08:03 . 2012-06-02 08:03 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.VisOcx\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.VisOcx.dll

+ 2012-06-02 08:03 . 2012-06-02 08:03 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Visio\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Visio.dll

+ 2012-06-02 08:03 . 2012-06-02 08:03 11672 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Visio.SaveAsWeb\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Visio.SaveAsWeb.dll

+ 2012-06-02 08:03 . 2012-06-02 08:03 79736 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.VisOcx\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.VisOcx.dll

+ 2012-06-02 08:03 . 2012-06-02 08:03 19328 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Visio.SaveAsWeb\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Visio.SaveAsWeb.dll

- 2012-04-06 10:41 . 2012-04-08 12:39 9560 c:\windows\system32\NetworkList\Icons\{21D992DD-C347-43C7-85CD-10799AE7E537}_48.bin

+ 2012-04-06 10:41 . 2012-06-09 18:12 9560 c:\windows\system32\NetworkList\Icons\{21D992DD-C347-43C7-85CD-10799AE7E537}_48.bin

+ 2012-04-06 10:41 . 2012-06-09 18:12 4280 c:\windows\system32\NetworkList\Icons\{21D992DD-C347-43C7-85CD-10799AE7E537}_32.bin

- 2012-04-06 10:41 . 2012-04-08 12:39 4280 c:\windows\system32\NetworkList\Icons\{21D992DD-C347-43C7-85CD-10799AE7E537}_32.bin

- 2012-04-06 10:41 . 2012-04-08 12:39 2456 c:\windows\system32\NetworkList\Icons\{21D992DD-C347-43C7-85CD-10799AE7E537}_24.bin

+ 2012-04-06 10:41 . 2012-06-09 18:12 2456 c:\windows\system32\NetworkList\Icons\{21D992DD-C347-43C7-85CD-10799AE7E537}_24.bin

- 2012-05-15 15:34 . 2012-05-15 15:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-10 08:11 . 2012-06-10 08:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-15 15:34 . 2012-05-15 15:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-10 08:11 . 2012-06-10 08:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-28 13:49 . 2012-06-10 08:13 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-08-28 13:49 . 2012-05-12 19:01 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-08-29 04:42 . 2012-06-04 15:53 280014 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-08-24 13:37 . 2012-06-09 14:52 500776 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-11-21 16:48 . 2012-06-09 17:32 811462 c:\windows\system32\perfh013.dat

- 2010-11-21 16:48 . 2012-05-13 11:50 811462 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2012-06-09 17:32 720268 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-05-13 11:50 720268 c:\windows\system32\perfh009.dat

- 2010-11-21 16:48 . 2012-05-13 11:50 178278 c:\windows\system32\perfc013.dat

+ 2010-11-21 16:48 . 2012-06-09 17:32 178278 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-06-09 17:32 146932 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-05-13 11:50 146932 c:\windows\system32\perfc009.dat

+ 2009-07-14 04:45 . 2012-06-02 09:52 434016 c:\windows\system32\FNTCACHE.DAT

- 2009-07-14 05:30 . 2012-04-17 18:46 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2012-06-04 12:44 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:01 . 2012-06-09 20:23 400012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-05-14 20:45 400012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-04-28 18:29 . 2011-04-28 18:29 675328 c:\windows\Installer\9a1d4.msp

+ 2012-06-02 08:04 . 2012-06-03 07:43 571232 c:\windows\Installer\{90140000-0057-0000-0000-0000000FF1CE}\misc.exe

+ 2010-10-20 11:45 . 2010-10-20 11:45 134024 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\TWCUTCHR.DLL

+ 2010-12-21 00:02 . 2010-12-21 00:02 521616 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\SELFCERT.EXE

+ 2010-12-21 00:09 . 2010-12-21 00:09 259960 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\OISGRAPH.DLL

+ 2010-12-21 00:09 . 2010-12-21 00:09 886640 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\OISAPP.DLL

+ 2010-12-21 00:09 . 2010-12-21 00:09 274280 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\OIS.EXE

+ 2011-03-02 06:20 . 2011-03-02 06:20 169864 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\OARPMANY.EXE

+ 2010-10-20 14:05 . 2010-10-20 14:05 702312 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\MSTORDB.EXE

+ 2010-12-21 01:29 . 2010-12-21 01:29 218976 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\MSPROOF6.DLL

+ 2010-10-20 12:35 . 2010-10-20 12:35 473952 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\MSOICONS.EXE

+ 2010-12-21 00:02 . 2010-12-21 00:02 501600 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\MSODCW.DLL

