مشكله في تثبيت برنآمج الحمآيه

[قمة جنوني]

السلام عليكم ..

عندي مشكله اذا جيت اثبت برنآمج الحمآيه

يطلع لي كذا

واذا حطيت ريموف يطلع كذا

بعدين كذا

بعدين كذا

ومآ يتثبت عندي مدري وش حكآيته ؟؟ :i:

سآعدوني :f:

 

[عاشق الصيانة]

انت محمل من قبل برنامج الحماية . ادهب الى القرص c ومن تم program file تم موافق . تم ابحت عن مجلد باسم كاسبر او اي مجلد تاني حق حماية . ولو منحدف روح شغل الجهاز من الوضع الامن
وتبع هدة الطريقة وان شاء الله يزبط معاااااك الكاسبر بالتووووووووفيق

 

[قمة جنوني]

اخوي موب رآضي ينحذف وطريقتك الثآنيه مآ فهمتهآ ممكن تشرح لي اكثر :f:

 

[عاشق الصيانة]

هدة جميع طرق لدخول في للوضع الامن
اختار الطريقة الاولى الانها سهلة جداً
ادخل على الرابط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

موفق يالغاااااااااالي

 

[قمة جنوني]

اخوي مآ ضبط معي نفس السآلفه رفض ينحذف :f::f:

 

[عاشق الصيانة]

طيب انت حصلت مجلد بأسم كاسبر في القرص c ام لا

 

[kemo_2009]

يا الغلا انت محمل برنامج حماية اسمه
F-Secure Antivirus 2008
روح وزيله من ازالة او اضافة البرامج من لوحة التحكم
وبهديها عيد تشغيل الكمبيوتر
وبعديها نزل الكاسبر من جديد واعطينا رد >> لا تنسانا

 

[قمة جنوني]

كآسبر مآفي

في بس هذا F-Secure Internet Security

ورفض ينحذف :no:

 

[قمة جنوني]

يا الغلا انت محمل برنامج حماية اسمه
F-Secure Antivirus 2008
روح وزيله من ازالة او اضافة البرامج من لوحة التحكم
وبهديها عيد تشغيل الكمبيوتر
وبعديها نزل الكاسبر من جديد واعطينا رد >> لا تنسانا


اخوي عآرفه بس المشكله انه موب راضي ينحذف ابدآ:f:

 

[عاشق الصيانة]

حمل البرنامج لحدف اي برنامج رغم انفة بس شغل البرنامج من الوضع الامن

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[قمة جنوني]

اخوي مآ قدرت لانه F-Secure Antivirus 2008

مهوب طآلع عندي الا في program file

شوف موب فيه

والحل :f:

 

[kemo_2009]

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​

​

 

[قمة جنوني]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:53, on 05/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ManyCam 2.3\ManyCam.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5940 bytes

 

[algnral]

حمل هالبرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ضعي اسماء برامج
احذفي كل القيم الي تحصلها بعدين روح محرك البحث وابحثي عن نفس الاسم واحذفي كل الملفات

 

[kemo_2009]

احذف التالي من تقريرك

O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)

O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)

طريقة الحذف
​

​

​

وبعديها اعد تشغيل الكمبيوتر وسوي تقرير ثاني
واذا قدرت حاول تحمل الكاسبر

 

[قمة جنوني]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:25, on 05/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ManyCam 2.3\ManyCam.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5259 bytes


هذا هو

حمل هالبرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ضعي اسماء برامج
احذفي كل القيم الي تحصلها بعدين روح محرك البحث وابحثي عن نفس الاسم واحذفي كل الملفات

بــ النسبه لك آخوي حملته شوف وش طلع لي

احذفهم كلهم ولا كيف ؟

 

[kemo_2009]

التقرير الاخير سليم

​

[/B][/SIZE][/COLOR][/FONT]


بعدها

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

عطل برنامج الحمايه واستخدم اداة SmitfraudFix​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

​

​

ثم قم بعمل تقرير هايجاك جديد

 

[قمة جنوني]

