Ga naar inhoud

SearchYa

Jean Robbe
 Delen

Aanbevolen berichten

Jean Robbe Leerling

Jean Robbe

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 12-06-09.02 - Jan 10/06/2012 16:06:58.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.382 [GMT 2:00]

Running from: c:\documents and settings\Jan\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Jan\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))

.

.

2012-06-05 21:21 . 2012-06-05 21:22 -------- d-----w- c:\program files\CCleaner

2012-06-05 21:07 . 2012-06-05 21:08 -------- d-----w- c:\documents and settings\The Real Admin

2012-06-04 09:12 . 2012-06-04 09:12 -------- d-----w- c:\documents and settings\Jan\Application Data\Malwarebytes

2012-06-04 09:11 . 2012-06-04 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-06-04 09:11 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-04 09:11 . 2012-06-04 09:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-04 08:41 . 2012-06-04 08:41 -------- d-----w- c:\documents and settings\Jan\Application Data\DriverCure

2012-06-04 08:41 . 2012-06-04 08:41 -------- d-----w- c:\documents and settings\Jan\Application Data\SpeedyPC Software

2012-06-04 08:41 . 2012-06-04 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software

2012-06-04 01:17 . 2012-06-04 01:17 58 ----a-w- C:\user.js

2012-06-03 23:40 . 2012-06-04 20:44 -------- d-----w- c:\documents and settings\Jan\Local Settings\Application Data\Google

2012-06-03 23:40 . 2012-06-04 21:21 -------- d-----w- c:\program files\Google

2012-06-03 23:40 . 2012-06-03 23:40 -------- d-----w- c:\program files\Western Digital

2012-06-03 11:43 . 2012-06-03 11:43 -------- d-----w- c:\documents and settings\Jan\Application Data\AVG2012

2012-06-03 11:26 . 2012-06-03 11:26 -------- d-----w- c:\documents and settings\Jan\Local Settings\Application Data\AVG Secure Search

2012-06-03 11:25 . 2012-06-03 11:25 -------- d-----w- c:\documents and settings\Jan\Application Data\AVG Secure Search

2012-06-03 11:25 . 2012-06-03 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2012-06-03 11:25 . 2012-06-03 11:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-06-03 11:25 . 2012-06-03 11:25 -------- d-----w- c:\program files\AVG Secure Search

2012-06-03 11:24 . 2012-06-10 13:53 -------- d-----w- c:\windows\system32\drivers\AVG

2012-06-03 11:24 . 2012-06-03 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-06-03 11:07 . 2012-06-10 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-05-30 20:36 . 2012-05-30 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound

2012-05-30 20:36 . 2012-05-30 20:36 -------- d-----w- c:\program files\NCH Software

2012-05-30 20:36 . 2012-05-30 20:36 -------- d-----w- c:\program files\NCH Swift Sound

2012-05-27 22:14 . 2012-05-27 22:14 -------- d-----w- c:\documents and settings\Jan\Application Data\MakeitOne

2012-05-27 22:14 . 2012-05-27 22:14 -------- d-----w- c:\program files\MakeitOne

2012-05-22 08:48 . 2012-05-22 08:48 -------- d-----w- c:\program files\Common Files\xing shared

2012-05-22 08:46 . 2012-05-22 08:46 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-05-22 08:46 . 2012-05-22 08:46 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-21 00:50 . 2012-05-21 00:50 -------- d-----w- C:\amd64

2012-05-21 00:50 . 2012-05-21 00:50 -------- d-----w- C:\i386

2012-05-12 20:07 . 2012-05-20 09:19 -------- d-----w- c:\documents and settings\Jan\Application Data\GemistDownloader

2012-05-12 20:07 . 2012-05-12 20:07 -------- d-----w- c:\program files\GemistDownloader

2012-05-11 22:44 . 2012-05-11 22:51 -------- d-----w- C:\1f1a51f293989baf461db378445035b1

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 13:22 . 2009-04-28 04:51 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12 . 2009-04-28 04:51 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-19 03:17 . 2012-03-19 03:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-04-29 21:15 . 2012-02-21 17:23 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-09_21.20.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-10 13:45 . 2012-06-10 13:45 16384 c:\windows\Temp\Perflib_Perfdata_7ec.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-03 11:25 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-06-03 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]

