مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

تم تحميل الصفحة في 0,7581387 ثانية
مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع
الحالة
مغلق و غير مفتوح للمزيد من الردود.
إنضم
26 أغسطس 2007
المشاركات
272
الإعجابات
10
النقاط
0
السسسلآم عليكم


آخوآني آنآ عندي مشكله في فتح regedit وTask Manager

















سمعت آنه فآيروس آبغآ آشيل هالفايروس مب عآرفه ركبت كآسبر سكآي مآشتغل البرنامج

ركبت ZoneAlarm مآشتغل هذي الصوره توضح برنامج الحمايه لونه رمادي للمعلوميه كل برآمج الحمآيه كذآ




آنا قلت آسوي سكان مانفع دخلت على موقع النود بسوي فحص مو رآضي يسوي سكآن والسبه المدير

والكاسبر موقعه مب رآضي يفتح بجهآزي ولآآي موقع حمآيه فيه سكانر:3:


المهم آنآ دورت حل لللمشكله بقوقل عن هذي ولا وحده نفعت معآي للحين مب رآضي يفتح:30:



آفيدوني جعل الهنآ والسعد فآلكم :30:
 
إنضم
13 يوليو 2007
المشاركات
1,615
الإعجابات
65
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

وعليكم السلام
Registry Editing has been disabled by your administrator
تم تعطيل محرر الرجستري من قبل المسؤول
Start من أبدأ

Run تشغيل

أنسخ هذا الامر

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0

ثم ألصق ثم موافق

وان شالله راح تنحل المشكلى تقبلي التحية​
 
إنضم
26 أغسطس 2007
المشاركات
272
الإعجابات
10
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

سويت هالحل من قبل لآ آحط الموضوع


مانفعت معآأ‘أي حتى آني حملت ملفات تشغل الريجستري


مآأ‘أكًو فآ‘آيدهًـ

ويعطيكـ آلف عآأ‘أ‘فيه ع مرووكـ‘​
 
إنضم
13 يوليو 2007
المشاركات
1,615
الإعجابات
65
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

ايقاف استعادة النظام ايقاف برنامج الانتي فايروس
اوكي استخدم هذي الاداة وعطني التقرير الي يطلع منها
اداة combofix
حمل الاداة
هنا
اتبع الشرح







 
إنضم
13 يوليو 2007
المشاركات
1,615
الإعجابات
65
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

سويت هالحل من قبل لآ آحط الموضوع


مانفعت معآأ‘أي حتى آني حملت ملفات تشغل الريجستري


مآأ‘أكًو فآ‘آيدهًـ

ويعطيكـ آلف عآأ‘أ‘فيه ع مرووكـ‘​
الله يعافيك هذي الطريقة لمعرفة وجود فايروس يمنع دخول ادارة المهام والرجستري ولا لا

اهم شي في الطريقة الثانيه ايقاف استعادة النظام وايقاف عمل الانتي فايروس

وحنا معك اللين تنحل مشكلتك باذن الله​
 
إنضم
26 أغسطس 2007
المشاركات
272
الإعجابات
10
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

كود:
ComboFix 09-06-26.02 - Personal 06/28/2009  9:32.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1256.966.1033.18.1014.596 [GMT 4:00]
Running from: c:\downloads\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Help\agt0401.hlp
c:\windows\Help\agt0405.hlp
c:\windows\Help\agt0408.hlp
c:\windows\Help\agt0415.hlp
c:\windows\Help\agt0419.hlp

.
(((((((((((((((((((((((((   Files Created from 2009-05-28 to 2009-06-28  )))))))))))))))))))))))))))))))
.

2009-06-28 02:04 . 2009-06-28 02:04	--------	d-----w-	c:\windows\LastGood
2009-06-28 00:33 . 2009-06-28 00:33	--------	d-----w-	c:\documents and settings\Personal\Local Settings\Application Data\G DATA
2009-06-28 00:24 . 2009-06-28 00:24	--------	d-----w-	c:\windows\Sun
2009-06-27 23:12 . 2009-06-27 23:12	--------	d-----w-	c:\documents and settings\Personal\Contacts
2009-06-27 23:05 . 2009-06-27 23:05	--------	d-----w-	c:\documents and settings\Personal\Application Data\MailFrontier
2009-06-27 23:03 . 2009-06-28 02:05	--------	d-----w-	c:\windows\system32\KB905474
2009-06-27 23:03 . 2009-03-10 18:18	527240	----a-w-	c:\windows\system32\KB905474\wgasetup.exe
2009-06-27 23:00 . 2009-06-27 23:00	--------	d-----w-	c:\program files\MSXML 4.0
2009-06-27 05:18 . 2009-06-27 05:36	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-06-27 05:18 . 2007-08-15 09:09	159744	----a-w-	c:\windows\system32\wt_menu.dll
2009-06-27 05:18 . 2007-08-15 09:09	40960	----a-w-	c:\windows\system32\ssubtmr6.dll
2009-06-27 05:18 . 1999-02-09 17:40	188928	----a-w-	c:\windows\system32\vbuzip10.DLL
2009-06-27 05:18 . 2009-06-27 05:19	--------	d-----w-	c:\program files\Smarty Uninstaller Pro
2009-06-27 03:18 . 2009-06-27 03:18	--------	d-----w-	c:\program files\Zone Labs
2009-06-27 03:18 . 2009-06-27 06:56	--------	d-----w-	c:\windows\Internet Logs
2009-06-27 02:57 . 2009-06-27 03:02	--------	d-----w-	c:\windows\system32\CatRoot_bak
2009-06-27 01:44 . 2003-08-18 02:56	1341	----a-w-	c:\windows\regtools.vbs
2009-06-26 23:58 . 2009-02-06 17:22	2136064	-c----w-	c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-26 23:58 . 2009-02-06 17:24	2180480	-c----w-	c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-26 23:58 . 2009-02-06 16:49	2015744	-c----w-	c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-26 23:58 . 2009-02-06 16:49	2057728	-c----w-	c:\windows\system32\dllcache\ntkrnlpa.exe
2009-06-26 23:37 . 2008-06-13 13:10	272128	-c----w-	c:\windows\system32\dllcache\bthport.sys
2009-06-26 23:37 . 2008-06-13 13:10	272128	------w-	c:\windows\system32\drivers\bthport.sys
2009-06-26 23:07 . 2009-06-26 23:07	--------	d--h--w-	c:\windows\system32\GroupPolicy
2009-06-26 23:06 . 2009-04-29 04:55	459264	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2009-06-26 23:06 . 2009-04-29 04:55	52224	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2009-06-26 23:06 . 2009-04-29 04:55	268288	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2009-06-26 23:06 . 2009-04-29 04:55	63488	-c----w-	c:\windows\system32\dllcache\icardie.dll
2009-06-26 23:06 . 2009-04-29 04:55	383488	-c----w-	c:\windows\system32\dllcache\ieapfltr.dll
2009-06-26 23:06 . 2009-04-28 09:05	13824	-c----w-	c:\windows\system32\dllcache\ieudinit.exe
2009-06-26 23:06 . 2008-07-09 14:25	2455488	-c----w-	c:\windows\system32\dllcache\ieapfltr.dat
2009-06-26 23:06 . 2009-04-29 04:55	6066176	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2009-06-26 22:59 . 2008-10-24 11:10	453632	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2009-06-26 21:45 . 2009-06-26 22:48	--------	d-----w-	c:\documents and settings\Personal\Application Data\Uniblue
2009-06-26 21:45 . 2009-06-26 22:46	--------	d-----w-	c:\program files\Uniblue
2009-06-26 21:37 . 2009-06-26 22:49	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-06-26 21:00 . 2009-06-26 21:00	3561743	----a-w-	c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-26 19:17 . 2009-06-26 19:17	--------	d-----w-	c:\program files\No-IP
2009-06-26 19:16 . 2009-06-26 19:16	--------	d-----w-	c:\documents and settings\Personal\Application Data\Malwarebytes
2009-06-26 19:16 . 2009-06-17 07:27	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-06-26 19:16 . 2009-06-17 07:27	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 19:16 . 2009-06-26 21:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-06-26 19:16 . 2009-06-26 19:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-26 19:14 . 2009-06-26 19:14	--------	d-----w-	c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-26 19:13 . 2009-06-26 19:13	--------	d-----w-	c:\program files\Adverts
2009-06-26 19:13 . 2009-06-26 19:13	--------	d-----w-	c:\program files\Windows Live
2009-06-26 19:13 . 2009-06-26 19:13	--------	d-----w-	c:\program files\Messenger Plus! Live
2009-06-26 19:10 . 2009-06-26 19:13	--------	d-----w-	c:\program files\MSN Messenger
2009-06-26 18:22 . 2009-06-26 18:25	32	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-06-26 18:22 . 2009-06-26 18:25	32	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-06-24 21:59 . 2009-06-24 21:59	--------	d-----w-	c:\documents and settings\Personal\Local Settings\Application Data\Help
2009-06-24 21:36 . 2009-06-24 21:36	--------	d-----w-	c:\documents and settings\Personal\Application Data\Teleca
2009-06-24 18:51 . 2009-06-24 18:51	--------	d-----w-	c:\documents and settings\Personal\Application Data\Sony Ericsson
2009-06-24 18:48 . 2009-06-24 18:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-06-24 18:47 . 2009-06-24 18:47	--------	d-----w-	c:\program files\Common Files\Sony Ericsson Shared
2009-06-24 18:47 . 2009-06-24 18:48	--------	d-----w-	c:\program files\Common Files\Teleca Shared
2009-06-24 18:47 . 2009-06-24 18:47	--------	d-----w-	c:\program files\Sony Ericsson
2009-06-24 18:47 . 2009-06-24 18:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\Teleca
2009-06-24 18:47 . 2009-06-24 18:47	--------	d-----w-	c:\windows\Downloaded Installations
2009-06-24 18:38 . 2009-06-24 18:38	--------	d-----w-	c:\program files\Java
2009-06-24 18:38 . 2009-06-24 18:38	--------	d-----w-	c:\program files\Common Files\Java
2009-06-24 18:29 . 2009-06-24 18:39	--------	d-----w-	c:\program files\LimeWire
2009-06-24 18:22 . 2009-06-28 05:29	--------	d-----w-	C:\Downloads
2009-06-24 18:22 . 2009-06-28 05:29	--------	d-----w-	c:\documents and settings\Personal\Application Data\Orbit
2009-06-24 18:22 . 2009-06-24 18:22	--------	d-----w-	c:\program files\Orbitdownloader
2009-06-24 17:40 . 2007-04-19 19:27	88960	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2009-06-24 17:40 . 2007-04-19 19:27	24448	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2009-06-24 17:40 . 2009-06-24 17:40	--------	d-----w-	c:\program files\Nawras Internet-E220
2009-06-24 17:22 . 2004-08-03 19:08	26496	-c--a-w-	c:\windows\system32\dllcache\usbstor.sys
2009-06-24 05:50 . 2009-06-24 05:50	--------	d-----w-	c:\documents and settings\Personal\Application Data\Yahoo!
2009-06-24 05:50 . 2009-06-24 05:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-24 05:39 . 2009-06-24 05:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Suite
2009-06-24 05:37 . 2007-04-26 09:02	21505000	----a-r-	c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng.exe
2009-06-24 05:37 . 2009-06-24 05:37	90112	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe
2009-06-24 05:37 . 2009-06-24 05:37	89088	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-24 05:37 . 2009-06-24 05:37	87552	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe
2009-06-24 05:37 . 2009-06-24 05:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\Installations
2009-06-24 05:36 . 2009-06-24 05:36	--------	d-----w-	c:\documents and settings\Personal\Application Data\Creative
2009-06-24 05:34 . 2009-06-24 17:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-06-24 05:32 . 2009-06-24 17:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee
2009-06-24 05:08 . 2009-06-24 05:08	--------	d--h--w-	c:\windows\msdownld.tmp
2009-06-24 05:08 . 2009-06-24 05:08	--------	d-----w-	c:\program files\Yahoo!
2009-06-24 05:06 . 2008-07-09 07:38	26488	----a-w-	c:\windows\system32\spupdsvc.exe
2009-06-24 05:06 . 2009-06-27 23:04	--------	d--h--w-	c:\windows\$hf_mig$
2009-06-24 05:00 . 2009-06-24 05:00	--------	d-----w-	c:\windows\speech
2009-06-24 04:59 . 2009-06-24 05:00	--------	d-----w-	c:\program files\Golden Al-Wafi Translator
2009-06-24 04:59 . 2009-06-24 04:59	172032	------w-	c:\windows\Setup1.exe
2009-06-24 04:59 . 2009-06-24 04:59	73216	----a-w-	c:\windows\ST6UNST.EXE
2009-06-24 04:59 . 2009-06-24 04:59	--------	d-----w-	c:\program files\Common Files\xing shared
2009-06-24 04:59 . 2009-06-24 04:59	--------	d-----w-	c:\program files\Common Files\Real
2009-06-24 04:59 . 2009-06-24 04:59	--------	d-----w-	c:\program files\Real
2009-06-24 04:50 . 2009-06-24 04:50	--------	d-----w-	c:\documents and settings\Personal\Local Settings\Application Data\Adobe
2009-06-24 04:49 . 2009-06-24 04:56	--------	d-----w-	c:\program files\Common Files\Adobe
2009-06-24 04:48 . 2009-06-24 04:48	--------	d-----w-	c:\documents and settings\Personal\Application Data\Ahead
2009-06-24 04:48 . 2003-12-19 15:48	89184	----a-w-	c:\windows\system32\drivers\imagedrv.sys
2009-06-24 04:47 . 2009-06-24 04:47	--------	d-----w-	c:\program files\Common Files\Ahead
2009-06-24 04:47 . 2001-07-09 06:50	233472	----a-w-	c:\windows\system32\NeroCheck.exe
2009-06-24 04:47 . 2001-07-06 13:24	283920	----a-w-	c:\windows\system32\ImagXpr5.dll
2009-06-24 04:47 . 2001-07-06 09:41	569344	----a-w-	c:\windows\system32\imagr5.dll
2009-06-24 04:47 . 2001-07-06 07:44	544768	----a-w-	c:\windows\system32\imagx5.dll
2009-06-24 04:47 . 2001-06-26 03:15	38912	----a-w-	c:\windows\system32\picn20.dll
2009-06-24 04:47 . 2009-06-24 04:47	--------	d-----w-	c:\program files\Ahead
2009-06-24 04:46 . 2009-06-24 04:46	--------	d-----w-	c:\documents and settings\All Users\Application Data\CyberLink
2009-06-24 04:46 . 2009-06-24 04:46	--------	d-----w-	c:\program files\CyberLink
2009-06-24 04:45 . 2009-06-24 04:45	--------	d-----w-	c:\windows\system32\wbem\MUI
2009-06-24 04:43 . 2009-06-24 04:43	--------	d-----w-	c:\program files\NCH Swift Sound
2009-06-24 04:42 . 2001-09-08 01:43	57344	----a-w-	c:\windows\system32\WMErrAra.dll
2009-06-24 04:42 . 2009-06-24 04:43	--------	d-----w-	c:\program files\XP Codec Pack
2009-06-23 21:05 . 2004-08-03 22:58	5504	----a-w-	c:\windows\system32\drivers\MSTEE.sys
2009-06-23 21:05 . 2004-08-03 23:10	11136	----a-w-	c:\windows\system32\drivers\SLIP.sys
2009-06-23 21:05 . 2004-08-03 23:10	85376	----a-w-	c:\windows\system32\drivers\NABTSFEC.sys
2009-06-23 21:05 . 2004-08-03 23:10	10880	----a-w-	c:\windows\system32\drivers\NdisIP.sys
2009-06-23 21:05 . 2004-08-03 23:10	17024	----a-w-	c:\windows\system32\drivers\CCDECODE.sys
2009-06-23 21:05 . 2004-08-03 23:10	19328	----a-w-	c:\windows\system32\drivers\WSTCODEC.SYS
2009-06-23 21:05 . 2004-08-03 22:58	7552	----a-w-	c:\windows\system32\drivers\MSKSSRV.sys
2009-06-23 21:05 . 2004-08-03 22:58	5376	----a-w-	c:\windows\system32\drivers\MSPCLOCK.sys
2009-06-23 21:05 . 2004-08-03 23:10	15360	----a-w-	c:\windows\system32\drivers\StreamIP.sys
2009-06-23 21:05 . 2004-08-03 22:58	4992	----a-w-	c:\windows\system32\drivers\MSPQM.sys
2009-06-23 21:04 . 2001-08-17 13:59	3072	----a-w-	c:\windows\system32\drivers\audstub.sys
2009-06-23 21:04 . 2004-08-03 23:10	78464	----a-w-	c:\windows\system32\drivers\usbvideo.sys
2009-06-23 21:04 . 2004-08-03 20:56	53760	-c--a-w-	c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-23 21:04 . 2004-08-03 20:56	53760	----a-w-	c:\windows\system32\vfwwdm32.dll
2009-06-23 21:04 . 2004-08-03 20:56	4096	-c--a-w-	c:\windows\system32\dllcache\ksuser.dll
2009-06-23 21:04 . 2004-08-03 20:56	4096	----a-w-	c:\windows\system32\ksuser.dll
2009-06-23 21:04 . 2004-08-04 00:56	21504	----a-w-	c:\windows\system32\hidserv.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 05:48 . 2009-06-27 05:42	4212	---ha-w-	c:\windows\system32\zllictbl.dat
2009-06-27 05:47 . 2009-06-27 05:47	8192	----a-w-	c:\windows\Internet Logs\xDB24.tmp
2009-06-27 05:47 . 2009-06-27 05:47	1424384	----a-w-	c:\windows\Internet Logs\xDB25.tmp
2009-06-27 05:44 . 2009-06-27 05:46	9216	----a-w-	c:\windows\Internet Logs\xDB22.tmp
2009-06-27 05:44 . 2009-06-27 05:46	1403392	----a-w-	c:\windows\Internet Logs\xDB23.tmp
2009-06-27 05:44 . 2009-06-27 05:44	1403392	----a-w-	c:\windows\Internet Logs\xDB21.tmp
2009-06-27 05:44 . 2009-06-27 05:44	11264	----a-w-	c:\windows\Internet Logs\xDB20.tmp
2009-06-27 05:43 . 2009-06-27 05:44	8704	----a-w-	c:\windows\Internet Logs\xDB1F.tmp
2009-06-27 05:43 . 2009-06-27 05:43	8704	----a-w-	c:\windows\Internet Logs\xDB1E.tmp
2009-06-27 05:43 . 2009-06-27 05:43	8192	----a-w-	c:\windows\Internet Logs\xDB1C.tmp
2009-06-27 05:43 . 2009-06-27 05:43	1100288	----a-w-	c:\windows\Internet Logs\xDB1D.tmp
2009-06-27 05:43 . 2009-06-27 05:43	8704	----a-w-	c:\windows\Internet Logs\xDB1B.tmp
2009-06-27 05:43 . 2009-06-27 05:43	8704	----a-w-	c:\windows\Internet Logs\xDB1A.tmp
2009-06-27 05:43 . 2009-06-27 05:43	8192	----a-w-	c:\windows\Internet Logs\xDB18.tmp
2009-06-27 05:43 . 2009-06-27 05:43	1389056	----a-w-	c:\windows\Internet Logs\xDB19.tmp
2009-06-27 02:50 . 2004-08-08 05:00	146432	----a-w-	c:\windows\regedit.exe
2009-06-26 19:13 . 2009-06-23 17:27	78064	----a-w-	c:\documents and settings\Personal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 18:25 . 2009-06-26 18:22	32	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-06-26 18:25 . 2009-06-26 18:22	32	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-06-24 18:20 . 2009-06-24 18:20	2678	----a-w-	c:\windows\java\Packages\Data\KPRRXRZB.DAT
2009-06-24 18:20 . 2009-06-24 18:20	2678	----a-w-	c:\windows\java\Packages\Data\OED7BJH3.DAT
2009-06-24 18:20 . 2009-06-24 18:20	2678	----a-w-	c:\windows\java\Packages\Data\04RLFZTB.DAT
2009-06-24 18:20 . 2009-06-24 18:20	2678	----a-w-	c:\windows\java\Packages\Data\L7HNBZFT.DAT
2009-06-24 18:20 . 2009-06-24 18:20	2678	----a-w-	c:\windows\java\Packages\Data\J9BDZVNH.DAT
2009-06-24 17:40 . 2009-06-23 17:47	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-06-24 05:40 . 2009-06-24 05:38	--------	d-----w-	c:\documents and settings\Personal\Application Data\Nokia
2009-06-24 05:38 . 2009-06-24 05:38	--------	d-----w-	c:\program files\DIFX
2009-06-24 05:38 . 2009-06-24 05:38	--------	d-----w-	c:\program files\Common Files\PCSuite
2009-06-24 05:38 . 2009-06-24 05:38	--------	d-----w-	c:\program files\Common Files\Nokia
2009-06-24 05:38 . 2009-06-24 05:37	--------	d-----w-	c:\program files\Nokia
2009-06-24 05:38 . 2009-06-24 05:38	--------	d-----w-	c:\documents and settings\Personal\Application Data\PC Suite
2009-06-24 05:37 . 2009-06-24 05:37	--------	d-----w-	c:\program files\PC Connectivity Solution
2009-06-24 05:37 . 2009-06-23 17:46	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-06-24 04:59 . 2009-06-23 17:49	499712	----a-w-	c:\windows\system32\msvcp71.dll
2009-06-24 04:59 . 2009-06-23 17:49	348160	----a-w-	c:\windows\system32\msvcr71.dll
2009-06-24 04:44 . 2009-06-23 17:19	166455	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-24 04:44 . 2009-06-24 04:44	2232	----a-w-	c:\windows\java\Packages\Data\5R7P75BD.DAT
2009-06-24 04:44 . 2009-06-24 04:44	155995	----a-w-	c:\windows\java\Packages\F7DFX3L7.ZIP
2009-06-24 04:44 . 2009-06-24 04:44	--------	d-----w-	c:\program files\The KMPlayer
2009-06-23 18:26 . 2009-06-23 18:26	--------	d-----w-	c:\program files\Common Files\L&H
2009-06-23 18:26 . 2009-06-23 18:26	--------	d-----w-	c:\program files\Microsoft.NET
2009-06-23 18:25 . 2009-06-23 18:25	--------	d-----w-	c:\program files\Microsoft ActiveSync
2009-06-23 18:25 . 2009-06-23 18:25	--------	d-----w-	c:\program files\Microsoft Works
2009-06-23 18:06 . 2009-06-23 18:06	--------	d-----w-	c:\program files\WIDCOMM
2009-06-23 18:02 . 2009-06-23 18:02	--------	d-----w-	c:\program files\CONEXANT
2009-06-23 18:01 . 2009-06-23 18:01	--------	d-----w-	c:\program files\SigmaTel
2009-06-23 17:50 . 2009-06-23 17:49	--------	d-----w-	c:\program files\DELL
2009-06-23 17:50 . 2009-06-23 17:50	76	--sh--r-	c:\windows\CT4CET.bin
2009-06-23 17:50 . 2009-06-23 17:49	--------	d-----w-	c:\program files\Creative
2009-06-23 17:50 . 2009-06-23 17:50	--------	d-----w-	c:\program files\Common Files\Reallusion
2009-06-23 17:50 . 2009-06-23 17:50	--------	d-----w-	c:\program files\Common Files\Creative
2009-06-23 17:50 . 2009-06-23 17:50	--------	d-----w-	c:\documents and settings\Personal\Application Data\InstallShield
2009-06-23 17:49 . 2009-06-23 17:49	--------	d-----w-	c:\program files\Creative Live! Cam
2009-06-23 17:46 . 2009-06-23 17:46	--------	d-----w-	c:\program files\Synaptics
2009-06-23 17:46 . 2009-06-23 17:46	--------	d-----w-	c:\program files\Broadcom
2009-06-23 17:33 . 2009-06-23 17:33	--------	d-----w-	c:\program files\Intel
2009-06-23 17:20 . 2009-06-23 17:20	--------	d-----w-	c:\program files\microsoft frontpage
2009-06-23 17:17 . 2009-06-23 17:17	21640	----a-w-	c:\windows\system32\emptyregdb.dat
2009-05-28 16:25 . 2009-06-27 05:42	72584	----a-w-	c:\windows\zllsputility.exe
2009-05-28 16:25 . 2009-06-27 05:42	1221512	----a-w-	c:\windows\system32\zpeng25.dll
2009-05-28 16:25 . 2009-06-27 05:42	69000	----a-w-	c:\windows\system32\zlcomm.dll
2009-05-28 16:25 . 2009-06-27 05:42	103816	----a-w-	c:\windows\system32\zlcommdb.dll
2009-05-07 15:44 . 2004-08-08 05:00	344064	----a-w-	c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-08 05:00	827392	----a-w-	c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-08 05:00	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-04-15 15:11 . 2004-08-08 05:00	584192	----a-w-	c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DELL [B][COLOR="Red"]*[/COLOR][/B][B][COLOR="Red"]*[/COLOR][/B][B][COLOR="Red"]*[/COLOR][/B]cam Manager"="c:\program files\DELL\DELL [B][COLOR="Red"]*[/COLOR][/B][B][COLOR="Red"]*[/COLOR][/B][B][COLOR="Red"]*[/COLOR][/B]cam Manager\DellWMgr.exe" [2007-06-07 196608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-08 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5756272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 211480]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 236056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 207384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Dell QuickSet"="c:\program files\DELL\QuickSet\quickset.exe" [2007-07-03 1228800]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 233472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-24 255528]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 301056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-28 1005960]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-06 479232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-08 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1826816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-24 183296]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 109680]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-6-24 1674432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[COLOR=RED] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [/COLOR]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\Program Files\\Nawras Internet-E220\\Nawras Internet-E220\\Mobile Connect.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\Program Files\\PC Connectivity Solution\\NclBTHandler.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Teleca Shared\\CapabilityManager.exe"=
"c:\\Program Files\\Common Files\\Teleca Shared\\Generic.exe"=
"c:\\Program Files\\PC Connectivity Solution\\NclInstaller.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\WINDOWS\\system32\\CF32349.exe"=

