لدي ثلاثة مشاكل بالجهاز مرفق معها صور وتقررير ...

ا

الساري

زيزوومي نشيط
إنضم
3 يناير 2008
المشاركات
127
مستوى التفاعل
0
النقاط
170
غير متصل
السلام عليكم جميعاً
لدي مشكلة ومرفقه معها صور وتقرير ،
الأكس بلور الاصدار السابع ،الوندوز أكس بي سرفس بك تو،
107e219a95.gif


8ba2ce7da3.gif


92a84bb7dc.gif


cd44d651b4.gif



التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:57:28 ص, on 05/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
D:\البرامج\لعمل تقرير.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O2 - BHO: Helper Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: TBSB01923 - {7FF4E31C-74EB-433D-A8AA-A12A99521674} - C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
O9 - Extra 'Tools' menuitem: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{BCA42390-3101-4911-BA18-7C2BB4817FDE}: NameServer = 212.93.192.17 212.93.192.10
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
--
End of file - 5321 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
بالنسبة لتقرير الهايجاك فقم بزيارة الموقع التالي و قم بالصاق التقرير في المربع الكبير السفلي ثم قم بعمل analyze
ثم قم بمسح القيم التي أماها خطأ أو غير أمنة
 
توقيع : aburaminet
تأييد 0
نفس المشكلة حلان وجهتنى يتم اغلاق الصفح


وان شاء الله يعمل النت زى الفل
 
توقيع : ebrhimr
تأييد 0
اخي الكريم

اعمل التالي لاهنت




==============
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
هذا التقرير من البرنامج اللى أسمه (ComboFix)
بس إذا شغلت الاكس بلور ابتصفح اي موقع أو منتدي تطلع لي مثل اللى بأول وبنفس الصورة الأولي
ComboFix 08-09-04.04 - Administrator 09/05/2008 4:11:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.746 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\User\سطح المكتب\Antivirus 2009.lnk
C:\Documents and Settings\User\قائمة ابدأ\Antivirus 2009
C:\Documents and Settings\User\قائمة ابدأ\Antivirus 2009\Antivirus 2009.lnk
C:\Documents and Settings\User\قائمة ابدأ\Antivirus 2009\Uninstall Antivirus 2009.lnk
C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
C:\Documents and Settings\User\Application Data\rhc7sgj0enep
C:\Program Files\AlphaWipe Tracks Cleaner 2008
C:\Program Files\AlphaWipe Tracks Cleaner 2008\diagnosis.dat
C:\Program Files\AlphaWipe Tracks Cleaner 2008\pv.dat
C:\Program Files\AlphaWipe Tracks Cleaner 2008\up.dat
C:\Program Files\IEToolbar
C:\Program Files\IEToolbar\Sahate Toolbar\ARROW1.CUR
C:\Program Files\IEToolbar\Sahate Toolbar\basis.xml
C:\Program Files\IEToolbar\Sahate Toolbar\clearhist.exe
C:\Program Files\IEToolbar\Sahate Toolbar\DRAGFOLD.CUR
C:\Program Files\IEToolbar\Sahate Toolbar\favicon.ico
C:\Program Files\IEToolbar\Sahate Toolbar\icons.bmp
C:\Program Files\IEToolbar\Sahate Toolbar\icons.bmp_16.bmp
C:\Program Files\IEToolbar\Sahate Toolbar\icons.bmp_24.bmp
C:\Program Files\IEToolbar\Sahate Toolbar\icons.bmp_32.bmp
C:\Program Files\IEToolbar\Sahate Toolbar\ijl15.dll
C:\Program Files\IEToolbar\Sahate Toolbar\info.txt
C:\Program Files\IEToolbar\Sahate Toolbar\logo.bmp
C:\Program Files\IEToolbar\Sahate Toolbar\logo.png
C:\Program Files\IEToolbar\Sahate Toolbar\mini_logo1.bmp
C:\Program Files\IEToolbar\Sahate Toolbar\options.html
C:\Program Files\IEToolbar\Sahate Toolbar\sahaPen21.exe
C:\Program Files\IEToolbar\Sahate Toolbar\sahate.crc
C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll
C:\Program Files\IEToolbar\Sahate Toolbar\sahate.inf
C:\Program Files\IEToolbar\Sahate Toolbar\tbhelper.dll
C:\Program Files\IEToolbar\Sahate Toolbar\tbs_include_script_013267.js
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\ARROW1.CUR
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\basis.xml
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\clearhist.exe
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\DRAGFOLD.CUR
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\favicon.ico
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\icons.bmp
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\icons.bmp_16.bmp
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\icons.bmp_24.bmp
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\icons.bmp_32.bmp
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\ijl15.dll
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\info.txt
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\logo.bmp
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\logo.png
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\mini_logo1.bmp
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\options.html
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\sahaPen21.exe
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\sahate.crc
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\sahate.inf
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\tbhelper.dll
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\tbs_include_script_013267.js
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\uninstall.exe
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\update.exe
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\version.txt
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\websave_plugin.dll
C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\your_logo.png
C:\Program Files\IEToolbar\Sahate Toolbar\uninstall.exe
C:\Program Files\IEToolbar\Sahate Toolbar\update.exe
C:\Program Files\IEToolbar\Sahate Toolbar\version.txt
C:\Program Files\IEToolbar\Sahate Toolbar\websave_plugin.dll
C:\Program Files\IEToolbar\Sahate Toolbar\your_logo.png
C:\Program Files\rhc7sgj0enep
C:\WINDOWS\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 01:15 352,288 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-05 01:15 3,332 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-05 01:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-09-05 01:14 2,089,504 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-05 01:14 18,452 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-04 22:22 --------- d-----w C:\Program Files\Windows Live
2008-09-04 22:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-04 22:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-09-02 20:41 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Paltalk