"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]

"ModemListener"="c:\program files\Mobilni Internet\ModemListener.exe" [2010-07-13 98304]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-22 296056]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-03 1116544]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"=

"c:\\Program Files\\SmsDiscount.com\\SmsDiscount\\SmsDiscount.exe"=

"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 4:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 4:46 31952]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/03/2012 13:48 56208]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 5:25 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19/03/2012 5:17 301248]

R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [8/01/2012 13:57 228208]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/03/2012 13:48 71440]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/03/2012 13:48 164112]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 4:53 193288]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/06/2012 11:11 654408]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/03/2012 13:48 931640]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [3/06/2012 13:25 932736]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 13:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 17232]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 3:59 38912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/06/2012 11:11 22344]

R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [16/03/2009 23:27 39040]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30/04/2012 9:44 5106744]

S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start --> c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/05/2009 18:00 1684736]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29/04/2012 23:15 129976]

S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [18/07/2011 14:07 103552]

S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [5/05/2009 19:16 232872]

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3068895285-2536122168-2362634043-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]

.

2012-05-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3068895285-2536122168-2362634043-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]

.

2012-06-02 c:\windows\Tasks\WavePadReminder.job

- c:\program files\NCH Software\WavePad\wavepad.exe [2012-05-30 20:36]

.

2012-05-30 c:\windows\Tasks\WavePadSevenDays.job

- c:\program files\NCH Software\WavePad\wavepad.exe [2012-05-30 20:36]

.

.

------- Supplementary Scan -------

.

IE: Download with &Media Finder - c:\program files\Media Finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\Jan\Application Data\Mozilla\Firefox\Profiles\hvb4tjam.default\

FF - prefs.js: browser.search.selectedEngine - SearchYa!

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B33723462-2057-49fd-bb53-6bf855890778%7D&mid=aa82d3aa6d3d871141c54132f3784327-d020b6ef17d6b91b53f5e336f3e15b7082edbed9&ds=AVG&v=11.0.0.9〈=nl&pr=fr&d=2012-06-03%2013%3A25%3A46&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.searchya_i.hmpg - true

FF - user.js: extensions.searchya_i.hmpgUrl - hxxp://searchya.com/?chnl=dcom-100&s=0&cr=1189743197&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDyE

FF - user.js: extensions.searchya_i.dfltSrch - true

FF - user.js: extensions.searchya_i.srchPrvdr - SearchYa!

FF - user.js: extensions.searchya_i.dnsErr - true

FF - user.js: extensions.searchya_i.newTab - true

FF - user.js: extensions.searchya_i.newTabUrl - hxxp://searchya.com/?chnl=dcom-100&s=2&cr=1189743197&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDyE

FF - user.js: extensions.searchya_i.tlbrSrchUrl - hxxp://searchya.com/?chnl=dcom-100&s=3&cr=1189743197&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDyE&q=

FF - user.js: extensions.searchya_i.id - 648d7a1a000000000000002618fcbe43

FF - user.js: extensions.searchya_i.instlDay - 15495

FF - user.js: extensions.searchya_i.vrsn - 1.5.13.0

FF - user.js: extensions.searchya_i.vrsni - 1.5.13.0

FF - user.js: extensions.searchya_i.vrsnTs - 1.5.13.03:16

FF - user.js: extensions.searchya_i.prtnrId - ironsrc

FF - user.js: extensions.searchya_i.prdct - searchya

FF - user.js: extensions.searchya_i.aflt - dcom

FF - user.js: extensions.searchya_i.smplGrp - none

FF - user.js: extensions.searchya_i.tlbrId - base

FF - user.js: extensions.searchya_i.instlRef - dcom-100

FF - user.js: extensions.searchya_i.dfltLng -

FF - user.js: extensions.searchya_i.excTlbr - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-10 16:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(920)

c:\windows\system32\COMRes.dll

.

- - - - - - - > 'explorer.exe'(2788)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-06-10 16:19:28

ComboFix-quarantined-files.txt 2012-06-10 14:19

ComboFix2.txt 2012-06-09 21:32

.

