MyCity » Ambulanta -> Arhiva Ambulante » [bobby]Pomoc

[bobby]Pomoc

Napisano na dan: 27.9.2008
1

[bobby]Pomoc
Sledeća strana Pagination

Idi na vrh

Poslao: 27 Sep 2008 14:21
Idi na vrh
offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Poceli su da mi iskacu prozori u kojima se poljavljuju antivirus 2009 i da imam malware na komp!
C:\WINDOWS\system32\wscntfy.exe
C:\Windows Live\Messenger\msvs.exe
C:\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\DOCUME~1\FLAMEO~1\LOCALS~1\Temp\ins.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\PCHealthCenter\7.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\FLAMEO~1\LOCALS~1\Temp\windfr.exe
D:\BACKUP\PROGRAMI\install\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: QXK Olive - {129D532E-E2EC-4527-B4BA-4626830EFE18} - C:\WINDOWS\dfmlxbpkbkl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
O3 - Toolbar: peltodgx - {BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\WINDOWS\peltodgx.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [\YURA62.exe] C:\Windows\system32\YURA62.exe
O4 - HKLM\..\Run: [\YURA63.exe] C:\Windows\system32\YURA63.exe
O4 - HKLM\..\Run: [\YURA64.exe] C:\Windows\system32\YURA64.exe
O4 - HKLM\..\Run: [\YURA65.exe] C:\Windows\system32\YURA65.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\Documents and Settings\FlAmE of HeLl\Application Data\Adobe\Player.exe
O4 - HKCU\..\Run: [\YURA62.exe] C:\Windows\system32\YURA62.exe
O4 - HKCU\..\Run: [\YURA63.exe] C:\Windows\system32\YURA63.exe
O4 - HKCU\..\Run: [\YURA64.exe] C:\Windows\system32\YURA64.exe
O4 - HKCU\..\Run: [\YURA65.exe] C:\Windows\system32\YURA65.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll
O20 - Winlogon Notify: khfGxUNf - C:\WINDOWS\SYSTEM32\khfGxUNf.dll
O21 - SSODL: rwlfsdmk - {88CB493F-39BF-41E3-90BD-A7BAB2E6446A} - C:\WINDOWS\rwlfsdmk.dll
O21 - SSODL: onfwbsak - {2E70C9E6-B62F-4860-B532-4673DC8E8CD1} - C:\WINDOWS\onfwbsak.dll
O21 - SSODL: appsrvcom - {641264E0-E065-832E-EA53-04402133D3BB} - C:\Program Files\emcxicc\appsrvcom.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8917 bytes

Dopuna: 27 Sep 2008 14:21

veljko-94 ::Poceli su da mi iskacu prozori u kojima se poljavljuju antivirus 2009 i da imam malware na kompu!Takodje u my computeru ne vidim particiju gde se nalazi xp!
C:\WINDOWS\system32\wscntfy.exe
C:\Windows Live\Messenger\msvs.exe
C:\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\DOCUME~1\FLAMEO~1\LOCALS~1\Temp\ins.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\PCHealthCenter\7.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\FLAMEO~1\LOCALS~1\Temp\windfr.exe
D:\BACKUP\PROGRAMI\install\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: QXK Olive - {129D532E-E2EC-4527-B4BA-4626830EFE18} - C:\WINDOWS\dfmlxbpkbkl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
O3 - Toolbar: peltodgx - {BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\WINDOWS\peltodgx.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [\YURA62.exe] C:\Windows\system32\YURA62.exe
O4 - HKLM\..\Run: [\YURA63.exe] C:\Windows\system32\YURA63.exe
O4 - HKLM\..\Run: [\YURA64.exe] C:\Windows\system32\YURA64.exe
O4 - HKLM\..\Run: [\YURA65.exe] C:\Windows\system32\YURA65.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\Documents and Settings\FlAmE of HeLl\Application Data\Adobe\Player.exe
O4 - HKCU\..\Run: [\YURA62.exe] C:\Windows\system32\YURA62.exe
O4 - HKCU\..\Run: [\YURA63.exe] C:\Windows\system32\YURA63.exe
O4 - HKCU\..\Run: [\YURA64.exe] C:\Windows\system32\YURA64.exe
O4 - HKCU\..\Run: [\YURA65.exe] C:\Windows\system32\YURA65.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll
O20 - Winlogon Notify: khfGxUNf - C:\WINDOWS\SYSTEM32\khfGxUNf.dll
O21 - SSODL: rwlfsdmk - {88CB493F-39BF-41E3-90BD-A7BAB2E6446A} - C:\WINDOWS\rwlfsdmk.dll
O21 - SSODL: onfwbsak - {2E70C9E6-B62F-4860-B532-4673DC8E8CD1} - C:\WINDOWS\onfwbsak.dll
O21 - SSODL: appsrvcom - {641264E0-E065-832E-EA53-04402133D3BB} - C:\Program Files\emcxicc\appsrvcom.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8917 bytes

Poslao: 27 Sep 2008 21:47
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 27 Sep 2008 22:11
Idi na vrh
offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Evo loga
ComboFix 08-09-26.06 - FlAmE of HeLl 2008-09-27 18:39:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1571 [GMT 2:00]
Running from: C:\Documents and Settings\FlAmE of HeLl\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
C:\Documents and Settings\All Users\Start Menu\Programs\Zango
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Reset Cursor.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Weather.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Games!.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Library.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Screensavers!.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Videos!.lnk
C:\Documents and Settings\FlAmE of HeLl\Application Data\Adobe\crc.dat
C:\Documents and Settings\FlAmE of HeLl\Application Data\WeatherDPA
C:\Documents and Settings\FlAmE of HeLl\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.txt
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.idx
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.cdf
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.txt
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xml
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\FlAmE of HeLl\Favorites\Error Cleaner.url
C:\Documents and Settings\FlAmE of HeLl\Favorites\Privacy Protector.url
C:\Documents and Settings\FlAmE of HeLl\Favorites\Spyware&Malware Protection.url
C:\Program Files\MicroAV
C:\Program Files\MicroAV\MicroAV.cpl
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\MicroAV\MicroAV.ooo
C:\Program Files\MicroAV\MicroAV0.dat
C:\Program Files\MicroAV\MicroAV1.dat
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\RichVideoCodec
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\zango
C:\Program Files\zango\bin\10.3.75.0\arrow.ico
C:\Program Files\zango\bin\10.3.75.0\CntntCntr.dll
C:\Program Files\zango\bin\10.3.75.0\copyright.txt
C:\Program Files\zango\bin\10.3.75.0\CoreSrv.dll
C:\Program Files\zango\bin\10.3.75.0\firefox\extensions\chrome.manifest
C:\Program Files\zango\bin\10.3.75.0\firefox\extensions\components\npclntax.xpt
C:\Program Files\zango\bin\10.3.75.0\firefox\extensions\install.rdf
C:\Program Files\zango\bin\10.3.75.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
C:\Program Files\zango\bin\10.3.75.0\HostIE.dll
C:\Program Files\zango\bin\10.3.75.0\HostOE.dll
C:\Program Files\zango\bin\10.3.75.0\HostOL.dll
C:\Program Files\zango\bin\10.3.75.0\link.ico
C:\Program Files\zango\bin\10.3.75.0\OEAddOn.exe
C:\Program Files\zango\bin\10.3.75.0\Srv.exe
C:\Program Files\zango\bin\10.3.75.0\Toolbar.dll
C:\Program Files\zango\bin\10.3.75.0\Wallpaper.dll
C:\Program Files\zango\bin\10.3.75.0\Weather.exe
C:\Program Files\zango\bin\10.3.75.0\WeSkin.dll
C:\Program Files\zango\bin\10.3.75.0\ZangoSA.exe
C:\Program Files\zango\bin\10.3.75.0\ZangoSAAX.dll
C:\Program Files\zango\bin\10.3.75.0\ZangoSADF.exe
C:\Program Files\zango\bin\10.3.75.0\ZangoSAHook.dll
C:\Program Files\zango\bin\10.3.75.0\ZangoUninstaller.exe
C:\WINDOWS\dfmlxbpkbkl.dll
C:\WINDOWS\exwf.exe
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\rwlfsdmk.dll
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\2.ico
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\tmp75.tmp
C:\WINDOWS\system32\tmp76.tmp
C:\x
D:\install.exe

----- BITS: Possible infected sites -----

hxxp://91.203.93.6
.
((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.

2008-09-27 14:16 . 2008-09-27 14:16 952,775 ---hs---- C:\WINDOWS\system32\vasocmga.ini
2008-09-27 14:16 . 2008-09-27 14:16 80,000 --a------ C:\WINDOWS\system32\agmcosav.dll
2008-09-27 14:15 . 2008-09-27 14:15 327,936 --a------ C:\WINDOWS\system32\fccyvvSK.dll
2008-09-27 14:15 . 2008-09-27 18:41 137,815 --ahs---- C:\WINDOWS\system32\KSvvyccf.ini2
2008-09-27 14:15 . 2008-09-27 18:41 137,783 --ahs---- C:\WINDOWS\system32\KSvvyccf.ini
2008-09-27 14:12 . 2008-09-27 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\lsbmbgty
2008-09-27 14:11 . 2008-09-27 18:36 <DIR> d-------- C:\Program Files\emcxicc
2008-09-27 14:10 . 2008-09-27 14:10 38,272 --a------ C:\WINDOWS\system32\qoMfDUNF.dll
2008-09-27 14:10 . 2008-09-27 14:10 38,272 --a------ C:\WINDOWS\system32\khfGxUNf.dll
2008-09-27 14:09 . 2008-09-26 11:29 147,456 --a------ C:\WINDOWS\fbxrqtwn.exe
2008-09-27 14:08 . 2008-09-27 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Zango
2008-09-27 14:08 . 2008-09-27 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-27 14:08 . 2008-09-27 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport
2008-09-27 14:08 . 2008-09-24 02:13 166,400 --a------ C:\WINDOWS\system32\MicroAV.cpl
2008-09-27 14:08 . 2008-09-27 14:08 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-09-27 14:08 . 2008-09-27 14:08 11,264 --a------ C:\WINDOWS\system32\tdsslog.dll
2008-09-27 14:08 . 2008-09-27 14:08 8,192 --a------ C:\WINDOWS\system32\tdssserf1.dll
2008-09-27 14:00 . 2008-09-27 14:00 <DIR> d-------- C:\Program Files\corel
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-27 12:11 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-27 12:11 . 2008-09-27 12:11 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\MSBuild
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 12:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-27 12:10 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2008-09-27 12:10 . 2008-07-06 14:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-27 12:07 . 2008-09-27 12:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-27 11:30 . 2008-09-27 11:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\AveDesk
2008-09-27 11:22 . 2008-09-27 11:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-27 11:22 . 2008-09-27 11:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-27 11:19 . 2008-09-27 11:19 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 11:14 . 2008-09-27 11:14 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C9.tmp
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C8.tmp
2008-09-26 18:58 . 2008-09-26 18:58 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-09-26 18:46 . 2008-09-26 18:54 <DIR> d-------- C:\Program Files\FrostWire
2008-09-26 18:46 . 2008-09-27 14:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FrostWire
2008-09-25 18:37 . 2008-09-25 18:37 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-25 18:37 . 2006-10-04 16:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SET29D.tmp
2008-09-25 18:36 . 2008-09-25 18:36 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-25 18:36 . 2008-09-25 18:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-25 18:35 . 2008-09-25 18:35 1,187 --a------ C:\WINDOWS\wmplayer.reg
2008-09-25 13:01 . 2008-09-25 13:01 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-24 20:34 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-24 19:49 . 2008-09-24 19:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-24 19:48 . 2008-09-24 19:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-24 19:39 . 2008-09-27 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-24 19:38 . 2008-09-24 19:38 <DIR> dr-h----- C:\MSOCache
2008-09-24 14:02 . 2008-09-24 14:02 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-09-23 19:16 . 2008-09-23 19:16 56 --a------ C:\WINDOWS\wb.ini
2008-09-23 17:51 . 2008-09-27 14:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ShoppingReport
2008-09-23 17:46 . 2008-04-26 16:14 42,672 --a------ C:\WINDOWS\system32\~GLH0012.TMP
2008-09-23 17:16 . 2008-09-23 17:16 <DIR> d-------- C:\Program Files\RocketDock
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\Stardock
2008-09-22 20:26 . 2008-09-22 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-22 18:00 . 2008-09-22 18:00 1,605 --a------ C:\Mozilla Firefox.lnk
2008-09-22 17:51 . 2008-09-22 17:51 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Windows Live Writer
2008-09-22 16:10 . 2008-09-22 16:10 <DIR> d-------- C:\Program Files\Microsoft
2008-09-22 15:49 . 2008-09-22 15:49 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-22 15:48 . 2008-09-22 15:48 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\MxBoost
2008-09-22 15:47 . 2008-09-22 15:48 <DIR> d-------- C:\Program Files\Maxthon2
2008-09-22 15:25 . 2008-09-22 15:25 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-09-22 15:25 . 2008-09-22 15:26 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Vista Start Menu
2008-09-22 15:22 . 2008-09-22 15:22 <DIR> d-------- C:\Program Files\WinMatrix XP
2008-09-21 14:01 . 2008-09-21 14:01 <DIR> d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
2008-09-20 10:17 . 2008-09-22 17:53 <DIR> d-------- C:\Program Files\Windows Live
2008-09-20 10:11 . 2008-09-27 18:46 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\OpenOffice.org2
2008-09-20 08:10 . 2008-09-20 08:11 250 --a------ C:\WINDOWS\gmer.ini
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Yahoo!
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Program Files\Nvu
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Nvu
2008-09-19 08:49 . 2008-09-19 08:49 <DIR> d-------- C:\Program Files\Complex
2008-09-17 21:09 . 2008-09-17 21:09 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-09-17 09:11 . 2008-09-17 09:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ChessBase
2008-09-17 09:10 . 2008-09-17 09:10 <DIR> d-------- C:\Program Files\ChessBase
2008-09-16 13:16 . 2008-09-16 13:17 <DIR> d-------- C:\Program Files\AIMP2
2008-09-16 13:15 . 2008-09-16 13:15 <DIR> d-------- C:\Program Files\Webteh
2008-09-15 13:11 . 2008-09-15 13:12 <DIR> d-------- C:\Program Files\Real
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Program Files\Solway's Internet TV and Radio
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SolwaySoftware
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d-------- C:\Program Files\Recuva
2008-09-14 19:54 . 2008-09-14 19:54 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.thumbnails
2008-09-14 19:53 . 2008-09-14 19:55 <DIR> d-------- C:\PNG
2008-09-14 19:53 . 2008-09-14 19:53 <DIR> d-------- C:\ICO
2008-09-14 19:53 . 2007-02-03 21:50 125,484 --a------ C:\Vista_Style_Icons_Preview.png
2008-09-14 18:38 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-14 18:38 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-14 18:37 . 2008-09-14 18:38 <DIR> d-------- C:\Program Files\Picasa2
2008-09-14 18:37 . 2008-09-14 18:37 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-09-14 18:37 . 2008-09-15 11:21 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.gimp-2.4
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\Screamer Radio
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\IrfanView
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\QuickTime
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\LocalCooling
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-14 18:18 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Songbird2
2008-09-14 18:17 . 2008-09-15 19:39 <DIR> d-------- C:\Program Files\Songbird
2008-09-14 18:17 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-14 18:12 . 2008-09-14 18:12 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-14 18:12 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-14 18:11 . 2008-09-14 18:11 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-09-14 15:43 . 2008-09-14 15:43 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FileZilla
2008-09-09 15:01 . 2008-09-17 20:38 <DIR> d-------- C:\Program Files\Valve
2008-09-09 14:44 . 2008-09-09 14:44 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SEGA
2008-09-08 21:47 . 2008-09-08 21:47 <DIR> d-------- C:\Program Files\Samurize