+ 2011-03-11 16:47 . 2011-03-11 16:47 152952 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\MSOCF.DLL

+ 2011-01-07 09:38 . 2011-01-07 09:38 121208 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\MSCONV97.DLL

+ 2010-10-20 14:05 . 2010-10-20 14:05 698216 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\MEDCAT.DLL

+ 2010-10-20 14:04 . 2010-10-20 14:04 178560 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\IETAG.DLL

+ 2011-02-04 12:40 . 2011-02-04 12:40 452936 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\EXPSRV.DLL

+ 2010-12-27 20:42 . 2010-12-27 20:42 105336 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\EXP_PDF.DLL

+ 2010-12-20 23:26 . 2010-12-20 23:26 519584 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\DWTRIG20.EXE

+ 2010-12-21 00:01 . 2010-12-21 00:01 210296 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\CLVIEW.EXE

+ 2010-12-27 23:50 . 2010-12-27 23:50 397144 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\CDLMSO.DLL

+ 2010-12-27 23:49 . 2010-12-27 23:49 362904 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACEXBE.DLL

+ 2010-12-27 23:51 . 2010-12-27 23:51 247200 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACEWSS.DLL

+ 2010-12-27 23:49 . 2010-12-27 23:49 220560 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACETXT.DLL

+ 2010-12-27 23:49 . 2010-12-27 23:49 527776 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACEREP.DLL

+ 2010-12-20 23:48 . 2010-12-20 23:48 329624 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACER3X.DLL

+ 2010-12-27 23:49 . 2010-12-27 23:49 383904 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACEOLEDB.DLL

+ 2010-12-20 23:48 . 2010-12-20 23:48 278448 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACEODBC.DLL

+ 2010-12-27 23:49 . 2010-12-27 23:49 644504 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACEEXCL.DLL

+ 2010-12-27 23:49 . 2010-12-27 23:49 334752 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACEEXCH.DLL

+ 2010-12-27 23:49 . 2010-12-27 23:49 686504 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACEES.DLL

+ 2010-12-27 23:49 . 2010-12-27 23:49 548792 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACEDAO.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 454520 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\XFUNC.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 381816 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\WORKFLOW.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 477024 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\WFSPPRX.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 423776 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\WFMSPRX.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 697224 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VISWEB.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 448872 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VISUTILS.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 537952 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VISSUPP.DLL

+ 2010-03-13 12:51 . 2010-03-13 12:51 560992 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VISGRF.DLL

+ 2010-03-01 02:55 . 2010-03-01 02:55 139104 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VISDLGU.DLL

+ 2010-03-01 02:59 . 2010-03-01 02:59 223600 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VISCOLOR.DLL

+ 2010-02-28 03:10 . 2010-02-28 03:10 120192 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VERBWIND.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 954240 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\TIMESOLN.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 101256 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\STYLEMGR.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 194984 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\SQLSHARE.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 207736 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\SOLUTILS.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 207200 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\SHAPNUM.DLL

+ 2010-02-28 00:13 . 2010-02-28 00:13 521616 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\SELFCERT.EXE

+ 2010-02-28 03:09 . 2010-02-28 03:09 141192 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\SAVWBXAML.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 179592 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\SAVWBVML.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 186760 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\SAVWBRAS.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 115616 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\SAVWBHF.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 423784 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\SAVASWEB.DLL

+ 2010-02-28 03:10 . 2010-02-28 03:10 170376 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\REPORT.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 733576 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\PROPRPT.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 116576 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\PROJMODL.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 549232 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\PE.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 344480 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\PDSBASE.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 322456 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ORMELEMS.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 458632 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ORGCHWIZ.DLL

+ 2010-02-28 00:21 . 2010-02-28 00:21 259960 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\OISGRAPH.DLL

+ 2010-02-28 00:21 . 2010-02-28 00:21 886640 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\OISAPP.DLL

+ 2010-02-28 00:21 . 2010-02-28 00:21 274280 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\OIS.EXE

+ 2010-03-10 22:44 . 2010-03-10 22:44 510904 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ODEPLOY.EXE

+ 2010-01-09 19:23 . 2010-01-09 19:23 169352 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\OARPMANY.EXE

+ 2010-02-28 00:15 . 2010-02-28 00:15 702312 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MSTORDB.EXE

+ 2010-03-29 19:47 . 2010-03-29 19:47 218464 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MSPROOF6.DLL

+ 2010-03-01 02:55 . 2010-03-01 02:55 209272 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MSOUTLS.DLL