Pre-Run: 62.676.754.432 bytes free

Post-Run: 62.628.442.112 bytes free

.

- - End Of File - - A11151B7A93769AF921E99309504EA04

Link naar reactie
Delen op andere sites
  • 2 weken later...
Jean Robbe Leerling

Jean Robbe

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 12-06-09.02 - Jan 18/06/2012 22:26:28.3.2 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.681 [GMT 2:00]

Running from: c:\documents and settings\Jan\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Jan\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

- REDUCED FUNCTIONALITY MODE -

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\Cache

c:\windows\system32\Cache\257f32dc13da2f6f.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\Thumbs.db

E:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))

.

.

2012-06-18 20:10 . 2012-06-18 20:10 -------- d-----w- c:\documents and settings\Jan\Local Settings\Application Data\AVG Secure Search

2012-06-18 20:10 . 2012-06-18 20:10 -------- d-----w- c:\documents and settings\Jan\Application Data\AVG Secure Search

2012-06-18 20:10 . 2012-06-18 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2012-06-18 20:09 . 2012-06-18 20:10 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-06-18 20:09 . 2012-06-18 20:10 -------- d-----w- c:\program files\AVG Secure Search

2012-06-18 20:08 . 2012-06-18 20:13 -------- d-----w- c:\windows\system32\drivers\AVG

2012-06-13 22:48 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-05 21:21 . 2012-06-05 21:22 -------- d-----w- c:\program files\CCleaner

2012-06-05 21:07 . 2012-06-05 21:08 -------- d-----w- c:\documents and settings\The Real Admin

2012-06-04 09:12 . 2012-06-04 09:12 -------- d-----w- c:\documents and settings\Jan\Application Data\Malwarebytes

2012-06-04 09:11 . 2012-06-04 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-06-04 09:11 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-04 09:11 . 2012-06-04 09:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-04 08:41 . 2012-06-04 08:41 -------- d-----w- c:\documents and settings\Jan\Application Data\DriverCure

2012-06-04 08:41 . 2012-06-04 08:41 -------- d-----w- c:\documents and settings\Jan\Application Data\SpeedyPC Software

2012-06-04 08:41 . 2012-06-04 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software

2012-06-04 01:17 . 2012-06-04 01:17 58 ----a-w- C:\user.js

2012-06-03 23:40 . 2012-06-04 20:44 -------- d-----w- c:\documents and settings\Jan\Local Settings\Application Data\Google

2012-06-03 23:40 . 2012-06-04 21:21 -------- d-----w- c:\program files\Google

2012-06-03 23:40 . 2012-06-03 23:40 -------- d-----w- c:\program files\Western Digital

2012-06-03 11:43 . 2012-06-03 11:43 -------- d-----w- c:\documents and settings\Jan\Application Data\AVG2012

2012-06-03 11:24 . 2012-06-18 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-06-03 11:07 . 2012-06-18 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-05-30 20:36 . 2012-05-30 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound

2012-05-30 20:36 . 2012-05-30 20:36 -------- d-----w- c:\program files\NCH Software

2012-05-30 20:36 . 2012-05-30 20:36 -------- d-----w- c:\program files\NCH Swift Sound

2012-05-27 22:14 . 2012-05-27 22:14 -------- d-----w- c:\documents and settings\Jan\Application Data\MakeitOne

2012-05-27 22:14 . 2012-05-27 22:14 -------- d-----w- c:\program files\MakeitOne

2012-05-22 08:48 . 2012-05-22 08:48 -------- d-----w- c:\program files\Common Files\xing shared

2012-05-22 08:46 . 2012-05-22 08:46 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-05-22 08:46 . 2012-05-22 08:46 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-21 00:50 . 2012-05-21 00:50 -------- d-----w- C:\amd64

2012-05-21 00:50 . 2012-05-21 00:50 -------- d-----w- C:\i386

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 13:22 . 2009-04-28 04:51 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2009-04-28 04:51 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20 . 2009-04-28 04:51 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42 . 2009-04-28 04:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2009-04-28 04:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2009-04-28 04:51 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:16 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2009-04-28 05:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-29 21:15 . 2012-02-21 17:23 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-09_21.20.01 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-04-28 04:51 . 2012-05-28 22:06 85784 c:\windows\system32\perfc009.dat