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 11:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-26 17:40 --------- d-----w C:\Program Files\OpenAL
2008-09-25 16:37 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BitTorrent
2008-09-24 12:02 --------- d-----w C:\Program Files\AlienGUIse
2008-09-23 17:16 --------- d-----w C:\Program Files\Common Files\Stardock
2008-09-22 14:10 --------- d-----w C:\Program Files\Winamp
2008-09-22 13:40 --------- d-----w C:\Program Files\Opera
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Activision
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Activision
2008-09-20 08:09 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-14 17:58 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-09-14 16:39 --------- d-----w C:\Program Files\Google
2008-09-07 18:19 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BearShare
2008-09-06 13:28 --------- d-----w C:\Program Files\SpeedFan
2008-09-04 06:02 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-08-31 00:23 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Hamachi
2008-08-31 00:18 --------- d-----w C:\Program Files\Hamachi
2008-08-28 08:45 --------- d-----w C:\Program Files\e-texaspoker client
2008-08-28 08:32 --------- d-----w C:\Program Files\Yahoo!
2008-08-25 08:16 --------- d-----w C:\Program Files\BitTorrent
2008-08-23 21:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Dev-Cpp
2008-08-21 20:25 70,742 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-08-21 20:25 5,423 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-21 10:59 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-08-21 10:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-21 07:16 --------- d-----w C:\Program Files\Orb Networks
2008-08-21 07:11 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-08-20 09:07 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-18 14:46 22,328 ----a-w C:\Documents and Settings\FlAmE of HeLl\Application Data\PnkBstrK.sys
2008-08-18 14:24 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-18 14:24 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-18 13:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-18 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\POP3Profiles
2008-08-16 19:00 --------- d-----w C:\Program Files\LucasArts
2008-08-15 06:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-13 13:44 --------- d-----w C:\Program Files\PoxNora
2008-08-13 07:48 20,500 ----a-w C:\Documents and Settings\FlAmE of HeLl\FMCodec.dat
2008-08-13 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-12 20:08 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\AdobeUM
2008-08-12 13:32 --------- d-----w C:\Program Files\Java
2008-08-12 13:16 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 18:53 --------- d-----w C:\Program Files\My Company Name
2008-08-11 18:53 --------- d-----w C:\Program Files\HP
2008-08-11 18:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-11 18:53 --------- d-----w C:\Program Files\Common Files\HP
2008-08-10 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-08-09 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Bioshock
2008-08-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer
2008-08-09 13:39 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\GRETECH
2008-08-09 13:38 --------- d-----w C:\Program Files\GRETECH
2008-08-09 13:28 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Black Sea Studios
2008-08-09 09:02 --------- d-----w C:\Program Files\Common Files\BioWare
2008-08-09 07:42 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Ubisoft
2008-08-09 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-08 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\InstallShield
2008-08-08 17:47 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Microsoft Games
2008-08-08 11:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-08 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-07 21:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\ACD Systems
2008-08-07 20:46 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\TuneUp Software
2008-08-07 20:29 --------- d--h--r C:\Documents and Settings\FlAmE of HeLl\Application Data\SecuROM
2008-08-07 20:23 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-07 20:21 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-07 20:16 --------- d-----w C:\Program Files\CCleaner
2008-08-07 17:04 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-07 16:13 --------- d-----w C:\Program Files\Common Files\Java
2008-08-07 16:10 --------- d-----w C:\Program Files\BearShare Applications
2008-08-06 10:50 --------- d-----w C:\Program Files\WinFast
2008-08-06 10:50 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-06 10:42 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-06 10:42 --------- d-----w C:\Program Files\ACD Systems
2008-08-06 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-06 10:41 --------- d-----w C:\Program Files\Mv2Player
2008-08-06 10:41 --------- d-----w C:\Program Files\CyberLink
2008-08-06 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-06 10:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-06 10:37 --------- d-----w C:\Program Files\Ahead
2008-08-06 10:28 --------- d-----w C:\Program Files\Total Commander XP
2008-08-06 10:23 --------- d-----w C:\Program Files\Realtek
2008-08-06 10:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-06 10:05 --------- d-----w C:\Program Files\Intel
2008-08-06 09:57 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376EFD74-7AA4-44A4-9E39-E374ED3139A9}]
2008-09-27 14:10 38272 --a------ C:\WINDOWS\system32\khfGxUNf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
2008-08-31 14:38 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC1ED97C-0525-425D-A939-2ACA495E7212}]
2008-09-27 14:15 327936 --a------ C:\WINDOWS\system32\fccyvvSK.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"e8d76a67"="C:\WINDOWS\system32\agmcosav.dll" [2008-09-27 80000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3eHw1B3dFN"="C:\Documents and Settings\All Users\Application Data\lsbmbgty\jcpwxuxw.exe" [2008-09-27 61440]

C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-27 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{376EFD74-7AA4-44A4-9E39-E374ED3139A9}"= "C:\WINDOWS\system32\khfGxUNf.dll" [2008-09-27 38272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGxUNf]
2008-09-27 14:10 38272 C:\WINDOWS\system32\khfGxUNf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\fccyvvSK

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 22:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-31 14:38 133104 C:\Documents and Settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
--a------ 2006-12-01 18:09 2056875 C:\Program Files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-23 14:11 21738792 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-15 13:11 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 19:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-30 00:01 52168 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-09-19 19:16 2145280 C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 15:55 2850816 C:\Program Files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-11-16 16:13 90112 C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MONyog"=2 (0x2)
"gupdate1c90b651dea8622"=2 (0x2)
"UserAccess7"=2 (0x2)
"NMSAccessU"=2 (0x2)
"gusvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"D:\\CS 1.6\\hl.exe"=
"D:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"D:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"D:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"D:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"D:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"D:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\CS 1.6\\cstrike.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"D:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"D:\\Program Files\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\E.tmp [ ]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
S3 WFLR6654;WinFast TV2000 XP Global/Global TV (Video);C:\WINDOWS\system32\drivers\wfeaglxt.sys [2007-07-25 405632]
S4 gupdate1c90b651dea8622;Google Update Service (gupdate1c90b651dea8622);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-31 133104]
S4 MONyog;MONyog;C:\Program Files\MONyog\bin\MONyog.exe [2008-08-21 2367488]
S4 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-14 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{129D532E-E2EC-4527-B4BA-4626830EFE18} - C:\WINDOWS\dfmlxbpkbkl.dll
BHO-{5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Toolbar-{BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\WINDOWS\peltodgx.dll
HKCU-Run-\YURA62.exe - C:\Windows\system32\YURA62.exe
HKCU-Run-\YURA63.exe - C:\Windows\system32\YURA63.exe
HKCU-Run-\YURA64.exe - C:\Windows\system32\YURA64.exe
HKCU-Run-\YURA65.exe - C:\Windows\system32\YURA65.exe
HKCU-Run-\YURA8A.exe - C:\Windows\system32\YURA8A.exe
HKCU-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKCU-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKCU-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKCU-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKLM-Run-\YURA62.exe - C:\Windows\system32\YURA62.exe
HKLM-Run-\YURA63.exe - C:\Windows\system32\YURA63.exe
HKLM-Run-\YURA64.exe - C:\Windows\system32\YURA64.exe
HKLM-Run-\YURA65.exe - C:\Windows\system32\YURA65.exe
HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
HKLM-Run-\YURA8A.exe - C:\Windows\system32\YURA8A.exe
HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-BitTorrent DNA - C:\Program Files\DNA\btdna.exe
MSConfigStartUp-My Web Search Bar - C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-RAM Idle Professional - C:\Program Files\RAM Idle LE\RAM_XP.exe
MSConfigStartUp-WeatherDPA - C:\Program Files\Zango\bin\10.3.75.0\Weather.exe
MSConfigStartUp-ZangoOE - C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
MSConfigStartUp-ZangoSA - C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\FlAmE of HeLl\Application Data\Mozilla\Firefox\Profiles\bpgka871.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Documents and Settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Google\Lively\nplively.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 18:46:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\E.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\khfGxUNf.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\agmcosav.dll
-> C:\WINDOWS\system32\fccyvvSK.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-09-27 18:50:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-27 16:49:59

Pre-Run: 7,426,207,744 bytes free
Post-Run: 7,544,537,088 bytes free

637

Poslao: 27 Sep 2008 22:38
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\agmcosav.dll
C:\WINDOWS\system32\fccyvvSK.dll
C:\WINDOWS\system32\khfGxUNf.dll
C:\WINDOWS\system32\E.tmp
C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
C:\WINDOWS\system32\fccyvvSK
C:\WINDOWS\system32\vasocmga.ini
C:\WINDOWS\system32\agmcosav.dll
C:\WINDOWS\system32\fccyvvSK.dll
C:\WINDOWS\system32\KSvvyccf.ini2
C:\WINDOWS\system32\KSvvyccf.ini
C:\WINDOWS\system32\qoMfDUNF.dll
C:\WINDOWS\system32\khfGxUNf.dll
C:\WINDOWS\fbxrqtwn.exe
C:\WINDOWS\system32\MicroAV.cpl
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssserf1.dll