+ 2010-03-16 00:58 . 2010-03-16 00:58 360824 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MSOUC.EXE

+ 2010-03-16 00:58 . 2010-03-16 00:58 718208 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MSOSYNC.EXE

+ 2010-03-06 03:29 . 2010-03-06 03:29 501088 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MSODCW.DLL

+ 2010-03-01 03:17 . 2010-03-01 03:17 152952 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MSOCF.DLL

+ 2009-09-04 07:02 . 2009-09-04 07:02 591680 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MSLID.DLL

+ 2010-01-09 19:50 . 2010-01-09 19:50 119160 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MSCONV97.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 461672 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MODELENG.DLL

+ 2010-02-28 00:15 . 2010-02-28 00:15 698216 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MEDCAT.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 352680 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\LOGVIEW.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 712608 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\LOGELEMS.DLL

+ 2010-02-28 03:10 . 2010-02-28 03:10 362352 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\LGND.DLL

+ 2010-02-28 03:10 . 2010-02-28 03:10 234368 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\IXUTIL.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 167304 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\IMWDD.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 145792 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\IMUTIL.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 503696 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\IMCOMMON.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 349032 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\HVAC.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 952680 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\GANTT.DLL

+ 2010-02-04 02:41 . 2010-02-04 02:41 120160 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\FLTLDR.EXE

+ 2010-02-28 03:09 . 2010-02-28 03:09 231336 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\EXTRACT.DLL

+ 2010-02-25 09:07 . 2010-02-25 09:07 452936 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\EXPSRV.DLL

+ 2010-03-23 09:03 . 2010-03-23 09:03 104824 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\EXP_PDF.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 111008 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ELEMUTIL.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 199048 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ELEMENTS.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 188264 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\EDITOR.EXE

+ 2010-02-28 00:09 . 2010-02-28 00:09 519584 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\DWTRIG20.EXE

+ 2010-02-28 01:01 . 2010-02-28 01:01 144736 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\DWGCNV.DLL

+ 2010-03-01 02:59 . 2010-03-01 02:59 926584 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\DRILLDWN.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 919912 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\DBWIZ.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 660856 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\DBENGR.DLL

+ 2010-02-28 03:10 . 2010-02-28 03:10 354672 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\DATAGATH.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 501112 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\CMAX20.DLL

+ 2010-02-28 00:19 . 2010-02-28 00:19 211320 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\CLVIEW.EXE

+ 2010-03-01 03:18 . 2010-03-01 03:18 397656 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\CDLMSO.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 584064 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\BSTORM.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 136600 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\BRTVIEW.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 483208 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\AECUTILS.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 905080 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\AEC.DLL

+ 2010-03-23 08:55 . 2010-03-23 08:55 362904 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEXBE.DLL

+ 2010-03-01 03:19 . 2010-03-01 03:19 247200 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEWSS.DLL

+ 2010-03-23 08:54 . 2010-03-23 08:54 220560 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACETXT.DLL

+ 2010-03-23 08:55 . 2010-03-23 08:55 527776 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEREP.DLL

+ 2010-03-22 18:51 . 2010-03-22 18:51 329624 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACER3X.DLL

+ 2010-03-23 08:55 . 2010-03-23 08:55 383904 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEOLEDB.DLL

+ 2010-03-22 18:51 . 2010-03-22 18:51 278448 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEODBC.DLL

+ 2010-03-23 08:55 . 2010-03-23 08:55 643992 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEEXCL.DLL

+ 2010-03-23 08:54 . 2010-03-23 08:54 334752 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEEXCH.DLL

+ 2010-03-23 08:55 . 2010-03-23 08:55 686504 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEES.DLL

+ 2010-03-23 08:55 . 2010-03-23 08:55 548792 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEDAO.DLL

+ 2012-06-02 08:03 . 2012-06-02 08:03 948088 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Visio\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Visio.dll

- 2011-08-24 15:42 . 2012-05-12 14:25 7450248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-235152614-3330405856-1564481352-1002-8192.dat

+ 2011-08-24 15:42 . 2012-05-22 20:29 7450248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-235152614-3330405856-1564481352-1002-8192.dat

+ 2012-06-02 08:01 . 2012-06-02 08:01 9054208 c:\windows\Installer\7d8d6c.msi

+ 2012-06-02 08:01 . 2012-06-02 08:01 2087424 c:\windows\Installer\7d8b0c.msi

+ 2012-06-02 08:04 . 2012-06-03 07:43 1162592 c:\windows\Installer\{90140000-0057-0000-0000-0000000FF1CE}\visicon.exe