+ 2009-04-28 04:51 . 2012-06-14 00:24 85784 c:\windows\system32\perfc009.dat

+ 2009-04-28 04:51 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll

+ 2009-11-10 05:09 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll

- 2009-11-10 05:09 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-05-05 16:50 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-05-05 16:50 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 12800 c:\windows\ie8updates\KB2699988-IE8\xpshims.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 66560 c:\windows\ie8updates\KB2699988-IE8\mshtmled.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 55296 c:\windows\ie8updates\KB2699988-IE8\msfeedsbs.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 43520 c:\windows\ie8updates\KB2699988-IE8\licmgr10.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 25600 c:\windows\ie8updates\KB2699988-IE8\jsproxy.dll

+ 2012-06-14 00:11 . 2012-06-14 00:11 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f05130e3\System.Drawing.Design.dll

+ 2012-06-14 05:16 . 2012-06-14 05:16 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\fe6157b21b1f87deffcad313d447de27\WindowsLiveWriter.ni.exe

+ 2012-06-14 05:17 . 2012-06-14 05:17 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ea703b3cc3bd6c91db6292a76e20bed2\WindowsLive.Writer.Api.ni.dll

+ 2012-06-14 05:19 . 2012-06-14 05:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll

+ 2012-06-14 00:23 . 2012-06-14 00:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2012-05-11 22:43 . 2012-05-15 19:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2012-06-14 00:23 . 2012-06-14 00:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2012-06-14 00:23 . 2012-06-14 00:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2012-05-15 19:24 . 2012-05-15 19:24 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll

- 2009-04-28 04:51 . 2012-05-28 22:06 475930 c:\windows\system32\perfh009.dat

+ 2009-04-28 04:51 . 2012-06-14 00:24 475930 c:\windows\system32\perfh009.dat

- 2009-04-28 04:51 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll

- 2009-04-28 04:51 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe

+ 2009-04-28 04:51 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe

- 2009-04-28 04:51 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll

+ 2009-04-28 04:51 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll

+ 2009-04-28 05:01 . 2012-05-02 13:46 139656 c:\windows\system32\dllcache\rdpwd.sys

+ 2009-04-28 04:51 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll

+ 2009-05-05 16:50 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-11-10 05:09 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2009-11-10 05:09 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll

- 2010-06-10 04:17 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2010-06-10 04:17 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-04-28 04:51 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe

- 2009-04-28 04:51 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe

+ 2012-04-21 05:15 . 2012-04-21 05:15 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

- 2012-01-31 01:38 . 2012-01-31 01:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

- 2012-01-27 15:35 . 2012-01-27 15:35 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll

+ 2012-04-25 15:45 . 2012-04-25 15:45 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll

+ 2012-04-21 19:55 . 2012-04-21 19:55 980480 c:\windows\Installer\4b971b.msp

+ 2012-06-14 00:12 . 2012-03-01 11:01 916992 c:\windows\ie8updates\KB2699988-IE8\wininet.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 105984 c:\windows\ie8updates\KB2699988-IE8\url.dll

+ 2012-06-14 00:12 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2699988-IE8\spuninst\updspapi.dll

+ 2012-06-14 00:12 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2699988-IE8\spuninst\spuninst.exe

+ 2012-06-14 00:12 . 2012-03-01 11:01 206848 c:\windows\ie8updates\KB2699988-IE8\occache.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 611840 c:\windows\ie8updates\KB2699988-IE8\mstime.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 602112 c:\windows\ie8updates\KB2699988-IE8\msfeeds.dll

+ 2012-06-14 00:12 . 2009-03-08 03:35 521216 c:\windows\ie8updates\KB2699988-IE8\jsdbgui.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 247808 c:\windows\ie8updates\KB2699988-IE8\ieproxy.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 184320 c:\windows\ie8updates\KB2699988-IE8\iepeers.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 743424 c:\windows\ie8updates\KB2699988-IE8\iedvtool.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 387584 c:\windows\ie8updates\KB2699988-IE8\iedkcs32.dll