Folder::
C:\Program Files\Zango
C:\Documents and Settings\All Users\Application Data\lsbmbgty
C:\Program Files\emcxicc
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport

Driver::
MEMSWEEP2

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376EFD74-7AA4-44A4-9E39-E374ED3139A9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC1ED97C-0525-425D-A939-2ACA495E7212}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e8d76a67"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3eHw1B3dFN"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGxUNf]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 28 Sep 2008 10:57
Idi na vrh
offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

ComboFix 08-09-27.01 - FlAmE of HeLl 2008-09-28 10:43:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1529 [GMT 2:00]
Running from: C:\Documents and Settings\FlAmE of HeLl\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\FlAmE of HeLl\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
C:\WINDOWS\fbxrqtwn.exe
C:\WINDOWS\system32\agmcosav.dll
C:\WINDOWS\system32\E.tmp
C:\WINDOWS\system32\fccyvvSK
C:\WINDOWS\system32\fccyvvSK.dll
C:\WINDOWS\system32\khfGxUNf.dll
C:\WINDOWS\system32\KSvvyccf.ini
C:\WINDOWS\system32\KSvvyccf.ini2
C:\WINDOWS\system32\MicroAV.cpl
C:\WINDOWS\system32\qoMfDUNF.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssserf1.dll
C:\WINDOWS\system32\vasocmga.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\lsbmbgty
C:\Documents and Settings\All Users\Application Data\lsbmbgty\jcpwxuxw.exe
C:\Program Files\emcxicc
C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
C:\WINDOWS\fbxrqtwn.exe
C:\WINDOWS\system32\agmcosav.dll
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33697
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70773
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748176
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\752900
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79721
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\ustat\3745.dat
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\avatar.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\components.cdf
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\cursors.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\default.cdf
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\icons2.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\progress.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\WINDOWS\system32\fccyvvSK.dll
C:\WINDOWS\system32\khfGxUNf.dll
C:\WINDOWS\system32\KSvvyccf.ini
C:\WINDOWS\system32\KSvvyccf.ini2
C:\WINDOWS\system32\MicroAV.cpl
C:\WINDOWS\system32\qoMfDUNF.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssserf1.dll
C:\WINDOWS\system32\vasocmga.ini

----- BITS: Possible infected sites -----

hxxp://91.203.93.6
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2


((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 10:28 . 2008-09-28 10:28 <DIR> d-------- C:\Program Files\ynvpuw
2008-09-27 22:12 . 2008-09-27 22:12 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-27 22:12 . 2008-09-27 22:12 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\vlc
2008-09-27 22:00 . 2008-09-27 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-27 21:46 . 2008-09-27 21:46 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-09-27 21:12 . 2008-09-27 21:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SPORE
2008-09-27 21:07 . 2008-09-27 21:07 <DIR> d-------- C:\Program Files\Foxit Software
2008-09-27 21:06 . 2008-09-27 21:06 <DIR> d-------- C:\Program Files\WinRarce
2008-09-27 21:00 . 2008-09-27 21:00 952,775 --ahs---- C:\WINDOWS\system32\riulnmlk.ini
2008-09-27 21:00 . 2008-09-27 21:00 80,000 --a------ C:\WINDOWS\system32\klmnluir.dll
2008-09-27 20:58 . 2008-09-27 20:58 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-27 20:52 . 2001-08-23 12:00 68,608 --a------ C:\WINDOWS\system32\plugin.ocx
2008-09-27 20:52 . 2001-08-23 12:00 68,608 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx
2008-09-27 20:22 . 2008-09-27 20:24 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\BSplayer Pro
2008-09-27 19:49 . 2008-09-27 19:49 952,775 --ahs---- C:\WINDOWS\system32\txsaoscn.ini
2008-09-27 19:48 . 2008-09-28 10:43 334,868 --ahs---- C:\WINDOWS\system32\efPAKkkj.ini2
2008-09-27 19:48 . 2008-09-28 10:43 334,868 --ahs---- C:\WINDOWS\system32\efPAKkkj.ini
2008-09-27 19:47 . 2008-09-27 19:48 327,936 --a------ C:\WINDOWS\system32\jkkKAPfe.dll
2008-09-27 14:08 . 2008-09-27 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-27 14:00 . 2008-09-27 14:00 <DIR> d-------- C:\Program Files\corel
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-27 12:11 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-27 12:11 . 2008-09-27 12:11 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\MSBuild
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 --a------ C:\WINDOWS\system32\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 12:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-27 12:10 . 2008-07-06 14:06 575,488 --a------ C:\WINDOWS\system32\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 117,760 --a------ C:\WINDOWS\system32\prntvpt.dll
2008-09-27 12:10 . 2008-07-06 14:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-27 12:07 . 2008-09-27 12:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-27 11:30 . 2008-09-27 11:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\AveDesk
2008-09-27 11:19 . 2008-09-27 11:19 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 11:14 . 2008-09-27 11:14 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C9.tmp
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C8.tmp
2008-09-26 18:58 . 2008-09-26 18:58 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-09-26 18:46 . 2008-09-26 18:54 <DIR> d-------- C:\Program Files\FrostWire
2008-09-26 18:46 . 2008-09-27 14:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FrostWire
2008-09-25 18:37 . 2008-09-25 18:37 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-25 18:37 . 2006-10-04 16:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SET29D.tmp
2008-09-25 18:36 . 2008-09-25 18:36 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-25 18:36 . 2008-09-25 18:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-25 18:35 . 2008-09-25 18:35 1,187 --a------ C:\WINDOWS\wmplayer.reg
2008-09-25 13:01 . 2008-09-25 13:01 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-24 20:34 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-24 19:49 . 2008-09-24 19:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-24 19:48 . 2008-09-24 19:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-24 19:39 . 2008-09-27 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-24 19:38 . 2008-09-24 19:38 <DIR> dr-h----- C:\MSOCache
2008-09-24 14:02 . 2008-09-24 14:02 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-09-23 19:16 . 2008-09-23 19:16 56 --a------ C:\WINDOWS\wb.ini
2008-09-23 17:51 . 2008-09-27 14:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ShoppingReport
2008-09-23 17:46 . 2008-04-26 16:14 42,672 --a------ C:\WINDOWS\system32\~GLH0012.TMP
2008-09-23 17:16 . 2008-09-23 17:16 <DIR> d-------- C:\Program Files\RocketDock
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\Stardock
2008-09-22 20:26 . 2008-09-22 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-22 18:00 . 2008-09-22 18:00 1,605 --a------ C:\Mozilla Firefox.lnk
2008-09-22 17:51 . 2008-09-22 17:51 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Windows Live Writer
2008-09-22 16:10 . 2008-09-22 16:10 <DIR> d-------- C:\Program Files\Microsoft
2008-09-22 15:49 . 2008-09-22 15:49 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-22 15:48 . 2008-09-22 15:48 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\MxBoost
2008-09-22 15:47 . 2008-09-22 15:48 <DIR> d-------- C:\Program Files\Maxthon2
2008-09-22 15:25 . 2008-09-22 15:25 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-09-22 15:25 . 2008-09-22 15:26 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Vista Start Menu
2008-09-22 15:22 . 2008-09-22 15:22 <DIR> d-------- C:\Program Files\WinMatrix XP
2008-09-21 14:01 . 2008-09-21 14:01 <DIR> d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
2008-09-20 10:17 . 2008-09-22 17:53 <DIR> d-------- C:\Program Files\Windows Live
2008-09-20 10:11 . 2008-09-28 10:28 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\OpenOffice.org2
2008-09-20 08:10 . 2008-09-20 08:11 250 --a------ C:\WINDOWS\gmer.ini
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Yahoo!
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Program Files\Nvu
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Nvu
2008-09-19 08:49 . 2008-09-19 08:49 <DIR> d-------- C:\Program Files\Complex
2008-09-17 21:09 . 2008-09-17 21:09 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-09-17 09:11 . 2008-09-17 09:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ChessBase
2008-09-17 09:10 . 2008-09-17 09:10 <DIR> d-------- C:\Program Files\ChessBase
2008-09-16 13:16 . 2008-09-16 13:17 <DIR> d-------- C:\Program Files\AIMP2
2008-09-16 13:15 . 2008-09-27 20:22 <DIR> d-------- C:\Program Files\Webteh
2008-09-15 13:11 . 2008-09-15 13:12 <DIR> d-------- C:\Program Files\Real
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Program Files\Solway's Internet TV and Radio
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SolwaySoftware
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d-------- C:\Program Files\Recuva
2008-09-14 19:54 . 2008-09-14 19:54 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.thumbnails
2008-09-14 19:53 . 2008-09-14 19:55 <DIR> d-------- C:\PNG
2008-09-14 19:53 . 2008-09-14 19:53 <DIR> d-------- C:\ICO
2008-09-14 19:53 . 2007-02-03 21:50 125,484 --a------ C:\Vista_Style_Icons_Preview.png
2008-09-14 18:38 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-14 18:38 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-14 18:37 . 2008-09-14 18:38 <DIR> d-------- C:\Program Files\Picasa2
2008-09-14 18:37 . 2008-09-14 18:37 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-09-14 18:37 . 2008-09-15 11:21 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.gimp-2.4
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\Screamer Radio
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\IrfanView
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\QuickTime
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\LocalCooling
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-14 18:18 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Songbird2
2008-09-14 18:17 . 2008-09-15 19:39 <DIR> d-------- C:\Program Files\Songbird
2008-09-14 18:17 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-14 18:12 . 2008-09-14 18:12 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-14 18:12 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-14 18:11 . 2008-09-14 18:11 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-09-14 15:43 . 2008-09-14 15:43 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FileZilla
2008-09-09 15:01 . 2008-09-17 20:38 <DIR> d-------- C:\Program Files\Valve
2008-09-09 14:44 . 2008-09-09 14:44 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SEGA
2008-09-08 21:47 . 2008-09-08 21:47 <DIR> d-------- C:\Program Files\Samurize

