MyCity » Ambulanta -> Arhiva Ambulante » [bobby]Pomoc

[bobby]Pomoc

Napisano na dan: 27.9.2008
1

[bobby]Pomoc
Sledeća strana Pagination

Idi na vrh

Poslao: 27 Sep 2008 14:21
Idi na vrh
offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Poceli su da mi iskacu prozori u kojima se poljavljuju antivirus 2009 i da imam malware na komp!
C:\WINDOWS\system32\wscntfy.exe
C:\Windows Live\Messenger\msvs.exe
C:\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\DOCUME~1\FLAMEO~1\LOCALS~1\Temp\ins.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\PCHealthCenter\7.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\FLAMEO~1\LOCALS~1\Temp\windfr.exe
D:\BACKUP\PROGRAMI\install\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: QXK Olive - {129D532E-E2EC-4527-B4BA-4626830EFE18} - C:\WINDOWS\dfmlxbpkbkl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
O3 - Toolbar: peltodgx - {BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\WINDOWS\peltodgx.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [\YURA62.exe] C:\Windows\system32\YURA62.exe
O4 - HKLM\..\Run: [\YURA63.exe] C:\Windows\system32\YURA63.exe
O4 - HKLM\..\Run: [\YURA64.exe] C:\Windows\system32\YURA64.exe
O4 - HKLM\..\Run: [\YURA65.exe] C:\Windows\system32\YURA65.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\Documents and Settings\FlAmE of HeLl\Application Data\Adobe\Player.exe
O4 - HKCU\..\Run: [\YURA62.exe] C:\Windows\system32\YURA62.exe
O4 - HKCU\..\Run: [\YURA63.exe] C:\Windows\system32\YURA63.exe
O4 - HKCU\..\Run: [\YURA64.exe] C:\Windows\system32\YURA64.exe
O4 - HKCU\..\Run: [\YURA65.exe] C:\Windows\system32\YURA65.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll
O20 - Winlogon Notify: khfGxUNf - C:\WINDOWS\SYSTEM32\khfGxUNf.dll
O21 - SSODL: rwlfsdmk - {88CB493F-39BF-41E3-90BD-A7BAB2E6446A} - C:\WINDOWS\rwlfsdmk.dll
O21 - SSODL: onfwbsak - {2E70C9E6-B62F-4860-B532-4673DC8E8CD1} - C:\WINDOWS\onfwbsak.dll
O21 - SSODL: appsrvcom - {641264E0-E065-832E-EA53-04402133D3BB} - C:\Program Files\emcxicc\appsrvcom.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8917 bytes

Dopuna: 27 Sep 2008 14:21

veljko-94 ::Poceli su da mi iskacu prozori u kojima se poljavljuju antivirus 2009 i da imam malware na kompu!Takodje u my computeru ne vidim particiju gde se nalazi xp!
C:\WINDOWS\system32\wscntfy.exe
C:\Windows Live\Messenger\msvs.exe
C:\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\DOCUME~1\FLAMEO~1\LOCALS~1\Temp\ins.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\PCHealthCenter\7.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\FLAMEO~1\LOCALS~1\Temp\windfr.exe
D:\BACKUP\PROGRAMI\install\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: QXK Olive - {129D532E-E2EC-4527-B4BA-4626830EFE18} - C:\WINDOWS\dfmlxbpkbkl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
O3 - Toolbar: peltodgx - {BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\WINDOWS\peltodgx.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [\YURA62.exe] C:\Windows\system32\YURA62.exe
O4 - HKLM\..\Run: [\YURA63.exe] C:\Windows\system32\YURA63.exe
O4 - HKLM\..\Run: [\YURA64.exe] C:\Windows\system32\YURA64.exe
O4 - HKLM\..\Run: [\YURA65.exe] C:\Windows\system32\YURA65.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\Documents and Settings\FlAmE of HeLl\Application Data\Adobe\Player.exe
O4 - HKCU\..\Run: [\YURA62.exe] C:\Windows\system32\YURA62.exe
O4 - HKCU\..\Run: [\YURA63.exe] C:\Windows\system32\YURA63.exe
O4 - HKCU\..\Run: [\YURA64.exe] C:\Windows\system32\YURA64.exe
O4 - HKCU\..\Run: [\YURA65.exe] C:\Windows\system32\YURA65.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll
O20 - Winlogon Notify: khfGxUNf - C:\WINDOWS\SYSTEM32\khfGxUNf.dll
O21 - SSODL: rwlfsdmk - {88CB493F-39BF-41E3-90BD-A7BAB2E6446A} - C:\WINDOWS\rwlfsdmk.dll
O21 - SSODL: onfwbsak - {2E70C9E6-B62F-4860-B532-4673DC8E8CD1} - C:\WINDOWS\onfwbsak.dll
O21 - SSODL: appsrvcom - {641264E0-E065-832E-EA53-04402133D3BB} - C:\Program Files\emcxicc\appsrvcom.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8917 bytes



Poslao: 27 Sep 2008 21:47
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 27 Sep 2008 22:11
Idi na vrh
offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Evo loga
ComboFix 08-09-26.06 - FlAmE of HeLl 2008-09-27 18:39:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1571 [GMT 2:00]
Running from: C:\Documents and Settings\FlAmE of HeLl\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
C:\Documents and Settings\All Users\Start Menu\Programs\Zango
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Reset Cursor.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Weather.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Games!.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Library.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Screensavers!.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Videos!.lnk
C:\Documents and Settings\FlAmE of HeLl\Application Data\Adobe\crc.dat
C:\Documents and Settings\FlAmE of HeLl\Application Data\WeatherDPA
C:\Documents and Settings\FlAmE of HeLl\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.txt
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.idx
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.cdf
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.txt
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xml
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.res
C:\Documents and Settings\FlAmE of HeLl\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\FlAmE of HeLl\Favorites\Error Cleaner.url
C:\Documents and Settings\FlAmE of HeLl\Favorites\Privacy Protector.url
C:\Documents and Settings\FlAmE of HeLl\Favorites\Spyware&Malware Protection.url
C:\Program Files\MicroAV
C:\Program Files\MicroAV\MicroAV.cpl
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\MicroAV\MicroAV.ooo
C:\Program Files\MicroAV\MicroAV0.dat
C:\Program Files\MicroAV\MicroAV1.dat
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\RichVideoCodec
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\zango
C:\Program Files\zango\bin\10.3.75.0\arrow.ico
C:\Program Files\zango\bin\10.3.75.0\CntntCntr.dll
C:\Program Files\zango\bin\10.3.75.0\copyright.txt
C:\Program Files\zango\bin\10.3.75.0\CoreSrv.dll
C:\Program Files\zango\bin\10.3.75.0\firefox\extensions\chrome.manifest
C:\Program Files\zango\bin\10.3.75.0\firefox\extensions\components\npclntax.xpt
C:\Program Files\zango\bin\10.3.75.0\firefox\extensions\install.rdf
C:\Program Files\zango\bin\10.3.75.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
C:\Program Files\zango\bin\10.3.75.0\HostIE.dll
C:\Program Files\zango\bin\10.3.75.0\HostOE.dll
C:\Program Files\zango\bin\10.3.75.0\HostOL.dll
C:\Program Files\zango\bin\10.3.75.0\link.ico
C:\Program Files\zango\bin\10.3.75.0\OEAddOn.exe
C:\Program Files\zango\bin\10.3.75.0\Srv.exe
C:\Program Files\zango\bin\10.3.75.0\Toolbar.dll
C:\Program Files\zango\bin\10.3.75.0\Wallpaper.dll
C:\Program Files\zango\bin\10.3.75.0\Weather.exe
C:\Program Files\zango\bin\10.3.75.0\WeSkin.dll
C:\Program Files\zango\bin\10.3.75.0\ZangoSA.exe
C:\Program Files\zango\bin\10.3.75.0\ZangoSAAX.dll
C:\Program Files\zango\bin\10.3.75.0\ZangoSADF.exe
C:\Program Files\zango\bin\10.3.75.0\ZangoSAHook.dll
C:\Program Files\zango\bin\10.3.75.0\ZangoUninstaller.exe
C:\WINDOWS\dfmlxbpkbkl.dll
C:\WINDOWS\exwf.exe
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\rwlfsdmk.dll
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\2.ico
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\tmp75.tmp
C:\WINDOWS\system32\tmp76.tmp
C:\x
D:\install.exe

----- BITS: Possible infected sites -----

[Link mogu videti samo ulogovani korisnici]
.
((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.

2008-09-27 14:16 . 2008-09-27 14:16 952,775 ---hs---- C:\WINDOWS\system32\vasocmga.ini
2008-09-27 14:16 . 2008-09-27 14:16 80,000 --a------ C:\WINDOWS\system32\agmcosav.dll
2008-09-27 14:15 . 2008-09-27 14:15 327,936 --a------ C:\WINDOWS\system32\fccyvvSK.dll
2008-09-27 14:15 . 2008-09-27 18:41 137,815 --ahs---- C:\WINDOWS\system32\KSvvyccf.ini2
2008-09-27 14:15 . 2008-09-27 18:41 137,783 --ahs---- C:\WINDOWS\system32\KSvvyccf.ini
2008-09-27 14:12 . 2008-09-27 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\lsbmbgty
2008-09-27 14:11 . 2008-09-27 18:36 <DIR> d-------- C:\Program Files\emcxicc
2008-09-27 14:10 . 2008-09-27 14:10 38,272 --a------ C:\WINDOWS\system32\qoMfDUNF.dll
2008-09-27 14:10 . 2008-09-27 14:10 38,272 --a------ C:\WINDOWS\system32\khfGxUNf.dll
2008-09-27 14:09 . 2008-09-26 11:29 147,456 --a------ C:\WINDOWS\fbxrqtwn.exe
2008-09-27 14:08 . 2008-09-27 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Zango
2008-09-27 14:08 . 2008-09-27 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-27 14:08 . 2008-09-27 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport
2008-09-27 14:08 . 2008-09-24 02:13 166,400 --a------ C:\WINDOWS\system32\MicroAV.cpl
2008-09-27 14:08 . 2008-09-27 14:08 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-09-27 14:08 . 2008-09-27 14:08 11,264 --a------ C:\WINDOWS\system32\tdsslog.dll
2008-09-27 14:08 . 2008-09-27 14:08 8,192 --a------ C:\WINDOWS\system32\tdssserf1.dll
2008-09-27 14:00 . 2008-09-27 14:00 <DIR> d-------- C:\Program Files\corel
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-27 12:11 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-27 12:11 . 2008-09-27 12:11 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\MSBuild
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 12:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-27 12:10 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2008-09-27 12:10 . 2008-07-06 14:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-27 12:07 . 2008-09-27 12:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-27 11:30 . 2008-09-27 11:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\AveDesk
2008-09-27 11:22 . 2008-09-27 11:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-27 11:22 . 2008-09-27 11:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-27 11:19 . 2008-09-27 11:19 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 11:14 . 2008-09-27 11:14 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C9.tmp
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C8.tmp
2008-09-26 18:58 . 2008-09-26 18:58 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-09-26 18:46 . 2008-09-26 18:54 <DIR> d-------- C:\Program Files\FrostWire
2008-09-26 18:46 . 2008-09-27 14:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FrostWire
2008-09-25 18:37 . 2008-09-25 18:37 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-25 18:37 . 2006-10-04 16:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SET29D.tmp
2008-09-25 18:36 . 2008-09-25 18:36 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-25 18:36 . 2008-09-25 18:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-25 18:35 . 2008-09-25 18:35 1,187 --a------ C:\WINDOWS\wmplayer.reg
2008-09-25 13:01 . 2008-09-25 13:01 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-24 20:34 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-24 19:49 . 2008-09-24 19:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-24 19:48 . 2008-09-24 19:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-24 19:39 . 2008-09-27 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-24 19:38 . 2008-09-24 19:38 <DIR> dr-h----- C:\MSOCache
2008-09-24 14:02 . 2008-09-24 14:02 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-09-23 19:16 . 2008-09-23 19:16 56 --a------ C:\WINDOWS\wb.ini
2008-09-23 17:51 . 2008-09-27 14:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ShoppingReport
2008-09-23 17:46 . 2008-04-26 16:14 42,672 --a------ C:\WINDOWS\system32\~GLH0012.TMP
2008-09-23 17:16 . 2008-09-23 17:16 <DIR> d-------- C:\Program Files\RocketDock
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\Stardock
2008-09-22 20:26 . 2008-09-22 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-22 18:00 . 2008-09-22 18:00 1,605 --a------ C:\Mozilla Firefox.lnk
2008-09-22 17:51 . 2008-09-22 17:51 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Windows Live Writer
2008-09-22 16:10 . 2008-09-22 16:10 <DIR> d-------- C:\Program Files\Microsoft
2008-09-22 15:49 . 2008-09-22 15:49 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-22 15:48 . 2008-09-22 15:48 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\MxBoost
2008-09-22 15:47 . 2008-09-22 15:48 <DIR> d-------- C:\Program Files\Maxthon2
2008-09-22 15:25 . 2008-09-22 15:25 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-09-22 15:25 . 2008-09-22 15:26 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Vista Start Menu
2008-09-22 15:22 . 2008-09-22 15:22 <DIR> d-------- C:\Program Files\WinMatrix XP
2008-09-21 14:01 . 2008-09-21 14:01 <DIR> d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
2008-09-20 10:17 . 2008-09-22 17:53 <DIR> d-------- C:\Program Files\Windows Live
2008-09-20 10:11 . 2008-09-27 18:46 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\OpenOffice.org2
2008-09-20 08:10 . 2008-09-20 08:11 250 --a------ C:\WINDOWS\gmer.ini
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Yahoo!
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Program Files\Nvu
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Nvu
2008-09-19 08:49 . 2008-09-19 08:49 <DIR> d-------- C:\Program Files\Complex
2008-09-17 21:09 . 2008-09-17 21:09 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-09-17 09:11 . 2008-09-17 09:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ChessBase
2008-09-17 09:10 . 2008-09-17 09:10 <DIR> d-------- C:\Program Files\ChessBase
2008-09-16 13:16 . 2008-09-16 13:17 <DIR> d-------- C:\Program Files\AIMP2
2008-09-16 13:15 . 2008-09-16 13:15 <DIR> d-------- C:\Program Files\Webteh
2008-09-15 13:11 . 2008-09-15 13:12 <DIR> d-------- C:\Program Files\Real
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Program Files\Solway's Internet TV and Radio
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SolwaySoftware
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d-------- C:\Program Files\Recuva
2008-09-14 19:54 . 2008-09-14 19:54 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.thumbnails
2008-09-14 19:53 . 2008-09-14 19:55 <DIR> d-------- C:\PNG
2008-09-14 19:53 . 2008-09-14 19:53 <DIR> d-------- C:\ICO
2008-09-14 19:53 . 2007-02-03 21:50 125,484 --a------ C:\Vista_Style_Icons_Preview.png
2008-09-14 18:38 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-14 18:38 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-14 18:37 . 2008-09-14 18:38 <DIR> d-------- C:\Program Files\Picasa2
2008-09-14 18:37 . 2008-09-14 18:37 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-09-14 18:37 . 2008-09-15 11:21 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.gimp-2.4
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\Screamer Radio
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\IrfanView
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\QuickTime
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\LocalCooling
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-14 18:18 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Songbird2
2008-09-14 18:17 . 2008-09-15 19:39 <DIR> d-------- C:\Program Files\Songbird
2008-09-14 18:17 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-14 18:12 . 2008-09-14 18:12 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-14 18:12 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-14 18:11 . 2008-09-14 18:11 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-09-14 15:43 . 2008-09-14 15:43 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FileZilla
2008-09-09 15:01 . 2008-09-17 20:38 <DIR> d-------- C:\Program Files\Valve
2008-09-09 14:44 . 2008-09-09 14:44 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SEGA
2008-09-08 21:47 . 2008-09-08 21:47 <DIR> d-------- C:\Program Files\Samurize

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 11:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-26 17:40 --------- d-----w C:\Program Files\OpenAL
2008-09-25 16:37 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BitTorrent
2008-09-24 12:02 --------- d-----w C:\Program Files\AlienGUIse
2008-09-23 17:16 --------- d-----w C:\Program Files\Common Files\Stardock
2008-09-22 14:10 --------- d-----w C:\Program Files\Winamp
2008-09-22 13:40 --------- d-----w C:\Program Files\Opera
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Activision
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Activision
2008-09-20 08:09 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-14 17:58 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-09-14 16:39 --------- d-----w C:\Program Files\Google
2008-09-07 18:19 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BearShare
2008-09-06 13:28 --------- d-----w C:\Program Files\SpeedFan
2008-09-04 06:02 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-08-31 00:23 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Hamachi
2008-08-31 00:18 --------- d-----w C:\Program Files\Hamachi
2008-08-28 08:45 --------- d-----w C:\Program Files\e-texaspoker client
2008-08-28 08:32 --------- d-----w C:\Program Files\Yahoo!
2008-08-25 08:16 --------- d-----w C:\Program Files\BitTorrent
2008-08-23 21:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Dev-Cpp
2008-08-21 20:25 70,742 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-08-21 20:25 5,423 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-21 10:59 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-08-21 10:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-21 07:16 --------- d-----w C:\Program Files\Orb Networks
2008-08-21 07:11 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-08-20 09:07 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-18 14:46 22,328 ----a-w C:\Documents and Settings\FlAmE of HeLl\Application Data\PnkBstrK.sys
2008-08-18 14:24 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-18 14:24 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-18 13:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-18 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\POP3Profiles
2008-08-16 19:00 --------- d-----w C:\Program Files\LucasArts
2008-08-15 06:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-13 13:44 --------- d-----w C:\Program Files\PoxNora
2008-08-13 07:48 20,500 ----a-w C:\Documents and Settings\FlAmE of HeLl\FMCodec.dat
2008-08-13 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-12 20:08 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\AdobeUM
2008-08-12 13:32 --------- d-----w C:\Program Files\Java
2008-08-12 13:16 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 18:53 --------- d-----w C:\Program Files\My Company Name
2008-08-11 18:53 --------- d-----w C:\Program Files\HP
2008-08-11 18:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-11 18:53 --------- d-----w C:\Program Files\Common Files\HP
2008-08-10 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-08-09 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Bioshock
2008-08-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer
2008-08-09 13:39 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\GRETECH
2008-08-09 13:38 --------- d-----w C:\Program Files\GRETECH
2008-08-09 13:28 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Black Sea Studios
2008-08-09 09:02 --------- d-----w C:\Program Files\Common Files\BioWare
2008-08-09 07:42 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Ubisoft
2008-08-09 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-08 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\InstallShield
2008-08-08 17:47 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Microsoft Games
2008-08-08 11:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-08 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-07 21:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\ACD Systems
2008-08-07 20:46 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\TuneUp Software
2008-08-07 20:29 --------- d--h--r C:\Documents and Settings\FlAmE of HeLl\Application Data\SecuROM
2008-08-07 20:23 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-07 20:21 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-07 20:16 --------- d-----w C:\Program Files\CCleaner
2008-08-07 17:04 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-07 16:13 --------- d-----w C:\Program Files\Common Files\Java
2008-08-07 16:10 --------- d-----w C:\Program Files\BearShare Applications
2008-08-06 10:50 --------- d-----w C:\Program Files\WinFast
2008-08-06 10:50 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-06 10:42 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-06 10:42 --------- d-----w C:\Program Files\ACD Systems
2008-08-06 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-06 10:41 --------- d-----w C:\Program Files\Mv2Player
2008-08-06 10:41 --------- d-----w C:\Program Files\CyberLink
2008-08-06 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-06 10:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-06 10:37 --------- d-----w C:\Program Files\Ahead
2008-08-06 10:28 --------- d-----w C:\Program Files\Total Commander XP
2008-08-06 10:23 --------- d-----w C:\Program Files\Realtek
2008-08-06 10:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-06 10:05 --------- d-----w C:\Program Files\Intel
2008-08-06 09:57 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376EFD74-7AA4-44A4-9E39-E374ED3139A9}]
2008-09-27 14:10 38272 --a------ C:\WINDOWS\system32\khfGxUNf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
2008-08-31 14:38 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC1ED97C-0525-425D-A939-2ACA495E7212}]
2008-09-27 14:15 327936 --a------ C:\WINDOWS\system32\fccyvvSK.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"e8d76a67"="C:\WINDOWS\system32\agmcosav.dll" [2008-09-27 80000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3eHw1B3dFN"="C:\Documents and Settings\All Users\Application Data\lsbmbgty\jcpwxuxw.exe" [2008-09-27 61440]

C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-27 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{376EFD74-7AA4-44A4-9E39-E374ED3139A9}"= "C:\WINDOWS\system32\khfGxUNf.dll" [2008-09-27 38272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGxUNf]
2008-09-27 14:10 38272 C:\WINDOWS\system32\khfGxUNf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\fccyvvSK

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 22:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-31 14:38 133104 C:\Documents and Settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
--a------ 2006-12-01 18:09 2056875 C:\Program Files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-23 14:11 21738792 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-15 13:11 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 19:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-30 00:01 52168 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-09-19 19:16 2145280 C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 15:55 2850816 C:\Program Files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-11-16 16:13 90112 C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MONyog"=2 (0x2)
"gupdate1c90b651dea8622"=2 (0x2)
"UserAccess7"=2 (0x2)
"NMSAccessU"=2 (0x2)
"gusvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"D:\\CS 1.6\\hl.exe"=
"D:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"D:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"D:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"D:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"D:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"D:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\CS 1.6\\cstrike.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"D:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"D:\\Program Files\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\E.tmp [ ]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
S3 WFLR6654;WinFast TV2000 XP Global/Global TV (Video);C:\WINDOWS\system32\drivers\wfeaglxt.sys [2007-07-25 405632]
S4 gupdate1c90b651dea8622;Google Update Service (gupdate1c90b651dea8622);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-31 133104]
S4 MONyog;MONyog;C:\Program Files\MONyog\bin\MONyog.exe [2008-08-21 2367488]
S4 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-14 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{129D532E-E2EC-4527-B4BA-4626830EFE18} - C:\WINDOWS\dfmlxbpkbkl.dll
BHO-{5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Toolbar-{BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\WINDOWS\peltodgx.dll
HKCU-Run-\YURA62.exe - C:\Windows\system32\YURA62.exe
HKCU-Run-\YURA63.exe - C:\Windows\system32\YURA63.exe
HKCU-Run-\YURA64.exe - C:\Windows\system32\YURA64.exe
HKCU-Run-\YURA65.exe - C:\Windows\system32\YURA65.exe
HKCU-Run-\YURA8A.exe - C:\Windows\system32\YURA8A.exe
HKCU-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKCU-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKCU-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKCU-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKLM-Run-\YURA62.exe - C:\Windows\system32\YURA62.exe
HKLM-Run-\YURA63.exe - C:\Windows\system32\YURA63.exe
HKLM-Run-\YURA64.exe - C:\Windows\system32\YURA64.exe
HKLM-Run-\YURA65.exe - C:\Windows\system32\YURA65.exe
HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
HKLM-Run-\YURA8A.exe - C:\Windows\system32\YURA8A.exe
HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-BitTorrent DNA - C:\Program Files\DNA\btdna.exe
MSConfigStartUp-My Web Search Bar - C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-RAM Idle Professional - C:\Program Files\RAM Idle LE\RAM_XP.exe
MSConfigStartUp-WeatherDPA - C:\Program Files\Zango\bin\10.3.75.0\Weather.exe
MSConfigStartUp-ZangoOE - C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
MSConfigStartUp-ZangoSA - C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\FlAmE of HeLl\Application Data\Mozilla\Firefox\Profiles\bpgka871.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - [Link mogu videti samo ulogovani korisnici]
FF -: plugin - C:\Documents and Settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Google\Lively\nplively.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-09-27 18:46:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\E.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\khfGxUNf.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\agmcosav.dll
-> C:\WINDOWS\system32\fccyvvSK.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-09-27 18:50:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-27 16:49:59

Pre-Run: 7,426,207,744 bytes free
Post-Run: 7,544,537,088 bytes free

637

Poslao: 27 Sep 2008 22:38
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\agmcosav.dll
C:\WINDOWS\system32\fccyvvSK.dll
C:\WINDOWS\system32\khfGxUNf.dll
C:\WINDOWS\system32\E.tmp
C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
C:\WINDOWS\system32\fccyvvSK
C:\WINDOWS\system32\vasocmga.ini
C:\WINDOWS\system32\agmcosav.dll
C:\WINDOWS\system32\fccyvvSK.dll
C:\WINDOWS\system32\KSvvyccf.ini2
C:\WINDOWS\system32\KSvvyccf.ini
C:\WINDOWS\system32\qoMfDUNF.dll
C:\WINDOWS\system32\khfGxUNf.dll
C:\WINDOWS\fbxrqtwn.exe
C:\WINDOWS\system32\MicroAV.cpl
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssserf1.dll

Folder::
C:\Program Files\Zango
C:\Documents and Settings\All Users\Application Data\lsbmbgty
C:\Program Files\emcxicc
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport

Driver::
MEMSWEEP2

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376EFD74-7AA4-44A4-9E39-E374ED3139A9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC1ED97C-0525-425D-A939-2ACA495E7212}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e8d76a67"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3eHw1B3dFN"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGxUNf]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 28 Sep 2008 10:57
Idi na vrh
offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

ComboFix 08-09-27.01 - FlAmE of HeLl 2008-09-28 10:43:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1529 [GMT 2:00]
Running from: C:\Documents and Settings\FlAmE of HeLl\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\FlAmE of HeLl\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
C:\WINDOWS\fbxrqtwn.exe
C:\WINDOWS\system32\agmcosav.dll
C:\WINDOWS\system32\E.tmp
C:\WINDOWS\system32\fccyvvSK
C:\WINDOWS\system32\fccyvvSK.dll
C:\WINDOWS\system32\khfGxUNf.dll
C:\WINDOWS\system32\KSvvyccf.ini
C:\WINDOWS\system32\KSvvyccf.ini2
C:\WINDOWS\system32\MicroAV.cpl
C:\WINDOWS\system32\qoMfDUNF.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssserf1.dll
C:\WINDOWS\system32\vasocmga.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\lsbmbgty
C:\Documents and Settings\All Users\Application Data\lsbmbgty\jcpwxuxw.exe
C:\Program Files\emcxicc
C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
C:\WINDOWS\fbxrqtwn.exe
C:\WINDOWS\system32\agmcosav.dll
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33697
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70773
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748176
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\752900
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79721
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\dynamic\ustat\3745.dat
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\avatar.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\components.cdf
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\cursors.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\default.cdf
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\icons2.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\progress.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\WINDOWS\system32\fccyvvSK.dll
C:\WINDOWS\system32\khfGxUNf.dll
C:\WINDOWS\system32\KSvvyccf.ini
C:\WINDOWS\system32\KSvvyccf.ini2
C:\WINDOWS\system32\MicroAV.cpl
C:\WINDOWS\system32\qoMfDUNF.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssserf1.dll
C:\WINDOWS\system32\vasocmga.ini

----- BITS: Possible infected sites -----

[Link mogu videti samo ulogovani korisnici]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2


((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 10:28 . 2008-09-28 10:28 <DIR> d-------- C:\Program Files\ynvpuw
2008-09-27 22:12 . 2008-09-27 22:12 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-27 22:12 . 2008-09-27 22:12 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\vlc
2008-09-27 22:00 . 2008-09-27 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-27 21:46 . 2008-09-27 21:46 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-09-27 21:12 . 2008-09-27 21:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SPORE
2008-09-27 21:07 . 2008-09-27 21:07 <DIR> d-------- C:\Program Files\Foxit Software
2008-09-27 21:06 . 2008-09-27 21:06 <DIR> d-------- C:\Program Files\WinRarce
2008-09-27 21:00 . 2008-09-27 21:00 952,775 --ahs---- C:\WINDOWS\system32\riulnmlk.ini
2008-09-27 21:00 . 2008-09-27 21:00 80,000 --a------ C:\WINDOWS\system32\klmnluir.dll
2008-09-27 20:58 . 2008-09-27 20:58 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-27 20:52 . 2001-08-23 12:00 68,608 --a------ C:\WINDOWS\system32\plugin.ocx
2008-09-27 20:52 . 2001-08-23 12:00 68,608 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx
2008-09-27 20:22 . 2008-09-27 20:24 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\BSplayer Pro
2008-09-27 19:49 . 2008-09-27 19:49 952,775 --ahs---- C:\WINDOWS\system32\txsaoscn.ini
2008-09-27 19:48 . 2008-09-28 10:43 334,868 --ahs---- C:\WINDOWS\system32\efPAKkkj.ini2
2008-09-27 19:48 . 2008-09-28 10:43 334,868 --ahs---- C:\WINDOWS\system32\efPAKkkj.ini
2008-09-27 19:47 . 2008-09-27 19:48 327,936 --a------ C:\WINDOWS\system32\jkkKAPfe.dll
2008-09-27 14:08 . 2008-09-27 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-27 14:00 . 2008-09-27 14:00 <DIR> d-------- C:\Program Files\corel
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-27 12:11 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-27 12:11 . 2008-09-27 12:11 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\MSBuild
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 --a------ C:\WINDOWS\system32\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 12:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-27 12:10 . 2008-07-06 14:06 575,488 --a------ C:\WINDOWS\system32\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 117,760 --a------ C:\WINDOWS\system32\prntvpt.dll
2008-09-27 12:10 . 2008-07-06 14:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-27 12:07 . 2008-09-27 12:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-27 11:30 . 2008-09-27 11:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\AveDesk
2008-09-27 11:19 . 2008-09-27 11:19 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 11:14 . 2008-09-27 11:14 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C9.tmp
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C8.tmp
2008-09-26 18:58 . 2008-09-26 18:58 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-09-26 18:46 . 2008-09-26 18:54 <DIR> d-------- C:\Program Files\FrostWire
2008-09-26 18:46 . 2008-09-27 14:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FrostWire
2008-09-25 18:37 . 2008-09-25 18:37 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-25 18:37 . 2006-10-04 16:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SET29D.tmp
2008-09-25 18:36 . 2008-09-25 18:36 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-25 18:36 . 2008-09-25 18:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-25 18:35 . 2008-09-25 18:35 1,187 --a------ C:\WINDOWS\wmplayer.reg
2008-09-25 13:01 . 2008-09-25 13:01 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-24 20:34 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-24 19:49 . 2008-09-24 19:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-24 19:48 . 2008-09-24 19:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-24 19:39 . 2008-09-27 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-24 19:38 . 2008-09-24 19:38 <DIR> dr-h----- C:\MSOCache
2008-09-24 14:02 . 2008-09-24 14:02 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-09-23 19:16 . 2008-09-23 19:16 56 --a------ C:\WINDOWS\wb.ini
2008-09-23 17:51 . 2008-09-27 14:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ShoppingReport
2008-09-23 17:46 . 2008-04-26 16:14 42,672 --a------ C:\WINDOWS\system32\~GLH0012.TMP
2008-09-23 17:16 . 2008-09-23 17:16 <DIR> d-------- C:\Program Files\RocketDock
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\Stardock
2008-09-22 20:26 . 2008-09-22 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-22 18:00 . 2008-09-22 18:00 1,605 --a------ C:\Mozilla Firefox.lnk
2008-09-22 17:51 . 2008-09-22 17:51 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Windows Live Writer
2008-09-22 16:10 . 2008-09-22 16:10 <DIR> d-------- C:\Program Files\Microsoft
2008-09-22 15:49 . 2008-09-22 15:49 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-22 15:48 . 2008-09-22 15:48 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\MxBoost
2008-09-22 15:47 . 2008-09-22 15:48 <DIR> d-------- C:\Program Files\Maxthon2
2008-09-22 15:25 . 2008-09-22 15:25 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-09-22 15:25 . 2008-09-22 15:26 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Vista Start Menu
2008-09-22 15:22 . 2008-09-22 15:22 <DIR> d-------- C:\Program Files\WinMatrix XP
2008-09-21 14:01 . 2008-09-21 14:01 <DIR> d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
2008-09-20 10:17 . 2008-09-22 17:53 <DIR> d-------- C:\Program Files\Windows Live
2008-09-20 10:11 . 2008-09-28 10:28 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\OpenOffice.org2
2008-09-20 08:10 . 2008-09-20 08:11 250 --a------ C:\WINDOWS\gmer.ini
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Yahoo!
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Program Files\Nvu
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Nvu
2008-09-19 08:49 . 2008-09-19 08:49 <DIR> d-------- C:\Program Files\Complex
2008-09-17 21:09 . 2008-09-17 21:09 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-09-17 09:11 . 2008-09-17 09:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ChessBase
2008-09-17 09:10 . 2008-09-17 09:10 <DIR> d-------- C:\Program Files\ChessBase
2008-09-16 13:16 . 2008-09-16 13:17 <DIR> d-------- C:\Program Files\AIMP2
2008-09-16 13:15 . 2008-09-27 20:22 <DIR> d-------- C:\Program Files\Webteh
2008-09-15 13:11 . 2008-09-15 13:12 <DIR> d-------- C:\Program Files\Real
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Program Files\Solway's Internet TV and Radio
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SolwaySoftware
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d-------- C:\Program Files\Recuva
2008-09-14 19:54 . 2008-09-14 19:54 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.thumbnails
2008-09-14 19:53 . 2008-09-14 19:55 <DIR> d-------- C:\PNG
2008-09-14 19:53 . 2008-09-14 19:53 <DIR> d-------- C:\ICO
2008-09-14 19:53 . 2007-02-03 21:50 125,484 --a------ C:\Vista_Style_Icons_Preview.png
2008-09-14 18:38 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-14 18:38 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-14 18:37 . 2008-09-14 18:38 <DIR> d-------- C:\Program Files\Picasa2
2008-09-14 18:37 . 2008-09-14 18:37 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-09-14 18:37 . 2008-09-15 11:21 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.gimp-2.4
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\Screamer Radio
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\IrfanView
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\QuickTime
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\LocalCooling
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-14 18:18 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Songbird2
2008-09-14 18:17 . 2008-09-15 19:39 <DIR> d-------- C:\Program Files\Songbird
2008-09-14 18:17 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-14 18:12 . 2008-09-14 18:12 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-14 18:12 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-14 18:11 . 2008-09-14 18:11 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-09-14 15:43 . 2008-09-14 15:43 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FileZilla
2008-09-09 15:01 . 2008-09-17 20:38 <DIR> d-------- C:\Program Files\Valve
2008-09-09 14:44 . 2008-09-09 14:44 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SEGA
2008-09-08 21:47 . 2008-09-08 21:47 <DIR> d-------- C:\Program Files\Samurize

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-27 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 19:10 --------- d-----w C:\Program Files\CyberLink
2008-09-27 18:36 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BitTorrent
2008-09-27 18:25 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-27 18:21 --------- d-----w C:\Program Files\Winamp
2008-09-27 16:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Hamachi
2008-09-26 17:40 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-09-26 17:40 --------- d-----w C:\Program Files\OpenAL
2008-09-25 11:15 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-09-24 12:02 --------- d-----w C:\Program Files\AlienGUIse
2008-09-23 17:16 --------- d-----w C:\Program Files\Common Files\Stardock
2008-09-22 13:40 --------- d-----w C:\Program Files\Opera
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Activision
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Activision
2008-09-21 10:06 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-20 08:09 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-14 17:58 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-09-14 16:39 --------- d-----w C:\Program Files\Google
2008-09-07 18:19 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BearShare
2008-09-06 19:19 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-06 13:28 --------- d-----w C:\Program Files\SpeedFan
2008-09-04 06:02 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-08-31 00:18 --------- d-----w C:\Program Files\Hamachi
2008-08-28 08:45 --------- d-----w C:\Program Files\e-texaspoker client
2008-08-28 08:32 --------- d-----w C:\Program Files\Yahoo!
2008-08-25 08:16 --------- d-----w C:\Program Files\BitTorrent
2008-08-23 21:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Dev-Cpp
2008-08-21 20:25 70,742 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-08-21 20:25 5,423 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-21 10:59 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-08-21 10:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-21 07:16 --------- d-----w C:\Program Files\Orb Networks
2008-08-21 07:11 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-08-20 09:07 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-18 14:46 22,328 ----a-w C:\Documents and Settings\FlAmE of HeLl\Application Data\PnkBstrK.sys
2008-08-18 14:24 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-18 14:24 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-18 13:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-18 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\POP3Profiles
2008-08-16 19:00 --------- d-----w C:\Program Files\LucasArts
2008-08-15 06:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-14 07:01 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-13 13:44 --------- d-----w C:\Program Files\PoxNora
2008-08-13 07:48 20,500 ----a-w C:\Documents and Settings\FlAmE of HeLl\FMCodec.dat
2008-08-13 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-12 20:08 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\AdobeUM
2008-08-12 13:32 --------- d-----w C:\Program Files\Java
2008-08-12 13:16 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 18:53 --------- d-----w C:\Program Files\My Company Name
2008-08-11 18:53 --------- d-----w C:\Program Files\HP
2008-08-11 18:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-11 18:53 --------- d-----w C:\Program Files\Common Files\HP
2008-08-10 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-08-10 08:28 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-09 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Bioshock
2008-08-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer
2008-08-09 13:39 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\GRETECH
2008-08-09 13:38 --------- d-----w C:\Program Files\GRETECH
2008-08-09 13:28 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Black Sea Studios
2008-08-09 09:02 --------- d-----w C:\Program Files\Common Files\BioWare
2008-08-09 07:42 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Ubisoft
2008-08-09 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-08 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\InstallShield
2008-08-08 17:47 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Microsoft Games
2008-08-08 16:54 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-08-08 11:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-08 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-07 21:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\ACD Systems
2008-08-07 20:46 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\TuneUp Software
2008-08-07 20:29 --------- d--h--r C:\Documents and Settings\FlAmE of HeLl\Application Data\SecuROM
2008-08-07 20:23 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-07 20:21 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-07 20:16 --------- d-----w C:\Program Files\CCleaner
2008-08-07 17:44 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-07 17:04 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-07 16:13 --------- d-----w C:\Program Files\Common Files\Java
2008-08-07 16:10 --------- d-----w C:\Program Files\BearShare Applications
2008-08-06 10:50 --------- d-----w C:\Program Files\WinFast
2008-08-06 10:50 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-06 10:42 --------- d-----w C:\Program Files\ACD Systems
2008-08-06 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-06 10:41 --------- d-----w C:\Program Files\Mv2Player
2008-08-06 10:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-06 10:37 --------- d-----w C:\Program Files\Ahead
2008-08-06 10:28 --------- d-----w C:\Program Files\Total Commander XP
2008-08-06 10:23 --------- d-----w C:\Program Files\Realtek
2008-08-06 10:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-06 10:05 --------- d-----w C:\Program Files\Intel
2008-08-06 09:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-27 19:10:28 94,646 ----a-r C:\WINDOWS\Installer\{1F0B7A92-C643-4F8F-B35F-2CBAE4FEA4F3}\ARPPRODUCTICON.exe
+ 2008-09-27 18:25:35 81,920 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ACDSeeDesktopShortcu_F99F74B4972B4B06B8936B3B0DB0128B.exe
+ 2008-09-27 18:25:35 81,920 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ACDSeePMShortcut_F99F74B4972B4B06B8936B3B0DB0128B.exe
+ 2008-09-27 18:25:35 566,608 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ACDSeeShowroomShor_89621A33AFFC45029C8C9D5A4EA9D15A.exe
+ 2008-09-27 18:25:35 81,920 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ARPPRODUCTICON.exe
+ 2008-09-27 18:25:35 45,056 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\DevDetectPMShortcut_ECE0113B23D04DD889E6D2F026CABF03.exe
- 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-09-27 19:58:57 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2008-09-05 21:30:42 241,704 -c----w C:\WINDOWS\system32\dllcache\wgaLogon.dll
+ 2008-09-05 21:29:58 917,032 -c----w C:\WINDOWS\system32\dllcache\WgaTray.exe
- 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
- 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2006-10-17 11:01:00 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2006-11-21 19:24:56 1,488,688 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-06-26 20:52:02 229,888 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil10.exe
- 2008-09-09 18:26:51 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-09-27 17:16:37 88,353 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2004-08-03 20:56:44 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-23 18:42:40 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
- 2002-02-04 00:52:54 1,230,336 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2003-04-18 14:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 1996-01-12 15:00:00 24,576 ----a-w C:\WINDOWS\system32\STKIT432.DLL
+ 2007-03-15 16:17:00 183,808 ----a-w C:\WINDOWS\system32\WgaLogon.dll
+ 2007-03-15 16:17:10 310,784 ----a-w C:\WINDOWS\system32\WgaTray.exe
+ 2007-03-15 16:17:10 310,784 ----a-w C:\WINDOWS\system32\wgatray.exe.old
+ 2008-09-28 08:49:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_100.dat
+ 2008-09-27 17:01:00 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D854013E-64F9-461C-ACBE-D6548857F000}]
2008-09-27 19:48 327936 --a------ C:\WINDOWS\system32\jkkKAPfe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"websmartsys"= {41F5D96B-7B65-358C-2372-08F3B11B5A8F} - C:\Program Files\ynvpuw\websmartsys.dll [2008-09-28 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkKAPfe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 22:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e8d76a67]
--a------ 2008-09-27 21:00 80000 C:\WINDOWS\system32\klmnluir.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-31 14:38 133104 C:\Documents and Settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
--a------ 2006-12-01 18:09 2056875 C:\Program Files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-23 14:11 21738792 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-15 13:11 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 19:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-30 00:01 52168 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-09-19 19:16 2145280 C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 15:55 2850816 C:\Program Files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-11-16 16:13 90112 C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MONyog"=2 (0x2)
"gupdate1c90b651dea8622"=2 (0x2)
"UserAccess7"=2 (0x2)
"NMSAccessU"=2 (0x2)
"gusvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"D:\\CS 1.6\\hl.exe"=
"D:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"D:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"D:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"D:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"D:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"D:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\CS 1.6\\cstrike.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"D:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"D:\\Program Files\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 75856]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
S3 WFLR6654;WinFast TV2000 XP Global/Global TV (Video);C:\WINDOWS\system32\drivers\wfeaglxt.sys [2007-07-25 405632]
S4 gupdate1c90b651dea8622;Google Update Service (gupdate1c90b651dea8622);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-31 133104]
S4 MONyog;MONyog;C:\Program Files\MONyog\bin\MONyog.exe [2008-08-21 2367488]
S4 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-14 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Device Detector - DevDetect.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-09-28 10:50:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\jkkKAPfe.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\WINDOWS\system32\rundll32.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-28 10:54:02 - machine was rebooted [FlAmE of HeLl]
ComboFix-quarantined-files.txt 2008-09-28 08:53:56

Pre-Run: 6,391,984,128 bytes free
Post-Run: 7,321,497,600 bytes free

665

Poslao: 28 Sep 2008 11:41
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nece ovo ovako ici. Restartovao si komp u medjuvremenu, pa se zaraza obnovila pre nego sto si pustio skript koji sam ti napisao.

Moracemo da se dogovorimo kada da budemo obojica na netu i da ovo resimo u jednom dahu.

Ja mislim da cu veceras oko 8 sati biti na netu.

Poslao: 28 Sep 2008 11:49
Idi na vrh
offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Ok.I ja cu biti na netu oko osam!

Poslao: 28 Sep 2008 20:10
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skeniraj ponovo ComboFixom (klikni dva puta na ComboFix ikonicu) i postavi mi log. Nemoj da gasis komp dok ne zavrsimo.

Poslao: 28 Sep 2008 20:29
Idi na vrh
offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Pokrenuo sam combofix ali mi je on kad je zavrsio sam restartovao komp!
Evo loga
ComboFix 08-09-27.05 - FlAmE of HeLl 2008-09-28 20:15:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1472 [GMT 2:00]
Running from: C:\Documents and Settings\FlAmE of HeLl\Desktop\Vazni programi\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\efPAKkkj.ini
C:\WINDOWS\system32\efPAKkkj.ini2
C:\WINDOWS\system32\jkkKAPfe.dll
C:\WINDOWS\system32\riulnmlk.ini
C:\WINDOWS\system32\txsaoscn.ini

----- BITS: Possible infected sites -----

[Link mogu videti samo ulogovani korisnici]
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 20:00 . 2008-09-28 20:00 5,292,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-28 19:58 . 2008-09-28 20:00 5,423 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-28 13:35 . 2008-08-07 19:44 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-09-28 10:28 . 2008-09-28 10:58 <DIR> d-------- C:\Program Files\ynvpuw
2008-09-27 22:12 . 2008-09-27 22:12 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-27 22:12 . 2008-09-27 22:12 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\vlc
2008-09-27 22:00 . 2008-09-27 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-27 21:46 . 2008-09-27 21:46 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-09-27 21:12 . 2008-09-27 21:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SPORE
2008-09-27 21:07 . 2008-09-27 21:07 <DIR> d-------- C:\Program Files\Foxit Software
2008-09-27 21:06 . 2008-09-28 19:55 <DIR> d-------- C:\Program Files\WinRarce
2008-09-27 21:00 . 2008-09-27 21:00 80,000 --a------ C:\WINDOWS\system32\klmnluir.dll
2008-09-27 20:58 . 2008-09-27 20:58 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-27 20:52 . 2001-08-23 12:00 229,376 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx
2008-09-27 20:52 . 2001-08-23 12:00 68,608 --a------ C:\WINDOWS\system32\plugin.ocx
2008-09-27 20:22 . 2008-09-27 20:24 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\BSplayer Pro
2008-09-27 14:08 . 2008-09-27 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-27 14:00 . 2008-09-27 14:00 <DIR> d-------- C:\Program Files\corel
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-27 12:11 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-27 12:11 . 2008-09-27 12:11 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\MSBuild
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 --a------ C:\WINDOWS\system32\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 12:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-27 12:10 . 2008-07-06 14:06 575,488 --a------ C:\WINDOWS\system32\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 117,760 --a------ C:\WINDOWS\system32\prntvpt.dll
2008-09-27 12:10 . 2008-07-06 14:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-27 12:07 . 2008-09-27 12:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-27 11:30 . 2008-09-27 11:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\AveDesk
2008-09-27 11:19 . 2008-09-27 11:19 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 11:14 . 2008-09-27 11:14 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C9.tmp
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C8.tmp
2008-09-26 18:58 . 2008-09-26 18:58 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-09-26 18:46 . 2008-09-26 18:54 <DIR> d-------- C:\Program Files\FrostWire
2008-09-26 18:46 . 2008-09-27 14:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FrostWire
2008-09-25 18:37 . 2008-09-28 19:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-25 18:37 . 2006-10-04 16:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SET29D.tmp
2008-09-25 18:36 . 2008-09-25 18:36 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-25 18:36 . 2008-09-25 18:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-25 18:35 . 2008-09-25 18:35 1,187 --a------ C:\WINDOWS\wmplayer.reg
2008-09-25 13:01 . 2008-09-25 13:01 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-24 20:34 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-24 19:49 . 2008-09-24 19:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-24 19:48 . 2008-09-24 19:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-24 19:39 . 2008-09-27 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-24 19:38 . 2008-09-24 19:38 <DIR> dr-h----- C:\MSOCache
2008-09-24 14:02 . 2008-09-24 14:02 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-09-23 19:16 . 2008-09-23 19:16 56 --a------ C:\WINDOWS\wb.ini
2008-09-23 17:51 . 2008-09-27 14:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ShoppingReport
2008-09-23 17:46 . 2008-04-26 16:14 42,672 --a------ C:\WINDOWS\system32\~GLH0012.TMP
2008-09-23 17:16 . 2008-09-23 17:16 <DIR> d-------- C:\Program Files\RocketDock
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\Stardock
2008-09-22 20:26 . 2008-09-22 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-22 18:00 . 2008-09-22 18:00 1,605 --a------ C:\Mozilla Firefox.lnk
2008-09-22 17:51 . 2008-09-22 17:51 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Windows Live Writer
2008-09-22 16:10 . 2008-09-22 16:10 <DIR> d-------- C:\Program Files\Microsoft
2008-09-22 15:49 . 2008-09-22 15:49 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-22 15:48 . 2008-09-22 15:48 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\MxBoost
2008-09-22 15:47 . 2008-09-22 15:48 <DIR> d-------- C:\Program Files\Maxthon2
2008-09-22 15:25 . 2008-09-22 15:25 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-09-22 15:25 . 2008-09-22 15:26 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Vista Start Menu
2008-09-22 15:22 . 2008-09-22 15:22 <DIR> d-------- C:\Program Files\WinMatrix XP
2008-09-21 14:01 . 2008-09-21 14:01 <DIR> d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
2008-09-20 10:17 . 2008-09-22 17:53 <DIR> d-------- C:\Program Files\Windows Live
2008-09-20 10:11 . 2008-09-28 20:21 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\OpenOffice.org2
2008-09-20 08:10 . 2008-09-20 08:11 250 --a------ C:\WINDOWS\gmer.ini
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Yahoo!
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Program Files\Nvu
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Nvu
2008-09-19 08:49 . 2008-09-19 08:49 <DIR> d-------- C:\Program Files\Complex
2008-09-17 21:09 . 2008-09-17 21:09 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-09-17 09:11 . 2008-09-17 09:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ChessBase
2008-09-17 09:10 . 2008-09-17 09:10 <DIR> d-------- C:\Program Files\ChessBase
2008-09-16 13:16 . 2008-09-16 13:17 <DIR> d-------- C:\Program Files\AIMP2
2008-09-16 13:15 . 2008-09-27 20:22 <DIR> d-------- C:\Program Files\Webteh
2008-09-15 13:11 . 2008-09-15 13:12 <DIR> d-------- C:\Program Files\Real
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Program Files\Solway's Internet TV and Radio
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SolwaySoftware
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d-------- C:\Program Files\Recuva
2008-09-14 19:54 . 2008-09-14 19:54 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.thumbnails
2008-09-14 19:53 . 2008-09-14 19:55 <DIR> d-------- C:\PNG
2008-09-14 19:53 . 2008-09-14 19:53 <DIR> d-------- C:\ICO
2008-09-14 19:53 . 2007-02-03 21:50 125,484 --a------ C:\Vista_Style_Icons_Preview.png
2008-09-14 18:38 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-14 18:38 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-14 18:37 . 2008-09-14 18:38 <DIR> d-------- C:\Program Files\Picasa2
2008-09-14 18:37 . 2008-09-14 18:37 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-09-14 18:37 . 2008-09-15 11:21 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.gimp-2.4
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\Screamer Radio
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\IrfanView
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\QuickTime
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\LocalCooling
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-14 18:18 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Songbird2
2008-09-14 18:17 . 2008-09-15 19:39 <DIR> d-------- C:\Program Files\Songbird
2008-09-14 18:17 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-14 18:12 . 2008-09-14 18:12 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-14 18:12 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-14 18:11 . 2008-09-14 18:11 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-09-14 15:43 . 2008-09-14 15:43 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FileZilla
2008-09-09 15:01 . 2008-09-17 20:38 <DIR> d-------- C:\Program Files\Valve
2008-09-09 14:44 . 2008-09-09 14:44 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SEGA
2008-09-08 21:47 . 2008-09-08 21:47 <DIR> d-------- C:\Program Files\Samurize
2008-09-07 21:10 . 2008-09-07 21:10 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\COWON
2008-09-07 21:08 . 2008-09-23 17:44 <DIR> d-------- C:\Program Files\JetAudio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 18:00 71,172 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-28 16:56 --------- d-----w C:\Program Files\Google
2008-09-27 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-27 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 19:10 --------- d-----w C:\Program Files\CyberLink
2008-09-27 18:36 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BitTorrent
2008-09-27 18:25 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-27 18:21 --------- d-----w C:\Program Files\Winamp
2008-09-27 16:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Hamachi
2008-09-26 17:40 --------- d-----w C:\Program Files\OpenAL
2008-09-24 12:02 --------- d-----w C:\Program Files\AlienGUIse
2008-09-23 17:16 --------- d-----w C:\Program Files\Common Files\Stardock
2008-09-22 13:40 --------- d-----w C:\Program Files\Opera
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Activision
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Activision
2008-09-20 08:09 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-14 17:58 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-09-07 18:19 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BearShare
2008-09-06 13:28 --------- d-----w C:\Program Files\SpeedFan
2008-09-04 06:02 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-08-31 00:18 --------- d-----w C:\Program Files\Hamachi
2008-08-28 08:45 --------- d-----w C:\Program Files\e-texaspoker client
2008-08-28 08:32 --------- d-----w C:\Program Files\Yahoo!
2008-08-25 08:16 --------- d-----w C:\Program Files\BitTorrent
2008-08-23 21:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Dev-Cpp
2008-08-21 10:59 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-08-21 10:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-21 07:16 --------- d-----w C:\Program Files\Orb Networks
2008-08-21 07:11 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-08-20 09:07 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-18 14:46 22,328 ----a-w C:\Documents and Settings\FlAmE of HeLl\Application Data\PnkBstrK.sys
2008-08-18 14:24 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-18 14:24 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-18 13:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-18 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\POP3Profiles
2008-08-16 19:00 --------- d-----w C:\Program Files\LucasArts
2008-08-15 06:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-13 13:44 --------- d-----w C:\Program Files\PoxNora
2008-08-13 07:48 20,500 ----a-w C:\Documents and Settings\FlAmE of HeLl\FMCodec.dat
2008-08-13 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-12 20:08 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\AdobeUM
2008-08-12 13:32 --------- d-----w C:\Program Files\Java
2008-08-12 13:16 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 18:53 --------- d-----w C:\Program Files\My Company Name
2008-08-11 18:53 --------- d-----w C:\Program Files\HP
2008-08-11 18:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-11 18:53 --------- d-----w C:\Program Files\Common Files\HP
2008-08-10 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-08-09 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Bioshock
2008-08-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer
2008-08-09 13:39 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\GRETECH
2008-08-09 13:38 --------- d-----w C:\Program Files\GRETECH
2008-08-09 13:28 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Black Sea Studios
2008-08-09 09:02 --------- d-----w C:\Program Files\Common Files\BioWare
2008-08-09 07:42 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Ubisoft
2008-08-09 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-08 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\InstallShield
2008-08-08 17:47 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Microsoft Games
2008-08-08 11:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-08 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-07 21:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\ACD Systems
2008-08-07 20:46 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\TuneUp Software
2008-08-07 20:29 --------- d--h--r C:\Documents and Settings\FlAmE of HeLl\Application Data\SecuROM
2008-08-07 20:23 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-07 20:21 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-07 20:16 --------- d-----w C:\Program Files\CCleaner
2008-08-07 17:04 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-07 16:13 --------- d-----w C:\Program Files\Common Files\Java
2008-08-07 16:10 --------- d-----w C:\Program Files\BearShare Applications
2008-08-06 10:50 --------- d-----w C:\Program Files\WinFast
2008-08-06 10:50 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-06 10:42 --------- d-----w C:\Program Files\ACD Systems
2008-08-06 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-06 10:41 --------- d-----w C:\Program Files\Mv2Player
2008-08-06 10:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-06 10:37 --------- d-----w C:\Program Files\Ahead
2008-08-06 10:28 --------- d-----w C:\Program Files\Total Commander XP
2008-08-06 10:23 --------- d-----w C:\Program Files\Realtek
2008-08-06 10:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-06 10:05 --------- d-----w C:\Program Files\Intel
2008-08-06 09:57 --------- d-----w C:\Program Files\microsoft frontpage
.

------- Sigcheck -------

2004-08-03 22:56 690176 3a5ee0514f56b1b775d7641cfba5ad37 C:\WINDOWS\system32\wininet.dll
2004-08-03 22:56 690176 3a5ee0514f56b1b775d7641cfba5ad37 C:\WINDOWS\system32\dllcache\wininet.dll

2004-08-03 22:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\explorer.exe
2004-08-03 22:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-03 22:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\wuauclt.exe
2004-08-03 22:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot_2008-09-28_10.53.37.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-28 10:25:14 343,376 ----a-w C:\WINDOWS\BricoPacks\SysFiles\146_iCF.exe
- 2008-08-07 17:44:04 218,624 ----a-w C:\WINDOWS\BricoPacks\SysFiles\Ux_uxtheme.dll
+ 2008-09-28 11:35:17 218,624 ----a-w C:\WINDOWS\BricoPacks\SysFiles\Ux_uxtheme.dll
+ 2001-10-18 21:51:00 46,592 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll
+ 2005-06-09 22:08:00 283,294 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\iColorFolder.dll
+ 2006-03-09 14:33:18 405,504 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\iColorFolder.exe
+ 2005-06-09 22:08:00 283,294 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\skins\Vista Inspirat\iColorFolder.dll
+ 2008-09-28 18:07:22 33,617 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\uninstall.exe
+ 2007-04-22 08:18:34 98,304 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe
+ 2004-08-03 20:56:42 448,512 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\10_cmdial32.dll
+ 2001-08-23 10:00:00 69,632 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\11_console.dll
+ 2004-08-03 20:56:42 188,928 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\12_credui.dll
+ 2004-08-03 20:56:50 974,336 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\14_explorer.exe
+ 2004-08-03 20:56:44 392,704 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\15_fontext.dll
+ 2004-08-03 20:56:50 764,928 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\17_helpctr.exe
+ 2004-08-03 20:56:44 159,744 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\18_hotplug.dll
+ 2004-08-03 20:56:48 100,864 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\2_ahui.exe
+ 2001-08-23 10:00:00 280,576 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\20_inetcplc.dll
+ 2004-08-03 20:56:44 402,944 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\23_keymgr.dll
+ 2004-08-03 20:56:58 3,128,320 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\24_logon.scr
+ 2004-08-03 20:56:52 538,112 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\26_migwiz.exe
+ 2004-08-03 20:56:12 380,416 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\28_moricons.dll
+ 2004-08-03 20:56:44 1,101,824 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\29_msgina.dll
+ 2004-08-03 20:56:44 3,444,224 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\30_mshtml.dll
+ 2004-08-03 20:56:54 439,808 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\31_mspaint.exe
+ 2004-08-03 20:56:44 321,536 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\32_mstask.dll
+ 2004-08-03 18:59:44 657,408 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\33_mstscax.dll
+ 2004-08-03 20:56:46 86,016 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\34_mydocs.dll
+ 2004-08-03 20:56:56 55,808 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\35_narrator.exe
+ 2004-08-03 20:56:46 147,456 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\37_netid.dll
+ 2004-08-03 20:56:46 2,122,752 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\38_netshell.dll
+ 2004-08-03 20:56:46 413,696 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\39_newdev.dll
+ 2004-08-03 20:56:42 28,672 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\4_batmeter.dll
+ 2004-08-03 20:56:56 155,136 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\40_notepad.exe
+ 2004-08-03 20:56:56 155,136 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\41_notepad.exe
+ 2004-08-03 20:56:46 231,936 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\42_ntshrui.dll
+ 2004-08-03 20:56:46 146,944 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\44_occache.dll
+ 2004-08-03 20:56:46 740,864 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\46_printui.dll
+ 2004-08-03 20:56:46 1,229,824 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\47_rasdlg.dll
+ 2004-08-03 20:56:56 224,256 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\48_regedit.exe
+ 2004-08-03 20:56:28 666,112 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\49_shdoclc.dll
+ 2004-08-03 20:56:42 1,014,784 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\5_browseui.dll
+ 2004-08-03 20:56:46 1,762,816 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\50_shdocvw.dll
+ 2004-08-03 20:56:46 12,796,416 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\51_shell32.dll
+ 2004-08-03 20:56:46 1,788,416 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\52_shimgvw.dll
+ 2004-08-03 20:56:46 498,176 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\53_shlwapi.dll
+ 2004-08-03 20:56:58 180,736 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\54_sndrec32.exe
+ 2001-08-23 10:00:00 152,064 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\55_sndvol32.exe
+ 2004-08-03 20:56:46 147,456 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\56_stobject.dll
+ 2004-08-03 20:56:58 182,272 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\58_sysocmgr.exe
+ 2007-11-08 14:34:01 1,240,576 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\59_syssetup.dll
+ 2004-08-03 20:56:42 82,944 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\6_cabview.dll
+ 2004-08-03 20:56:58 181,760 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\60_taskmgr.exe
+ 2004-08-03 20:56:48 388,096 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\62_themeui.dll
+ 2004-08-03 20:56:48 59,392 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\64_url.dll
+ 2004-08-03 20:56:48 674,816 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\65_urlmon.dll
+ 2004-08-03 20:56:48 437,248 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\66_webcheck.dll
+ 2004-08-03 20:56:58 885,248 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\67_wiaacmgr.exe
+ 2004-08-03 20:56:48 769,536 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\68_wiashext.dll
+ 2004-08-03 20:56:48 690,176 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\69_wininet.dll
+ 2001-08-23 10:00:00 117,760 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\7_calc.exe
+ 2004-08-03 20:56:36 764,416 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\70_WINNTBBU.DLL
+ 2004-08-03 20:56:48 291,840 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\71_winsrv.dll
+ 2004-08-03 20:56:58 100,864 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\73_wuauclt.exe
+ 2004-08-03 20:56:58 285,696 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\74_wuauclt1.exe
+ 2004-08-03 20:56:38 3,288,064 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\76_xpsp2res.dll
+ 2004-08-03 20:56:48 905,216 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\77_zipfldr.dll
+ 2004-08-03 20:56:52 5,650,432 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\78_logonui.exe
+ 2004-08-03 20:56:52 832,512 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\79_iexplore.exe
+ 2004-08-03 20:56:48 108,544 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\8_cleanmgr.exe
+ 2004-08-03 20:56:54 223,232 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\80_msimn.exe
+ 2004-08-03 20:56:20 2,479,616 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\81_msoeres.dll
+ 2004-08-03 20:56:54 3,676,160 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\82_moviemk.exe
+ 2004-08-03 20:56:50 415,232 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\9_cmd.exe
+ 2008-09-28 11:35:17 218,624 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\Ux_uxtheme.dll
+ 2007-04-22 10:31:50 147,456 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Panel.exe
+ 2008-09-28 18:00:47 153,834 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
+ 2007-05-28 15:06:40 15,191 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\ResFiles\77_logonui.exe\UIFILE_1000.bin
+ 2006-05-21 07:49:32 881,664 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\ResHacker\ResHacker.exe
+ 2007-03-04 07:48:16 106,496 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Docklets\RocketClock\RocketClock.dll
+ 2007-01-01 15:23:54 1,645,320 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\gdiplus.dll
+ 2007-03-18 22:04:22 69,632 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
+ 2007-03-18 22:05:02 630,784 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
+ 2007-03-18 22:04:18 69,632 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Tools\Debug.exe
+ 2007-01-01 15:24:48 6,144 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Tools\LanguageID Finder.exe
+ 2006-05-21 07:49:38 11,776 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Tools\dialog.exe
+ 2006-05-21 07:49:38 32,610 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Tools\refresh.exe
+ 2005-06-01 19:41:18 65,536 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
+ 2006-05-21 07:43:06 1,645,320 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\gdiplus.dll
+ 2006-05-21 07:43:06 6,144 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\Languages\LanguageID Finder.exe
+ 2006-05-21 07:43:06 53,248 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\Plugins\iBounce\fx.dll
+ 2006-05-21 07:43:06 57,344 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\Plugins\iZoom\fx.dll
+ 2006-05-21 07:43:08 180,224 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
+ 2006-05-21 07:43:08 65,536 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
+ 2006-05-21 07:43:08 35,328 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\Uninst.exe
+ 2007-05-28 15:06:48 155,417 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Update.exe
+ 2006-05-21 07:43:14 53,248 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
+ 2006-05-21 07:43:14 155,648 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
- 2004-08-03 20:56:56 69,120 ----a-w C:\WINDOWS\notepad.exe
+ 2004-08-03 20:56:56 155,136 ----a-w C:\WINDOWS\notepad.exe
- 2004-08-03 20:56:50 768,512 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
+ 2004-08-03 20:56:50 764,928 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-03 20:56:56 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2004-08-03 20:56:56 224,256 ----a-w C:\WINDOWS\regedit.exe
- 2004-08-03 20:56:48 98,304 ----a-w C:\WINDOWS\system32\ahui.exe
+ 2004-08-03 20:56:48 100,864 ----a-w C:\WINDOWS\system32\ahui.exe
- 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2004-08-03 20:56:42 1,016,832 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2004-08-03 20:56:42 1,014,784 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-03 20:56:42 84,480 ----a-w C:\WINDOWS\system32\cabview.dll
+ 2004-08-03 20:56:42 82,944 ----a-w C:\WINDOWS\system32\cabview.dll
- 2001-08-23 10:00:00 114,688 ----a-w C:\WINDOWS\system32\calc.exe
+ 2001-08-23 10:00:00 117,760 ----a-w C:\WINDOWS\system32\calc.exe
- 2004-08-03 20:56:48 64,000 ----a-w C:\WINDOWS\system32\cleanmgr.exe
+ 2004-08-03 20:56:48 108,544 ----a-w C:\WINDOWS\system32\cleanmgr.exe
- 2004-08-03 20:56:50 388,608 ----a-w C:\WINDOWS\system32\cmd.exe
+ 2004-08-03 20:56:50 415,232 ----a-w C:\WINDOWS\system32\cmd.exe
- 2004-08-03 20:56:42 343,040 ----a-w C:\WINDOWS\system32\cmdial32.dll
+ 2004-08-03 20:56:42 448,512 ----a-w C:\WINDOWS\system32\cmdial32.dll
- 2001-08-23 10:00:00 66,560 ----a-w C:\WINDOWS\system32\console.dll
+ 2001-08-23 10:00:00 69,632 ----a-w C:\WINDOWS\system32\console.dll
- 2004-08-03 20:56:42 163,840 ----a-w C:\WINDOWS\system32\credui.dll
+ 2004-08-03 20:56:42 188,928 ----a-w C:\WINDOWS\system32\credui.dll
- 2001-08-23 10:00:00 64,512 -c--a-w C:\WINDOWS\system32\dllcache\acctres.dll
+ 2001-08-23 10:00:00 229,376 -c--a-w C:\WINDOWS\system32\dllcache\acctres.dll
- 2004-08-03 20:56:48 183,808 -c--a-w C:\WINDOWS\system32\dllcache\accwiz.exe
+ 2004-08-03 20:56:48 371,712 -c--a-w C:\WINDOWS\system32\dllcache\accwiz.exe
- 2004-08-03 20:56:42 8,704 -c--a-w C:\WINDOWS\system32\dllcache\batt.dll
+ 2004-08-03 20:56:42 169,984 -c--a-w C:\WINDOWS\system32\dllcache\batt.dll
- 2001-08-23 10:00:00 359,936 -c--a-w C:\WINDOWS\system32\dllcache\cards.dll
+ 2001-08-23 10:00:00 1,404,416 -c--a-w C:\WINDOWS\system32\dllcache\cards.dll
- 2004-08-03 20:56:42 457,728 -c--a-w C:\WINDOWS\system32\dllcache\certmgr.dll
+ 2004-08-03 20:56:42 1,221,120 -c--a-w C:\WINDOWS\system32\dllcache\certmgr.dll
- 2001-08-23 10:00:00 80,384 -c--a-w C:\WINDOWS\system32\dllcache\charmap.exe
+ 2001-08-23 10:00:00 218,624 -c--a-w C:\WINDOWS\system32\dllcache\charmap.exe
- 2001-08-23 10:00:00 163,328 -c--a-w C:\WINDOWS\system32\dllcache\ciadmin.dll
+ 2001-08-23 10:00:00 167,936 -c--a-w C:\WINDOWS\system32\dllcache\ciadmin.dll
- 2004-08-03 20:56:50 39,936 -c--a-w C:\WINDOWS\system32\dllcache\cmmon32.exe
+ 2004-08-03 20:56:50 43,520 -c--a-w C:\WINDOWS\system32\dllcache\cmmon32.exe
- 2004-08-03 20:56:42 792,064 -c--a-w C:\WINDOWS\system32\dllcache\comres.dll
+ 2004-08-03 20:56:42 1,262,080 -c--a-w C:\WINDOWS\system32\dllcache\comres.dll
- 2004-08-03 20:56:42 326,656 -c--a-w C:\WINDOWS\system32\dllcache\cscui.dll
+ 2004-08-03 20:56:42 467,456 -c--a-w C:\WINDOWS\system32\dllcache\cscui.dll
- 2001-08-23 10:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\deskadp.dll
+ 2001-08-23 10:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\deskadp.dll
- 2001-08-23 10:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\deskmon.dll
+ 2001-08-23 10:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\deskmon.dll
- 2004-08-03 20:56:44 282,624 -c--a-w C:\WINDOWS\system32\dllcache\devmgr.dll
+ 2004-08-03 20:56:44 403,968 -c--a-w C:\WINDOWS\system32\dllcache\devmgr.dll
- 2001-08-23 10:00:00 51,200 -c--a-w C:\WINDOWS\system32\dllcache\dfrgres.dll
+ 2001-08-23 10:00:00 193,024 -c--a-w C:\WINDOWS\system32\dllcache\dfrgres.dll
- 2001-08-23 10:00:00 273,920 -c--a-w C:\WINDOWS\system32\dllcache\dmdlgs.dll
+ 2001-08-23 10:00:00 783,360 -c--a-w C:\WINDOWS\system32\dllcache\dmdlgs.dll
- 2004-08-03 20:56:44 212,480 -c--a-w C:\WINDOWS\system32\dllcache\dpvoice.dll
+ 2004-08-03 20:56:44 441,344 -c--a-w C:\WINDOWS\system32\dllcache\dpvoice.dll
- 2004-08-03 20:56:50 83,456 -c--a-w C:\WINDOWS\system32\dllcache\dpvsetup.exe
+ 2004-08-03 20:56:50 220,160 -c--a-w C:\WINDOWS\system32\dllcache\dpvsetup.exe
- 2001-08-23 10:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\drwtsn32.exe
+ 2001-08-23 10:00:00 209,920 -c--a-w C:\WINDOWS\system32\dllcache\drwtsn32.exe
- 2004-08-03 20:56:50 1,298,432 -c--a-w C:\WINDOWS\system32\dllcache\dxdiag.exe
+ 2004-08-03 20:56:50 1,433,600 -c--a-w C:\WINDOWS\system32\dllcache\dxdiag.exe
- 2004-08-03 20:56:44 183,296 -c--a-w C:\WINDOWS\system32\dllcache\els.dll
+ 2004-08-03 20:56:44 506,368 -c--a-w C:\WINDOWS\system32\dllcache\els.dll
- 2001-08-23 10:00:00 8,704 -c--a-w C:\WINDOWS\system32\dllcache\eventvwr.exe
+ 2001-08-23 10:00:00 170,496 -c--a-w C:\WINDOWS\system32\dllcache\eventvwr.exe
- 2004-08-03 20:56:44 337,920 -c--a-w C:\WINDOWS\system32\dllcache\filemgmt.dll
+ 2004-08-03 20:56:44 654,848 -c--a-w C:\WINDOWS\system32\dllcache\filemgmt.dll
- 2004-08-03 20:56:44 87,552 -c--a-w C:\WINDOWS\system32\dllcache\fldrclnr.dll
+ 2004-08-03 20:56:44 205,312 -c--a-w C:\WINDOWS\system32\dllcache\fldrclnr.dll
- 2001-08-23 10:00:00 76,800 -c--a-w C:\WINDOWS\system32\dllcache\gcdef.dll
+ 2001-08-23 10:00:00 361,472 -c--a-w C:\WINDOWS\system32\dllcache\gcdef.dll
- 2004-08-03 20:56:08 566,784 -c--a-w C:\WINDOWS\system32\dllcache\gpedit.dll
+ 2004-08-03 20:56:08 867,328 -c--a-w C:\WINDOWS\system32\dllcache\gpedit.dll
- 2004-08-03 20:56:44 330,752 -c--a-w C:\WINDOWS\system32\dllcache\hnetwiz.dll
+ 2004-08-03 20:56:44 1,224,192 -c--a-w C:\WINDOWS\system32\dllcache\hnetwiz.dll
- 2001-08-23 10:00:00 54,784 -c--a-w C:\WINDOWS\system32\dllcache\icmui.dll
+ 2001-08-23 10:00:00 376,832 -c--a-w C:\WINDOWS\system32\dllcache\icmui.dll
- 2004-08-03 20:56:44 73,728 -c--a-w C:\WINDOWS\system32\dllcache\icwdial.dll
+ 2004-08-03 20:56:44 155,648 -c--a-w C:\WINDOWS\system32\dllcache\icwdial.dll
- 2004-08-03 20:56:44 216,576 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2004-08-03 20:56:44 552,448 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2004-08-03 20:56:52 5,650,432 -c--a-w C:\WINDOWS\system32\dllcache\logonui.exe
+ 2004-08-03 20:56:52 6,142,976 -c--a-w C:\WINDOWS\system32\dllcache\logonui.exe
- 2004-08-03 20:56:52 72,704 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
+ 2004-08-03 20:56:52 210,944 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
- 2004-08-03 20:56:44 118,272 -c--a-w C:\WINDOWS\system32\dllcache\mdminst.dll
+ 2004-08-03 20:56:44 343,552 -c--a-w C:\WINDOWS\system32\dllcache\mdminst.dll
- 2004-08-03 20:56:52 815,104 -c--a-w C:\WINDOWS\system32\dllcache\mmc.exe
+ 2004-08-03 20:56:52 980,480 -c--a-w C:\WINDOWS\system32\dllcache\mmc.exe
- 2004-08-03 20:56:44 207,360 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.dll
+ 2004-08-03 20:56:44 518,144 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.dll
- 2004-08-03 20:56:52 143,360 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.exe
+ 2004-08-03 20:56:52 315,392 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.exe
- 2004-08-03 20:56:44 153,600 -c--a-w C:\WINDOWS\system32\dllcache\modemui.dll
+ 2004-08-03 20:56:44 305,152 -c--a-w C:\WINDOWS\system32\dllcache\modemui.dll
- 2004-08-03 20:56:54 3,676,160 -c--a-w C:\WINDOWS\system32\dllcache\moviemk.exe
+ 2004-08-03 20:56:54 3,691,520 -c--a-w C:\WINDOWS\system32\dllcache\moviemk.exe
- 2004-08-03 20:56:44 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2004-08-03 20:56:44 596,992 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
- 2004-08-03 20:56:54 158,208 -c--a-w C:\WINDOWS\system32\dllcache\msconfig.exe
+ 2004-08-03 20:56:54 319,488 -c--a-w C:\WINDOWS\system32\dllcache\msconfig.exe
- 2001-08-23 10:00:00 126,976 -c--a-w C:\WINDOWS\system32\dllcache\mshearts.exe
+ 2001-08-23 10:00:00 159,744 -c--a-w C:\WINDOWS\system32\dllcache\mshearts.exe
- 2004-08-03 20:56:44 51,712 -c--a-w C:\WINDOWS\system32\dllcache\msident.dll
+ 2004-08-03 20:56:44 55,296 -c--a-w C:\WINDOWS\system32\dllcache\msident.dll
- 2004-08-03 20:56:44 248,832 -c--a-w C:\WINDOWS\system32\dllcache\msieftp.dll
+ 2004-08-03 20:56:44 611,840 -c--a-w C:\WINDOWS\system32\dllcache\msieftp.dll
- 2005-05-03 10:58:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-03 10:58:36 236,544 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2001-08-23 10:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\msinfo32.exe
+ 2001-08-23 10:00:00 178,688 -c--a-w C:\WINDOWS\system32\dllcache\msinfo32.exe
- 2004-08-03 18:59:42 407,552 -c--a-w C:\WINDOWS\system32\dllcache\mstsc.exe
+ 2004-08-03 18:59:42 588,288 -c--a-w C:\WINDOWS\system32\dllcache\mstsc.exe
- 2001-08-23 10:00:00 90,112 -c--a-w C:\WINDOWS\system32\dllcache\mycomput.dll
+ 2001-08-23 10:00:00 107,520 -c--a-w C:\WINDOWS\system32\dllcache\mycomput.dll
- 2004-08-03 20:56:46 875,008 -c--a-w C:\WINDOWS\system32\dllcache\netplwiz.dll
+ 2004-08-03 20:56:46 2,405,376 -c--a-w C:\WINDOWS\system32\dllcache\netplwiz.dll
- 2004-08-03 21:02:46 329,728 -c--a-w C:\WINDOWS\system32\dllcache\netsetup.exe
+ 2004-08-03 21:02:46 523,776 -c--a-w C:\WINDOWS\system32\dllcache\netsetup.exe
- 2004-08-03 20:56:56 1,200,128 -c--a-w C:\WINDOWS\system32\dllcache\ntbackup.exe
+ 2004-08-03 20:56:56 1,647,616 -c--a-w C:\WINDOWS\system32\dllcache\ntbackup.exe
- 2004-08-03 20:56:46 488,448 -c--a-w C:\WINDOWS\system32\dllcache\ntmsmgr.dll
+ 2004-08-03 20:56:46 742,912 -c--a-w C:\WINDOWS\system32\dllcache\ntmsmgr.dll
- 2004-08-03 20:56:56 32,768 -c--a-w C:\WINDOWS\system32\dllcache\odbcad32.exe
+ 2004-08-03 20:56:56 180,224 -c--a-w C:\WINDOWS\system32\dllcache\odbcad32.exe
- 2004-08-03 20:56:24 94,208 -c--a-w C:\WINDOWS\system32\dllcache\odbcint.dll
+ 2004-08-03 20:56:24 479,232 -c--a-w C:\WINDOWS\system32\dllcache\odbcint.dll
- 2004-08-03 20:56:46 1,281,536 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
+ 2004-08-03 20:56:46 1,308,672 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
- 2004-08-03 20:56:56 215,552 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
+ 2004-08-03 20:56:56 353,792 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
- 2001-08-23 10:00:00 40,448 -c--a-w C:\WINDOWS\system32\dllcache\osuninst.exe
+ 2001-08-23 10:00:00 176,640 -c--a-w C:\WINDOWS\system32\dllcache\osuninst.exe
- 2004-08-03 20:56:56 58,368 -c--a-w C:\WINDOWS\system32\dllcache\packager.exe
+ 2004-08-03 20:56:56 219,136 -c--a-w C:\WINDOWS\system32\dllcache\packager.exe
- 2004-08-03 20:56:56 15,872 -c--a-w C:\WINDOWS\system32\dllcache\perfmon.exe
+ 2004-08-03 20:56:56 177,152 -c--a-w C:\WINDOWS\system32\dllcache\perfmon.exe
- 2004-08-03 20:56:46 176,128 -c--a-w C:\WINDOWS\system32\dllcache\photowiz.dll
+ 2004-08-03 20:56:46 617,472 -c--a-w C:\WINDOWS\system32\dllcache\photowiz.dll
- 2004-08-03 20:56:56 35,840 -c--a-w C:\WINDOWS\system32\dllcache\rcimlby.exe
+ 2004-08-03 20:56:56 180,224 -c--a-w C:\WINDOWS\system32\dllcache\rcimlby.exe
- 2004-08-03 20:56:46 397,824 -c--a-w C:\WINDOWS\system32\dllcache\regwizc.dll
+ 2004-08-03 20:56:46 723,456 -c--a-w C:\WINDOWS\system32\dllcache\regwizc.dll
- 2004-08-03 20:56:46 60,416 -c--a-w C:\WINDOWS\system32\dllcache\remotepg.dll
+ 2004-08-03 20:56:46 199,168 -c--a-w C:\WINDOWS\system32\dllcache\remotepg.dll
- 2004-08-03 20:56:56 380,416 -c--a-w C:\WINDOWS\system32\dllcache\rstrui.exe
+ 2004-08-03 20:56:56 527,872 -c--a-w C:\WINDOWS\system32\dllcache\rstrui.exe
- 2004-08-03 20:56:56 77,312 -c--a-w C:\WINDOWS\system32\dllcache\rtcshare.exe
+ 2004-08-03 20:56:56 214,016 -c--a-w C:\WINDOWS\system32\dllcache\rtcshare.exe
- 2004-08-03 20:56:46 55,296 -c--a-w C:\WINDOWS\system32\dllcache\sendmail.dll
+ 2004-08-03 20:56:46 194,560 -c--a-w C:\WINDOWS\system32\dllcache\sendmail.dll
- 2004-08-03 20:56:46 983,552 -c--a-w C:\WINDOWS\system32\dllcache\setupapi.dll
+ 2004-08-03 20:56:46 2,459,648 -c--a-w C:\WINDOWS\system32\dllcache\setupapi.dll
- 2004-08-03 20:56:58 77,824 -c--a-w C:\WINDOWS\system32\dllcache\shrpubw.exe
+ 2004-08-03 20:56:58 403,968 -c--a-w C:\WINDOWS\system32\dllcache\shrpubw.exe
- 2004-08-03 20:56:58 70,144 -c--a-w C:\WINDOWS\system32\dllcache\sigverif.exe
+ 2004-08-03 20:56:58 286,720 -c--a-w C:\WINDOWS\system32\dllcache\sigverif.exe
- 2001-08-23 10:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\sol.exe
+ 2001-08-23 10:00:00 195,072 -c--a-w C:\WINDOWS\system32\dllcache\sol.exe
- 2004-08-03 20:56:58 538,624 -c--a-w C:\WINDOWS\system32\dllcache\spider.exe
+ 2004-08-03 20:56:58 1,730,048 -c--a-w C:\WINDOWS\system32\dllcache\spider.exe
- 2004-08-03 20:56:46 725,566 -c--a-w C:\WINDOWS\system32\dllcache\srchui.dll
+ 2004-08-03 20:56:46 728,126 -c--a-w C:\WINDOWS\system32\dllcache\srchui.dll
- 2004-08-03 20:56:46 239,104 -c--a-w C:\WINDOWS\system32\dllcache\srrstr.dll
+ 2004-08-03 20:56:46 237,056 -c--a-w C:\WINDOWS\system32\dllcache\srrstr.dll
- 2004-08-03 20:56:46 136,704 -c--a-w C:\WINDOWS\system32\dllcache\sti_ci.dll
+ 2004-08-03 20:56:46 670,208 -c--a-w C:\WINDOWS\system32\dllcache\sti_ci.dll
- 2004-08-03 20:56:58 14,848 -c--a-w C:\WINDOWS\system32\dllcache\stimon.exe
+ 2004-08-03 20:56:58 166,912 -c--a-w C:\WINDOWS\system32\dllcache\stimon.exe
- 2001-08-23 10:00:00 51,200 -c--a-w C:\WINDOWS\system32\dllcache\syncapp.exe
+ 2001-08-23 10:00:00 187,392 -c--a-w C:\WINDOWS\system32\dllcache\syncapp.exe
- 2004-08-03 20:56:48 191,488 -c--a-w C:\WINDOWS\system32\dllcache\syncui.dll
+ 2004-08-03 20:56:48 410,624 -c--a-w C:\WINDOWS\system32\dllcache\syncui.dll
- 2001-08-23 10:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\syskey.exe
+ 2001-08-23 10:00:00 196,608 -c--a-w C:\WINDOWS\system32\dllcache\syskey.exe
- 2001-08-23 10:00:00 78,848 -c--a-w C:\WINDOWS\system32\dllcache\tapiui.dll
+ 2001-08-23 10:00:00 315,392 -c--a-w C:\WINDOWS\system32\dllcache\tapiui.dll
- 2004-08-03 20:56:48 239,616 -c--a-w C:\WINDOWS\system32\dllcache\upnpui.dll
+ 2004-08-03 20:56:48 1,149,952 -c--a-w C:\WINDOWS\system32\dllcache\upnpui.dll
- 2004-08-03 20:56:48 577,024 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
+ 2004-08-03 20:56:48 576,512 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
- 2004-08-03 20:56:58 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
+ 2004-08-03 20:56:58 188,416 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
- 2008-08-07 17:44:04 218,624 -c--a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
+ 2008-09-28 11:35:17 218,624 -c--a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
- 2001-08-23 10:00:00 98,304 -c--a-w C:\WINDOWS\system32\dllcache\verifier.exe
+ 2001-08-23 10:00:00 259,584 -c--a-w C:\WINDOWS\system32\dllcache\verifier.exe
- 2004-08-03 20:56:58 46,080 -c--a-w C:\WINDOWS\system32\dllcache\wab.exe
+ 2004-08-03 20:56:58 187,904 -c--a-w C:\WINDOWS\system32\dllcache\wab.exe
- 2004-08-03 20:56:48 504,832 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2004-08-03 20:56:48 643,072 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
- 2004-08-03 20:56:36 249,856 -c--a-w C:\WINDOWS\system32\dllcache\wab32res.dll
+ 2004-08-03 20:56:36 523,776 -c--a-w C:\WINDOWS\system32\dllcache\wab32res.dll
- 2004-08-03 20:56:48 32,768 -c--a-w C:\WINDOWS\system32\dllcache\wabfind.dll
+ 2004-08-03 20:56:48 25,088 -c--a-w C:\WINDOWS\system32\dllcache\wabfind.dll
- 2004-08-03 20:56:48 84,992 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2004-08-03 20:56:48 89,600 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
- 2004-08-03 20:56:58 30,208 -c--a-w C:\WINDOWS\system32\dllcache\wabmig.exe
+ 2004-08-03 20:56:58 34,816 -c--a-w C:\WINDOWS\system32\dllcache\wabmig.exe
- 2004-08-03 20:56:48 463,360 -c--a-w C:\WINDOWS\system32\dllcache\wiadefui.dll
+ 2004-08-03 20:56:48 1,239,040 -c--a-w C:\WINDOWS\system32\dllcache\wiadefui.dll
- 2001-08-23 10:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\winchat.exe
+ 2001-08-23 10:00:00 38,400 -c--a-w C:\WINDOWS\system32\dllcache\winchat.exe
- 2004-08-03 20:56:58 283,648 -c--a-w C:\WINDOWS\system32\dllcache\winhlp32.exe
+ 2001-08-23 10:00:00 168,960 -c--a-w C:\WINDOWS\system32\dllcache\winhlp32.exe
- 2001-08-23 10:00:00 119,808 -c--a-w C:\WINDOWS\system32\dllcache\winmine.exe
+ 2001-08-23 10:00:00 258,048 -c--a-w C:\WINDOWS\system32\dllcache\winmine.exe
- 2006-10-18 20:46:20 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-18 20:46:20 336,896 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-08-03 20:56:58 214,528 -c--a-w C:\WINDOWS\system32\dllcache\wordpad.exe
+ 2004-08-03 20:56:58 674,816 -c--a-w C:\WINDOWS\system32\dllcache\wordpad.exe
- 2004-08-03 20:56:58 32,256 -c--a-w C:\WINDOWS\system32\dllcache\wpabaln.exe
+ 2004-08-03 20:56:58 171,008 -c--a-w C:\WINDOWS\system32\dllcache\wpabaln.exe
- 2001-08-23 10:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\write.exe
+ 2001-08-23 10:00:00 166,400 -c--a-w C:\WINDOWS\system32\dllcache\write.exe
- 2004-08-03 20:56:58 114,688 -c--a-w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2004-08-03 20:56:58 757,760 -c--a-w C:\WINDOWS\system32\dllcache\wscript.exe
- 2004-08-03 20:56:48 596,992 -c--a-w C:\WINDOWS\system32\dllcache\wsecedit.dll
+ 2004-08-03 20:56:48 757,760 -c--a-w C:\WINDOWS\system32\dllcache\wsecedit.dll
- 2001-08-23 10:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\wupdmgr.exe
+ 2001-08-23 10:00:00 168,960 -c--a-w C:\WINDOWS\system32\dllcache\wupdmgr.exe
- 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2008-09-27 14:23:20 1,648,296 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-28 18:20:53 1,648,352 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-03 20:56:44 382,976 ----a-w C:\WINDOWS\system32\fontext.dll
+ 2004-08-03 20:56:44 392,704 ----a-w C:\WINDOWS\system32\fontext.dll
- 2004-08-03 20:56:44 144,896 ----a-w C:\WINDOWS\system32\hotplug.dll
+ 2004-08-03 20:56:44 159,744 ----a-w C:\WINDOWS\system32\hotplug.dll
- 2001-08-23 10:00:00 110,592 ----a-w C:\WINDOWS\system32\inetcplc.dll
+ 2001-08-23 10:00:00 280,576 ----a-w C:\WINDOWS\system32\inetcplc.dll
- 2004-08-03 20:56:44 150,528 ----a-w C:\WINDOWS\system32\keymgr.dll
+ 2004-08-03 20:56:44 402,944 ----a-w C:\WINDOWS\system32\keymgr.dll
- 2004-08-03 20:56:58 220,672 ----a-w C:\WINDOWS\system32\logon.scr
+ 2004-08-03 20:56:58 3,128,320 ----a-w C:\WINDOWS\system32\logon.scr
- 2004-08-03 20:56:12 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
+ 2004-08-03 20:56:12 380,416 ----a-w C:\WINDOWS\system32\moricons.dll
- 2004-08-03 20:56:44 994,304 ----a-w C:\WINDOWS\system32\msgina.dll
+ 2004-08-03 20:56:44 1,101,824 ----a-w C:\WINDOWS\system32\msgina.dll
- 2004-08-03 20:56:44 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2004-08-03 20:56:44 3,444,224 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-03 20:56:54 343,040 ----a-w C:\WINDOWS\system32\mspaint.exe
+ 2004-08-03 20:56:54 439,808 ----a-w C:\WINDOWS\system32\mspaint.exe
- 2004-08-03 20:56:44 274,944 ----a-w C:\WINDOWS\system32\mstask.dll
+ 2004-08-03 20:56:44 321,536 ----a-w C:\WINDOWS\system32\mstask.dll
- 2004-08-03 18:59:44 655,360 ----a-w C:\WINDOWS\system32\mstscax.dll
+ 2004-08-03 18:59:44 657,408 ----a-w C:\WINDOWS\system32\mstscax.dll
- 2004-08-03 20:56:46 90,624 ----a-w C:\WINDOWS\system32\mydocs.dll
+ 2004-08-03 20:56:46 86,016 ----a-w C:\WINDOWS\system32\mydocs.dll
- 2004-08-03 20:56:56 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2004-08-03 20:56:56 55,808 ----a-w C:\WINDOWS\system32\narrator.exe
- 2004-08-03 20:56:46 139,264 ----a-w C:\WINDOWS\system32\netid.dll
+ 2004-08-03 20:56:46 147,456 ----a-w C:\WINDOWS\system32\netid.dll
- 2004-08-03 20:56:46 1,708,032 ----a-w C:\WINDOWS\system32\netshell.dll
+ 2004-08-03 20:56:46 2,122,752 ----a-w C:\WINDOWS\system32\netshell.dll
- 2004-08-03 20:56:46 248,832 ----a-w C:\WINDOWS\system32\newdev.dll
+ 2004-08-03 20:56:46 413,696 ----a-w C:\WINDOWS\system32\newdev.dll
- 2004-08-03 20:56:56 69,120 ----a-w C:\WINDOWS\system32\notepad.exe
+ 2004-08-03 20:56:56 155,136 ----a-w C:\WINDOWS\system32\notepad.exe
- 2004-08-03 20:56:46 143,872 ----a-w C:\WINDOWS\system32\ntshrui.dll
+ 2004-08-03 20:56:46 231,936 ----a-w C:\WINDOWS\system32\ntshrui.dll
- 2004-08-03 20:56:46 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2004-08-03 20:56:46 146,944 ----a-w C:\WINDOWS\system32\occache.dll
- 2004-08-03 20:56:46 560,640 ----a-w C:\WINDOWS\system32\printui.dll
+ 2004-08-03 20:56:46 740,864 ----a-w C:\WINDOWS\system32\printui.dll
- 2004-08-03 20:56:46 657,920 ----a-w C:\WINDOWS\system32\rasdlg.dll
+ 2004-08-03 20:56:46 1,229,824 ----a-w C:\WINDOWS\system32\rasdlg.dll
- 2004-08-03 20:56:28 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
+ 2004-08-03 20:56:28 666,112 ----a-w C:\WINDOWS\system32\shdoclc.dll
- 2004-08-03 20:56:46 1,483,264 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2004-08-03 20:56:46 1,762,816 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2004-08-03 20:56:46 8,384,000 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2004-08-03 20:56:46 12,796,416 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-03 20:56:46 438,272 ----a-w C:\WINDOWS\system32\shimgvw.dll
+ 2004-08-03 20:56:46 1,788,416 ----a-w C:\WINDOWS\system32\shimgvw.dll
- 2004-08-03 20:56:46 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2004-08-03 20:56:46 498,176 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-03 20:56:58 131,584 ----a-w C:\WINDOWS\system32\sndrec32.exe
+ 2004-08-03 20:56:58 180,736 ----a-w C:\WINDOWS\system32\sndrec32.exe
- 2001-08-23 10:00:00 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
+ 2001-08-23 10:00:00 152,064 ----a-w C:\WINDOWS\system32\sndvol32.exe
- 2004-08-03 20:56:46 121,856 ----a-w C:\WINDOWS\system32\stobject.dll
+ 2004-08-03 20:56:46 147,456 ----a-w C:\WINDOWS\system32\stobject.dll
- 2004-08-03 20:56:58 105,984 ----a-w C:\WINDOWS\system32\sysocmgr.exe
+ 2004-08-03 20:56:58 182,272 ----a-w C:\WINDOWS\system32\sysocmgr.exe
- 2007-11-08 14:34:01 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll
+ 2007-11-08 14:34:01 1,240,576 ----a-w C:\WINDOWS\system32\syssetup.dll
- 2004-08-03 20:56:58 135,680 ----a-w C:\WINDOWS\system32\taskmgr.exe
+ 2004-08-03 20:56:58 181,760 ----a-w C:\WINDOWS\system32\taskmgr.exe
- 2004-08-03 20:56:48 385,536 ----a-w C:\WINDOWS\system32\themeui.dll
+ 2004-08-03 20:56:48 388,096 ----a-w C:\WINDOWS\system32\themeui.dll
- 2004-08-03 20:56:48 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2004-08-03 20:56:48 59,392 ----a-w C:\WINDOWS\system32\url.dll
- 2004-08-03 20:56:48 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2004-08-03 20:56:48 674,816 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-03 20:56:52 240,128 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2004-08-03 20:56:52 538,112 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
- 2008-08-07 17:44:04 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
+ 2008-09-28 11:35:17 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
- 2004-08-03 20:56:48 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2004-08-03 20:56:48 437,248 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2004-08-03 20:56:58 433,664 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
+ 2004-08-03 20:56:58 885,248 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
- 2004-08-03 20:56:48 589,312 ----a-w C:\WINDOWS\system32\wiashext.dll
+ 2004-08-03 20:56:48 769,536 ----a-w C:\WINDOWS\system32\wiashext.dll
- 2004-08-03 20:56:36 764,928 ----a-w C:\WINDOWS\system32\WINNTBBU.DLL
+ 2004-08-03 20:56:36 764,416 ----a-w C:\WINDOWS\system32\WINNTBBU.DLL
- 2004-08-03 20:56:48 290,816 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2004-08-03 20:56:48 291,840 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-03 20:56:58 165,888 ----a-w C:\WINDOWS\system32\wuauclt1.exe
+ 2004-08-03 20:56:58 285,696 ----a-w C:\WINDOWS\system32\wuauclt1.exe
- 2004-08-03 20:56:38 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
+ 2004-08-03 20:56:38 3,288,064 ----a-w C:\WINDOWS\system32\xpsp2res.dll
- 2004-08-03 20:56:48 337,920 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2004-08-03 20:56:48 905,216 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2008-09-28 18:20:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_fc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 30192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 22:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e8d76a67]
--a------ 2008-09-27 21:00 80000 C:\WINDOWS\system32\klmnluir.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-31 14:38 133104 C:\Documents and Settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
--a------ 2006-12-01 18:09 2056875 C:\Program Files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-23 14:11 21738792 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-15 13:11 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 19:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-30 00:01 52168 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-09-19 19:16 2145280 C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 15:55 2850816 C:\Program Files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-11-16 16:13 90112 C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MONyog"=2 (0x2)
"gupdate1c90b651dea8622"=2 (0x2)
"UserAccess7"=2 (0x2)
"NMSAccessU"=2 (0x2)
"gusvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.

Poslao: 28 Sep 2008 21:01
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Log nije kompletan.
Molim te iskoristi opciju "Prikaci fajl" koja se nalazi ispod polja za pisanje poruke na forumu i tako postavi log koji ces naci na c:\combofix.log

MyCity » Ambulanta -> Arhiva Ambulante » [bobby]Pomoc

Ko je trenutno na forumu
 

Ukupno su 1496 korisnika na forumu :: 218 registrovanih, 19 sakrivenih i 1259 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 33 bren, 9191vs, A.R.Chafee.Jr., acov34, Aleksandar Šljivar, AleksandarV, Alen-Delon-u-boji, alonso, amstel, Apok, aramis s, avijacija, Batko.VD.65, Ben Roj, Bo96, Boba, boj.an, bojan_t, bojanM84, Bombona, Boris90, boro975, BORUTUS, boskelazo, Bosnjo, Bozjidar87, bpvl, BrcakRS, bunker, C-Gun, celt, Cicumile, cifra, Cirkon, Clouseau, comi991, cuvarkuca, dane007, Dannyboy, darkojbn, Darth Malak, debeli, DeerHunter, deLacy, Demi87, Devil city 1989, DezurniOperativni, Df410, Dimitrise93, djonsule, djordjemiklusev, DJUNTA, dmrdc, Doc, donigor22, draganca, Draganeli, draganl, DragoslavS, Duk011, dule10savic, dunavzed, dushan, Dzambas, Dzigy, Ebemliga, El-Komadante, Ercomero, Folkstar, Fulcrum, gasha, Georgius, Giskard, goran.vvv, GveX, Hans Gajger, Ice, Igritelj, InzenjerBL, IQ116, Ir, istina, Istman, ivicasimo, JimmyNapoli, JOntra, Još malo pa deda, kalens021, kikisp, KizJ, komenski, kovac9mm, Kredit, Krusarac, Kule15, Kum Ruzvelt, kuntakinte, lacko, Lance Guest, larix, laurusri, littlebunny, LUDI, luka35, M1los, Maki1981, marera, Marko00, markolopin, marsi, Mastrum Ridkali, matrix_1, mean_machine, mercedesamg, Metanoja, Mickey91, Miki01, milanpb, milbos, milenko crazy north, Miler88, milimoj, Milometer, milos1231, Milos1389, mino bosanac, mnn2, Moldovan, mr.lucas, Mux007, Mzee, nebidrag, nemkea71, nenad81, Neutral, nick79, niksa517, novator, Otto Grunf, Paki, Pantaaa, Parker, partyzan, Paško, pein, Pekman, Permaldar, Pero Petković, Petarvu, Pewac21, pisac12, Plavi Jadran, PlayerOne, Posmatrac77OKB, precan, probisic, procesor, proka1ng, Pururin, radza1, rakivan, Ray1973, razumihin, redstar72, Rocky I, rodoljub, Romibrat, ruma, Samo gledam, Semberija, shlauf, shota91, skylab1111, Smor, Sone0883, Sr.Stat., Srpska zauvjek, Stevan Visoki, Stoilkovic, strawman, strn, styg, suponik, t.e.m.p.l.a.r., Tanjagre, tmanda323, Troja, trutcina, Uridium, Velizar Laro, veljko82, Vericvi, Vidlič, vidra boy, vjetar, Vlada1389, vladaa012, Vladoj, VPV, vrag81, Vrač, vrlenija, vuksa72, wize, Wrangler, x011, YugoSlav, zax22r, zdrebac, zemljanin, ZetaMan, zexon, Zlajo1987, ZlatniRez, Zoran1959, zule2, |_MeD_|, Žrnov