+ 2012-06-14 00:12 . 2012-02-29 12:17 174080 c:\windows\ie8updates\KB2699988-IE8\ie4uinit.exe

+ 2012-06-14 00:11 . 2012-06-14 00:11 843776 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_395022a6\System.Drawing.dll

+ 2012-06-14 00:11 . 2012-06-14 00:11 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_5041efaf\System.Drawing.Design.dll

+ 2012-06-14 05:18 . 2012-06-14 05:18 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\0eb13bef5a6fee89efc5c393af3f2a93\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f37031533e147b83b6f01748b16a8fa6\WindowsLive.Writer.Localization.ni.dll

+ 2012-06-14 05:18 . 2012-06-14 05:18 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e8bbaa3f2be48eb571871a39c3a6fdaf\WindowsLive.Writer.FileDestinations.ni.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\caed48c98449344f1eb7b1d0f618fb3b\WindowsLive.Writer.Mshtml.ni.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c6f2297d833909ed6faff6a3dd51040b\WindowsLive.Writer.Passport.ni.dll

+ 2012-06-14 05:18 . 2012-06-14 05:18 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\69c035a1d1c2589db04b6730b24b01ce\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5dc96a9c03c0bdf7ffbb2d40e23af2cf\WindowsLive.Writer.BrowserControl.ni.dll

+ 2012-06-14 05:18 . 2012-06-14 05:18 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5a6d68d22990bbd53c4c0fdffa00d8e4\WindowsLive.Writer.BlogClient.ni.dll

+ 2012-06-14 05:18 . 2012-06-14 05:18 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\57e951e8f81c3dc190c659f93aa8c36e\WindowsLive.Writer.SpellChecker.ni.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\549fb874b7f98fe85f30ddbccccb121a\WindowsLive.Writer.Interop.ni.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3dc324722c5ea97c692d4ecb10870c75\WindowsLive.Writer.Extensibility.ni.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0a0293d71df51b824e510ae5ab616473\WindowsLive.Writer.Controls.ni.dll

+ 2012-06-14 05:18 . 2012-06-14 05:18 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\161e09c12960017d1865f51452f2bd91\WindowsLive.Client.ni.dll

+ 2012-06-14 05:15 . 2012-06-14 05:15 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\86e11a59f02b2dda27ec2e7cba351744\WindowsFormsIntegration.ni.dll

+ 2012-06-14 05:18 . 2012-06-14 05:18 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll

+ 2012-06-14 05:19 . 2012-06-14 05:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll

+ 2012-06-14 05:19 . 2012-06-14 05:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll

+ 2012-06-14 05:19 . 2012-06-14 05:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll

+ 2012-06-14 05:19 . 2012-06-14 05:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll

+ 2012-06-14 05:18 . 2012-06-14 05:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll

+ 2012-06-14 05:14 . 2012-06-14 05:14 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\96a3fc1f74a00b618b70bd1701600408\System.Drawing.Design.ni.dll

+ 2012-06-14 00:17 . 2012-06-14 00:17 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll

+ 2012-06-14 05:16 . 2012-06-14 05:16 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c0045c1c7c29c7e7cc7bd60001b729a7\AspNetMMCExt.ni.dll

+ 2012-06-14 00:23 . 2012-06-14 00:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2012-06-14 00:23 . 2012-06-14 00:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-06-14 00:23 . 2012-06-14 00:23 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-06-14 00:23 . 2012-06-14 00:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2012-05-11 22:43 . 2012-05-15 19:23 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2012-06-14 00:23 . 2012-06-14 00:23 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2012-05-15 19:26 . 2012-05-15 19:26 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2012-06-14 00:10 . 2012-06-14 00:10 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2009-04-28 04:51 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 6007808 c:\windows\system32\mshtml.dll

+ 2009-04-28 04:51 . 2012-05-15 13:20 1863168 c:\windows\system32\dllcache\win32k.sys