2008-09-02 20:37 --------- d-----w C:\Program Files\Paltalk Messenger
2008-09-02 03:37 --------- d-----w C:\Program Files\Admiresoft
2008-09-02 03:36 --------- d-----w C:\Program Files\Real_SC
2008-09-02 03:17 --------- d-----w C:\Program Files\Google
2008-09-02 03:17 --------- d-----w C:\Program Files\FastFolders
2008-09-02 03:09 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-09-02 03:09 --------- d-----w C:\Program Files\mpegable
2008-09-02 02:57 --------- d-----w C:\Program Files\TechSmith
2008-09-02 02:50 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-02 02:50 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-02 02:37 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-02 02:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
2008-09-01 23:53 --------- d-----w C:\Program Files\VS Revo Group
2008-09-01 23:53 --------- d-----w C:\Program Files\DFX
2008-09-01 23:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DFX
2008-09-01 23:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-09-01 23:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-09-01 23:14 --------- d-----w C:\Program Files\Ahead
2008-09-01 23:13 --------- d-----w C:\Program Files\iColorFolder
2008-09-01 23:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DeskSoft
2008-09-01 23:00 --------- d-----w C:\Program Files\Mobily Connect Card
2008-09-01 21:38 --------- d-----w C:\Program Files\Thomson
2008-09-01 21:31 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-01 21:08 --------- d-----w C:\Program Files\CyberLink
2008-09-01 21:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-09-01 21:07 --------- d-----w C:\Program Files\Intel
2008-09-01 21:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 18:22 --------- d-----w C:\Program Files\MSN Messenger
2008-08-31 22:54 --------- d-----w C:\Documents and Settings\User\Application Data\Paltalk
2008-08-31 22:21 --------- d-----w C:\Program Files\IVT Corporation
2008-08-27 10:29 --------- d-----w C:\Documents and Settings\User\Application Data\ACD Systems
2008-08-26 17:25 --------- d-----w C:\Documents and Settings\User\Application Data\CyberLink
2008-08-26 16:27 --------- d-----w C:\Program Files\Clone Shareware
2008-08-26 16:22 --------- d-----w C:\Documents and Settings\User\Application Data\Media Player Classic
2008-08-26 06:23 --------- d-----w C:\Program Files\AmanLinks_Beta_0.0.4
2008-08-26 06:19 --------- d-----w C:\Program Files\Common Files\DFX
2008-08-26 06:16 --------- d-----w C:\Documents and Settings\User\Application Data\DeskSoft
2008-08-26 06:10 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-25 15:53 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-25 15:39 --------- d-----w C:\Program Files\Macromedia
2008-08-25 15:35 --------- d-----w C:\Program Files\Java
2008-08-25 15:34 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-25 15:34 --------- d-----w C:\Program Files\Common Files\Real
2008-08-25 15:33 --------- d-----w C:\Program Files\Real
2008-08-25 15:33 --------- d-----w C:\Program Files\Common Files\Java
2008-08-25 15:32 --------- d-----w C:\Program Files\Nero
2008-08-25 15:32 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-25 15:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-25 15:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-25 15:26 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-25 15:26 --------- d-----w C:\Documents and Settings\User\Application Data\GRETECH
2008-08-25 15:25 --------- d-----w C:\Program Files\GRETECH
2008-08-25 15:25 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-25 15:24 --------- d-----w C:\Program Files\Ozone
2008-08-25 15:24 --------- d-----w C:\Program Files\ACD Systems
2008-08-25 14:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-25 14:53 --------- d-----w C:\Program Files\Microsoft Works
2008-08-25 08:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-21 18:29 49,152 ---ha-w C:\Program Files\Program Files.exe
2008-07-01 21:09 83,288 ----a-w C:\dfxbtn.dll
2008-07-01 21:09 1,086,808 ----a-w C:\dfxrealr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [04/25/2008 06:21 PM 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^SnagIt 7.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\SnagIt 7.lnk
backup=C:\WINDOWS\pss\SnagIt 7.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 01/11/2008 10:16 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
--a------ 06/26/2006 05:26 AM 118784 C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 12:56 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 06/23/2003 05:34 AM 114688 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 06/23/2003 05:34 AM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 10/18/2007 11:34 AM 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 12/18/2002 02:20 PM 86016 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 01/26/2004 11:38 AM 866816 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 09/04/2008 01:58 AM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 06/23/2003 05:35 AM 88267 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 06/20/2003 02:55 PM 55296 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM 24592]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM 27136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad5ebbd0-7879-11dd-803a-00030d000001}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad5ebbd3-7879-11dd-803a-00030d000001}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
WebBrowser-{1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
MSConfigStartUp-RavTimeXP - C:\WINDOWS\TEMP\RPPM.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.googel.com.sa/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{BCA42390-3101-4911-BA18-7C2BB4817FDE}: NameServer = 212.93.192.16 212.93.192.10
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2008-09-05 04:15:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 09/05/2008 4:19:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 01:18:58
Pre-Run: 88,055,414,784 bytes free
Post-Run: 87,991,586,816 bytes free
249 --- E O F --- 2008-09-03 19:39:49