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-27 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 19:10 --------- d-----w C:\Program Files\CyberLink
2008-09-27 18:36 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BitTorrent
2008-09-27 18:25 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-27 18:21 --------- d-----w C:\Program Files\Winamp
2008-09-27 16:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Hamachi
2008-09-26 17:40 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-09-26 17:40 --------- d-----w C:\Program Files\OpenAL
2008-09-25 11:15 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-09-24 12:02 --------- d-----w C:\Program Files\AlienGUIse
2008-09-23 17:16 --------- d-----w C:\Program Files\Common Files\Stardock
2008-09-22 13:40 --------- d-----w C:\Program Files\Opera
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Activision
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Activision
2008-09-21 10:06 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-20 08:09 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-14 17:58 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-09-14 16:39 --------- d-----w C:\Program Files\Google
2008-09-07 18:19 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BearShare
2008-09-06 19:19 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-06 13:28 --------- d-----w C:\Program Files\SpeedFan
2008-09-04 06:02 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-08-31 00:18 --------- d-----w C:\Program Files\Hamachi
2008-08-28 08:45 --------- d-----w C:\Program Files\e-texaspoker client
2008-08-28 08:32 --------- d-----w C:\Program Files\Yahoo!
2008-08-25 08:16 --------- d-----w C:\Program Files\BitTorrent
2008-08-23 21:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Dev-Cpp
2008-08-21 20:25 70,742 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-08-21 20:25 5,423 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-21 10:59 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-08-21 10:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-21 07:16 --------- d-----w C:\Program Files\Orb Networks
2008-08-21 07:11 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-08-20 09:07 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-18 14:46 22,328 ----a-w C:\Documents and Settings\FlAmE of HeLl\Application Data\PnkBstrK.sys
2008-08-18 14:24 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-18 14:24 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-18 13:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-18 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\POP3Profiles
2008-08-16 19:00 --------- d-----w C:\Program Files\LucasArts
2008-08-15 06:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-14 07:01 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-13 13:44 --------- d-----w C:\Program Files\PoxNora
2008-08-13 07:48 20,500 ----a-w C:\Documents and Settings\FlAmE of HeLl\FMCodec.dat
2008-08-13 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-12 20:08 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\AdobeUM
2008-08-12 13:32 --------- d-----w C:\Program Files\Java
2008-08-12 13:16 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 18:53 --------- d-----w C:\Program Files\My Company Name
2008-08-11 18:53 --------- d-----w C:\Program Files\HP
2008-08-11 18:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-11 18:53 --------- d-----w C:\Program Files\Common Files\HP
2008-08-10 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-08-10 08:28 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-09 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Bioshock
2008-08-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer
2008-08-09 13:39 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\GRETECH
2008-08-09 13:38 --------- d-----w C:\Program Files\GRETECH
2008-08-09 13:28 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Black Sea Studios
2008-08-09 09:02 --------- d-----w C:\Program Files\Common Files\BioWare
2008-08-09 07:42 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Ubisoft
2008-08-09 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-08 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\InstallShield
2008-08-08 17:47 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Microsoft Games
2008-08-08 16:54 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-08-08 11:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-08 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-07 21:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\ACD Systems
2008-08-07 20:46 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\TuneUp Software
2008-08-07 20:29 --------- d--h--r C:\Documents and Settings\FlAmE of HeLl\Application Data\SecuROM
2008-08-07 20:23 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-07 20:21 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-07 20:16 --------- d-----w C:\Program Files\CCleaner
2008-08-07 17:44 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-07 17:04 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-07 16:13 --------- d-----w C:\Program Files\Common Files\Java
2008-08-07 16:10 --------- d-----w C:\Program Files\BearShare Applications
2008-08-06 10:50 --------- d-----w C:\Program Files\WinFast
2008-08-06 10:50 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-06 10:42 --------- d-----w C:\Program Files\ACD Systems
2008-08-06 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-06 10:41 --------- d-----w C:\Program Files\Mv2Player
2008-08-06 10:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-06 10:37 --------- d-----w C:\Program Files\Ahead
2008-08-06 10:28 --------- d-----w C:\Program Files\Total Commander XP
2008-08-06 10:23 --------- d-----w C:\Program Files\Realtek
2008-08-06 10:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-06 10:05 --------- d-----w C:\Program Files\Intel
2008-08-06 09:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-27_18.49.18.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-27 19:10:28 94,646 ----a-r C:\WINDOWS\Installer\{1F0B7A92-C643-4F8F-B35F-2CBAE4FEA4F3}\ARPPRODUCTICON.exe
+ 2008-09-27 18:25:35 81,920 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ACDSeeDesktopShortcu_F99F74B4972B4B06B8936B3B0DB0128B.exe
+ 2008-09-27 18:25:35 81,920 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ACDSeePMShortcut_F99F74B4972B4B06B8936B3B0DB0128B.exe
+ 2008-09-27 18:25:35 566,608 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ACDSeeShowroomShor_89621A33AFFC45029C8C9D5A4EA9D15A.exe
+ 2008-09-27 18:25:35 81,920 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ARPPRODUCTICON.exe
+ 2008-09-27 18:25:35 45,056 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\DevDetectPMShortcut_ECE0113B23D04DD889E6D2F026CABF03.exe
- 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-09-27 19:58:57 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2008-09-05 21:30:42 241,704 -c----w C:\WINDOWS\system32\dllcache\wgaLogon.dll
+ 2008-09-05 21:29:58 917,032 -c----w C:\WINDOWS\system32\dllcache\WgaTray.exe
- 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
- 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2006-10-17 11:01:00 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2006-11-21 19:24:56 1,488,688 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-06-26 20:52:02 229,888 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil10.exe
- 2008-09-09 18:26:51 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-09-27 17:16:37 88,353 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2004-08-03 20:56:44 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-23 18:42:40 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
- 2002-02-04 00:52:54 1,230,336 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2003-04-18 14:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 1996-01-12 15:00:00 24,576 ----a-w C:\WINDOWS\system32\STKIT432.DLL
+ 2007-03-15 16:17:00 183,808 ----a-w C:\WINDOWS\system32\WgaLogon.dll
+ 2007-03-15 16:17:10 310,784 ----a-w C:\WINDOWS\system32\WgaTray.exe
+ 2007-03-15 16:17:10 310,784 ----a-w C:\WINDOWS\system32\wgatray.exe.old
+ 2008-09-28 08:49:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_100.dat
+ 2008-09-27 17:01:00 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D854013E-64F9-461C-ACBE-D6548857F000}]
2008-09-27 19:48 327936 --a------ C:\WINDOWS\system32\jkkKAPfe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"websmartsys"= {41F5D96B-7B65-358C-2372-08F3B11B5A8F} - C:\Program Files\ynvpuw\websmartsys.dll [2008-09-28 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkKAPfe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 22:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e8d76a67]
--a------ 2008-09-27 21:00 80000 C:\WINDOWS\system32\klmnluir.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-31 14:38 133104 C:\Documents and Settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
--a------ 2006-12-01 18:09 2056875 C:\Program Files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-23 14:11 21738792 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-15 13:11 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 19:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-30 00:01 52168 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-09-19 19:16 2145280 C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 15:55 2850816 C:\Program Files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-11-16 16:13 90112 C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MONyog"=2 (0x2)
"gupdate1c90b651dea8622"=2 (0x2)
"UserAccess7"=2 (0x2)
"NMSAccessU"=2 (0x2)
"gusvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"D:\\CS 1.6\\hl.exe"=
"D:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"D:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"D:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"D:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"D:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"D:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\CS 1.6\\cstrike.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"D:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"D:\\Program Files\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 75856]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
S3 WFLR6654;WinFast TV2000 XP Global/Global TV (Video);C:\WINDOWS\system32\drivers\wfeaglxt.sys [2007-07-25 405632]
S4 gupdate1c90b651dea8622;Google Update Service (gupdate1c90b651dea8622);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-31 133104]
S4 MONyog;MONyog;C:\Program Files\MONyog\bin\MONyog.exe [2008-08-21 2367488]
S4 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-14 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Device Detector - DevDetect.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 10:50:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\jkkKAPfe.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\WINDOWS\system32\rundll32.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-28 10:54:02 - machine was rebooted [FlAmE of HeLl]
ComboFix-quarantined-files.txt 2008-09-28 08:53:56

Pre-Run: 6,391,984,128 bytes free
Post-Run: 7,321,497,600 bytes free

665

Poslao: 28 Sep 2008 11:41
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nece ovo ovako ici. Restartovao si komp u medjuvremenu, pa se zaraza obnovila pre nego sto si pustio skript koji sam ti napisao.

Moracemo da se dogovorimo kada da budemo obojica na netu i da ovo resimo u jednom dahu.

Ja mislim da cu veceras oko 8 sati biti na netu.

Poslao: 28 Sep 2008 11:49
Idi na vrh
offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Ok.I ja cu biti na netu oko osam!

Poslao: 28 Sep 2008 20:10
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skeniraj ponovo ComboFixom (klikni dva puta na ComboFix ikonicu) i postavi mi log. Nemoj da gasis komp dok ne zavrsimo.

Poslao: 28 Sep 2008 20:29
Idi na vrh
offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Pokrenuo sam combofix ali mi je on kad je zavrsio sam restartovao komp!
Evo loga
ComboFix 08-09-27.05 - FlAmE of HeLl 2008-09-28 20:15:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1472 [GMT 2:00]
Running from: C:\Documents and Settings\FlAmE of HeLl\Desktop\Vazni programi\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\efPAKkkj.ini
C:\WINDOWS\system32\efPAKkkj.ini2
C:\WINDOWS\system32\jkkKAPfe.dll
C:\WINDOWS\system32\riulnmlk.ini
C:\WINDOWS\system32\txsaoscn.ini