- 2009-04-28 04:51 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2009-04-28 04:51 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll

- 2009-05-05 16:23 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2009-05-05 16:23 . 2012-05-04 13:12 2192640 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2009-05-05 16:23 . 2012-05-04 12:32 2026496 c:\windows\system32\dllcache\ntkrpamp.exe

- 2009-05-05 16:23 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2009-05-05 16:23 . 2012-05-04 13:16 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe

- 2009-05-05 16:23 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2009-04-28 04:51 . 2012-05-11 14:42 6007808 c:\windows\system32\dllcache\mshtml.dll

- 2009-05-05 16:50 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll

+ 2009-05-05 16:50 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll

- 2011-12-25 01:50 . 2011-12-25 01:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2012-03-20 03:23 . 2012-03-20 03:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2012-03-20 03:23 . 2012-03-20 03:23 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

- 2008-07-25 10:17 . 2008-07-25 10:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

- 2012-01-31 02:46 . 2012-01-31 02:46 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp

+ 2012-04-26 00:32 . 2012-04-26 00:32 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp

+ 2012-06-18 20:10 . 2012-06-18 20:10 5161984 c:\windows\Installer\7ab39.msi

+ 2012-06-18 20:07 . 2012-06-18 20:07 2208768 c:\windows\Installer\7ab35.msi

+ 2012-06-18 17:37 . 2012-06-18 17:37 2208768 c:\windows\Installer\60355.msi

+ 2012-04-25 17:32 . 2012-04-25 17:32 7069184 c:\windows\Installer\4b9714.msp

+ 2012-03-20 21:57 . 2012-03-20 21:57 6188544 c:\windows\Installer\4b970a.msp

+ 2012-06-14 00:12 . 2012-03-01 11:01 1212416 c:\windows\ie8updates\KB2699988-IE8\urlmon.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 5978624 c:\windows\ie8updates\KB2699988-IE8\mshtml.dll

+ 2012-06-14 00:12 . 2012-03-01 11:01 2000384 c:\windows\ie8updates\KB2699988-IE8\iertutil.dll

- 2009-05-05 16:23 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2009-05-05 16:23 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2009-05-05 16:23 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2009-05-05 16:23 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2009-05-05 16:23 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2009-05-05 16:23 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2012-06-14 00:11 . 2012-06-14 00:11 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3347df83\System.Windows.Forms.dll

+ 2012-06-14 00:12 . 2012-06-14 00:12 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_05a75e60\System.Windows.Forms.dll

+ 2012-06-14 00:12 . 2012-06-14 00:12 2252800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d1bbf39a\System.Drawing.dll

+ 2012-06-14 00:11 . 2012-06-14 00:11 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7e8d9b10\System.Design.dll

+ 2012-06-14 00:12 . 2012-06-14 00:12 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_6b80aa19\System.Design.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d391561f2f9cdc6764878d52251009b5\WindowsLive.Writer.CoreServices.ni.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\811f5f78aeb1ba31a8004b29a10a2d25\WindowsLive.Writer.PostEditor.ni.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\73c7f6ddd714e95e2325ec1c0e17cbd3\WindowsLive.Writer.ApplicationFramework.ni.dll

+ 2012-06-14 05:19 . 2012-06-14 05:19 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll

+ 2012-06-14 00:21 . 2012-06-14 00:21 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll

+ 2012-06-14 05:19 . 2012-06-14 05:19 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll

+ 2012-06-14 05:19 . 2012-06-14 05:19 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll

+ 2012-06-14 00:17 . 2012-06-14 00:17 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll

+ 2012-06-14 05:19 . 2012-06-14 05:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll

+ 2012-06-14 05:19 . 2012-06-14 05:19 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll

+ 2012-06-14 05:14 . 2012-06-14 05:14 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d380f1813e27c2a086e62f0218669d67\System.Printing.ni.dll

+ 2012-06-14 05:14 . 2012-06-14 05:14 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll

+ 2012-06-14 05:14 . 2012-06-14 05:14 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\443dd7f0b84c3de54b1a72be655e307c\ReachFramework.ni.dll