+ 2010-10-20 11:45 . 2010-10-20 11:45 1199008 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\WKCONV.EXE

+ 2010-12-27 23:51 . 2010-12-27 23:51 2832792 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\STSLIST.DLL

+ 2010-10-28 15:33 . 2010-10-28 15:33 1100152 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\SETUP.EXE

+ 2010-12-21 00:08 . 2010-12-21 00:08 5790056 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\OSETUP.DLL

+ 2010-10-20 11:39 . 2010-10-20 11:39 3483000 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\OIMG.DLL

+ 2011-03-02 07:43 . 2011-03-02 07:43 7278976 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\OFFOWC.DLL

+ 2011-02-11 22:13 . 2011-02-11 22:13 1748328 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\GFX.DLL

+ 2010-10-20 11:44 . 2010-10-20 11:44 1207656 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\FM20.DLL

+ 2010-10-22 17:55 . 2010-10-22 17:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACEWDAT.DLL

+ 2011-03-11 16:46 . 2011-03-11 16:46 2194312 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.6029\ACECORE.DLL

+ 2010-02-17 19:56 . 2010-02-17 19:56 1199008 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\WKCONV.EXE

+ 2010-03-13 12:51 . 2010-03-13 12:51 1482592 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VISIO.EXE

+ 2010-03-24 18:28 . 2010-03-24 18:28 1162592 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VISICON.EXE

+ 2010-02-25 09:07 . 2010-02-25 09:07 2672456 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VBE7.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 1654640 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\UML.DLL

+ 2010-03-01 03:07 . 2010-03-01 03:07 2831768 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\STSLIST.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 1579368 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\SG.DLL

+ 2010-03-10 22:44 . 2010-03-10 22:44 1100664 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\SETUP.EXE

+ 2010-03-10 22:44 . 2010-03-10 22:44 5789544 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\OSETUP.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 1191304 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ORGCHART.DLL

+ 2010-01-09 19:24 . 2010-01-09 19:24 3483000 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\OIMG.DLL

+ 2010-02-28 00:19 . 2010-02-28 00:19 7277440 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\OFFOWC.DLL

+ 2010-03-01 03:08 . 2010-03-01 03:08 1746280 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\GFX.DLL

+ 2010-02-20 15:20 . 2010-02-20 15:20 1207144 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\FM20.DLL

+ 2010-02-28 03:09 . 2010-02-28 03:09 1013608 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\FACILITY.DLL

+ 2010-02-28 01:13 . 2010-02-28 01:13 5864808 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\DWGDP.DLL

+ 2010-03-23 08:55 . 2010-03-23 08:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACEWDAT.DLL

+ 2010-03-23 08:55 . 2010-03-23 08:55 2193800 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\ACECORE.DLL

+ 2011-08-24 16:11 . 2012-06-09 20:23 21307708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-235152614-3330405856-1564481352-1001-8192.dat

+ 2011-08-25 20:26 . 2012-06-06 19:44 63683020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-235152614-3330405856-1564481352-1001-4096.dat

+ 2011-08-26 16:10 . 2012-06-09 15:15 11476116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-235152614-3330405856-1564481352-1001-12288.dat

+ 2011-10-16 12:47 . 2011-10-16 12:47 17601536 c:\windows\Installer\9a1cc.msp

+ 2012-06-04 12:43 . 2012-06-04 12:43 18454528 c:\windows\Installer\86b3c6.msi

+ 2010-03-13 12:51 . 2010-03-13 12:51 13575528 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VISLIB.DLL

+ 2010-03-01 02:55 . 2010-03-01 02:55 10038656 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\VISBRGR.DLL

+ 2010-03-13 13:08 . 2010-03-13 13:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\OART.DLL

+ 2010-03-22 18:36 . 2010-03-22 18:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004109750000000000000000F01FEC\14.0.4763\MSORES.DLL

+ 2011-04-28 18:31 . 2011-04-28 18:31 103830528 c:\windows\Installer\9a291.msp

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-04-29 18:10 2067328 ----a-w- c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-29 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-04-11 742264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-12-31 398848]

"LogMeIn Hamachi Ui"="d:\documents\Sander\Hacks\hamachi-2-ui.exe" [2012-02-28 1987976]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-04-29 1116544]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 CECFLPKT;CECFLPKT;c:\program files (x86)\ChiconyCam\CECPLFKT.exe [2010-09-09 84592]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]