----- BITS: Possible infected sites -----

hxxp://91.203.93.6
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 20:00 . 2008-09-28 20:00 5,292,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-28 19:58 . 2008-09-28 20:00 5,423 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-28 13:35 . 2008-08-07 19:44 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-09-28 10:28 . 2008-09-28 10:58 <DIR> d-------- C:\Program Files\ynvpuw
2008-09-27 22:12 . 2008-09-27 22:12 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-27 22:12 . 2008-09-27 22:12 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\vlc
2008-09-27 22:00 . 2008-09-27 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-27 21:46 . 2008-09-27 21:46 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-09-27 21:12 . 2008-09-27 21:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SPORE
2008-09-27 21:07 . 2008-09-27 21:07 <DIR> d-------- C:\Program Files\Foxit Software
2008-09-27 21:06 . 2008-09-28 19:55 <DIR> d-------- C:\Program Files\WinRarce
2008-09-27 21:00 . 2008-09-27 21:00 80,000 --a------ C:\WINDOWS\system32\klmnluir.dll
2008-09-27 20:58 . 2008-09-27 20:58 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-27 20:52 . 2001-08-23 12:00 229,376 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx
2008-09-27 20:52 . 2001-08-23 12:00 68,608 --a------ C:\WINDOWS\system32\plugin.ocx
2008-09-27 20:22 . 2008-09-27 20:24 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\BSplayer Pro
2008-09-27 14:08 . 2008-09-27 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-27 14:00 . 2008-09-27 14:00 <DIR> d-------- C:\Program Files\corel
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-27 12:11 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-27 12:11 . 2008-09-27 12:11 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\MSBuild
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 --a------ C:\WINDOWS\system32\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 12:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-27 12:10 . 2008-07-06 14:06 575,488 --a------ C:\WINDOWS\system32\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 117,760 --a------ C:\WINDOWS\system32\prntvpt.dll
2008-09-27 12:10 . 2008-07-06 14:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-27 12:07 . 2008-09-27 12:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-27 11:30 . 2008-09-27 11:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\AveDesk
2008-09-27 11:19 . 2008-09-27 11:19 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 11:14 . 2008-09-27 11:14 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C9.tmp
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C8.tmp
2008-09-26 18:58 . 2008-09-26 18:58 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-09-26 18:46 . 2008-09-26 18:54 <DIR> d-------- C:\Program Files\FrostWire
2008-09-26 18:46 . 2008-09-27 14:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FrostWire
2008-09-25 18:37 . 2008-09-28 19:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-25 18:37 . 2006-10-04 16:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SET29D.tmp
2008-09-25 18:36 . 2008-09-25 18:36 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-25 18:36 . 2008-09-25 18:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-25 18:35 . 2008-09-25 18:35 1,187 --a------ C:\WINDOWS\wmplayer.reg
2008-09-25 13:01 . 2008-09-25 13:01 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-24 20:34 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-24 19:49 . 2008-09-24 19:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-24 19:48 . 2008-09-24 19:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-24 19:39 . 2008-09-27 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-24 19:38 . 2008-09-24 19:38 <DIR> dr-h----- C:\MSOCache
2008-09-24 14:02 . 2008-09-24 14:02 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-09-23 19:16 . 2008-09-23 19:16 56 --a------ C:\WINDOWS\wb.ini
2008-09-23 17:51 . 2008-09-27 14:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ShoppingReport
2008-09-23 17:46 . 2008-04-26 16:14 42,672 --a------ C:\WINDOWS\system32\~GLH0012.TMP
2008-09-23 17:16 . 2008-09-23 17:16 <DIR> d-------- C:\Program Files\RocketDock
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\Stardock
2008-09-22 20:26 . 2008-09-22 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-22 18:00 . 2008-09-22 18:00 1,605 --a------ C:\Mozilla Firefox.lnk
2008-09-22 17:51 . 2008-09-22 17:51 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Windows Live Writer
2008-09-22 16:10 . 2008-09-22 16:10 <DIR> d-------- C:\Program Files\Microsoft
2008-09-22 15:49 . 2008-09-22 15:49 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-22 15:48 . 2008-09-22 15:48 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\MxBoost
2008-09-22 15:47 . 2008-09-22 15:48 <DIR> d-------- C:\Program Files\Maxthon2
2008-09-22 15:25 . 2008-09-22 15:25 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-09-22 15:25 . 2008-09-22 15:26 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Vista Start Menu
2008-09-22 15:22 . 2008-09-22 15:22 <DIR> d-------- C:\Program Files\WinMatrix XP
2008-09-21 14:01 . 2008-09-21 14:01 <DIR> d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
2008-09-20 10:17 . 2008-09-22 17:53 <DIR> d-------- C:\Program Files\Windows Live
2008-09-20 10:11 . 2008-09-28 20:21 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\OpenOffice.org2
2008-09-20 08:10 . 2008-09-20 08:11 250 --a------ C:\WINDOWS\gmer.ini
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Yahoo!
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Program Files\Nvu
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Nvu
2008-09-19 08:49 . 2008-09-19 08:49 <DIR> d-------- C:\Program Files\Complex
2008-09-17 21:09 . 2008-09-17 21:09 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-09-17 09:11 . 2008-09-17 09:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ChessBase
2008-09-17 09:10 . 2008-09-17 09:10 <DIR> d-------- C:\Program Files\ChessBase
2008-09-16 13:16 . 2008-09-16 13:17 <DIR> d-------- C:\Program Files\AIMP2
2008-09-16 13:15 . 2008-09-27 20:22 <DIR> d-------- C:\Program Files\Webteh
2008-09-15 13:11 . 2008-09-15 13:12 <DIR> d-------- C:\Program Files\Real
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Program Files\Solway's Internet TV and Radio
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SolwaySoftware
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d-------- C:\Program Files\Recuva
2008-09-14 19:54 . 2008-09-14 19:54 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.thumbnails
2008-09-14 19:53 . 2008-09-14 19:55 <DIR> d-------- C:\PNG
2008-09-14 19:53 . 2008-09-14 19:53 <DIR> d-------- C:\ICO
2008-09-14 19:53 . 2007-02-03 21:50 125,484 --a------ C:\Vista_Style_Icons_Preview.png
2008-09-14 18:38 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-14 18:38 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-14 18:37 . 2008-09-14 18:38 <DIR> d-------- C:\Program Files\Picasa2
2008-09-14 18:37 . 2008-09-14 18:37 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-09-14 18:37 . 2008-09-15 11:21 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.gimp-2.4
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\Screamer Radio
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\IrfanView
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\QuickTime
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\LocalCooling
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-14 18:18 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Songbird2
2008-09-14 18:17 . 2008-09-15 19:39 <DIR> d-------- C:\Program Files\Songbird
2008-09-14 18:17 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-14 18:12 . 2008-09-14 18:12 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-14 18:12 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-14 18:11 . 2008-09-14 18:11 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-09-14 15:43 . 2008-09-14 15:43 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FileZilla
2008-09-09 15:01 . 2008-09-17 20:38 <DIR> d-------- C:\Program Files\Valve
2008-09-09 14:44 . 2008-09-09 14:44 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SEGA
2008-09-08 21:47 . 2008-09-08 21:47 <DIR> d-------- C:\Program Files\Samurize
2008-09-07 21:10 . 2008-09-07 21:10 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\COWON
2008-09-07 21:08 . 2008-09-23 17:44 <DIR> d-------- C:\Program Files\JetAudio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 18:00 71,172 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-28 16:56 --------- d-----w C:\Program Files\Google
2008-09-27 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-27 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 19:10 --------- d-----w C:\Program Files\CyberLink
2008-09-27 18:36 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BitTorrent
2008-09-27 18:25 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-27 18:21 --------- d-----w C:\Program Files\Winamp
2008-09-27 16:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Hamachi
2008-09-26 17:40 --------- d-----w C:\Program Files\OpenAL
2008-09-24 12:02 --------- d-----w C:\Program Files\AlienGUIse
2008-09-23 17:16 --------- d-----w C:\Program Files\Common Files\Stardock
2008-09-22 13:40 --------- d-----w C:\Program Files\Opera
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Activision
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Activision
2008-09-20 08:09 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-14 17:58 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-09-07 18:19 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BearShare
2008-09-06 13:28 --------- d-----w C:\Program Files\SpeedFan
2008-09-04 06:02 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-08-31 00:18 --------- d-----w C:\Program Files\Hamachi
2008-08-28 08:45 --------- d-----w C:\Program Files\e-texaspoker client
2008-08-28 08:32 --------- d-----w C:\Program Files\Yahoo!
2008-08-25 08:16 --------- d-----w C:\Program Files\BitTorrent
2008-08-23 21:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Dev-Cpp
2008-08-21 10:59 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-08-21 10:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-21 07:16 --------- d-----w C:\Program Files\Orb Networks
2008-08-21 07:11 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-08-20 09:07 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-18 14:46 22,328 ----a-w C:\Documents and Settings\FlAmE of HeLl\Application Data\PnkBstrK.sys
2008-08-18 14:24 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-18 14:24 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-18 13:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-18 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\POP3Profiles
2008-08-16 19:00 --------- d-----w C:\Program Files\LucasArts
2008-08-15 06:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-13 13:44 --------- d-----w C:\Program Files\PoxNora
2008-08-13 07:48 20,500 ----a-w C:\Documents and Settings\FlAmE of HeLl\FMCodec.dat
2008-08-13 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-12 20:08 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\AdobeUM
2008-08-12 13:32 --------- d-----w C:\Program Files\Java
2008-08-12 13:16 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 18:53 --------- d-----w C:\Program Files\My Company Name
2008-08-11 18:53 --------- d-----w C:\Program Files\HP
2008-08-11 18:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-11 18:53 --------- d-----w C:\Program Files\Common Files\HP
2008-08-10 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-08-09 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Bioshock
2008-08-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer
2008-08-09 13:39 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\GRETECH
2008-08-09 13:38 --------- d-----w C:\Program Files\GRETECH
2008-08-09 13:28 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Black Sea Studios
2008-08-09 09:02 --------- d-----w C:\Program Files\Common Files\BioWare
2008-08-09 07:42 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Ubisoft
2008-08-09 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-08 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\InstallShield
2008-08-08 17:47 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Microsoft Games
2008-08-08 11:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-08 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-07 21:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\ACD Systems
2008-08-07 20:46 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\TuneUp Software
2008-08-07 20:29 --------- d--h--r C:\Documents and Settings\FlAmE of HeLl\Application Data\SecuROM
2008-08-07 20:23 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-07 20:21 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-07 20:16 --------- d-----w C:\Program Files\CCleaner
2008-08-07 17:04 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-07 16:13 --------- d-----w C:\Program Files\Common Files\Java
2008-08-07 16:10 --------- d-----w C:\Program Files\BearShare Applications
2008-08-06 10:50 --------- d-----w C:\Program Files\WinFast
2008-08-06 10:50 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-06 10:42 --------- d-----w C:\Program Files\ACD Systems
2008-08-06 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-06 10:41 --------- d-----w C:\Program Files\Mv2Player
2008-08-06 10:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-06 10:37 --------- d-----w C:\Program Files\Ahead
2008-08-06 10:28 --------- d-----w C:\Program Files\Total Commander XP
2008-08-06 10:23 --------- d-----w C:\Program Files\Realtek
2008-08-06 10:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-06 10:05 --------- d-----w C:\Program Files\Intel
2008-08-06 09:57 --------- d-----w C:\Program Files\microsoft frontpage
.

------- Sigcheck -------

2004-08-03 22:56 690176 3a5ee0514f56b1b775d7641cfba5ad37 C:\WINDOWS\system32\wininet.dll
2004-08-03 22:56 690176 3a5ee0514f56b1b775d7641cfba5ad37 C:\WINDOWS\system32\dllcache\wininet.dll