وهذا التقرير الثاني
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:24:18 ص, on 05/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O2 - BHO: Helper Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{BCA42390-3101-4911-BA18-7C2BB4817FDE}: NameServer = 212.93.192.17 212.93.192.10
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
--
End of file - 4350 bytes
 
تأييد 0
اداة الكوبوفكس شغاله على ودنو ...

شوف طالع عمرك

حدد القيم واحذفها


O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll




O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll




O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll




O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)




O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)




O17 - HKLM\System\CCS\Services\Tcpip\..\{BCA42390-3101-4911-BA18-7C2BB4817FDE}: NameServer =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي








طريقة الحذف

mg%20%283%29.png


mg%20%284%29.png

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png





بعد عمل المطلوب ....

اعمل التالي




طبق الشرح

ادخل على خيارات الأنترنت وتابع الصورة
zyzoom-094b651ff1.GIF





وارفع تقرير هايجاك ثاني لاهنت بعد تطبيق الخطوات ؟؟؟

بالأنتظار​
 
توقيع : AbOdy
تأييد 0
وهذا التقرير ،بعد تطبق جميع العمليات أخوي عبودي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:22:05 ص, on 05/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Administrator\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O2 - BHO: Helper Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Administrator\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Administrator\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{BCA42390-3101-4911-BA18-7C2BB4817FDE}: NameServer = 212.93.192.16 212.93.192.10
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
--
End of file - 3741 bytes
 
تأييد 0
طيب اخوي ..

الحين جهازك عثل :q:

جرب ادخل على الأكسبلور واخبرنا بالنتيجه ؟؟
 
توقيع : AbOdy
تأييد 0
ميه ميه أخوي عبودي ، والمتصفح ميه ميه ، الله يوفقك في حياتك العمليه والتعليميه أخوي

أخوي باسألك عن برنامج أنتي فيروس الإصدار الثامن بعض الحيان يختفي من شريط المهام
علماً أنه معه التعريب حقه ، وطبقت نفس اللى بالصورة اللى مرفقه مع البرنامج لتعريبه ، ولم
يتم تعريبه ،،،
 
تأييد 0
الحمدلله يارب على انتهاء المشكلة
واي خدمة لا تتردد في طرحها

بالتوفيق لك يارب
 
توقيع : AbOdy
تأييد 0
cd44d651b4.gif


أخوي عبودي طفشتني هذه الرسالة ، كل مااتصفح تطلع لي هذه الرسالة ،،،أرجو المساعدة
 
تأييد 0
رجعنا لطري يلي :hh:

مو مشكلة يا الغلااا

اعمل التالي



==============
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم






بالأنتظار للتقريرين ؟؟
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
ComboFix 08-09-04.09 - Administrator 09/06/2008 3:02:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.619 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\IEToolbar
----- File Replicators -----
C:\Documents and Settings\User\سطح المكتب\نسخة من المستندات\نسخة من المستندات.exe
C:\Program Files\Java\jre1.6.0_06\jre1.6.0_06.exe
C:\Program Files\Microsoft Visual Studio\COMMON\IDE\IDE98\IDE98.exe
C:\Program Files\MSN Messenger\Device Manager\Device Manager.exe
C:\Program Files\MSN Messenger\MSN Messenger.exe
C:\Program Files\Program Files.exe
C:\Program Files\Windows Media Player\Windows Media Player.exe
C:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP10\A0002416.exe
C:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP10\A0002417.exe
C:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP11\A0002419.exe
C:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP15\A0002730.EXE
C:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP20\A0002930.exe
C:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP20\A0002931.exe
C:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP22\A0003006.exe
C:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP22\A0003008.exe
C:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP22\A0003028.exe
C:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP6\A0000877.exe
D:\البرامج\برامج للصيانة\برامج للصيانة.exe
D:\البرامج\برامج للغه العربية\برامج للغه العربية.exe
D:\البرامج\برنامج الو رير\برنامج الو رير.exe
D:\البرامج\برنامج كاسبر أنتي فايرس +التعريب\برنامج كاسبر أنتي فايرس +التعريب.exe
D:\البرامج\برنامج كاسبر أنتي فايرس +التعريب\لا تنس ذكر الله\لا تنس ذكر الله.exe
D:\البرامج\برنامج كاسبر أنتي فايرس +التعريب\لا تنس ذكر الله\مفاتيح\مفاتيح.exe
D:\البرامج\التقاط صورة معينة من داخل مقطع فيديو moviesnapshot\التقاط صورة معينة من داخل مقطع فيديو moviesnapshot.exe
D:\البرامج\الوفي للترجمة\الوفي للترجمة.exe
D:\البرامج\الماسنجر الإصدار 8.5\الماسنجر الإصدار 8.5.exe
D:\البرامج\تغيير لون المجلدات الصفراء background_in_folder\BackGround in Folder\BackGround in Folder.exe
D:\البرامج\خطوط النسخ والرقعة\الرقعة\الرقعة.exe
D:\البرامج\خطوط النسخ والرقعة\النسخ\النسخ.exe
D:\البرامج\خطوط النسخ والرقعة\خطوط النسخ والرقعة.exe
D:\البرامج\للبحث عن التروجنات\للبحث عن التروجنات.exe
D:\البرامج\للتحميل الفائق السرعةidman512\للتحميل الفائق السرعةidman512.exe
D:\البرامج\للوصول السريع لأي مجلد أو لأي ملف FFSetup\FasFolders-Crack\FasFolders-Crack.exe
D:\البرامج\للوصول السريع لأي مجلد أو لأي ملف FFSetup\FasFolders-Crack\FasFolders-Crack\FasFolders-Crack.exe
D:\البرامج\للوصول السريع لأي مجلد أو لأي ملف FFSetup\FFSetup\FFSetup.exe
D:\البرامج\للوصول السريع لأي مجلد أو لأي ملف FFSetup\للوصول السريع لأي مجلد أو لأي ملف FFSetup.exe
D:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP15\A0002731.exe
D:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP21\A0002954.exe
D:\System Volume Information\_restore{79F23986-02B9-4BC1-9678-795799D9C1EE}\RP9\A0002120.EXE
.
.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 00:05 393,248 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-06 00:05 --------- d-----w C:\Program Files\MSN Messenger
2008-09-05 23:59 3,444 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-05 23:24 2,168,352 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-05 23:24 19,068 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-05 22:54 --------- d-----w C:\Program Files\Google
2008-09-05 20:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-09-05 02:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\cleaner
2008-09-05 01:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberScrub
2008-09-04 22:22 --------- d-----w C:\Program Files\Windows Live
2008-09-04 22:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-04 22:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-09-02 20:41 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Paltalk
2008-09-02 20:37 --------- d-----w C:\Program Files\Paltalk Messenger
2008-09-02 03:37 --------- d-----w C:\Program Files\Admiresoft
2008-09-02 03:36 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-09-02 03:36 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-09-02 03:36 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-09-02 03:36 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-09-02 03:36 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-09-02 03:36 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-09-02 03:36 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-09-02 03:36 --------- d-----w C:\Program Files\Real_SC
2008-09-02 03:17 --------- d-----w C:\Program Files\FastFolders
2008-09-02 03:09 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-09-02 03:09 --------- d-----w C:\Program Files\mpegable
2008-09-02 02:57 --------- d-----w C:\Program Files\TechSmith
2008-09-02 02:50 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-02 02:50 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-02 02:37 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-02 02:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
2008-09-01 23:53 --------- d-----w C:\Program Files\VS Revo Group
2008-09-01 23:53 --------- d-----w C:\Program Files\DFX
2008-09-01 23:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DFX
2008-09-01 23:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-09-01 23:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-09-01 23:14 --------- d-----w C:\Program Files\Ahead
2008-09-01 23:13 --------- d-----w C:\Program Files\iColorFolder
2008-09-01 23:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DeskSoft
2008-09-01 23:00 --------- d-----w C:\Program Files\Mobily Connect Card
2008-09-01 21:38 --------- d-----w C:\Program Files\Thomson
2008-09-01 21:31 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-01 21:08 --------- d-----w C:\Program Files\CyberLink
2008-09-01 21:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-09-01 21:07 --------- d-----w C:\Program Files\Intel
2008-09-01 21:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-31 22:54 --------- d-----w C:\Documents and Settings\User\Application Data\Paltalk
2008-08-31 22:21 --------- d-----w C:\Program Files\IVT Corporation
2008-08-29 14:43 25,088 ----a-w C:\WINDOWS\system32\msxml3a.dll
2008-08-27 10:29 --------- d-----w C:\Documents and Settings\User\Application Data\ACD Systems
2008-08-26 17:25 --------- d-----w C:\Documents and Settings\User\Application Data\CyberLink
2008-08-26 16:27 --------- d-----w C:\Program Files\Clone Shareware
2008-08-26 16:22 --------- d-----w C:\Documents and Settings\User\Application Data\Media Player Classic
2008-08-26 06:23 --------- d-----w C:\Program Files\AmanLinks_Beta_0.0.4