ComboFix 09-06-05.07 - Almiya 06/05/2009 16:07.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.503.209 [GMT 3:00]
Running from: c:\documents and settings\Almiya\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-05 12:52 . 2009-06-05 12:52 -------- d-----w- c:\windows\LastGood
2009-06-05 12:28 . 2009-06-05 12:28 -------- d-----w- c:\program files\Trend Micro
2009-06-05 12:15 . 2009-06-05 12:15 -------- d-----w- c:\documents and settings\Almiya\Application Data\URSoft
2009-06-05 12:15 . 2009-06-05 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-05 10:08 . 2009-06-05 10:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-05 10:08 . 2009-06-05 10:08 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-03 21:14 . 2009-06-03 21:14 5300 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-06-03 20:58 . 2009-06-03 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-03 20:38 . 2009-06-03 21:14 57059 ----a-w- c:\windows\BricoPackUninst.cmd
2009-06-03 20:27 . 2009-06-03 20:27 -------- d-----w- c:\windows\BricoPacks
2009-06-03 20:16 . 2009-06-03 20:16 -------- d-----w- c:\documents and settings\Almiya\Local Settings\Application Data\Stardock
2009-06-03 20:10 . 2009-06-03 20:10 -------- d-----w- c:\program files\ManyCam 2.3
2009-05-30 05:26 . 2009-06-03 19:49 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-30 05:26 . 2009-05-30 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-26 21:30 . 2009-05-29 02:53 10272 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-26 00:33 . 2004-08-03 21:55 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-05-26 00:33 . 2004-08-03 21:55 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-05-26 00:33 . 2004-08-03 20:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-05-26 00:33 . 2004-08-03 20:10 78464 ----a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-05-26 00:33 . 2004-08-03 20:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-26 00:33 . 2004-08-03 20:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-05-25 02:28 . 2009-05-25 02:28 -------- d-----w- c:\program files\Pwndsoft
2009-05-25 01:58 . 2009-05-25 01:57 58952 ----a-w- c:\windows\system32\MsgPlusLoader.dll
2009-05-25 01:57 . 2009-05-25 01:57 -------- d-----w- c:\program files\MessengerPlus! 3
2009-05-25 01:39 . 2009-05-25 01:39 -------- d-----w- c:\documents and settings\Almiya\Local Settings\Application Data\PCHealth
2009-05-25 01:26 . 2009-05-25 01:26 -------- d-sh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-05-16 14:13 . 2009-05-16 14:13 -------- d-sh--w- C:\FOUND.025
2009-05-16 09:08 . 2009-05-16 09:08 -------- d-sh--w- C:\FOUND.024
2009-05-14 10:08 . 2009-05-14 10:08 -------- d-----w- c:\program files\ESET
2009-05-10 11:34 . 2009-05-10 11:34 -------- d-----w- c:\documents and settings\Almiya\Application Data\INAC
2009-05-10 11:34 . 2009-05-10 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\INAC
2009-05-10 11:29 . 2009-05-10 11:29 -------- d-----w- C:\AllokMP3toAMRFolder
2009-05-09 16:45 . 2009-05-09 16:45 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-09 16:45 . 2009-05-09 16:45 -------- d-----w- c:\documents and settings\Almiya\Application Data\TuneUp Software
2009-05-09 16:45 . 2009-05-09 16:45 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-09 16:45 . 2009-05-09 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-09 16:44 . 2009-05-09 16:44 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-09 13:19 . 2009-05-09 13:19 -------- d-----w- c:\program files\freeOT
2009-05-09 13:19 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-05-09 12:02 . 2009-05-09 12:02 -------- d-----w- c:\documents and settings\Almiya\Local Settings\Application Data\WMTools Downloaded Files
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----w- C:\BalotNet
2009-05-08 18:47 . 2007-02-15 00:32 81920 ----a-w- c:\windows\system32\GkSui20.EXE
2009-05-08 18:47 . 1998-12-02 07:11 143360 ----a-w- c:\windows\system32\fsuz.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 12:55 . 2009-01-16 15:40 3286 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-05 12:49 . 2008-12-29 00:16 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-03 20:18 . 2008-11-03 15:16 245840 ----a-w- c:\documents and settings\Almiya\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-03 19:52 . 2009-03-01 15:09 67645 ----a-w- c:\windows\system32\drivers\pshook11.sys
2009-05-29 02:53 . 2009-05-26 21:30 1196 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-27 17:48 . 2009-05-27 17:48 -------- d-----w- c:\documents and settings\Almiya\Application Data\CyberScrub
2009-05-27 17:48 . 2009-05-27 17:48 -------- d-----w- c:\documents and settings\Almiya\Application Data\cleaner
2009-05-25 00:31 . 2009-03-16 01:10 5680 ----a-w- c:\windows\system32\drivers\psntkd20.sys
2009-04-28 14:23 . 2009-04-28 14:23 2678 ----a-w- c:\windows\java\Packages\Data\UE8G4DJL.DAT
2009-04-28 14:23 . 2009-04-28 14:23 2678 ----a-w- c:\windows\java\Packages\Data\PJNHRPV5.DAT
2009-04-28 14:23 . 2009-04-28 14:23 2678 ----a-w- c:\windows\java\Packages\Data\MPVF9V9R.DAT