2004-08-03 22:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\explorer.exe
2004-08-03 22:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-03 22:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\wuauclt.exe
2004-08-03 22:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot_2008-09-28_10.53.37.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-28 10:25:14 343,376 ----a-w C:\WINDOWS\BricoPacks\SysFiles\146_iCF.exe
- 2008-08-07 17:44:04 218,624 ----a-w C:\WINDOWS\BricoPacks\SysFiles\Ux_uxtheme.dll
+ 2008-09-28 11:35:17 218,624 ----a-w C:\WINDOWS\BricoPacks\SysFiles\Ux_uxtheme.dll
+ 2001-10-18 21:51:00 46,592 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll
+ 2005-06-09 22:08:00 283,294 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\iColorFolder.dll
+ 2006-03-09 14:33:18 405,504 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\iColorFolder.exe
+ 2005-06-09 22:08:00 283,294 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\skins\Vista Inspirat\iColorFolder.dll
+ 2008-09-28 18:07:22 33,617 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\uninstall.exe
+ 2007-04-22 08:18:34 98,304 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe
+ 2004-08-03 20:56:42 448,512 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\10_cmdial32.dll
+ 2001-08-23 10:00:00 69,632 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\11_console.dll
+ 2004-08-03 20:56:42 188,928 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\12_credui.dll
+ 2004-08-03 20:56:50 974,336 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\14_explorer.exe
+ 2004-08-03 20:56:44 392,704 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\15_fontext.dll
+ 2004-08-03 20:56:50 764,928 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\17_helpctr.exe
+ 2004-08-03 20:56:44 159,744 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\18_hotplug.dll
+ 2004-08-03 20:56:48 100,864 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\2_ahui.exe
+ 2001-08-23 10:00:00 280,576 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\20_inetcplc.dll
+ 2004-08-03 20:56:44 402,944 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\23_keymgr.dll
+ 2004-08-03 20:56:58 3,128,320 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\24_logon.scr
+ 2004-08-03 20:56:52 538,112 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\26_migwiz.exe
+ 2004-08-03 20:56:12 380,416 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\28_moricons.dll
+ 2004-08-03 20:56:44 1,101,824 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\29_msgina.dll
+ 2004-08-03 20:56:44 3,444,224 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\30_mshtml.dll
+ 2004-08-03 20:56:54 439,808 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\31_mspaint.exe
+ 2004-08-03 20:56:44 321,536 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\32_mstask.dll
+ 2004-08-03 18:59:44 657,408 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\33_mstscax.dll
+ 2004-08-03 20:56:46 86,016 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\34_mydocs.dll
+ 2004-08-03 20:56:56 55,808 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\35_narrator.exe
+ 2004-08-03 20:56:46 147,456 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\37_netid.dll
+ 2004-08-03 20:56:46 2,122,752 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\38_netshell.dll
+ 2004-08-03 20:56:46 413,696 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\39_newdev.dll
+ 2004-08-03 20:56:42 28,672 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\4_batmeter.dll
+ 2004-08-03 20:56:56 155,136 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\40_notepad.exe
+ 2004-08-03 20:56:56 155,136 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\41_notepad.exe
+ 2004-08-03 20:56:46 231,936 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\42_ntshrui.dll
+ 2004-08-03 20:56:46 146,944 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\44_occache.dll
+ 2004-08-03 20:56:46 740,864 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\46_printui.dll
+ 2004-08-03 20:56:46 1,229,824 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\47_rasdlg.dll
+ 2004-08-03 20:56:56 224,256 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\48_regedit.exe
+ 2004-08-03 20:56:28 666,112 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\49_shdoclc.dll
+ 2004-08-03 20:56:42 1,014,784 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\5_browseui.dll
+ 2004-08-03 20:56:46 1,762,816 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\50_shdocvw.dll
+ 2004-08-03 20:56:46 12,796,416 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\51_shell32.dll
+ 2004-08-03 20:56:46 1,788,416 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\52_shimgvw.dll
+ 2004-08-03 20:56:46 498,176 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\53_shlwapi.dll
+ 2004-08-03 20:56:58 180,736 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\54_sndrec32.exe
+ 2001-08-23 10:00:00 152,064 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\55_sndvol32.exe
+ 2004-08-03 20:56:46 147,456 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\56_stobject.dll
+ 2004-08-03 20:56:58 182,272 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\58_sysocmgr.exe
+ 2007-11-08 14:34:01 1,240,576 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\59_syssetup.dll
+ 2004-08-03 20:56:42 82,944 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\6_cabview.dll
+ 2004-08-03 20:56:58 181,760 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\60_taskmgr.exe
+ 2004-08-03 20:56:48 388,096 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\62_themeui.dll
+ 2004-08-03 20:56:48 59,392 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\64_url.dll
+ 2004-08-03 20:56:48 674,816 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\65_urlmon.dll
+ 2004-08-03 20:56:48 437,248 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\66_webcheck.dll
+ 2004-08-03 20:56:58 885,248 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\67_wiaacmgr.exe
+ 2004-08-03 20:56:48 769,536 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\68_wiashext.dll
+ 2004-08-03 20:56:48 690,176 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\69_wininet.dll
+ 2001-08-23 10:00:00 117,760 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\7_calc.exe
+ 2004-08-03 20:56:36 764,416 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\70_WINNTBBU.DLL
+ 2004-08-03 20:56:48 291,840 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\71_winsrv.dll
+ 2004-08-03 20:56:58 100,864 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\73_wuauclt.exe
+ 2004-08-03 20:56:58 285,696 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\74_wuauclt1.exe
+ 2004-08-03 20:56:38 3,288,064 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\76_xpsp2res.dll
+ 2004-08-03 20:56:48 905,216 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\77_zipfldr.dll
+ 2004-08-03 20:56:52 5,650,432 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\78_logonui.exe
+ 2004-08-03 20:56:52 832,512 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\79_iexplore.exe
+ 2004-08-03 20:56:48 108,544 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\8_cleanmgr.exe
+ 2004-08-03 20:56:54 223,232 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\80_msimn.exe
+ 2004-08-03 20:56:20 2,479,616 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\81_msoeres.dll
+ 2004-08-03 20:56:54 3,676,160 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\82_moviemk.exe
+ 2004-08-03 20:56:50 415,232 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\9_cmd.exe
+ 2008-09-28 11:35:17 218,624 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\Ux_uxtheme.dll
+ 2007-04-22 10:31:50 147,456 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Panel.exe
+ 2008-09-28 18:00:47 153,834 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
+ 2007-05-28 15:06:40 15,191 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\ResFiles\77_logonui.exe\UIFILE_1000.bin
+ 2006-05-21 07:49:32 881,664 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\ResHacker\ResHacker.exe
+ 2007-03-04 07:48:16 106,496 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Docklets\RocketClock\RocketClock.dll
+ 2007-01-01 15:23:54 1,645,320 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\gdiplus.dll
+ 2007-03-18 22:04:22 69,632 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
+ 2007-03-18 22:05:02 630,784 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
+ 2007-03-18 22:04:18 69,632 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Tools\Debug.exe
+ 2007-01-01 15:24:48 6,144 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Tools\LanguageID Finder.exe
+ 2006-05-21 07:49:38 11,776 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Tools\dialog.exe
+ 2006-05-21 07:49:38 32,610 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Tools\refresh.exe
+ 2005-06-01 19:41:18 65,536 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
+ 2006-05-21 07:43:06 1,645,320 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\gdiplus.dll
+ 2006-05-21 07:43:06 6,144 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\Languages\LanguageID Finder.exe
+ 2006-05-21 07:43:06 53,248 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\Plugins\iBounce\fx.dll
+ 2006-05-21 07:43:06 57,344 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\Plugins\iZoom\fx.dll
+ 2006-05-21 07:43:08 180,224 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
+ 2006-05-21 07:43:08 65,536 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
+ 2006-05-21 07:43:08 35,328 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\Uninst.exe
+ 2007-05-28 15:06:48 155,417 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Update.exe
+ 2006-05-21 07:43:14 53,248 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
+ 2006-05-21 07:43:14 155,648 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
- 2004-08-03 20:56:56 69,120 ----a-w C:\WINDOWS\notepad.exe
+ 2004-08-03 20:56:56 155,136 ----a-w C:\WINDOWS\notepad.exe
- 2004-08-03 20:56:50 768,512 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
+ 2004-08-03 20:56:50 764,928 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-03 20:56:56 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2004-08-03 20:56:56 224,256 ----a-w C:\WINDOWS\regedit.exe
- 2004-08-03 20:56:48 98,304 ----a-w C:\WINDOWS\system32\ahui.exe
+ 2004-08-03 20:56:48 100,864 ----a-w C:\WINDOWS\system32\ahui.exe
- 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2004-08-03 20:56:42 1,016,832 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2004-08-03 20:56:42 1,014,784 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-03 20:56:42 84,480 ----a-w C:\WINDOWS\system32\cabview.dll
+ 2004-08-03 20:56:42 82,944 ----a-w C:\WINDOWS\system32\cabview.dll
- 2001-08-23 10:00:00 114,688 ----a-w C:\WINDOWS\system32\calc.exe
+ 2001-08-23 10:00:00 117,760 ----a-w C:\WINDOWS\system32\calc.exe
- 2004-08-03 20:56:48 64,000 ----a-w C:\WINDOWS\system32\cleanmgr.exe
+ 2004-08-03 20:56:48 108,544 ----a-w C:\WINDOWS\system32\cleanmgr.exe
- 2004-08-03 20:56:50 388,608 ----a-w C:\WINDOWS\system32\cmd.exe
+ 2004-08-03 20:56:50 415,232 ----a-w C:\WINDOWS\system32\cmd.exe
- 2004-08-03 20:56:42 343,040 ----a-w C:\WINDOWS\system32\cmdial32.dll
+ 2004-08-03 20:56:42 448,512 ----a-w C:\WINDOWS\system32\cmdial32.dll
- 2001-08-23 10:00:00 66,560 ----a-w C:\WINDOWS\system32\console.dll
+ 2001-08-23 10:00:00 69,632 ----a-w C:\WINDOWS\system32\console.dll
- 2004-08-03 20:56:42 163,840 ----a-w C:\WINDOWS\system32\credui.dll
+ 2004-08-03 20:56:42 188,928 ----a-w C:\WINDOWS\system32\credui.dll
- 2001-08-23 10:00:00 64,512 -c--a-w C:\WINDOWS\system32\dllcache\acctres.dll
+ 2001-08-23 10:00:00 229,376 -c--a-w C:\WINDOWS\system32\dllcache\acctres.dll
- 2004-08-03 20:56:48 183,808 -c--a-w C:\WINDOWS\system32\dllcache\accwiz.exe
+ 2004-08-03 20:56:48 371,712 -c--a-w C:\WINDOWS\system32\dllcache\accwiz.exe
- 2004-08-03 20:56:42 8,704 -c--a-w C:\WINDOWS\system32\dllcache\batt.dll