2008-08-26 06:19 --------- d-----w C:\Program Files\Common Files\DFX
2008-08-26 06:16 --------- d-----w C:\Documents and Settings\User\Application Data\DeskSoft
2008-08-26 06:10 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-25 15:53 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-25 15:39 --------- d-----w C:\Program Files\Macromedia
2008-08-25 15:35 --------- d-----w C:\Program Files\Java
2008-08-25 15:34 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-25 15:34 --------- d-----w C:\Program Files\Common Files\Real
2008-08-25 15:33 --------- d-----w C:\Program Files\Real
2008-08-25 15:33 --------- d-----w C:\Program Files\Common Files\Java
2008-08-25 15:32 --------- d-----w C:\Program Files\Nero
2008-08-25 15:32 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-25 15:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-25 15:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-25 15:26 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-25 15:26 --------- d-----w C:\Documents and Settings\User\Application Data\GRETECH
2008-08-25 15:25 --------- d-----w C:\Program Files\GRETECH
2008-08-25 15:25 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-25 15:24 --------- d-----w C:\Program Files\Ozone
2008-08-25 15:24 --------- d-----w C:\Program Files\ACD Systems
2008-08-25 14:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-25 14:53 --------- d-----w C:\Program Files\Microsoft Works
2008-08-25 08:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-01 21:09 83,288 ----a-w C:\dfxbtn.dll
2008-07-01 21:09 1,086,808 ----a-w C:\dfxrealr.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((( snapshot@Fri 09-05-2008_ 4.18.29.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2008-05-27 17:31:16 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\updspapi.dll
+ 2004-08-03 21:56:44 294,400 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\msctf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\updspapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 15:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-07-12 23:31:54 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2003-07-14 19:57:08 44,608 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.5614\CONVTEXT.EXE
+ 2003-05-28 12:42:48 514,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.5614\INTLNAME.DLL
+ 2003-05-28 12:42:50 342,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.5614\METCONV.DLL
+ 2007-04-19 10:54:56 169,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2007-03-22 16:07:56 91,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-04-19 11:10:18 45,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\AUTHZAX.DLL
+ 2007-03-22 16:29:56 99,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\AW.DLL
+ 2007-03-22 16:06:08 355,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\CDLMSO.DLL
+ 2007-04-19 10:55:16 53,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\DFUICOM.EXE
+ 2007-03-22 16:07:54 80,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-22 16:23:32 19,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\DSITF.DLL
+ 2007-05-10 10:44:02 121,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\DSSM.EXE
+ 2007-03-22 16:29:28 43,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\DWDCW20.DLL
+ 2007-03-22 16:29:28 39,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\DWTRIG20.EXE
+ 2007-04-19 10:53:52 137,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 10:41:06 10,352,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-03-22 16:06:34 17,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\FINDER.EXE
+ 2007-06-06 07:53:34 1,195,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2007-06-06 09:46:12 1,961,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\FPCUTL.DLL
+ 2007-04-19 11:15:26 192,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\FPDTC.DLL
+ 2007-04-19 10:47:40 186,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\FPERSON.DLL
+ 2007-05-31 10:50:10 1,168,736 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\FPSRVUTL.DLL
+ 2007-04-19 11:16:14 807,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\FPWEC.DLL
+ 2007-04-19 10:57:32 2,152,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\GRAPH.EXE
+ 2007-04-19 11:10:30 116,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\IEAWSDC.DLL
+ 2007-04-19 11:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 10:53:52 127,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-30 11:57:26 7,084,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\INFOPATH.EXE
+ 2007-04-19 10:57:44 82,272 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\INLAUNCH.DLL
+ 2007-04-09 10:24:04 758,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MDIGRAPH.DLL
+ 2007-04-09 10:23:58 231,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MDIINK.DLL
+ 2007-04-09 10:23:54 28,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MDIMON.DLL
+ 2007-04-09 10:23:54 28,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MDIPPR.DLL
+ 2007-04-09 10:23:58 46,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MDIUI.DLL
+ 2007-04-09 10:24:04 453,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MDIVWCTL.DLL
+ 2007-04-19 10:54:04 183,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-05-10 10:43:12 6,688,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2007-01-16 17:32:54 136,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 11:01:52 238,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-05-10 11:35:40 120,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL
+ 2005-05-03 21:06:28 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-03 21:06:32 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2007-04-30 12:11:38 89,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSENCODE.DLL
+ 2007-03-22 16:16:44 134,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSJSPP40.DLL
+ 2005-05-03 21:06:26 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2007-03-22 16:29:16 20,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSMH.DLL
+ 2007-06-18 14:16:32 12,259,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-04-19 11:10:34 127,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSOAUTH.DLL
+ 2007-03-22 16:04:52 109,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSOCF.DLL
+ 2007-03-22 16:04:52 130,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSOCFU.DLL
+ 2007-03-22 16:29:22 31,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSODCW.DLL
+ 2007-04-19 10:56:58 29,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSOEURO.DLL
+ 2007-04-19 11:07:38 61,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE
+ 2007-05-02 10:45:26 2,123,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSOLAP80.DLL
+ 2005-09-20 09:33:08 1,293,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSONSEXT.DLL
+ 2007-04-19 10:49:28 383,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSORUN.DLL