2009-04-28 14:23 . 2009-04-28 14:23 2678 ----a-w- c:\windows\java\Packages\Data\O4413FN1.DAT
2009-04-28 14:23 . 2009-04-28 14:23 2678 ----a-w- c:\windows\java\Packages\Data\G1JB7FVV.DAT
2009-04-09 11:41 . 2009-04-09 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-04-09 02:19 . 2009-04-09 02:19 -------- d-----w- c:\documents and settings\Almiya\Application Data\Apple Computer
2009-04-07 14:10 . 2009-04-07 14:10 -------- d-----w- c:\documents and settings\Almiya\Application Data\Yahoo!
2009-04-07 14:06 . 2009-04-07 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-19 02:46 . 2008-11-03 16:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-03-19 02:46 . 2008-11-03 16:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-03-19 01:32 . 2009-03-19 01:32 390664 ----a-w- c:\documents and settings\Almiya\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-03-12 17:58 . 2009-01-01 14:39 204800 ----a-w- c:\documents and settings\Almiya\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-03-12 17:58 . 2009-01-01 14:39 126464 ----a-w- c:\documents and settings\Almiya\Application Data\GRETECH\GomPlayer\GrLauncher.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-05-26_19.22.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 23:19 . 2007-11-06 23:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 03:07 . 2008-07-29 03:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 03:07 . 2008-07-29 03:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-11-03 15:07 . 2008-10-16 11:09 66584 c:\windows\system32\wuauclt.exe
+ 2004-08-03 18:55 . 2009-01-14 23:06 62464 c:\windows\system32\url.dll
+ 2004-08-03 18:56 . 2004-08-03 18:56 55808 c:\windows\system32\narrator.exe
+ 2004-08-03 18:55 . 2004-08-03 18:55 85504 c:\windows\system32\mydocs.dll
- 2004-08-03 21:55 . 2004-08-03 19:08 17408 c:\windows\system32\msyuv.dll
+ 2004-08-03 21:55 . 2004-08-03 21:55 17408 c:\windows\system32\msyuv.dll
+ 2004-08-03 21:55 . 2004-08-03 21:55 47616 c:\windows\system32\iyuv_32.dll
- 2004-08-03 21:55 . 2004-08-03 19:08 47616 c:\windows\system32\iyuv_32.dll
+ 2007-06-08 06:52 . 2007-06-08 06:52 27136 c:\windows\system32\drivers\tapvpn.sys
+ 2008-01-14 10:06 . 2008-01-14 10:06 21632 c:\windows\system32\drivers\ManyCam.sys
+ 2008-11-03 15:07 . 2008-10-16 11:09 66584 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-03 21:55 . 2004-08-03 21:55 17408 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-03 21:55 . 2004-08-03 21:55 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2001-09-19 09:00 . 2001-09-19 09:00 70144 c:\windows\system32\console.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 82432 c:\windows\system32\cabview.dll
+ 2006-01-18 14:50 . 2006-01-18 14:50 57344 c:\windows\Downloaded Program Files\IMSInfo.dll
+ 2006-05-21 07:43 . 2006-05-21 07:43 53248 c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
+ 2006-05-21 07:43 . 2006-05-21 07:43 35328 c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\Uninst.exe
+ 2006-05-21 07:43 . 2006-05-21 07:43 65536 c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
+ 2006-05-21 07:43 . 2006-05-21 07:43 57344 c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\Plugins\iZoom\fx.dll
+ 2006-05-21 07:43 . 2006-05-21 07:43 53248 c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\Plugins\iBounce\fx.dll
+ 2005-06-01 19:41 . 2005-06-01 19:41 65536 c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
+ 2006-05-21 07:49 . 2006-05-21 07:49 32610 c:\windows\BricoPacks\Vista Inspirat 2\Tools\refresh.exe
+ 2006-05-21 07:49 . 2006-05-21 07:49 11776 c:\windows\BricoPacks\Vista Inspirat 2\Tools\dialog.exe
+ 2007-03-18 22:04 . 2007-03-18 22:04 69632 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\Tools\Debug.exe
+ 2007-03-18 22:04 . 2007-03-18 22:04 69632 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
+ 2007-05-28 15:06 . 2007-05-28 15:06 15191 c:\windows\BricoPacks\Vista Inspirat 2\ResFiles\77_logonui.exe\UIFILE_1000.bin
+ 2009-06-03 21:13 . 2008-10-16 11:09 66584 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\73_wuauclt.exe
+ 2009-06-03 21:13 . 2009-01-14 23:06 62464 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\64_url.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 82432 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\6_cabview.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 28672 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\4_batmeter.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 55808 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\35_narrator.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 85504 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\34_mydocs.dll
+ 2009-06-03 21:13 . 2001-09-19 09:00 70144 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\11_console.dll
+ 2007-04-22 08:18 . 2007-04-22 08:18 98304 c:\windows\BricoPacks\Vista Inspirat 2\pack-it.exe
+ 2009-06-03 21:14 . 2009-06-03 21:14 33617 c:\windows\BricoPacks\Vista Inspirat 2\iColorFolder\uninstall.exe
+ 2001-10-18 21:51 . 2001-10-18 21:51 46592 c:\windows\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll
+ 2009-06-03 21:13 . 2008-10-16 11:09 51224 c:\windows\BricoPacks\SysFiles\73_wuauclt.exe
+ 2009-06-03 21:13 . 2009-01-14 23:06 73216 c:\windows\BricoPacks\SysFiles\64_url.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 89088 c:\windows\BricoPacks\SysFiles\6_cabview.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 69120 c:\windows\BricoPacks\SysFiles\41_notepad.exe
+ 2009-06-03 21:13 . 2004-08-03 18:56 69120 c:\windows\BricoPacks\SysFiles\40_notepad.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 37888 c:\windows\BricoPacks\SysFiles\4_batmeter.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 56320 c:\windows\BricoPacks\SysFiles\35_narrator.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 80384 c:\windows\BricoPacks\SysFiles\34_mydocs.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 84480 c:\windows\BricoPacks\SysFiles\2_ahui.exe
+ 2009-06-03 21:13 . 2001-09-19 09:00 68608 c:\windows\BricoPacks\SysFiles\11_console.dll
+ 2001-09-18 11:05 . 2001-09-18 11:05 8192 c:\windows\system32\tsbyuv.dll
- 2001-09-18 11:05 . 2001-09-19 09:00 8192 c:\windows\system32\tsbyuv.dll
+ 2001-09-18 11:05 . 2001-09-18 11:05 8192 c:\windows\system32\dllcache\tsbyuv.dll
+ 2006-05-21 07:43 . 2006-05-21 07:43 6144 c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\Languages\LanguageID Finder.exe
+ 2007-01-01 15:24 . 2007-01-01 15:24 6144 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\Tools\LanguageID Finder.exe
+ 2008-07-29 05:05 . 2008-07-29 05:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 00:54 . 2008-07-29 00:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2004-08-03 18:56 . 2004-08-03 18:56 905216 c:\windows\system32\zipfldr.dll
+ 2008-11-03 15:07 . 2004-08-03 21:56 284672 c:\windows\system32\wuauclt1.exe
+ 2004-08-03 18:55 . 2007-03-17 13:44 332288 c:\windows\system32\winsrv.dll
+ 2004-08-03 18:55 . 2009-01-14 23:05 902656 c:\windows\system32\wininet.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 769024 c:\windows\system32\wiashext.dll
+ 2004-08-03 18:56 . 2004-08-03 18:56 883200 c:\windows\system32\wiaacmgr.exe
+ 2004-08-03 18:55 . 2009-01-14 23:06 397312 c:\windows\system32\webcheck.dll
+ 2004-08-03 18:56 . 2004-08-03 18:56 536064 c:\windows\system32\usmt\migwiz.exe
+ 2004-08-03 18:55 . 2004-08-03 18:55 386560 c:\windows\system32\themeui.dll
+ 2004-08-03 18:56 . 2004-08-03 18:56 185344 c:\windows\system32\taskmgr.exe
+ 2004-08-03 18:56 . 2004-08-03 18:56 182272 c:\windows\system32\sysocmgr.exe
+ 2004-08-03 18:55 . 2004-08-03 18:55 147456 c:\windows\system32\stobject.dll
+ 2008-11-03 15:05 . 2001-09-19 12:00 152576 c:\windows\system32\sndvol32.exe
+ 2008-11-03 15:05 . 2004-08-03 21:56 180224 c:\windows\system32\sndrec32.exe
+ 2004-08-03 18:55 . 2008-10-13 10:55 498688 c:\windows\system32\shlwapi.dll
+ 2004-08-03 18:54 . 2004-08-03 18:54 665088 c:\windows\system32\shdoclc.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 738304 c:\windows\system32\printui.dll
+ 2004-08-03 18:55 . 2009-01-14 23:05 170496 c:\windows\system32\occache.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 231424 c:\windows\system32\ntshrui.dll
+ 2004-08-03 18:56 . 2004-08-03 18:56 155136 c:\windows\system32\notepad.exe
+ 2004-08-03 18:55 . 2004-08-03 18:55 412672 c:\windows\system32\newdev.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 144384 c:\windows\system32\netid.dll
+ 2008-11-03 15:05 . 2004-08-03 19:59 657408 c:\windows\system32\mstscax.dll
+ 2008-11-03 15:06 . 2004-08-03 21:55 321536 c:\windows\system32\mstask.dll
+ 2008-11-03 15:05 . 2004-08-03 21:56 438784 c:\windows\system32\mspaint.exe
+ 2004-08-03 21:56 . 2004-08-03 21:56 294912 c:\windows\system32\msh263.drv
- 2004-08-03 21:56 . 2004-08-03 19:08 294912 c:\windows\system32\msh263.drv
+ 2004-08-03 18:53 . 2004-08-03 18:53 380416 c:\windows\system32\moricons.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 402432 c:\windows\system32\keymgr.dll
+ 2001-09-19 09:00 . 2001-09-19 09:00 280064 c:\windows\system32\inetcplc.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 158208 c:\windows\system32\hotplug.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 391680 c:\windows\system32\fontext.dll
+ 2008-11-03 14:59 . 2009-06-03 20:54 668984 c:\windows\system32\FNTCACHE.DAT
+ 2007-03-17 13:44 . 2007-03-17 13:44 332288 c:\windows\system32\dllcache\winsrv.dll
+ 2008-11-03 15:06 . 2004-08-03 21:56 222720 c:\windows\system32\dllcache\msimn.exe
+ 2004-08-03 18:56 . 2004-08-03 18:56 536064 c:\windows\system32\dllcache\migwiz.exe
+ 2008-11-03 15:07 . 2004-08-03 21:56 764928 c:\windows\system32\dllcache\helpctr.exe
+ 2007-06-13 13:22 . 2007-06-13 13:22 974336 c:\windows\system32\dllcache\explorer.exe
+ 2004-08-03 18:55 . 2004-08-03 18:55 285184 c:\windows\system32\credui.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 450048 c:\windows\system32\cmdial32.dll
+ 2004-08-03 18:56 . 2004-08-03 18:56 415232 c:\windows\system32\cmd.exe
+ 2004-08-03 18:56 . 2004-08-03 18:56 108544 c:\windows\system32\cleanmgr.exe
+ 2008-11-03 15:05 . 2001-09-19 12:00 117760 c:\windows\system32\calc.exe
+ 2004-08-03 18:56 . 2004-08-03 18:56 100864 c:\windows\system32\ahui.exe
+ 2007-04-21 09:07 . 2007-04-21 09:07 894464 c:\windows\Resources\Themes\Inspirat2\Shell\ClassicXP\Shellstyle.dll
+ 2004-08-03 18:56 . 2004-08-03 18:56 224768 c:\windows\regedit.exe
+ 2008-11-03 15:07 . 2004-08-03 21:56 764928 c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-11-03 15:00 . 2004-08-03 18:56 155136 c:\windows\notepad.exe
+ 2004-08-03 18:56 . 2007-06-13 13:22 974336 c:\windows\explorer.exe
+ 2006-05-21 07:43 . 2006-05-21 07:43 155648 c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
+ 2007-05-28 15:06 . 2007-05-28 15:06 155417 c:\windows\BricoPacks\Vista Inspirat 2\Update.exe
+ 2006-05-21 07:43 . 2006-05-21 07:43 180224 c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
+ 2007-03-18 22:05 . 2007-03-18 22:05 630784 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
+ 2007-03-04 07:48 . 2007-03-04 07:48 106496 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\Docklets\RocketClock\RocketClock.dll
+ 2006-05-21 07:49 . 2006-05-21 07:49 881664 c:\windows\BricoPacks\Vista Inspirat 2\ResHacker\ResHacker.exe
+ 2009-06-03 21:14 . 2009-06-03 21:14 153834 c:\windows\BricoPacks\Vista Inspirat 2\Remove.exe
+ 2007-04-22 10:31 . 2007-04-22 10:31 147456 c:\windows\BricoPacks\Vista Inspirat 2\Panel.exe
+ 2009-06-03 21:14 . 2009-01-31 19:13 218624 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\Ux_uxtheme.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 415232 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\9_cmd.exe
+ 2009-06-03 21:13 . 2004-08-03 21:56 222720 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\80_msimn.exe
+ 2009-06-03 21:13 . 2004-08-03 18:56 108544 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\8_cleanmgr.exe
+ 2009-06-03 21:13 . 2004-08-03 18:56 905216 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\77_zipfldr.dll
+ 2009-06-03 21:13 . 2004-08-03 21:56 284672 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\74_wuauclt1.exe
+ 2009-06-03 21:13 . 2007-03-17 13:44 332288 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\71_winsrv.dll
+ 2009-06-03 21:13 . 2001-09-19 12:00 117760 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\7_calc.exe
+ 2009-06-03 21:13 . 2009-01-14 23:05 902656 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\69_wininet.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 769024 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\68_wiashext.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 883200 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\67_wiaacmgr.exe
+ 2009-06-03 21:13 . 2009-01-14 23:06 397312 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\66_webcheck.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 386560 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\62_themeui.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 185344 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\60_taskmgr.exe
+ 2009-06-03 21:13 . 2004-08-03 18:56 182272 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\58_sysocmgr.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 147456 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\56_stobject.dll
+ 2009-06-03 21:13 . 2001-09-19 12:00 152576 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\55_sndvol32.exe
+ 2009-06-03 21:13 . 2004-08-03 21:56 180224 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\54_sndrec32.exe
+ 2009-06-03 21:13 . 2008-10-13 10:55 498688 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\53_shlwapi.dll
+ 2009-06-03 21:13 . 2004-08-03 18:54 665088 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\49_shdoclc.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 224768 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\48_regedit.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 738304 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\46_printui.dll
+ 2009-06-03 21:13 . 2009-01-14 23:05 170496 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\44_occache.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 231424 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\42_ntshrui.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 155136 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\41_notepad.exe
+ 2009-06-03 21:13 . 2004-08-03 18:56 155136 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\40_notepad.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 412672 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\39_newdev.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 144384 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\37_netid.dll
+ 2009-06-03 21:13 . 2004-08-03 19:59 657408 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\33_mstscax.dll
+ 2009-06-03 21:13 . 2004-08-03 21:55 321536 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\32_mstask.dll
+ 2009-06-03 21:13 . 2004-08-03 21:56 438784 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\31_mspaint.exe
+ 2009-06-03 21:13 . 2004-08-03 18:53 380416 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\28_moricons.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 536064 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\26_migwiz.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 402432 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\23_keymgr.dll
+ 2009-06-03 21:13 . 2001-09-19 09:00 280064 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\20_inetcplc.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 100864 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\2_ahui.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 158208 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\18_hotplug.dll
+ 2009-06-03 21:13 . 2004-08-03 21:56 764928 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\17_helpctr.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 391680 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\15_fontext.dll
+ 2009-06-03 21:13 . 2007-06-13 13:22 974336 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\14_explorer.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 285184 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\12_credui.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 450048 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\10_cmdial32.dll
+ 2005-06-09 22:08 . 2005-06-09 22:08 283294 c:\windows\BricoPacks\Vista Inspirat 2\iColorFolder\skins\Vista Inspirat\iColorFolder.dll
+ 2006-03-09 14:33 . 2006-03-09 14:33 405504 c:\windows\BricoPacks\Vista Inspirat 2\iColorFolder\iColorFolder.exe
+ 2009-06-03 21:14 . 2005-06-09 22:08 283294 c:\windows\BricoPacks\Vista Inspirat 2\iColorFolder\iColorFolder.dll
+ 2009-06-03 21:14 . 2009-01-31 19:13 218624 c:\windows\BricoPacks\SysFiles\Ux_uxtheme.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 390144 c:\windows\BricoPacks\SysFiles\9_cmd.exe
+ 2009-06-03 21:13 . 2004-08-03 21:56 123904 c:\windows\BricoPacks\SysFiles\80_msimn.exe
+ 2009-06-03 21:13 . 2004-08-03 18:56 112128 c:\windows\BricoPacks\SysFiles\8_cleanmgr.exe
+ 2009-06-03 21:13 . 2004-08-03 18:56 515072 c:\windows\BricoPacks\SysFiles\78_logonui.exe
+ 2009-06-03 21:13 . 2004-08-03 21:56 198144 c:\windows\BricoPacks\SysFiles\74_wuauclt1.exe
+ 2009-06-03 21:13 . 2007-03-17 13:44 332800 c:\windows\BricoPacks\SysFiles\71_winsrv.dll
+ 2009-06-03 21:13 . 2001-09-19 12:00 116224 c:\windows\BricoPacks\SysFiles\7_calc.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 697856 c:\windows\BricoPacks\SysFiles\68_wiashext.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 525312 c:\windows\BricoPacks\SysFiles\67_wiaacmgr.exe
+ 2009-06-03 21:13 . 2009-01-14 23:06 395264 c:\windows\BricoPacks\SysFiles\66_webcheck.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 445440 c:\windows\BricoPacks\SysFiles\62_themeui.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 242688 c:\windows\BricoPacks\SysFiles\60_taskmgr.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 133120 c:\windows\BricoPacks\SysFiles\56_stobject.dll
+ 2009-06-03 21:13 . 2001-09-19 12:00 112128 c:\windows\BricoPacks\SysFiles\55_sndvol32.exe
+ 2009-06-03 21:13 . 2004-08-03 21:56 180224 c:\windows\BricoPacks\SysFiles\54_sndrec32.exe
+ 2009-06-03 21:13 . 2008-10-13 10:55 483840 c:\windows\BricoPacks\SysFiles\53_shlwapi.dll
+ 2009-06-03 21:13 . 2004-08-03 18:54 625152 c:\windows\BricoPacks\SysFiles\49_shdoclc.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 268288 c:\windows\BricoPacks\SysFiles\48_regedit.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 927744 c:\windows\BricoPacks\SysFiles\47_rasdlg.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 910848 c:\windows\BricoPacks\SysFiles\46_printui.dll
+ 2009-06-03 21:13 . 2009-01-14 23:05 176640 c:\windows\BricoPacks\SysFiles\44_occache.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 152576 c:\windows\BricoPacks\SysFiles\42_ntshrui.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 156672 c:\windows\BricoPacks\SysFiles\37_netid.dll
+ 2009-06-03 21:13 . 2004-08-03 19:59 655360 c:\windows\BricoPacks\SysFiles\33_mstscax.dll
+ 2009-06-03 21:13 . 2004-08-03 21:55 323072 c:\windows\BricoPacks\SysFiles\32_mstask.dll
+ 2009-06-03 21:13 . 2004-08-03 21:56 354304 c:\windows\BricoPacks\SysFiles\31_mspaint.exe
+ 2009-06-03 21:13 . 2004-08-03 18:53 497152 c:\windows\BricoPacks\SysFiles\28_moricons.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 220672 c:\windows\BricoPacks\SysFiles\24_logon.scr
+ 2009-06-03 21:13 . 2004-08-03 18:55 225280 c:\windows\BricoPacks\SysFiles\23_keymgr.dll
+ 2009-06-03 21:13 . 2001-09-19 09:00 385536 c:\windows\BricoPacks\SysFiles\20_inetcplc.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 173568 c:\windows\BricoPacks\SysFiles\18_hotplug.dll
+ 2009-06-03 21:13 . 2004-08-03 21:56 741888 c:\windows\BricoPacks\SysFiles\17_helpctr.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 392192 c:\windows\BricoPacks\SysFiles\15_fontext.dll
+ 2009-06-03 21:14 . 2007-04-21 09:07 894464 c:\windows\BricoPacks\SysFiles\125_Shellstyle.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 285184 c:\windows\BricoPacks\SysFiles\12_credui.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 516096 c:\windows\BricoPacks\SysFiles\10_cmdial32.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2004-08-03 18:54 . 2004-08-03 18:54 6142464 c:\windows\system32\xpsp2res.dll
+ 2004-08-03 18:55 . 2009-01-14 23:06 1286656 c:\windows\system32\urlmon.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 1239040 c:\windows\system32\syssetup.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 1788416 c:\windows\system32\shimgvw.dll
+ 2004-08-03 18:55 . 2008-10-13 10:55 1776640 c:\windows\system32\shdocvw.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 1230848 c:\windows\system32\rasdlg.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 2114560 c:\windows\system32\netshell.dll
+ 2004-08-03 18:55 . 2009-01-14 23:13 6161920 c:\windows\system32\mshtml.dll
+ 2004-08-03 18:55 . 2004-08-03 18:55 1100800 c:\windows\system32\msgina.dll
+ 2004-08-03 18:56 . 2004-08-03 18:56 5650432 c:\windows\system32\logonui.exe
+ 2004-08-03 18:56 . 2004-08-03 18:56 3128320 c:\windows\system32\logon.scr
- 2009-03-17 00:21 . 2009-02-09 11:48 2182016 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2004-08-03 18:49 . 2009-02-09 11:48 2182016 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-03-17 00:21 . 2009-02-09 11:48 2059264 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2004-08-03 21:48 . 2009-02-09 11:48 2059264 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-11-03 15:07 . 2004-08-03 21:56 3676160 c:\windows\system32\dllcache\moviemk.exe
+ 2004-08-03 18:55 . 2008-10-13 10:55 1020928 c:\windows\system32\browseui.dll
+ 2005-08-20 11:48 . 2005-08-20 11:48 1201664 c:\windows\Resources\Themes\Vista\Shell\VISTA22\shellstyle.dll
+ 2005-08-20 09:30 . 2005-08-20 09:30 2085888 c:\windows\Resources\Themes\Vista\Shell\VISTA2\shellstyle.dll
+ 2005-08-20 11:48 . 2005-08-20 11:48 1201664 c:\windows\Resources\Themes\Vista\Shell\VISTA12\shellstyle.dll
+ 2005-08-20 09:30 . 2005-08-20 09:30 2085888 c:\windows\Resources\Themes\Vista\Shell\NormalColor\shellstyle.dll
+ 2007-04-20 17:16 . 2007-04-20 17:16 1117184 c:\windows\Resources\Themes\Inspirat2\Shell\NormalColor\Shellstyle.dll
+ 2007-04-20 17:16 . 2007-04-20 17:16 1117184 c:\windows\Resources\Themes\Inspirat2\Shell\AeroBlue\Shellstyle.dll
+ 2007-04-20 17:16 . 2007-04-20 17:16 1117184 c:\windows\Resources\Themes\Inspirat2\Shell\AeroBlack\Shellstyle.dll
+ 2006-05-21 07:43 . 2006-05-21 07:43 1645320 c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\gdiplus.dll
+ 2007-01-01 15:23 . 2007-01-01 15:23 1645320 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\gdiplus.dll
+ 2009-06-03 21:13 . 2004-08-03 21:56 3676160 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\82_moviemk.exe
+ 2009-06-03 21:13 . 2004-08-03 21:54 7415296 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\81_msoeres.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 5650432 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\78_logonui.exe
+ 2009-06-03 21:13 . 2004-08-03 18:54 6142464 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\76_xpsp2res.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 1457664 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\70_WINNTBBU.DLL
+ 2009-06-03 21:13 . 2009-01-14 23:06 1286656 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\65_urlmon.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 1239040 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\59_syssetup.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 1788416 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\52_shimgvw.dll
+ 2009-06-03 21:13 . 2008-10-13 10:55 1776640 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\50_shdocvw.dll
+ 2009-06-03 21:13 . 2008-10-13 10:55 1020928 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\5_browseui.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 1230848 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\47_rasdlg.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 2114560 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\38_netshell.dll
+ 2009-06-03 21:13 . 2009-01-14 23:13 6161920 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\30_mshtml.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 1100800 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\29_msgina.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 3128320 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\24_logon.scr
+ 2009-06-03 21:13 . 2004-08-03 21:56 3555328 c:\windows\BricoPacks\SysFiles\82_moviemk.exe
+ 2009-06-03 21:13 . 2004-08-03 21:54 7415296 c:\windows\BricoPacks\SysFiles\81_msoeres.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 3675648 c:\windows\BricoPacks\SysFiles\77_zipfldr.dll
+ 2009-06-03 21:13 . 2004-08-03 18:54 6389248 c:\windows\BricoPacks\SysFiles\76_xpsp2res.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 4656128 c:\windows\BricoPacks\SysFiles\70_WINNTBBU.DLL
+ 2009-06-03 21:13 . 2009-01-14 23:05 1013248 c:\windows\BricoPacks\SysFiles\69_wininet.dll
+ 2009-06-03 21:13 . 2009-01-14 23:06 1232896 c:\windows\BricoPacks\SysFiles\65_urlmon.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 4336640 c:\windows\BricoPacks\SysFiles\59_syssetup.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 3308544 c:\windows\BricoPacks\SysFiles\58_sysocmgr.exe
+ 2009-06-03 21:13 . 2004-08-03 18:55 6873600 c:\windows\BricoPacks\SysFiles\52_shimgvw.dll
+ 2009-06-03 21:13 . 2008-10-13 10:55 4476928 c:\windows\BricoPacks\SysFiles\50_shdocvw.dll
+ 2009-06-03 21:13 . 2008-10-13 10:55 1051136 c:\windows\BricoPacks\SysFiles\5_browseui.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 3557376 c:\windows\BricoPacks\SysFiles\39_newdev.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 2351616 c:\windows\BricoPacks\SysFiles\38_netshell.dll
+ 2009-06-03 21:13 . 2009-01-14 23:13 6112768 c:\windows\BricoPacks\SysFiles\30_mshtml.dll
+ 2009-06-03 21:13 . 2004-08-03 18:55 3161600 c:\windows\BricoPacks\SysFiles\29_msgina.dll
+ 2009-06-03 21:13 . 2004-08-03 18:56 3510784 c:\windows\BricoPacks\SysFiles\26_migwiz.exe
+ 2009-06-03 21:13 . 2007-06-13 13:22 1550848 c:\windows\BricoPacks\SysFiles\14_explorer.exe
+ 2009-06-03 21:14 . 2007-04-20 17:16 1117184 c:\windows\BricoPacks\SysFiles\126_Shellstyle.dll
+ 2009-06-03 21:14 . 2007-04-20 17:16 1117184 c:\windows\BricoPacks\SysFiles\124_Shellstyle.dll
+ 2009-06-03 21:14 . 2007-04-20 17:16 1117184 c:\windows\BricoPacks\SysFiles\123_Shellstyle.dll
+ 2009-06-03 21:14 . 2005-08-20 11:48 1201664 c:\windows\BricoPacks\SysFiles\121_shellstyle.dll
+ 2009-06-03 21:14 . 2005-08-20 09:30 2085888 c:\windows\BricoPacks\SysFiles\120_shellstyle.dll
+ 2009-06-03 21:14 . 2005-08-20 11:48 1201664 c:\windows\BricoPacks\SysFiles\119_shellstyle.dll
+ 2009-06-03 21:14 . 2005-08-20 09:30 2085888 c:\windows\BricoPacks\SysFiles\118_shellstyle.dll
+ 2004-08-03 18:55 . 2008-07-03 13:14 12854784 c:\windows\system32\shell32.dll
+ 2006-03-16 18:03 . 2008-07-03 13:14 12854784 c:\windows\system32\dllcache\shell32.dll
+ 2009-06-03 21:13 . 2008-07-03 13:14 12854784 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\51_shell32.dll
+ 2009-06-03 21:13 . 2008-07-03 13:14 25228800 c:\windows\BricoPacks\SysFiles\51_shell32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ManyCam"="c:\program files\ManyCam 2.3\ManyCam.exe" [2008-08-08 1725736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-19 198160]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Almiya\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Sunbelt Software\\VIPRE\\Patch.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [28/12/2008 08:42 ص 79904]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 01:06 م 21632]
S2 F-Secure Filter;F-Secure File System Filter; [x]
S2 F-Secure Gatekeeper;F-Secure Gatekeeper; [x]
S2 F-Secure Recognizer;F-Secure File System Recognizer; [x]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ensigo.sys --> c:\windows\system32\drivers\ensigo.sys [?]
S3 FSORSPClient;F-Secure ORSP Client; [x]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
2009-06-05 c:\windows\Tasks\User_Feed_Synchronization-{A231C429-0EF2-4145-B7AA-33BA870149F1}.job
- c:\windows\system32\msfeedssync.exe [2009-01-14 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
LSP: c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-05 16:09
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3a,69,d1,eb,d6,fc,10,5a,dc,ee,8f,72,9a,56,9c,36,fb,af,88,06,87,
60,4c,b8,ca,66,0a,0d,12,61,17,ca,06,cd,95,8c,7e,5d,e3,b3,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c5e3bd4d-cb52-435f-ae25-b092e2c4e7c2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000001f
"Therad"=dword:0000001c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(700)
c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
- - - - - - - > 'explorer.exe'(2244)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-06-05 16:10
ComboFix-quarantined-files.txt 2009-06-05 13:10
ComboFix2.txt 2009-05-27 03:00
ComboFix3.txt 2009-05-27 02:50
ComboFix4.txt 2009-05-26 19:29
Pre-Run: 4,443,439,104 bytes free
Post-Run: 4,759,003,136 bytes free
478 --- E O F --- 2009-05-13 01:00

 

[قمة جنوني]

SmitFraudFix v2.419
Scan done at 16:16:58.93, Fri 06/05/2009
Run from C:\Documents and Settings\Almiya\سطح المكتب\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 802.11b/g WLAN - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6CFFF420-0895-4247-903A-8B6930E47800}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6CFFF420-0895-4247-903A-8B6930E47800}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6CFFF420-0895-4247-903A-8B6930E47800}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[قمة جنوني]

وهذا تقرير الهآيجك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:37, on 05/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ManyCam 2.3\ManyCam.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 4570 bytes