+ 2012-06-14 05:14 . 2012-06-14 05:14 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\48ddcafff1a5603fb3289e90330275c0\PresentationUI.ni.dll

+ 2012-06-14 05:18 . 2012-06-14 05:18 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll

+ 2012-06-14 05:18 . 2012-06-14 05:18 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll

+ 2012-06-14 05:18 . 2012-06-14 05:18 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-06-14 00:23 . 2012-06-14 00:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2012-06-14 00:23 . 2012-06-14 00:23 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2012-06-14 00:23 . 2012-06-14 00:23 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2012-05-15 19:23 . 2012-05-15 19:23 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2012-05-15 19:24 . 2012-05-15 19:24 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2012-06-14 00:24 . 2012-06-14 00:24 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-11-10 05:07 . 2012-06-14 00:12 56731752 c:\windows\system32\MRT.exe

+ 2009-05-05 16:49 . 2012-05-11 18:12 11111424 c:\windows\system32\dllcache\ieframe.dll

+ 2012-06-14 00:12 . 2012-03-02 04:01 11082752 c:\windows\ie8updates\KB2699988-IE8\ieframe.dll

+ 2012-06-14 05:15 . 2012-06-14 05:15 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll

+ 2012-06-14 05:17 . 2012-06-14 05:17 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll

+ 2012-06-14 05:14 . 2012-06-14 05:14 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f73a8455f384e90f6925309336fece24\System.Design.ni.dll

+ 2012-06-14 05:14 . 2012-06-14 05:14 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll

+ 2012-06-14 05:13 . 2012-06-14 05:13 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-18 20:09 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-06-18 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]

"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]

"ModemListener"="c:\program files\Mobilni Internet\ModemListener.exe" [2010-07-13 98304]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-22 296056]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-18 1116544]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"=

"c:\\Program Files\\SmsDiscount.com\\SmsDiscount\\SmsDiscount.exe"=

"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 4:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 4:46 31952]

S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/03/2012 13:48 56208]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 5:25 235216]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19/03/2012 5:17 301248]

S1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [8/01/2012 13:57 228208]

S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/03/2012 13:48 71440]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/03/2012 13:48 164112]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30/04/2012 9:44 5106744]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 4:53 193288]

S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start --> c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start [?]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/06/2012 11:11 654408]

S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/03/2012 13:48 931640]

S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [18/06/2012 22:10 932736]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/05/2009 18:00 1684736]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 139856]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 13:32 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 17232]

S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 3:59 38912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/06/2012 11:11 22344]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29/04/2012 23:15 129976]

S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [18/07/2011 14:07 103552]

S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [5/05/2009 19:16 232872]

S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [16/03/2009 23:27 39040]

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3068895285-2536122168-2362634043-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]

.

2012-05-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3068895285-2536122168-2362634043-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]

.

2012-06-02 c:\windows\Tasks\WavePadReminder.job

- c:\program files\NCH Software\WavePad\wavepad.exe [2012-05-30 20:36]

.

2012-05-30 c:\windows\Tasks\WavePadSevenDays.job

- c:\program files\NCH Software\WavePad\wavepad.exe [2012-05-30 20:36]

.

.

------- Supplementary Scan -------

.

IE: Download with &Media Finder - c:\program files\Media Finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\Jan\Application Data\Mozilla\Firefox\Profiles\hvb4tjam.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B33723462-2057-49fd-bb53-6bf855890778%7D&mid=aa82d3aa6d3d871141c54132f3784327-d020b6ef17d6b91b53f5e336f3e15b7082edbed9&ds=AVG&v=11.0.0.9〈=nl&pr=fr&d=2012-06-03%2013%3A25%3A46&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.searchya_i.excTlbr - false

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-18 22:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Completion time: 2012-06-18 22:32:00

ComboFix-quarantined-files.txt 2012-06-18 20:31

ComboFix2.txt 2012-06-10 14:19

ComboFix3.txt 2012-06-09 21:32

.

Pre-Run: 61.528.649.728 bytes free

Post-Run: 61.594.251.264 bytes free

.

- - End Of File - - BE3B9BBC1D32F9A8FBB406FF86F26EB1

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.