+ 2007-04-19 11:07:24 36,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSOSTYLE.DLL
+ 2007-03-22 16:29:24 39,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSOSV.DLL
+ 2007-04-19 11:07:32 45,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSOSVFBR.DLL
+ 2007-03-22 16:13:38 45,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSOXEV.DLL
+ 2007-03-22 16:13:38 58,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSOXMLED.EXE
+ 2007-04-19 10:57:40 46,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSOXMLMF.DLL
+ 2007-04-09 10:24:06 1,025,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSPCORE.DLL
+ 2007-04-09 10:23:52 25,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSPGIMME.DLL
+ 2007-05-10 10:35:04 6,747,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2007-04-09 10:24:00 367,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSPVIEW.EXE
+ 2007-03-22 16:29:32 44,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSSH.DLL
+ 2007-04-19 11:00:30 637,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSTORDB.EXE
+ 2007-04-19 11:00:22 130,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSTORE.EXE
+ 2007-04-19 11:00:30 489,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSTORES.DLL
+ 2007-04-19 11:09:02 157,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSWEBCAP.DLL
+ 2007-04-19 11:10:26 80,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\NAME.DLL
+ 2007-03-22 16:23:30 17,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\NPOFFICE.DLL
+ 2007-03-22 16:06:22 287,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OIS.EXE
+ 2007-04-19 10:50:52 837,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OISAPP.DLL
+ 2007-03-22 16:06:08 46,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OISCTRL.DLL
+ 2007-03-22 16:06:22 245,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OISGRAPH.DLL
+ 2007-04-19 11:09:46 1,061,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2007-04-19 10:52:16 30,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLACCT.DLL
+ 2007-04-19 10:53:48 109,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2007-05-31 10:43:46 7,613,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 10:53:44 106,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 10:42:14 200,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 10:53:56 149,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 10:53:24 69,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-22 16:07:28 52,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLWAB.DLL
+ 2007-03-14 10:10:22 7,255,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2007-05-10 10:45:34 8,069,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-05-31 10:35:22 6,420,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-03-22 16:05:34 434,016 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PP4X322.DLL
+ 2007-03-22 16:05:22 97,632 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 10:49:56 1,661,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2007-05-31 10:35:46 133,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-05-31 10:36:08 612,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-10 10:34:48 562,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-03-22 16:04:10 47,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PUBTRAP.DLL
+ 2007-03-22 16:07:10 41,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-06-06 09:07:40 100,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\REFEDIT.DLL
+ 2007-04-19 11:10:18 63,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\REFIEBAR.DLL
+ 2007-03-22 16:07:54 78,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 16:09:02 394,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\RTFHTML.DLL
+ 2007-03-22 16:07:40 69,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\SENDTO.DLL
+ 2007-04-19 11:10:20 65,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\SEQCHK10.DLL
+ 2007-03-22 16:29:16 14,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\SMARTTAGINSTALL.EXE
+ 2007-05-10 10:42:52 450,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\SOA.DLL
+ 2007-05-10 10:42:52 2,839,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\STSLIST.DLL
+ 2007-03-22 16:22:02 103,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-09 14:19:48 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 10:37:40 12,310,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2003-07-15 00:13:58 166,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL
+ 2003-07-14 19:43:20 87,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2003-07-14 19:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-14 19:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 00:14:28 350,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 00:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-25 15:57:20 75,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-14 19:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-14 19:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-31 12:19:52 131,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-08-12 23:34:38 10,073,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2003-07-14 19:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-08-03 07:56:16 1,146,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2003-07-23 20:01:40 1,949,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-07-14 20:36:14 186,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-14 19:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-14 19:40:12 165,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-25 16:00:16 1,157,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-25 16:14:50 799,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-14 20:11:42 2,139,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-14 19:57:44 87,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-14 19:53:50 161,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-07-23 19:32:32 121,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-08-01 12:07:36 4,815,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INFOPATH.EXE
+ 2003-07-14 19:45:14 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
+ 2003-06-18 14:31:44 758,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-06-18 14:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-18 14:31:48 17,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-06-18 14:31:48 18,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-18 14:31:46 35,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 14:31:34 443,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-07-14 19:46:08 176,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-08-14 21:54:08 6,627,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE
+ 2003-07-15 00:13:58 130,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL
+ 2003-07-14 19:58:04 230,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-14 19:51:50 116,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
+ 2002-12-17 16:08:50 359,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2002-12-17 16:08:54 1,383,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-14 19:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 00:14:00 139,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL
+ 2002-04-09 17:14:36 187,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2003-07-14 19:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-08-07 21:23:16 12,172,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-07-14 19:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 00:14:18 106,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-23 19:35:26 127,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-14 19:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-14 19:44:06 25,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-14 19:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2002-12-17 16:09:24 2,071,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2003-07-10 23:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 00:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-14 19:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-14 19:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-14 19:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-14 19:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-14 19:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-14 19:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-18 14:31:24 1,033,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-06-18 14:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-28 09:24:40 5,677,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPUB.EXE
+ 2003-06-19 13:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-14 19:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-14 20:02:14 627,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-14 19:56:24 124,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-23 19:40:00 482,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-14 20:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-14 19:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-14 19:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-15 00:14:26 283,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 00:14:26 828,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 00:14:26 27,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 00:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-14 20:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-14 19:41:56 24,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-07-14 19:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-08-09 20:06:42 7,522,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-14 19:44:32 88,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-14 19:45:18 196,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-14 19:43:48 139,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2003-07-14 19:43:18 64,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-14 19:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-08-04 10:19:34 7,330,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
+ 2003-08-01 12:09:04 8,086,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-07-30 09:40:40 6,133,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-07-15 00:18:54 430,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 00:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-31 12:21:08 1,782,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-14 19:40:26 130,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PRTF9.DLL
+ 2003-07-14 19:51:12 604,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PTXT9.DLL
+ 2003-07-14 19:50:26 551,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBCONV.DLL
+ 2003-07-14 19:40:16 51,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-07-14 19:42:26 37,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-05-08 18:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-14 19:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-07-14 19:43:30 74,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2003-07-21 08:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-14 19:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-14 19:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-14 19:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-08-06 10:26:18 445,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SOA.DLL
+ 2003-08-03 07:52:32 2,808,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-14 20:00:22 99,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2003-07-03 12:19:36 2,502,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2003-08-06 10:24:20 12,037,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
- 2008-09-03 19:39:37 593,920 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-09-05 19:49:37 593,920 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-09-03 19:39:37 12,288 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-09-05 19:49:37 12,288 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-03 19:39:37 86,016 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-09-05 19:49:37 86,016 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-09-03 19:39:37 135,168 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-09-05 19:49:37 135,168 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-03 19:39:37 11,264 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-09-05 19:49:37 11,264 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-09-03 19:39:37 27,136 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-09-05 19:49:37 27,136 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-09-03 19:39:37 4,096 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-09-05 19:49:37 4,096 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-09-03 19:39:38 794,624 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-09-05 19:49:38 794,624 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-09-03 19:39:37 249,856 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-09-05 19:49:37 249,856 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-09-03 19:39:37 61,440 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-09-05 19:49:37 61,440 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-09-03 19:39:38 23,040 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-09-05 19:49:38 23,040 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-09-03 19:39:37 286,720 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-09-05 19:49:37 286,720 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-09-03 19:39:37 409,600 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-09-05 19:49:37 409,600 ----a-r