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\gmmlrn.sys --> c:\windows\system32\drivers\gmmlrn.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [6/23/2009 10:02 PM 108032]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [6/23/2009 9:47 PM 235584]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [6/23/2009 9:47 PM 7424]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Anti-Banner
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 09:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-28  9:36
ComboFix-quarantined-files.txt  2009-06-28 05:36

Pre-Run: 42,043,772,928 bytes free
Post-Run: 42,080,694,272 bytes free

340	--- E O F ---	2009-06-27 23:04




طلعت نوتابد فيهآ هالتقرير:10:
 
إنضم
13 يوليو 2007
المشاركات
1,615
الإعجابات
65
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

يالغاليه الرجاء تطبيق العملية بشكل صحيح اوقفي عملية استعادة النظام واقفي الانتي فايروس

AV: ZoneAlarm Security Suite Antivirus
FW: ZoneAlarm Security Suite Firewall

واتبعي الطريقة مره ثانيه لتمكن من حل مشكلتك​
 
إنضم
26 أغسطس 2007
المشاركات
272
الإعجابات
10
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

كيف آسكره وهو مش في الديسك توب مختفي مب لاقيه الايقونه حق البرنآمج


آمسحه ..؟
 
إنضم
13 يوليو 2007
المشاركات
1,615
الإعجابات
65
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

طيب اعيدي التشغيل واعملي الاداة في السيف مود بالضغط على مفتاج f8 عند الاقلاع

واعطيني التقرير​
 
إنضم
26 أغسطس 2007
المشاركات
272
الإعجابات
10
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

هذآ التقرير عند السيف مود



كود:
ComboFix 09-06-26.02 - Personal 06/28/2009 10:37.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.1256.966.1033.18.1014.818 [GMT 4:00]
Running from: c:\downloads\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2009-05-28 to 2009-06-28  )))))))))))))))))))))))))))))))
.

2009-06-28 06:31 . 2009-06-28 06:31	--------	d-----w-	c:\documents and settings\Administrator
2009-06-28 05:35 . 2009-06-28 05:35	--------	dc----w-	c:\windows\system32\dllcache\cache
2009-06-28 00:33 . 2009-06-28 00:33	--------	d-----w-	c:\documents and settings\Personal\Local Settings\Application Data\G DATA
2009-06-28 00:24 . 2009-06-28 00:24	--------	d-----w-	c:\windows\Sun
2009-06-27 23:12 . 2009-06-27 23:12	--------	d-----w-	c:\documents and settings\Personal\Contacts
2009-06-27 23:05 . 2009-06-27 23:05	--------	d-----w-	c:\documents and settings\Personal\Application Data\MailFrontier
2009-06-27 23:00 . 2009-06-27 23:00	--------	d-----w-	c:\program files\MSXML 4.0
2009-06-27 05:18 . 2009-06-27 05:36	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-06-27 05:18 . 2007-08-15 09:09	159744	----a-w-	c:\windows\system32\wt_menu.dll
2009-06-27 05:18 . 2007-08-15 09:09	40960	----a-w-	c:\windows\system32\ssubtmr6.dll
2009-06-27 05:18 . 1999-02-09 17:40	188928	----a-w-	c:\windows\system32\vbuzip10.DLL
2009-06-27 05:18 . 2009-06-27 05:19	--------	d-----w-	c:\program files\Smarty Uninstaller Pro
2009-06-27 03:18 . 2009-06-27 03:18	--------	d-----w-	c:\program files\Zone Labs
2009-06-27 03:18 . 2009-06-27 06:56	--------	d-----w-	c:\windows\Internet Logs
2009-06-27 02:57 . 2009-06-28 06:19	--------	d-----w-	c:\windows\system32\CatRoot_bak
2009-06-27 01:44 . 2003-08-18 02:56	1341	----a-w-	c:\windows\regtools.vbs
2009-06-26 23:58 . 2009-02-06 17:22	2136064	-c----w-	c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-26 23:58 . 2009-02-06 17:24	2180480	-c----w-	c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-26 23:58 . 2009-02-06 16:49	2015744	-c----w-	c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-26 23:58 . 2009-02-06 16:49	2057728	-c----w-	c:\windows\system32\dllcache\ntkrnlpa.exe
2009-06-26 23:37 . 2008-06-13 13:10	272128	-c----w-	c:\windows\system32\dllcache\bthport.sys
2009-06-26 23:37 . 2008-06-13 13:10	272128	------w-	c:\windows\system32\drivers\bthport.sys
2009-06-26 23:07 . 2009-06-26 23:07	--------	d--h--w-	c:\windows\system32\GroupPolicy
2009-06-26 23:06 . 2009-04-29 04:55	459264	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2009-06-26 23:06 . 2009-04-29 04:55	52224	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2009-06-26 23:06 . 2009-04-29 04:55	268288	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2009-06-26 23:06 . 2009-04-29 04:55	63488	-c----w-	c:\windows\system32\dllcache\icardie.dll
2009-06-26 23:06 . 2009-04-29 04:55	383488	-c----w-	c:\windows\system32\dllcache\ieapfltr.dll
2009-06-26 23:06 . 2009-04-28 09:05	13824	-c----w-	c:\windows\system32\dllcache\ieudinit.exe
2009-06-26 23:06 . 2008-07-09 14:25	2455488	-c----w-	c:\windows\system32\dllcache\ieapfltr.dat
2009-06-26 23:06 . 2009-04-29 04:55	6066176	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2009-06-26 22:59 . 2008-10-24 11:10	453632	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2009-06-26 21:45 . 2009-06-26 22:48	--------	d-----w-	c:\documents and settings\Personal\Application Data\Uniblue
2009-06-26 21:45 . 2009-06-26 22:46	--------	d-----w-	c:\program files\Uniblue
2009-06-26 21:37 . 2009-06-26 22:49	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-06-26 21:00 . 2009-06-26 21:00	3561743	----a-w-	c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-26 19:17 . 2009-06-26 19:17	--------	d-----w-	c:\program files\No-IP
2009-06-26 19:16 . 2009-06-26 19:16	--------	d-----w-	c:\documents and settings\Personal\Application Data\Malwarebytes
2009-06-26 19:16 . 2009-06-17 07:27	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-06-26 19:16 . 2009-06-17 07:27	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 19:16 . 2009-06-26 21:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-06-26 19:16 . 2009-06-26 19:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-26 19:14 . 2009-06-26 19:14	--------	d-----w-	c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-26 19:13 . 2009-06-26 19:13	--------	d-----w-	c:\program files\Adverts
2009-06-26 19:13 . 2009-06-26 19:13	--------	d-----w-	c:\program files\Windows Live
2009-06-26 19:13 . 2009-06-26 19:13	--------	d-----w-	c:\program files\Messenger Plus! Live
2009-06-26 19:10 . 2009-06-26 19:13	--------	d-----w-	c:\program files\MSN Messenger
2009-06-26 18:22 . 2009-06-26 18:25	32	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-06-26 18:22 . 2009-06-26 18:25	32	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-06-24 21:59 . 2009-06-24 21:59	--------	d-----w-	c:\documents and settings\Personal\Local Settings\Application Data\Help
2009-06-24 21:36 . 2009-06-24 21:36	--------	d-----w-	c:\documents and settings\Personal\Application Data\Teleca
2009-06-24 18:51 . 2009-06-24 18:51	--------	d-----w-	c:\documents and settings\Personal\Application Data\Sony Ericsson
2009-06-24 18:48 . 2009-06-24 18:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-06-24 18:47 . 2009-06-24 18:47	--------	d-----w-	c:\program files\Common Files\Sony Ericsson Shared
2009-06-24 18:47 . 2009-06-24 18:48	--------	d-----w-	c:\program files\Common Files\Teleca Shared
2009-06-24 18:47 . 2009-06-24 18:47	--------	d-----w-	c:\program files\Sony Ericsson
2009-06-24 18:47 . 2009-06-24 18:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\Teleca
2009-06-24 18:47 . 2009-06-24 18:47	--------	d-----w-	c:\windows\Downloaded Installations
2009-06-24 18:38 . 2009-06-24 18:38	--------	d-----w-	c:\program files\Java
2009-06-24 18:38 . 2009-06-24 18:38	--------	d-----w-	c:\program files\Common Files\Java
2009-06-24 18:29 . 2009-06-24 18:39	--------	d-----w-	c:\program files\LimeWire
2009-06-24 18:22 . 2009-06-28 06:20	--------	d-----w-	C:\Downloads
2009-06-24 18:22 . 2009-06-28 06:36	--------	d-----w-	c:\documents and settings\Personal\Application Data\Orbit
2009-06-24 18:22 . 2009-06-24 18:22	--------	d-----w-	c:\program files\Orbitdownloader
2009-06-24 17:40 . 2007-04-19 19:27	88960	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2009-06-24 17:40 . 2007-04-19 19:27	24448	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2009-06-24 17:40 . 2009-06-24 17:40	--------	d-----w-	c:\program files\Nawras Internet-E220
2009-06-24 17:22 . 2004-08-03 19:08	26496	-c--a-w-	c:\windows\system32\dllcache\usbstor.sys
2009-06-24 05:50 . 2009-06-24 05:50	--------	d-----w-	c:\documents and settings\Personal\Application Data\Yahoo!
2009-06-24 05:50 . 2009-06-24 05:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-24 05:39 . 2009-06-24 05:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Suite
2009-06-24 05:37 . 2007-04-26 09:02	21505000	----a-r-	c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng.exe
2009-06-24 05:37 . 2009-06-24 05:37	90112	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe
2009-06-24 05:37 . 2009-06-24 05:37	89088	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-24 05:37 . 2009-06-24 05:37	87552	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe
2009-06-24 05:37 . 2009-06-24 05:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\Installations
2009-06-24 05:36 . 2009-06-24 05:36	--------	d-----w-	c:\documents and settings\Personal\Application Data\Creative
2009-06-24 05:34 . 2009-06-24 17:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-06-24 05:32 . 2009-06-24 17:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee
2009-06-24 05:08 . 2009-06-24 05:08	--------	d--h--w-	c:\windows\msdownld.tmp
2009-06-24 05:08 . 2009-06-24 05:08	--------	d-----w-	c:\program files\Yahoo!
2009-06-24 05:06 . 2008-07-09 07:38	26488	----a-w-	c:\windows\system32\spupdsvc.exe
2009-06-24 05:06 . 2009-06-27 23:04	--------	d--h--w-	c:\windows\$hf_mig$
2009-06-24 05:00 . 2009-06-24 05:00	--------	d-----w-	c:\windows\speech
2009-06-24 04:59 . 2009-06-24 05:00	--------	d-----w-	c:\program files\Golden Al-Wafi Translator
2009-06-24 04:59 . 2009-06-24 04:59	172032	------w-	c:\windows\Setup1.exe
2009-06-24 04:59 . 2009-06-24 04:59	73216	----a-w-	c:\windows\ST6UNST.EXE
2009-06-24 04:59 . 2009-06-24 04:59	--------	d-----w-	c:\program files\Common Files\xing shared
2009-06-24 04:59 . 2009-06-24 04:59	--------	d-----w-	c:\program files\Common Files\Real
2009-06-24 04:59 . 2009-06-24 04:59	--------	d-----w-	c:\program files\Real
2009-06-24 04:50 . 2009-06-24 04:50	--------	d-----w-	c:\documents and settings\Personal\Local Settings\Application Data\Adobe
2009-06-24 04:49 . 2009-06-24 04:56	--------	d-----w-	c:\program files\Common Files\Adobe
2009-06-24 04:48 . 2009-06-24 04:48	--------	d-----w-	c:\documents and settings\Personal\Application Data\Ahead
2009-06-24 04:48 . 2003-12-19 15:48	89184	----a-w-	c:\windows\system32\drivers\imagedrv.sys
2009-06-24 04:47 . 2009-06-24 04:47	--------	d-----w-	c:\program files\Common Files\Ahead
2009-06-24 04:47 . 2001-07-09 06:50	233472	----a-w-	c:\windows\system32\NeroCheck.exe
2009-06-24 04:47 . 2001-07-06 13:24	283920	----a-w-	c:\windows\system32\ImagXpr5.dll
2009-06-24 04:47 . 2001-07-06 09:41	569344	----a-w-	c:\windows\system32\imagr5.dll
2009-06-24 04:47 . 2001-07-06 07:44	544768	----a-w-	c:\windows\system32\imagx5.dll
2009-06-24 04:47 . 2001-06-26 03:15	38912	----a-w-	c:\windows\system32\picn20.dll
2009-06-24 04:47 . 2009-06-24 04:47	--------	d-----w-	c:\program files\Ahead
2009-06-24 04:46 . 2009-06-24 04:46	--------	d-----w-	c:\documents and settings\All Users\Application Data\CyberLink
2009-06-24 04:46 . 2009-06-24 04:46	--------	d-----w-	c:\program files\CyberLink
2009-06-24 04:45 . 2009-06-24 04:45	--------	d-----w-	c:\windows\system32\wbem\MUI
2009-06-24 04:43 . 2009-06-24 04:43	--------	d-----w-	c:\program files\NCH Swift Sound
2009-06-24 04:42 . 2001-09-08 01:43	57344	----a-w-	c:\windows\system32\WMErrAra.dll
2009-06-24 04:42 . 2009-06-24 04:43	--------	d-----w-	c:\program files\XP Codec Pack
2009-06-23 21:05 . 2004-08-03 22:58	5504	----a-w-	c:\windows\system32\drivers\MSTEE.sys
2009-06-23 21:05 . 2004-08-03 23:10	11136	----a-w-	c:\windows\system32\drivers\SLIP.sys
2009-06-23 21:05 . 2004-08-03 23:10	85376	----a-w-	c:\windows\system32\drivers\NABTSFEC.sys
2009-06-23 21:05 . 2004-08-03 23:10	10880	----a-w-	c:\windows\system32\drivers\NdisIP.sys
2009-06-23 21:05 . 2004-08-03 23:10	17024	----a-w-	c:\windows\system32\drivers\CCDECODE.sys
2009-06-23 21:05 . 2004-08-03 23:10	19328	----a-w-	c:\windows\system32\drivers\WSTCODEC.SYS
2009-06-23 21:05 . 2004-08-03 22:58	7552	----a-w-	c:\windows\system32\drivers\MSKSSRV.sys
2009-06-23 21:05 . 2004-08-03 22:58	5376	----a-w-	c:\windows\system32\drivers\MSPCLOCK.sys
2009-06-23 21:05 . 2004-08-03 23:10	15360	----a-w-	c:\windows\system32\drivers\StreamIP.sys
2009-06-23 21:05 . 2004-08-03 22:58	4992	----a-w-	c:\windows\system32\drivers\MSPQM.sys
2009-06-23 21:04 . 2001-08-17 13:59	3072	----a-w-	c:\windows\system32\drivers\audstub.sys
2009-06-23 21:04 . 2004-08-03 23:10	78464	----a-w-	c:\windows\system32\drivers\usbvideo.sys
2009-06-23 21:04 . 2004-08-03 20:56	53760	-c--a-w-	c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-23 21:04 . 2004-08-03 20:56	53760	----a-w-	c:\windows\system32\vfwwdm32.dll
2009-06-23 21:04 . 2004-08-03 20:56	4096	-c--a-w-	c:\windows\system32\dllcache\ksuser.dll
2009-06-23 21:04 . 2004-08-03 20:56	4096	----a-w-	c:\windows\system32\ksuser.dll
2009-06-23 21:04 . 2004-08-04 00:56	21504	----a-w-	c:\windows\system32\hidserv.dll
2009-06-23 21:04 . 2004-08-03 22:59	57472	----a-w-	c:\windows\system32\drivers\redbook.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 05:48 . 2009-06-27 05:42	4212	---ha-w-	c:\windows\system32\zllictbl.dat
2009-06-27 05:47 . 2009-06-27 05:47	8192	----a-w-	c:\windows\Internet Logs\xDB24.tmp
2009-06-27 05:47 . 2009-06-27 05:47	1424384	----a-w-	c:\windows\Internet Logs\xDB25.tmp
2009-06-27 05:44 . 2009-06-27 05:46	9216	----a-w-	c:\windows\Internet Logs\xDB22.tmp
2009-06-27 05:44 . 2009-06-27 05:46	1403392	----a-w-	c:\windows\Internet Logs\xDB23.tmp
2009-06-27 05:44 . 2009-06-27 05:44	1403392	----a-w-	c:\windows\Internet Logs\xDB21.tmp
2009-06-27 05:44 . 2009-06-27 05:44	11264	----a-w-	c:\windows\Internet Logs\xDB20.tmp
2009-06-27 05:43 . 2009-06-27 05:44	8704	----a-w-	c:\windows\Internet Logs\xDB1F.tmp
2009-06-27 05:43 . 2009-06-27 05:43	8704	----a-w-	c:\windows\Internet Logs\xDB1E.tmp
2009-06-27 05:43 . 2009-06-27 05:43	8192	----a-w-	c:\windows\Internet Logs\xDB1C.tmp
2009-06-27 05:43 . 2009-06-27 05:43	1100288	----a-w-	c:\windows\Internet Logs\xDB1D.tmp
2009-06-27 05:43 . 2009-06-27 05:43	8704	----a-w-	c:\windows\Internet Logs\xDB1B.tmp
2009-06-27 05:43 . 2009-06-27 05:43	8704	----a-w-	c:\windows\Internet Logs\xDB1A.tmp
2009-06-27 05:43 . 2009-06-27 05:43	8192	----a-w-	c:\windows\Internet Logs\xDB18.tmp
2009-06-27 05:43 . 2009-06-27 05:43	1389056	----a-w-	c:\windows\Internet Logs\xDB19.tmp
2009-06-27 02:50 . 2004-08-08 05:00	146432	----a-w-	c:\windows\regedit.exe
2009-06-26 19:13 . 2009-06-23 17:27	78064	----a-w-	c:\documents and settings\Personal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 18:25 . 2009-06-26 18:22	32	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-06-26 18:25 . 2009-06-26 18:22	32	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-06-24 18:20 . 2009-06-24 18:20	2678	----a-w-	c:\windows\java\Packages\Data\KPRRXRZB.DAT
2009-06-24 18:20 . 2009-06-24 18:20	2678	----a-w-	c:\windows\java\Packages\Data\OED7BJH3.DAT
2009-06-24 18:20 . 2009-06-24 18:20	2678	----a-w-	c:\windows\java\Packages\Data\04RLFZTB.DAT
2009-06-24 18:20 . 2009-06-24 18:20	2678	----a-w-	c:\windows\java\Packages\Data\L7HNBZFT.DAT
2009-06-24 18:20 . 2009-06-24 18:20	2678	----a-w-	c:\windows\java\Packages\Data\J9BDZVNH.DAT
2009-06-24 17:40 . 2009-06-23 17:47	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-06-24 05:40 . 2009-06-24 05:38	--------	d-----w-	c:\documents and settings\Personal\Application Data\Nokia
2009-06-24 05:38 . 2009-06-24 05:38	--------	d-----w-	c:\program files\DIFX
2009-06-24 05:38 . 2009-06-24 05:38	--------	d-----w-	c:\program files\Common Files\PCSuite
2009-06-24 05:38 . 2009-06-24 05:38	--------	d-----w-	c:\program files\Common Files\Nokia
2009-06-24 05:38 . 2009-06-24 05:37	--------	d-----w-	c:\program files\Nokia
2009-06-24 05:38 . 2009-06-24 05:38	--------	d-----w-	c:\documents and settings\Personal\Application Data\PC Suite
2009-06-24 05:37 . 2009-06-24 05:37	--------	d-----w-	c:\program files\PC Connectivity Solution
2009-06-24 05:37 . 2009-06-23 17:46	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-06-24 04:59 . 2009-06-23 17:49	499712	----a-w-	c:\windows\system32\msvcp71.dll
2009-06-24 04:59 . 2009-06-23 17:49	348160	----a-w-	c:\windows\system32\msvcr71.dll
2009-06-24 04:44 . 2009-06-23 17:19	166455	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-24 04:44 . 2009-06-24 04:44	2232	----a-w-	c:\windows\java\Packages\Data\5R7P75BD.DAT
2009-06-24 04:44 . 2009-06-24 04:44	155995	----a-w-	c:\windows\java\Packages\F7DFX3L7.ZIP
2009-06-24 04:44 . 2009-06-24 04:44	--------	d-----w-	c:\program files\The KMPlayer
2009-06-23 18:26 . 2009-06-23 18:26	--------	d-----w-	c:\program files\Common Files\L&H
2009-06-23 18:26 . 2009-06-23 18:26	--------	d-----w-	c:\program files\Microsoft.NET
2009-06-23 18:25 . 2009-06-23 18:25	--------	d-----w-	c:\program files\Microsoft ActiveSync
2009-06-23 18:25 . 2009-06-23 18:25	--------	d-----w-	c:\program files\Microsoft Works
2009-06-23 18:06 . 2009-06-23 18:06	--------	d-----w-	c:\program files\WIDCOMM
2009-06-23 18:02 . 2009-06-23 18:02	--------	d-----w-	c:\program files\CONEXANT
2009-06-23 18:01 . 2009-06-23 18:01	--------	d-----w-	c:\program files\SigmaTel
2009-06-23 17:50 . 2009-06-23 17:49	--------	d-----w-	c:\program files\DELL
2009-06-23 17:50 . 2009-06-23 17:50	76	--sh--r-	c:\windows\CT4CET.bin
2009-06-23 17:50 . 2009-06-23 17:49	--------	d-----w-	c:\program files\Creative
2009-06-23 17:50 . 2009-06-23 17:50	--------	d-----w-	c:\program files\Common Files\Reallusion
2009-06-23 17:50 . 2009-06-23 17:50	--------	d-----w-	c:\program files\Common Files\Creative
2009-06-23 17:50 . 2009-06-23 17:50	--------	d-----w-	c:\documents and settings\Personal\Application Data\InstallShield
2009-06-23 17:49 . 2009-06-23 17:49	--------	d-----w-	c:\program files\Creative Live! Cam
2009-06-23 17:46 . 2009-06-23 17:46	--------	d-----w-	c:\program files\Synaptics
2009-06-23 17:46 . 2009-06-23 17:46	--------	d-----w-	c:\program files\Broadcom
2009-06-23 17:33 . 2009-06-23 17:33	--------	d-----w-	c:\program files\Intel
2009-06-23 17:20 . 2009-06-23 17:20	--------	d-----w-	c:\program files\microsoft frontpage
2009-06-23 17:17 . 2009-06-23 17:17	21640	----a-w-	c:\windows\system32\emptyregdb.dat
2009-05-28 16:25 . 2009-06-27 05:42	72584	----a-w-	c:\windows\zllsputility.exe
2009-05-28 16:25 . 2009-06-27 05:42	1221512	----a-w-	c:\windows\system32\zpeng25.dll
2009-05-28 16:25 . 2009-06-27 05:42	69000	----a-w-	c:\windows\system32\zlcomm.dll
2009-05-28 16:25 . 2009-06-27 05:42	103816	----a-w-	c:\windows\system32\zlcommdb.dll
2009-05-07 15:44 . 2004-08-08 05:00	344064	----a-w-	c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-08 05:00	827392	----a-w-	c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-08 05:00	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-04-15 15:11 . 2004-08-08 05:00	584192	----a-w-	c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12	14336	27C6D03BCDB8CFEB96B716F3D8BE3E18	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\svchost.exe
[7] 2004-08-08 05:00	14336	8F078AE4ED187AAABC0A305146DE6716	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\svchost.exe
[7] 2004-08-08 05:00	14336	8F078AE4ED187AAABC0A305146DE6716	c:\windows\system32\svchost.exe
[7] 2004-08-08 05:00	14336	8F078AE4ED187AAABC0A305146DE6716	c:\windows\system32\dllcache\svchost.exe
[7] 2004-08-08 05:00	14336	8F078AE4ED187AAABC0A305146DE6716	c:\windows\system32\dllcache\cache\svchost.exe

[-] 2008-04-14 00:12	578560	B26B135FF1B9F60C9388B4A7D16F600B	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\user32.dll
[7] 2004-08-08 05:00	577024	C72661F8552ACE7C5C85E16A3CF505C4	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\user32.dll
[7] 2004-08-08 05:00	577024	C72661F8552ACE7C5C85E16A3CF505C4	c:\windows\system32\user32.dll
[7] 2004-08-08 05:00	577024	C72661F8552ACE7C5C85E16A3CF505C4	c:\windows\system32\dllcache\user32.dll
[7] 2004-08-08 05:00	577024	C72661F8552ACE7C5C85E16A3CF505C4	c:\windows\system32\dllcache\cache\user32.dll

[-] 2008-04-14 00:12	82432	2CCC474EB85CEAA3E1FA1726580A3E5A	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\ws2_32.dll
[7] 2004-08-08 05:00	82944	2ED0B7F12A60F90092081C50FA0EC2B2	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\ws2_32.dll
[7] 2004-08-08 05:00	82944	2ED0B7F12A60F90092081C50FA0EC2B2	c:\windows\system32\ws2_32.dll
[7] 2004-08-08 05:00	82944	2ED0B7F12A60F90092081C50FA0EC2B2	c:\windows\system32\dllcache\ws2_32.dll
[7] 2004-08-08 05:00	82944	2ED0B7F12A60F90092081C50FA0EC2B2	c:\windows\system32\dllcache\cache\ws2_32.dll

[7] 2009-04-29 04:49	828928	62CCA075F44015147B8971DAFFBCFF76	c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2004-08-08 05:00	656384	C0823FC5469663BA63E7DB88F9919D70	c:\windows\ie7\wininet.dll
[7] 2007-08-13 14:54	818688	A4A0FC92358F39538A6494C42EF99FE9	c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2008-04-14 00:12	666112	7A4F775ABB2F1C97DEF3E73AFA2FAEDD	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\wininet.dll
[7] 2009-04-29 04:56	827392	8E2D471157B0DF329D8D0EA5D83B0DDB	c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\SP3GDR\wininet.dll
[7] 2009-04-29 04:49	828928	62CCA075F44015147B8971DAFFBCFF76	c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\SP3QFE\wininet.dll
[7] 2004-08-08 05:00	656384	C0823FC5469663BA63E7DB88F9919D70	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\wininet.dll
[7] 2009-04-29 04:56	827392	8E2D471157B0DF329D8D0EA5D83B0DDB	c:\windows\system32\wininet.dll
[7] 2009-04-29 04:56	827392	8E2D471157B0DF329D8D0EA5D83B0DDB	c:\windows\system32\dllcache\wininet.dll
[7] 2009-04-29 04:56	827392	8E2D471157B0DF329D8D0EA5D83B0DDB	c:\windows\system32\dllcache\cache\wininet.dll

[7] 2008-06-20 10:44	360960	744E57C99232201AE98C49168B918F48	c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51	361600	9AEFA14BD6B182D61E3119FA5F436D3D	c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59	361600	AD978A1B783B5719720CFF204B666C8E	c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-08 05:00	359040	9F4B36614A0FC234525BA224957DE55C	c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20	361344	93EA8D04EC73A85DB02EB8805988F733	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\tcpip.sys
[7] 2004-08-08 05:00	359040	9F4B36614A0FC234525BA224957DE55C	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\tcpip.sys
[7] 2008-06-20 10:45	360320	2A5554FC5B1E04E131230E3CE035C3F9	c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
[7] 2008-06-20 10:44	360960	744E57C99232201AE98C49168B918F48	c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
[7] 2008-06-20 11:51	361600	9AEFA14BD6B182D61E3119FA5F436D3D	c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[7] 2008-06-20 11:59	361600	AD978A1B783B5719720CFF204B666C8E	c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[7] 2008-06-20 10:45	360320	2A5554FC5B1E04E131230E3CE035C3F9	c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45	360320	2A5554FC5B1E04E131230E3CE035C3F9	c:\windows\system32\dllcache\cache\tcpip.sys
[7] 2008-06-20 10:45	360320	2A5554FC5B1E04E131230E3CE035C3F9	c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 00:12	507904	ED0EF0A136DEC83DF69F04118870003E	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\winlogon.exe
[7] 2004-08-08 05:00	502272	01C3346C241652F43AED8E2149881BFE	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\winlogon.exe
[7] 2004-08-08 05:00	502272	01C3346C241652F43AED8E2149881BFE	c:\windows\system32\winlogon.exe
[7] 2004-08-08 05:00	502272	01C3346C241652F43AED8E2149881BFE	c:\windows\system32\dllcache\winlogon.exe
[7] 2004-08-08 05:00	502272	01C3346C241652F43AED8E2149881BFE	c:\windows\system32\dllcache\cache\winlogon.exe

[-] 2008-04-13 19:20	182656	1DF7F42665C94B825322FAE71721130D	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\ndis.sys
[7] 2004-08-08 05:00	182912	558635D3AF1C7546D26067D5D9B6959E	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\ndis.sys
[7] 2004-08-08 05:00	182912	558635D3AF1C7546D26067D5D9B6959E	c:\windows\system32\dllcache\ndis.sys
[7] 2004-08-08 05:00	182912	558635D3AF1C7546D26067D5D9B6959E	c:\windows\system32\dllcache\cache\ndis.sys
[7] 2004-08-08 05:00	182912	558635D3AF1C7546D26067D5D9B6959E	c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53	36608	3BB22519A194418D5FEC05D800A19AD0	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\ip6fw.sys
[7] 2004-08-08 05:00	29056	4448006B6BC60E6C027932CFC38D6855	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\ip6fw.sys
[7] 2004-08-08 05:00	29056	4448006B6BC60E6C027932CFC38D6855	c:\windows\system32\dllcache\ip6fw.sys
[7] 2004-08-08 05:00	29056	4448006B6BC60E6C027932CFC38D6855	c:\windows\system32\dllcache\cache\ip6fw.sys
[7] 2004-08-08 05:00	29056	4448006B6BC60E6C027932CFC38D6855	c:\windows\system32\drivers\ip6fw.sys

[7] 2009-02-06 09:49	2062976	9D832AF3FD1917DB0E1E8B2F000A2E3A	c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 15:02	2066048	5BA7F2141BC6DB06100D0E5A732C617A	c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30	2066176	607352B9CB3D708C67F6039097801B5A	c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2004-08-08 05:00	2015232	FB142B7007CA2EEA76966C6C5CC12150	c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2009-02-06 16:49	2057728	3006410E24772CC6953F0B5C01BEB35F	c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31	2065792	109F8E3E3C82E337BB71B6BC9B895D61	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\ntkrnlpa.exe
[7] 2009-02-06 16:49	2057728	3006410E24772CC6953F0B5C01BEB35F	c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 09:49	2062976	9D832AF3FD1917DB0E1E8B2F000A2E3A	c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 15:02	2066048	5BA7F2141BC6DB06100D0E5A732C617A	c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30	2066176	607352B9CB3D708C67F6039097801B5A	c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2004-08-03 18:59	2056832	947FB1D86D14AFCFFDB54BF837EC25D0	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\ntkrnlpa.exe
[7] 2009-02-06 16:49	2015744	B238AB60093BABFE76AEC8F34B4D399D	c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-06 16:49	2057728	3006410E24772CC6953F0B5C01BEB35F	c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-06 16:49	2015744	B238AB60093BABFE76AEC8F34B4D399D	c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[7] 2009-02-06 10:32	2186112	6A936E9D7BADAF3CAAEED1E1966EC1B0	c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08	2189056	7A95B10A73737EBF24139AAA63F5212B	c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 15:35	2189184	EFE8EACE83EAAD5849A7A548FB75B584	c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2004-08-08 05:00	2148352	626309040459C3915997EF98EC1C8D40	c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2009-02-06 17:24	2180480	FACEBB0CA3154F77009CDFEE78A00BBB	c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 19:27	2188928	0C89243C7C3EE199B96FCC16990E0679	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\ntoskrnl.exe
[7] 2009-02-06 17:24	2180480	FACEBB0CA3154F77009CDFEE78A00BBB	c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 10:32	2186112	6A936E9D7BADAF3CAAEED1E1966EC1B0	c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08	2189056	7A95B10A73737EBF24139AAA63F5212B	c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 15:35	2189184	EFE8EACE83EAAD5849A7A548FB75B584	c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2004-08-03 19:20	2180992	CE218BC7088681FAA06633E218596CA7	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\ntoskrnl.exe
[7] 2009-02-06 17:22	2136064	16B5EBE97F243441264A8F8694C2F2AA	c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 17:24	2180480	FACEBB0CA3154F77009CDFEE78A00BBB	c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 17:22	2136064	16B5EBE97F243441264A8F8694C2F2AA	c:\windows\system32\dllcache\cache\ntoskrnl.exe

[7] 2004-08-08 05:00	1032192	A0732187050030AE399B241436565E64	c:\windows\explorer.exe
[-] 2008-04-14 00:12	1033728	12896823FB95BFB3DC9B46BCAEDC9923	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\explorer.exe
[7] 2004-08-08 05:00	1032192	A0732187050030AE399B241436565E64	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\explorer.exe
[7] 2004-08-08 05:00	1032192	A0732187050030AE399B241436565E64	c:\windows\system32\dllcache\explorer.exe
[7] 2004-08-08 05:00	1032192	A0732187050030AE399B241436565E64	c:\windows\system32\dllcache\cache\explorer.exe

[7] 2009-02-06 10:22	110592	4712531AB7A01B7EE059853CA17D39BD	c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11	110592	65DF52F5B8B6E9BBD183505225C37315	c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06	110592	020CEAAEDC8EB655B6506B8C70D53BB6	c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-08 05:00	108032	C6CE6EEC82F187615D1002BB3BB50ED4	c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12	108544	0E776ED5F7CC9F94299E70461B7B8185	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\services.exe
[7] 2009-02-06 17:14	110592	37561F8D4160D62DA86D24AE41FAE8DE	c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[7] 2009-02-06 10:22	110592	4712531AB7A01B7EE059853CA17D39BD	c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[7] 2009-02-06 11:11	110592	65DF52F5B8B6E9BBD183505225C37315	c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[7] 2009-02-06 11:06	110592	020CEAAEDC8EB655B6506B8C70D53BB6	c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[7] 2004-08-08 05:00	108032	C6CE6EEC82F187615D1002BB3BB50ED4	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\services.exe
[7] 2009-02-06 17:14	110592	37561F8D4160D62DA86D24AE41FAE8DE	c:\windows\system32\services.exe
[7] 2009-02-06 17:14	110592	37561F8D4160D62DA86D24AE41FAE8DE	c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 17:14	110592	37561F8D4160D62DA86D24AE41FAE8DE	c:\windows\system32\dllcache\cache\services.exe

[-] 2008-04-14 00:12	13312	BF2466B3E18E970D8A976FB95FC1CA85	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\lsass.exe
[7] 2004-08-08 05:00	13312	84885F9B82F4D55C6146EBF6065D75D2	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\lsass.exe
[7] 2004-08-08 05:00	13312	84885F9B82F4D55C6146EBF6065D75D2	c:\windows\system32\lsass.exe
[7] 2004-08-08 05:00	13312	84885F9B82F4D55C6146EBF6065D75D2	c:\windows\system32\dllcache\lsass.exe
[7] 2004-08-08 05:00	13312	84885F9B82F4D55C6146EBF6065D75D2	c:\windows\system32\dllcache\cache\lsass.exe

[-] 2008-04-14 00:12	15360	5F1D5F88303D4A4DBC8E5F97BA967CC3	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\ctfmon.exe
[7] 2004-08-08 05:00	15360	24232996A38C0B0CF151C2140AE29FC8	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\ctfmon.exe
[7] 2004-08-08 05:00	15360	24232996A38C0B0CF151C2140AE29FC8	c:\windows\system32\ctfmon.exe
[7] 2004-08-08 05:00	15360	24232996A38C0B0CF151C2140AE29FC8	c:\windows\system32\dllcache\ctfmon.exe
[7] 2004-08-08 05:00	15360	24232996A38C0B0CF151C2140AE29FC8	c:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2008-04-14 00:12	57856	D8E14A61ACC1D4A6CD0D38AEBAC7FA3B	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\spoolsv.exe
[7] 2004-08-08 05:00	57856	7435B108B935E42EA92CA94F59C8E717	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\spoolsv.exe
[7] 2004-08-08 05:00	57856	7435B108B935E42EA92CA94F59C8E717	c:\windows\system32\spoolsv.exe
[7] 2004-08-08 05:00	57856	7435B108B935E42EA92CA94F59C8E717	c:\windows\system32\dllcache\spoolsv.exe
[7] 2004-08-08 05:00	57856	7435B108B935E42EA92CA94F59C8E717	c:\windows\system32\dllcache\cache\spoolsv.exe

[-] 2008-04-14 00:12	111104	ED7262E52C31CF1625B65039102BC16C	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\wuauclt.exe
[7] 2008-10-16 10:09	51224	E654B78D2F1D791B30D0ED9A8195EC22	c:\windows\system32\wuauclt.exe
[7] 2008-10-16 10:09	51224	E654B78D2F1D791B30D0ED9A8195EC22	c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-10-16 10:09	51224	E654B78D2F1D791B30D0ED9A8195EC22	c:\windows\system32\dllcache\cache\wuauclt.exe

[-] 2008-04-14 00:12	26112	A93AEE1928A9D7CE3E16D24EC7380F89	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\userinit.exe
[7] 2004-08-08 05:00	24576	39B1FFB03C2296323832ACBAE50D2AFF	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\userinit.exe
[7] 2004-08-08 05:00	24576	39B1FFB03C2296323832ACBAE50D2AFF	c:\windows\system32\userinit.exe
[7] 2004-08-08 05:00	24576	39B1FFB03C2296323832ACBAE50D2AFF	c:\windows\system32\dllcache\userinit.exe
[7] 2004-08-08 05:00	24576	39B1FFB03C2296323832ACBAE50D2AFF	c:\windows\system32\dllcache\cache\userinit.exe

[-] 2008-04-14 00:12	295424	FF3477C03BE7201C294C35F684B3479F	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\termsrv.dll
[7] 2004-08-08 05:00	295424	B60C877D16D9C880B952FDA04ADF16E6	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\termsrv.dll
[7] 2004-08-08 05:00	295424	B60C877D16D9C880B952FDA04ADF16E6	c:\windows\system32\termsrv.dll
[7] 2004-08-08 05:00	295424	B60C877D16D9C880B952FDA04ADF16E6	c:\windows\system32\dllcache\termsrv.dll
[7] 2004-08-08 05:00	295424	B60C877D16D9C880B952FDA04ADF16E6	c:\windows\system32\dllcache\cache\termsrv.dll

[7] 2009-03-21 13:54	989184	80202858D245FF07DAA1739C57A3E19B	c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06	989696	B921FB870C9AC0D509B2CCABBBBE95F3	c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59	991744	DA11D9D6ECBDF0F93436A4B7C13F7BEC	c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-08-08 05:00	983552	888190E31455FAD793312F8D087146EB	c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2009-03-21 14:18	986112	B6ACAED7588295129791E0E6A2B0FADE	c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2gdr\kernel32.dll
[7] 2009-03-21 13:54	989184	80202858D245FF07DAA1739C57A3E19B	c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2qfe\kernel32.dll
[7] 2009-03-21 14:06	989696	B921FB870C9AC0D509B2CCABBBBE95F3	c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[7] 2009-03-21 13:59	991744	DA11D9D6ECBDF0F93436A4B7C13F7BEC	c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[-] 2008-04-14 00:11	989696	C24B983D211C34DA8FCC1AC38477971D	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\kernel32.dll
[7] 2004-08-08 05:00	983552	888190E31455FAD793312F8D087146EB	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\kernel32.dll
[7] 2009-03-21 14:18	986112	B6ACAED7588295129791E0E6A2B0FADE	c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:18	986112	B6ACAED7588295129791E0E6A2B0FADE	c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 14:18	986112	B6ACAED7588295129791E0E6A2B0FADE	c:\windows\system32\dllcache\cache\kernel32.dll

[-] 2008-04-14 00:12	17408	50A166237A0FA771261275A405646CC0	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\powrprof.dll
[7] 2004-08-08 05:00	17408	1B5F6923ABB450692E9FE0672C897AED	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\powrprof.dll
[7] 2004-08-08 05:00	17408	1B5F6923ABB450692E9FE0672C897AED	c:\windows\system32\powrprof.dll
[7] 2004-08-08 05:00	17408	1B5F6923ABB450692E9FE0672C897AED	c:\windows\system32\dllcache\powrprof.dll
[7] 2004-08-08 05:00	17408	1B5F6923ABB450692E9FE0672C897AED	c:\windows\system32\dllcache\cache\powrprof.dll

[-] 2008-04-14 00:11	110080	0DA85218E92526972A821587E6A8BF8F	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\imm32.dll
[7] 2004-08-08 05:00	110080	87CA7CE6469577F059297B9D6556D66D	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\imm32.dll
[7] 2004-08-08 05:00	110080	87CA7CE6469577F059297B9D6556D66D	c:\windows\system32\imm32.dll
[7] 2004-08-08 05:00	110080	87CA7CE6469577F059297B9D6556D66D	c:\windows\system32\dllcache\imm32.dll
[7] 2004-08-08 05:00	110080	87CA7CE6469577F059297B9D6556D66D	c:\windows\system32\dllcache\cache\imm32.dll

[-] 2008-04-14 00:12	1614848	9DD07AF82244867CA36681EA2D29CE79	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\sfcfiles.dll
[7] 2004-08-08 05:00	1580544	30A609E00BD1D4FFC49D6B5A432BE7F2	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\sfcfiles.dll
[7] 2004-08-08 05:00	1580544	30A609E00BD1D4FFC49D6B5A432BE7F2	c:\windows\system32\sfcfiles.dll
[7] 2004-08-08 05:00	1580544	30A609E00BD1D4FFC49D6B5A432BE7F2	c:\windows\system32\dllcache\sfcfiles.dll
[7] 2004-08-08 05:00	1580544	30A609E00BD1D4FFC49D6B5A432BE7F2	c:\windows\system32\dllcache\cache\sfcfiles.dll

[-] 2008-04-14 00:11	167936	D8849F77C0B66226335A59D26CB4EDC6	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\appmgmts.dll
[7] 2004-08-08 05:00	167936	9C3C12975C97119412802B181FBEEFFE	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\appmgmts.dll
[7] 2004-08-08 05:00	167936	9C3C12975C97119412802B181FBEEFFE	c:\windows\system32\appmgmts.dll
[7] 2004-08-08 05:00	167936	9C3C12975C97119412802B181FBEEFFE	c:\windows\system32\dllcache\appmgmts.dll
[7] 2004-08-08 05:00	167936	9C3C12975C97119412802B181FBEEFFE	c:\windows\system32\dllcache\cache\appmgmts.dll

[-] 2008-04-13 18:39	24576	463C1EC80CD17420A542B7F36A36F128	c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\kbdclass.sys
[7] 2004-08-08 05:00	24576	EBDEE8A2EE5393890A1ACEE971C4C246	c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\kbdclass.sys
[7] 2004-08-08 05:00	24576	EBDEE8A2EE5393890A1ACEE971C4C246	c:\windows\system32\dllcache\cache\kbdclass.sys
[7] 2004-08-08 05:00	24576	EBDEE8A2EE5393890A1ACEE971C4C246	c:\windows\system32\drivers\kbdclass.sys
.
(((((((((((((((((((((((((((((   SnapShot_2009-06-28_06.28.03   )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-08 05:00 . 2009-06-28 06:39	39992              c:\windows\system32\perfc009.dat
+ 2004-08-08 05:00 . 2009-06-28 06:39	311604              c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DELL [B][COLOR="Red"]*[/COLOR][/B][B][COLOR="Red"]*[/COLOR][/B][B][COLOR="Red"]*[/COLOR][/B]cam Manager"="c:\program files\DELL\DELL [B][COLOR="Red"]*[/COLOR][/B][B][COLOR="Red"]*[/COLOR][/B][B][COLOR="Red"]*[/COLOR][/B]cam Manager\DellWMgr.exe" [2007-06-07 196608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-08 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5756272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 211480]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 236056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 207384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Dell QuickSet"="c:\program files\DELL\QuickSet\quickset.exe" [2007-07-03 1228800]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 233472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-24 255528]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 301056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-28 1005960]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-06 479232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-08 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1826816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-24 183296]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 109680]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-6-24 1674432]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\Program Files\\Nawras Internet-E220\\Nawras Internet-E220\\Mobile Connect.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\Program Files\\PC Connectivity Solution\\NclBTHandler.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Teleca Shared\\CapabilityManager.exe"=
"c:\\Program Files\\Common Files\\Teleca Shared\\Generic.exe"=
"c:\\Program Files\\PC Connectivity Solution\\NclInstaller.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"c:\\Program Files\\DELL\\DELL [B][COLOR="Red"]*[/COLOR][/B][B][COLOR="Red"]*[/COLOR][/B][B][COLOR="Red"]*[/COLOR][/B]cam Manager\\DellWMgr.exe"=

S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\gmmlrn.sys --> c:\windows\system32\drivers\gmmlrn.sys [?]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [6/23/2009 10:02 PM 108032]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [6/23/2009 9:47 PM 235584]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [6/23/2009 9:47 PM 7424]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Anti-Banner
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 10:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(272)
c:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'explorer.exe'(876)
c:\windows\system32\msi.dll
.
Completion time: 2009-06-28 10:48
ComboFix-quarantined-files.txt  2009-06-28 06:48
ComboFix2.txt  2009-06-28 06:29
ComboFix3.txt  2009-06-28 05:36

Pre-Run: 41,101,959,168 bytes free
Post-Run: 41,086,259,200 bytes free

493	--- E O F ---	2009-06-27 23:04

نفس الآول آشوفه :26:


البرنامج اللي عطيتني آياه كل ساعه آحمله يخترب يوم آسوي ريستآرت :10:
 
إنضم
19 يناير 2009
المشاركات
2,455
الإعجابات
531
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

بسسسم الله الرحمن الرحيـم ..

سسلآم ع ـليكم ورحمة الله وبركـآته ..

هلآ والله مصفوقـ ـه ..

جهــآزج فيـه فـأيروس نـوعـه .. ][ Domino.exe ][ ..


شوفي ح ـبيبتي .. حملـي هـل الملف وأفتحيـه وأنـ شــآء الله يضبـط معـج . وردي لي خبـر ...


Fix Regisr
 
إنضم
13 يوليو 2007
المشاركات
1,615
الإعجابات
65
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

يالغاليه هل تظهر علامة الانتي فايروس بجانب الساعه او في البرامج معقولة ماتعرفي تقفلي

برنامج الانتي فايروس ثاني شي حاولي تسوي سكان بالبرنامج اللي عندك وهو

Malwarebytes' Anti-Malware العلامة الحمراء وعليها حرف M

لانو اذا مااوقفتي استعادة النظام لن ينفذ العملية لانو راح يرجع والطريقة تابعي الشرح



وقومي بعمل الطريقة

ونظف جهازك بالاداة التاليه

ATF-Cleaner

حمل الاداة هذي اضغط هنا

 
إنضم
26 أغسطس 2007
المشاركات
272
الإعجابات
10
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

مشيو يآلبآ قلبك مشكور مآتقصر تقدر تحمل البرنآمج على رآبط غير :10:

هالفايروس من جد غربلني الله يكفيكم شره :15:

ويعطيك آلف عآأ‘أ‘أفيه:30:




................................

ذبحني غلآها السموحه بتعبك ويآي


بس الظآهر آنك مافهمتي برنآمج الحمايه لو يضهر عندي في الديسك توب او مكآن الساعه ماحطيت الموضوع


البرنامج مايطلعلي لآ عند الساعه ولآ آي مكآن مآقدر آفتحه يعني لمآ آظغط على البرنامج مايسوي آي آكشن


آمآ بالنسبه لبرنآمج Malwarebytes' Anti-Malware مآنفع آنآ حآطته بس كذآ مع آني سويت سكآن ما طلعلي الفايروس


كنك يآبو زيد ماغزيت :30:
 
إنضم
26 أغسطس 2007
المشاركات
272
الإعجابات
10
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

ذبحني غلآها


سويت الطريقه اللي بالصوره بعدها سويت

شغلت البرنامج

ونظفته

وطلعت لي الرساله

Done Clean!! ATF CLEANING has freed 23.000 KBs


نفس المشكله مافتح الريجستري



آسوي فورمآت ؟آحسن صح :10:
 
إنضم
13 يوليو 2007
المشاركات
1,615
الإعجابات
65
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

وعليكم السلام

عطنى تقرير هايجاك



حمل الآداة

إضغط هنـآ للتحميل

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​
 
إنضم
19 يناير 2009
المشاركات
2,455
الإعجابات
531
النقاط
0
إنضم
26 أغسطس 2007
المشاركات
272
الإعجابات
10
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

سويت فورمآت يالربع وكلشي تمام :10:




ذبحني غلآها


يعطيك آلف عآ‘أ‘أفيهـ وماتقصر فديت قلبك:10:





مـيـشووووو آنت آكوس عضوـو شفته بالمنتدى من جد مجتهد :15:

مششششكور وآيد لبىآ قلبك:10:



مشكورين وآيد وآيد :6:


جعل عالمنتدى ماينحرم منكم :30:
 
إنضم
28 يونيو 2008
المشاركات
4,740
الإعجابات
432
النقاط
0
رد: مشششششششششششكله ع ـندي في regedit فـزعتكـم يالربـع

حياج الله

يغلق بعد الانتهاء

بحل فورمات

ما قصرو الاعضاء
 
الحالة
مغلق و غير مفتوح للمزيد من الردود.

الأعضاء النشطين حاليآ الذين يشاهدون هذا الموضوع (1 عضو و 0 ضيف)

خيارات الاستايل

نوع الخط
مودك
اخفاء السايدر بار OFF
توسيط المنتدى OFF
فصل الأقسام OFF
الأقسام الفرعية OFF
عرض المشاركات
حجم الخط
معلومات العضو OFF
إخفاء التوقيع OFF

إرجاع خيارات الإستايل