+ 2004-08-03 20:56:42 169,984 -c--a-w C:\WINDOWS\system32\dllcache\batt.dll
- 2001-08-23 10:00:00 359,936 -c--a-w C:\WINDOWS\system32\dllcache\cards.dll
+ 2001-08-23 10:00:00 1,404,416 -c--a-w C:\WINDOWS\system32\dllcache\cards.dll
- 2004-08-03 20:56:42 457,728 -c--a-w C:\WINDOWS\system32\dllcache\certmgr.dll
+ 2004-08-03 20:56:42 1,221,120 -c--a-w C:\WINDOWS\system32\dllcache\certmgr.dll
- 2001-08-23 10:00:00 80,384 -c--a-w C:\WINDOWS\system32\dllcache\charmap.exe
+ 2001-08-23 10:00:00 218,624 -c--a-w C:\WINDOWS\system32\dllcache\charmap.exe
- 2001-08-23 10:00:00 163,328 -c--a-w C:\WINDOWS\system32\dllcache\ciadmin.dll
+ 2001-08-23 10:00:00 167,936 -c--a-w C:\WINDOWS\system32\dllcache\ciadmin.dll
- 2004-08-03 20:56:50 39,936 -c--a-w C:\WINDOWS\system32\dllcache\cmmon32.exe
+ 2004-08-03 20:56:50 43,520 -c--a-w C:\WINDOWS\system32\dllcache\cmmon32.exe
- 2004-08-03 20:56:42 792,064 -c--a-w C:\WINDOWS\system32\dllcache\comres.dll
+ 2004-08-03 20:56:42 1,262,080 -c--a-w C:\WINDOWS\system32\dllcache\comres.dll
- 2004-08-03 20:56:42 326,656 -c--a-w C:\WINDOWS\system32\dllcache\cscui.dll
+ 2004-08-03 20:56:42 467,456 -c--a-w C:\WINDOWS\system32\dllcache\cscui.dll
- 2001-08-23 10:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\deskadp.dll
+ 2001-08-23 10:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\deskadp.dll
- 2001-08-23 10:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\deskmon.dll
+ 2001-08-23 10:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\deskmon.dll
- 2004-08-03 20:56:44 282,624 -c--a-w C:\WINDOWS\system32\dllcache\devmgr.dll
+ 2004-08-03 20:56:44 403,968 -c--a-w C:\WINDOWS\system32\dllcache\devmgr.dll
- 2001-08-23 10:00:00 51,200 -c--a-w C:\WINDOWS\system32\dllcache\dfrgres.dll
+ 2001-08-23 10:00:00 193,024 -c--a-w C:\WINDOWS\system32\dllcache\dfrgres.dll
- 2001-08-23 10:00:00 273,920 -c--a-w C:\WINDOWS\system32\dllcache\dmdlgs.dll
+ 2001-08-23 10:00:00 783,360 -c--a-w C:\WINDOWS\system32\dllcache\dmdlgs.dll
- 2004-08-03 20:56:44 212,480 -c--a-w C:\WINDOWS\system32\dllcache\dpvoice.dll
+ 2004-08-03 20:56:44 441,344 -c--a-w C:\WINDOWS\system32\dllcache\dpvoice.dll
- 2004-08-03 20:56:50 83,456 -c--a-w C:\WINDOWS\system32\dllcache\dpvsetup.exe
+ 2004-08-03 20:56:50 220,160 -c--a-w C:\WINDOWS\system32\dllcache\dpvsetup.exe
- 2001-08-23 10:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\drwtsn32.exe
+ 2001-08-23 10:00:00 209,920 -c--a-w C:\WINDOWS\system32\dllcache\drwtsn32.exe
- 2004-08-03 20:56:50 1,298,432 -c--a-w C:\WINDOWS\system32\dllcache\dxdiag.exe
+ 2004-08-03 20:56:50 1,433,600 -c--a-w C:\WINDOWS\system32\dllcache\dxdiag.exe
- 2004-08-03 20:56:44 183,296 -c--a-w C:\WINDOWS\system32\dllcache\els.dll
+ 2004-08-03 20:56:44 506,368 -c--a-w C:\WINDOWS\system32\dllcache\els.dll
- 2001-08-23 10:00:00 8,704 -c--a-w C:\WINDOWS\system32\dllcache\eventvwr.exe
+ 2001-08-23 10:00:00 170,496 -c--a-w C:\WINDOWS\system32\dllcache\eventvwr.exe
- 2004-08-03 20:56:44 337,920 -c--a-w C:\WINDOWS\system32\dllcache\filemgmt.dll
+ 2004-08-03 20:56:44 654,848 -c--a-w C:\WINDOWS\system32\dllcache\filemgmt.dll
- 2004-08-03 20:56:44 87,552 -c--a-w C:\WINDOWS\system32\dllcache\fldrclnr.dll
+ 2004-08-03 20:56:44 205,312 -c--a-w C:\WINDOWS\system32\dllcache\fldrclnr.dll
- 2001-08-23 10:00:00 76,800 -c--a-w C:\WINDOWS\system32\dllcache\gcdef.dll
+ 2001-08-23 10:00:00 361,472 -c--a-w C:\WINDOWS\system32\dllcache\gcdef.dll
- 2004-08-03 20:56:08 566,784 -c--a-w C:\WINDOWS\system32\dllcache\gpedit.dll
+ 2004-08-03 20:56:08 867,328 -c--a-w C:\WINDOWS\system32\dllcache\gpedit.dll
- 2004-08-03 20:56:44 330,752 -c--a-w C:\WINDOWS\system32\dllcache\hnetwiz.dll
+ 2004-08-03 20:56:44 1,224,192 -c--a-w C:\WINDOWS\system32\dllcache\hnetwiz.dll
- 2001-08-23 10:00:00 54,784 -c--a-w C:\WINDOWS\system32\dllcache\icmui.dll
+ 2001-08-23 10:00:00 376,832 -c--a-w C:\WINDOWS\system32\dllcache\icmui.dll
- 2004-08-03 20:56:44 73,728 -c--a-w C:\WINDOWS\system32\dllcache\icwdial.dll
+ 2004-08-03 20:56:44 155,648 -c--a-w C:\WINDOWS\system32\dllcache\icwdial.dll
- 2004-08-03 20:56:44 216,576 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2004-08-03 20:56:44 552,448 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2004-08-03 20:56:52 5,650,432 -c--a-w C:\WINDOWS\system32\dllcache\logonui.exe
+ 2004-08-03 20:56:52 6,142,976 -c--a-w C:\WINDOWS\system32\dllcache\logonui.exe
- 2004-08-03 20:56:52 72,704 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
+ 2004-08-03 20:56:52 210,944 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
- 2004-08-03 20:56:44 118,272 -c--a-w C:\WINDOWS\system32\dllcache\mdminst.dll
+ 2004-08-03 20:56:44 343,552 -c--a-w C:\WINDOWS\system32\dllcache\mdminst.dll
- 2004-08-03 20:56:52 815,104 -c--a-w C:\WINDOWS\system32\dllcache\mmc.exe
+ 2004-08-03 20:56:52 980,480 -c--a-w C:\WINDOWS\system32\dllcache\mmc.exe
- 2004-08-03 20:56:44 207,360 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.dll
+ 2004-08-03 20:56:44 518,144 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.dll
- 2004-08-03 20:56:52 143,360 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.exe
+ 2004-08-03 20:56:52 315,392 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.exe
- 2004-08-03 20:56:44 153,600 -c--a-w C:\WINDOWS\system32\dllcache\modemui.dll
+ 2004-08-03 20:56:44 305,152 -c--a-w C:\WINDOWS\system32\dllcache\modemui.dll
- 2004-08-03 20:56:54 3,676,160 -c--a-w C:\WINDOWS\system32\dllcache\moviemk.exe
+ 2004-08-03 20:56:54 3,691,520 -c--a-w C:\WINDOWS\system32\dllcache\moviemk.exe
- 2004-08-03 20:56:44 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2004-08-03 20:56:44 596,992 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
- 2004-08-03 20:56:54 158,208 -c--a-w C:\WINDOWS\system32\dllcache\msconfig.exe
+ 2004-08-03 20:56:54 319,488 -c--a-w C:\WINDOWS\system32\dllcache\msconfig.exe
- 2001-08-23 10:00:00 126,976 -c--a-w C:\WINDOWS\system32\dllcache\mshearts.exe
+ 2001-08-23 10:00:00 159,744 -c--a-w C:\WINDOWS\system32\dllcache\mshearts.exe
- 2004-08-03 20:56:44 51,712 -c--a-w C:\WINDOWS\system32\dllcache\msident.dll
+ 2004-08-03 20:56:44 55,296 -c--a-w C:\WINDOWS\system32\dllcache\msident.dll
- 2004-08-03 20:56:44 248,832 -c--a-w C:\WINDOWS\system32\dllcache\msieftp.dll
+ 2004-08-03 20:56:44 611,840 -c--a-w C:\WINDOWS\system32\dllcache\msieftp.dll
- 2005-05-03 10:58:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-03 10:58:36 236,544 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2001-08-23 10:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\msinfo32.exe
+ 2001-08-23 10:00:00 178,688 -c--a-w C:\WINDOWS\system32\dllcache\msinfo32.exe
- 2004-08-03 18:59:42 407,552 -c--a-w C:\WINDOWS\system32\dllcache\mstsc.exe
+ 2004-08-03 18:59:42 588,288 -c--a-w C:\WINDOWS\system32\dllcache\mstsc.exe
- 2001-08-23 10:00:00 90,112 -c--a-w C:\WINDOWS\system32\dllcache\mycomput.dll
+ 2001-08-23 10:00:00 107,520 -c--a-w C:\WINDOWS\system32\dllcache\mycomput.dll
- 2004-08-03 20:56:46 875,008 -c--a-w C:\WINDOWS\system32\dllcache\netplwiz.dll
+ 2004-08-03 20:56:46 2,405,376 -c--a-w C:\WINDOWS\system32\dllcache\netplwiz.dll
- 2004-08-03 21:02:46 329,728 -c--a-w C:\WINDOWS\system32\dllcache\netsetup.exe
+ 2004-08-03 21:02:46 523,776 -c--a-w C:\WINDOWS\system32\dllcache\netsetup.exe
- 2004-08-03 20:56:56 1,200,128 -c--a-w C:\WINDOWS\system32\dllcache\ntbackup.exe
+ 2004-08-03 20:56:56 1,647,616 -c--a-w C:\WINDOWS\system32\dllcache\ntbackup.exe
- 2004-08-03 20:56:46 488,448 -c--a-w C:\WINDOWS\system32\dllcache\ntmsmgr.dll
+ 2004-08-03 20:56:46 742,912 -c--a-w C:\WINDOWS\system32\dllcache\ntmsmgr.dll
- 2004-08-03 20:56:56 32,768 -c--a-w C:\WINDOWS\system32\dllcache\odbcad32.exe
+ 2004-08-03 20:56:56 180,224 -c--a-w C:\WINDOWS\system32\dllcache\odbcad32.exe
- 2004-08-03 20:56:24 94,208 -c--a-w C:\WINDOWS\system32\dllcache\odbcint.dll
+ 2004-08-03 20:56:24 479,232 -c--a-w C:\WINDOWS\system32\dllcache\odbcint.dll
- 2004-08-03 20:56:46 1,281,536 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
+ 2004-08-03 20:56:46 1,308,672 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
- 2004-08-03 20:56:56 215,552 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
+ 2004-08-03 20:56:56 353,792 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
- 2001-08-23 10:00:00 40,448 -c--a-w C:\WINDOWS\system32\dllcache\osuninst.exe
+ 2001-08-23 10:00:00 176,640 -c--a-w C:\WINDOWS\system32\dllcache\osuninst.exe
- 2004-08-03 20:56:56 58,368 -c--a-w C:\WINDOWS\system32\dllcache\packager.exe
+ 2004-08-03 20:56:56 219,136 -c--a-w C:\WINDOWS\system32\dllcache\packager.exe
- 2004-08-03 20:56:56 15,872 -c--a-w C:\WINDOWS\system32\dllcache\perfmon.exe
+ 2004-08-03 20:56:56 177,152 -c--a-w C:\WINDOWS\system32\dllcache\perfmon.exe
- 2004-08-03 20:56:46 176,128 -c--a-w C:\WINDOWS\system32\dllcache\photowiz.dll
+ 2004-08-03 20:56:46 617,472 -c--a-w C:\WINDOWS\system32\dllcache\photowiz.dll
- 2004-08-03 20:56:56 35,840 -c--a-w C:\WINDOWS\system32\dllcache\rcimlby.exe
+ 2004-08-03 20:56:56 180,224 -c--a-w C:\WINDOWS\system32\dllcache\rcimlby.exe
- 2004-08-03 20:56:46 397,824 -c--a-w C:\WINDOWS\system32\dllcache\regwizc.dll
+ 2004-08-03 20:56:46 723,456 -c--a-w C:\WINDOWS\system32\dllcache\regwizc.dll
- 2004-08-03 20:56:46 60,416 -c--a-w C:\WINDOWS\system32\dllcache\remotepg.dll
+ 2004-08-03 20:56:46 199,168 -c--a-w C:\WINDOWS\system32\dllcache\remotepg.dll
- 2004-08-03 20:56:56 380,416 -c--a-w C:\WINDOWS\system32\dllcache\rstrui.exe
+ 2004-08-03 20:56:56 527,872 -c--a-w C:\WINDOWS\system32\dllcache\rstrui.exe
- 2004-08-03 20:56:56 77,312 -c--a-w C:\WINDOWS\system32\dllcache\rtcshare.exe
+ 2004-08-03 20:56:56 214,016 -c--a-w C:\WINDOWS\system32\dllcache\rtcshare.exe
- 2004-08-03 20:56:46 55,296 -c--a-w C:\WINDOWS\system32\dllcache\sendmail.dll
+ 2004-08-03 20:56:46 194,560 -c--a-w C:\WINDOWS\system32\dllcache\sendmail.dll
- 2004-08-03 20:56:46 983,552 -c--a-w C:\WINDOWS\system32\dllcache\setupapi.dll
+ 2004-08-03 20:56:46 2,459,648 -c--a-w C:\WINDOWS\system32\dllcache\setupapi.dll
- 2004-08-03 20:56:58 77,824 -c--a-w C:\WINDOWS\system32\dllcache\shrpubw.exe
+ 2004-08-03 20:56:58 403,968 -c--a-w C:\WINDOWS\system32\dllcache\shrpubw.exe
- 2004-08-03 20:56:58 70,144 -c--a-w C:\WINDOWS\system32\dllcache\sigverif.exe
+ 2004-08-03 20:56:58 286,720 -c--a-w C:\WINDOWS\system32\dllcache\sigverif.exe
- 2001-08-23 10:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\sol.exe
+ 2001-08-23 10:00:00 195,072 -c--a-w C:\WINDOWS\system32\dllcache\sol.exe
- 2004-08-03 20:56:58 538,624 -c--a-w C:\WINDOWS\system32\dllcache\spider.exe
+ 2004-08-03 20:56:58 1,730,048 -c--a-w C:\WINDOWS\system32\dllcache\spider.exe
- 2004-08-03 20:56:46 725,566 -c--a-w C:\WINDOWS\system32\dllcache\srchui.dll
+ 2004-08-03 20:56:46 728,126 -c--a-w C:\WINDOWS\system32\dllcache\srchui.dll
- 2004-08-03 20:56:46 239,104 -c--a-w C:\WINDOWS\system32\dllcache\srrstr.dll
+ 2004-08-03 20:56:46 237,056 -c--a-w C:\WINDOWS\system32\dllcache\srrstr.dll
- 2004-08-03 20:56:46 136,704 -c--a-w C:\WINDOWS\system32\dllcache\sti_ci.dll
+ 2004-08-03 20:56:46 670,208 -c--a-w C:\WINDOWS\system32\dllcache\sti_ci.dll
- 2004-08-03 20:56:58 14,848 -c--a-w C:\WINDOWS\system32\dllcache\stimon.exe
+ 2004-08-03 20:56:58 166,912 -c--a-w C:\WINDOWS\system32\dllcache\stimon.exe
- 2001-08-23 10:00:00 51,200 -c--a-w C:\WINDOWS\system32\dllcache\syncapp.exe
+ 2001-08-23 10:00:00 187,392 -c--a-w C:\WINDOWS\system32\dllcache\syncapp.exe
- 2004-08-03 20:56:48 191,488 -c--a-w C:\WINDOWS\system32\dllcache\syncui.dll
+ 2004-08-03 20:56:48 410,624 -c--a-w C:\WINDOWS\system32\dllcache\syncui.dll
- 2001-08-23 10:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\syskey.exe
+ 2001-08-23 10:00:00 196,608 -c--a-w C:\WINDOWS\system32\dllcache\syskey.exe
- 2001-08-23 10:00:00 78,848 -c--a-w C:\WINDOWS\system32\dllcache\tapiui.dll
+ 2001-08-23 10:00:00 315,392 -c--a-w C:\WINDOWS\system32\dllcache\tapiui.dll
- 2004-08-03 20:56:48 239,616 -c--a-w C:\WINDOWS\system32\dllcache\upnpui.dll
+ 2004-08-03 20:56:48 1,149,952 -c--a-w C:\WINDOWS\system32\dllcache\upnpui.dll
- 2004-08-03 20:56:48 577,024 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
+ 2004-08-03 20:56:48 576,512 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
- 2004-08-03 20:56:58 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
+ 2004-08-03 20:56:58 188,416 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
- 2008-08-07 17:44:04 218,624 -c--a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
+ 2008-09-28 11:35:17 218,624 -c--a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
- 2001-08-23 10:00:00 98,304 -c--a-w C:\WINDOWS\system32\dllcache\verifier.exe
+ 2001-08-23 10:00:00 259,584 -c--a-w C:\WINDOWS\system32\dllcache\verifier.exe
- 2004-08-03 20:56:58 46,080 -c--a-w C:\WINDOWS\system32\dllcache\wab.exe
+ 2004-08-03 20:56:58 187,904 -c--a-w C:\WINDOWS\system32\dllcache\wab.exe
- 2004-08-03 20:56:48 504,832 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2004-08-03 20:56:48 643,072 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
- 2004-08-03 20:56:36 249,856 -c--a-w C:\WINDOWS\system32\dllcache\wab32res.dll
+ 2004-08-03 20:56:36 523,776 -c--a-w C:\WINDOWS\system32\dllcache\wab32res.dll
- 2004-08-03 20:56:48 32,768 -c--a-w C:\WINDOWS\system32\dllcache\wabfind.dll
+ 2004-08-03 20:56:48 25,088 -c--a-w C:\WINDOWS\system32\dllcache\wabfind.dll
- 2004-08-03 20:56:48 84,992 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2004-08-03 20:56:48 89,600 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
- 2004-08-03 20:56:58 30,208 -c--a-w C:\WINDOWS\system32\dllcache\wabmig.exe
+ 2004-08-03 20:56:58 34,816 -c--a-w C:\WINDOWS\system32\dllcache\wabmig.exe
- 2004-08-03 20:56:48 463,360 -c--a-w C:\WINDOWS\system32\dllcache\wiadefui.dll
+ 2004-08-03 20:56:48 1,239,040 -c--a-w C:\WINDOWS\system32\dllcache\wiadefui.dll
- 2001-08-23 10:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\winchat.exe
+ 2001-08-23 10:00:00 38,400 -c--a-w C:\WINDOWS\system32\dllcache\winchat.exe
- 2004-08-03 20:56:58 283,648 -c--a-w C:\WINDOWS\system32\dllcache\winhlp32.exe
+ 2001-08-23 10:00:00 168,960 -c--a-w C:\WINDOWS\system32\dllcache\winhlp32.exe
- 2001-08-23 10:00:00 119,808 -c--a-w C:\WINDOWS\system32\dllcache\winmine.exe
+ 2001-08-23 10:00:00 258,048 -c--a-w C:\WINDOWS\system32\dllcache\winmine.exe
- 2006-10-18 20:46:20 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-18 20:46:20 336,896 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-08-03 20:56:58 214,528 -c--a-w C:\WINDOWS\system32\dllcache\wordpad.exe
+ 2004-08-03 20:56:58 674,816 -c--a-w C:\WINDOWS\system32\dllcache\wordpad.exe
- 2004-08-03 20:56:58 32,256 -c--a-w C:\WINDOWS\system32\dllcache\wpabaln.exe
+ 2004-08-03 20:56:58 171,008 -c--a-w C:\WINDOWS\system32\dllcache\wpabaln.exe
- 2001-08-23 10:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\write.exe
+ 2001-08-23 10:00:00 166,400 -c--a-w C:\WINDOWS\system32\dllcache\write.exe
- 2004-08-03 20:56:58 114,688 -c--a-w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2004-08-03 20:56:58 757,760 -c--a-w C:\WINDOWS\system32\dllcache\wscript.exe
- 2004-08-03 20:56:48 596,992 -c--a-w C:\WINDOWS\system32\dllcache\wsecedit.dll
+ 2004-08-03 20:56:48 757,760 -c--a-w C:\WINDOWS\system32\dllcache\wsecedit.dll
- 2001-08-23 10:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\wupdmgr.exe
+ 2001-08-23 10:00:00 168,960 -c--a-w C:\WINDOWS\system32\dllcache\wupdmgr.exe
- 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2008-09-27 14:23:20 1,648,296 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-28 18:20:53 1,648,352 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-03 20:56:44 382,976 ----a-w C:\WINDOWS\system32\fontext.dll
+ 2004-08-03 20:56:44 392,704 ----a-w C:\WINDOWS\system32\fontext.dll
- 2004-08-03 20:56:44 144,896 ----a-w C:\WINDOWS\system32\hotplug.dll
+ 2004-08-03 20:56:44 159,744 ----a-w C:\WINDOWS\system32\hotplug.dll
- 2001-08-23 10:00:00 110,592 ----a-w C:\WINDOWS\system32\inetcplc.dll
+ 2001-08-23 10:00:00 280,576 ----a-w C:\WINDOWS\system32\inetcplc.dll
- 2004-08-03 20:56:44 150,528 ----a-w C:\WINDOWS\system32\keymgr.dll
+ 2004-08-03 20:56:44 402,944 ----a-w C:\WINDOWS\system32\keymgr.dll
- 2004-08-03 20:56:58 220,672 ----a-w C:\WINDOWS\system32\logon.scr
+ 2004-08-03 20:56:58 3,128,320 ----a-w C:\WINDOWS\system32\logon.scr
- 2004-08-03 20:56:12 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
+ 2004-08-03 20:56:12 380,416 ----a-w C:\WINDOWS\system32\moricons.dll
- 2004-08-03 20:56:44 994,304 ----a-w C:\WINDOWS\system32\msgina.dll
+ 2004-08-03 20:56:44 1,101,824 ----a-w C:\WINDOWS\system32\msgina.dll
- 2004-08-03 20:56:44 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2004-08-03 20:56:44 3,444,224 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-03 20:56:54 343,040 ----a-w C:\WINDOWS\system32\mspaint.exe
+ 2004-08-03 20:56:54 439,808 ----a-w C:\WINDOWS\system32\mspaint.exe
- 2004-08-03 20:56:44 274,944 ----a-w C:\WINDOWS\system32\mstask.dll
+ 2004-08-03 20:56:44 321,536 ----a-w C:\WINDOWS\system32\mstask.dll
- 2004-08-03 18:59:44 655,360 ----a-w C:\WINDOWS\system32\mstscax.dll
+ 2004-08-03 18:59:44 657,408 ----a-w C:\WINDOWS\system32\mstscax.dll
- 2004-08-03 20:56:46 90,624 ----a-w C:\WINDOWS\system32\mydocs.dll
+ 2004-08-03 20:56:46 86,016 ----a-w C:\WINDOWS\system32\mydocs.dll
- 2004-08-03 20:56:56 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2004-08-03 20:56:56 55,808 ----a-w C:\WINDOWS\system32\narrator.exe
- 2004-08-03 20:56:46 139,264 ----a-w C:\WINDOWS\system32\netid.dll
+ 2004-08-03 20:56:46 147,456 ----a-w C:\WINDOWS\system32\netid.dll
- 2004-08-03 20:56:46 1,708,032 ----a-w C:\WINDOWS\system32\netshell.dll
+ 2004-08-03 20:56:46 2,122,752 ----a-w C:\WINDOWS\system32\netshell.dll
- 2004-08-03 20:56:46 248,832 ----a-w C:\WINDOWS\system32\newdev.dll
+ 2004-08-03 20:56:46 413,696 ----a-w C:\WINDOWS\system32\newdev.dll
- 2004-08-03 20:56:56 69,120 ----a-w C:\WINDOWS\system32\notepad.exe
+ 2004-08-03 20:56:56 155,136 ----a-w C:\WINDOWS\system32\notepad.exe
- 2004-08-03 20:56:46 143,872 ----a-w C:\WINDOWS\system32\ntshrui.dll
+ 2004-08-03 20:56:46 231,936 ----a-w C:\WINDOWS\system32\ntshrui.dll
- 2004-08-03 20:56:46 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2004-08-03 20:56:46 146,944 ----a-w C:\WINDOWS\system32\occache.dll
- 2004-08-03 20:56:46 560,640 ----a-w C:\WINDOWS\system32\printui.dll
+ 2004-08-03 20:56:46 740,864 ----a-w C:\WINDOWS\system32\printui.dll
- 2004-08-03 20:56:46 657,920 ----a-w C:\WINDOWS\system32\rasdlg.dll
+ 2004-08-03 20:56:46 1,229,824 ----a-w C:\WINDOWS\system32\rasdlg.dll
- 2004-08-03 20:56:28 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
+ 2004-08-03 20:56:28 666,112 ----a-w C:\WINDOWS\system32\shdoclc.dll
- 2004-08-03 20:56:46 1,483,264 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2004-08-03 20:56:46 1,762,816 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2004-08-03 20:56:46 8,384,000 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2004-08-03 20:56:46 12,796,416 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-03 20:56:46 438,272 ----a-w C:\WINDOWS\system32\shimgvw.dll
+ 2004-08-03 20:56:46 1,788,416 ----a-w C:\WINDOWS\system32\shimgvw.dll
- 2004-08-03 20:56:46 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2004-08-03 20:56:46 498,176 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-03 20:56:58 131,584 ----a-w C:\WINDOWS\system32\sndrec32.exe
+ 2004-08-03 20:56:58 180,736 ----a-w C:\WINDOWS\system32\sndrec32.exe
- 2001-08-23 10:00:00 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
+ 2001-08-23 10:00:00 152,064 ----a-w C:\WINDOWS\system32\sndvol32.exe
- 2004-08-03 20:56:46 121,856 ----a-w C:\WINDOWS\system32\stobject.dll
+ 2004-08-03 20:56:46 147,456 ----a-w C:\WINDOWS\system32\stobject.dll
- 2004-08-03 20:56:58 105,984 ----a-w C:\WINDOWS\system32\sysocmgr.exe
+ 2004-08-03 20:56:58 182,272 ----a-w C:\WINDOWS\system32\sysocmgr.exe
- 2007-11-08 14:34:01 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll
+ 2007-11-08 14:34:01 1,240,576 ----a-w C:\WINDOWS\system32\syssetup.dll
- 2004-08-03 20:56:58 135,680 ----a-w C:\WINDOWS\system32\taskmgr.exe
+ 2004-08-03 20:56:58 181,760 ----a-w C:\WINDOWS\system32\taskmgr.exe
- 2004-08-03 20:56:48 385,536 ----a-w C:\WINDOWS\system32\themeui.dll
+ 2004-08-03 20:56:48 388,096 ----a-w C:\WINDOWS\system32\themeui.dll
- 2004-08-03 20:56:48 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2004-08-03 20:56:48 59,392 ----a-w C:\WINDOWS\system32\url.dll
- 2004-08-03 20:56:48 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2004-08-03 20:56:48 674,816 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-03 20:56:52 240,128 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2004-08-03 20:56:52 538,112 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
- 2008-08-07 17:44:04 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
+ 2008-09-28 11:35:17 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
- 2004-08-03 20:56:48 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2004-08-03 20:56:48 437,248 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2004-08-03 20:56:58 433,664 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
+ 2004-08-03 20:56:58 885,248 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
- 2004-08-03 20:56:48 589,312 ----a-w C:\WINDOWS\system32\wiashext.dll
+ 2004-08-03 20:56:48 769,536 ----a-w C:\WINDOWS\system32\wiashext.dll
- 2004-08-03 20:56:36 764,928 ----a-w C:\WINDOWS\system32\WINNTBBU.DLL
+ 2004-08-03 20:56:36 764,416 ----a-w C:\WINDOWS\system32\WINNTBBU.DLL
- 2004-08-03 20:56:48 290,816 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2004-08-03 20:56:48 291,840 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-03 20:56:58 165,888 ----a-w C:\WINDOWS\system32\wuauclt1.exe
+ 2004-08-03 20:56:58 285,696 ----a-w C:\WINDOWS\system32\wuauclt1.exe
- 2004-08-03 20:56:38 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
+ 2004-08-03 20:56:38 3,288,064 ----a-w C:\WINDOWS\system32\xpsp2res.dll
- 2004-08-03 20:56:48 337,920 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2004-08-03 20:56:48 905,216 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2008-09-28 18:20:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_fc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 30192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 22:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e8d76a67]
--a------ 2008-09-27 21:00 80000 C:\WINDOWS\system32\klmnluir.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-31 14:38 133104 C:\Documents and Settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
--a------ 2006-12-01 18:09 2056875 C:\Program Files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-23 14:11 21738792 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-15 13:11 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 19:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-30 00:01 52168 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-09-19 19:16 2145280 C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 15:55 2850816 C:\Program Files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-11-16 16:13 90112 C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MONyog"=2 (0x2)
"gupdate1c90b651dea8622"=2 (0x2)
"UserAccess7"=2 (0x2)
"NMSAccessU"=2 (0x2)
"gusvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.

Poslao: 28 Sep 2008 21:01
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Log nije kompletan.
Molim te iskoristi opciju "Prikaci fajl" koja se nalazi ispod polja za pisanje poruke na forumu i tako postavi log koji ces naci na c:\combofix.log

MyCity » Ambulanta -> Arhiva Ambulante » [bobby]Pomoc

Ko je trenutno na forumu
 

Ukupno su 1070 korisnika na forumu :: 32 registrovanih, 8 sakrivenih i 1030 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: avijacija, bojcistv, comi_pfc, Denaya, DPera, dragan_mig31, flash12, Ibar, kib, lord sir giga, mercedesamg, mikrimaus, milenko crazy north, Milos ZA, milos.cbr, milutin134, MiroslavD, NMNJ, radoznao, raketaš, royst33, sevenino, shlauf, shone34, Silvertooth, Sirius, stegonosa, Stoilkovic, trutcina, vathra, virked, Zoca