C:\WINDOWS\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-09-03 19:39:47 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-09-05 19:47:21 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-09-03 19:39:47 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-09-05 19:47:21 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-03 19:39:47 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-09-05 19:47:21 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-09-03 19:39:47 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-09-05 19:47:21 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-03 19:39:47 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-09-05 19:47:22 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-09-03 19:39:47 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-09-05 19:47:22 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-09-03 19:39:47 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-09-05 19:47:22 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-09-03 19:39:47 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-09-05 19:47:22 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-09-03 19:39:47 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-09-05 19:47:21 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-09-03 19:39:47 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-09-05 19:47:21 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-09-03 19:39:47 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-09-05 19:47:22 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-09-03 19:39:47 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-09-05 19:47:21 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-09-03 19:39:47 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-09-05 19:47:21 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-09-04 20:19:17 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
+ 2008-09-05 20:44:43 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
- 2008-09-04 20:19:17 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-05 20:44:43 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-05 20:44:43 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
- 2004-08-03 21:56:44 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:50 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2007-08-13 15:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2008-05-27 17:23:58 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2003-08-03 07:56:16 1,146,184 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-06-06 07:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2003-07-14 19:57:04 32,584 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2007-03-22 16:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-09-01 23:23:51 549,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-05 20:44:33 549,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2003-06-18 14:31:48 17,920 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2007-04-09 10:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll
- 2004-08-03 21:56:44 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-09-05 00:29:32 41,170 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-05 20:54:12 41,170 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-05 00:29:32 314,842 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-05 20:54:12 314,842 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2003-06-18 14:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 10:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2003-06-18 14:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 10:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
- 2003-06-18 14:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 10:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
- 2003-06-18 14:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 10:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2003-06-18 14:31:48 18,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 10:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [09/06/2008 01:54 AM 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/04/2008 01:58 AM 180269]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^SnagIt 7.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\SnagIt 7.lnk
backup=C:\WINDOWS\pss\SnagIt 7.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 01/11/2008 10:16 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
--a------ 06/26/2006 05:26 AM 118784 C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 12:56 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 06/23/2003 05:34 AM 114688 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 06/23/2003 05:34 AM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 10/18/2007 11:34 AM 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 12/18/2002 02:20 PM 86016 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 01/26/2004 11:38 AM 866816 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 09/04/2008 01:58 AM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 06/23/2003 05:35 AM 88267 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 06/20/2003 02:55 PM 55296 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM 24592]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM 27136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad5ebbd0-7879-11dd-803a-00030d000001}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad5ebbd3-7879-11dd-803a-00030d000001}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
O17 -: HKLM\CCS\Interface\{BCA42390-3101-4911-BA18-7C2BB4817FDE}: NameServer = 212.93.192.16 212.93.192.10
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2008-09-06 03:05:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 09/06/2008 3:06:41
ComboFix-quarantined-files.txt 2008-09-06 00:06:35
ComboFix2.txt 2008-09-05 01:19:28
Pre-Run: 88,064,503,808 bytes free
Post-Run: 88,061,939,712 bytes free
560 --- E O F --- 2008-09-05 19:50:22

----------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:09:54 ص, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O2 - BHO: Helper Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{BCA42390-3101-4911-BA18-7C2BB4817FDE}: NameServer = 212.93.192.16 212.93.192.10
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
--
End of file - 4158 bytes
 
تأييد 0
روح لأضافة وازاله البرامج واحذف التولبار الي عندك

وبعد ما تحذف التولبار


عطل استعادة النظام ثم شغلها مرة اخرى



dis_sys_xp.jpg



وبعد ما تطبق المطلوب اعمل التالي






حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

zyzoom-3d6517b067.png


zyzoom-7717063ed7.png


zyzoom-cda271da05.png


zyzoom-26888dbf15.png


zyzoom-3f4576c288.png


ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي





بالأنتظار للتقرير الكاسبر ...؟​
 
توقيع : AbOdy
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى