الرجاء المساعدة من الإخوة الأعضاء win32.vanbot.axn

  • بادئ الموضوع بادئ الموضوع TheBoss
  • تاريخ البدء تاريخ البدء
  • المشاهدات 943
T

TheBoss

زيزوومي جديد
إنضم
31 أغسطس 2008
المشاركات
5
مستوى التفاعل
0
النقاط
0
الإقامة
Egypt
غير متصل
السلام عليكم ورحمة الله وبركاته​
إخواني الأعزاء أنا لدي فيروس مبهدل جميع الحواسيب عندي إسمه win32.vanbot.axn
تقرير الهايجاك :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:24 ص, on 19/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Desktop\Zyzoom_HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\regedit.sys
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\win.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D1C8BE1-DFB4-4963-8F5A-8BFD2D476D28}: NameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{5D1C8BE1-DFB4-4963-8F5A-8BFD2D476D28}: NameServer = 192.168.254.254
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7486 bytes
وهذا تقرير أداة الكومبو فيكس :
ComboFix 09-04-19.05 - Administrator 04/19/2009 11:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.971.1033.18.503.182 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\win.exe
E:\Autorun.inf
.
---- Previous Run -------
.
C:\autorun.inf
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\windows\system32\drivers\RKHit.sys
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT
-------\Service_RkHit


((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 17:20 . 2009-04-19 17:20 488 ----a-w C:\hpfr3420.xml
2009-04-15 15:09 . 2008-04-13 23:11 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-15 15:09 . 2008-04-13 23:11 21504 ----a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-11 13:18 . 2000-01-08 12:47 60416 ----a-w c:\windows\ST4UNST.EXE
2009-04-09 19:50 . 2009-04-09 19:50 -------- d-----w C:\TechnoStation
2009-04-09 03:07 . 2009-04-09 03:07 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-09 03:06 . 2009-04-09 03:06 -------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-04-08 21:58 . 2009-04-08 21:46 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-08 21:14 . 2009-04-08 21:44 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-08 21:14 . 2009-04-08 21:14 -------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-08 21:14 . 2009-04-08 21:14 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-08 21:07 . 2009-04-08 21:07 -------- d-----w c:\documents and settings\Administrator\DoctorWeb
2009-04-08 21:01 . 2009-04-08 21:01 69 ----a-w C:\ioAsk.ini
2009-04-08 19:02 . 2009-04-08 19:02 -------- d-----w c:\documents and settings\Administrator\Application Data\Uniblue
2009-04-08 14:07 . 2009-03-11 12:25 344064 ----a-r c:\windows\system32\rmsality.nt
2009-04-07 12:59 . 2009-04-08 18:08 132 ----a-w c:\windows\mmo
2009-04-07 11:21 . 2009-04-19 18:46 275636 --sha-r C:\pagefiles.sys
2009-04-07 11:21 . 2009-04-19 18:45 275636 --sha-r c:\windows\system32\regedit.sys
2009-04-06 14:25 . 2009-04-06 14:25 -------- d-----w c:\documents and settings\Administrator\Application Data\Hewlett-Packard
2009-04-06 14:23 . 2003-04-07 06:21 94208 ----a-r c:\windows\system32\HPZipt12.dll
2009-04-06 14:23 . 2003-04-07 06:21 57344 ----a-r c:\windows\system32\HPZisn12.dll
2009-04-06 14:23 . 2003-04-07 06:21 65795 ----a-r c:\windows\system32\HPZipm12.exe
2009-04-06 14:23 . 2003-04-07 06:21 61699 ----a-r c:\windows\system32\HPZinw12.exe
2009-04-06 14:23 . 2003-04-07 06:21 167936 ----a-r c:\windows\system32\HPZipr12.dll
2009-04-06 14:23 . 2003-04-07 06:21 16080 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-06 14:23 . 2003-04-07 06:21 233528 ----a-r c:\windows\system32\HPZidr12.dll
2009-04-06 14:23 . 2003-04-07 06:21 51024 ----a-r c:\windows\system32\drivers\hpzid412.sys
2009-04-06 14:23 . 2003-04-07 06:21 21456 ----a-r c:\windows\system32\drivers\HPZius12.sys
2009-04-06 14:22 . 2008-04-13 17:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-06 14:22 . 2008-04-13 17:47 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-06 14:19 . 2008-04-13 17:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-06 14:19 . 2008-04-13 17:45 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-06 14:19 . 2008-04-13 17:45 32128 ----a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-06 14:16 . 2009-04-06 14:16 82380 ----a-w c:\windows\system32\drivers\AFS2K.SYS
2009-04-06 14:08 . 2009-04-06 14:16 20476 ----a-w c:\windows\hpoins01.dat
2009-04-06 14:08 . 2003-04-07 06:31 16622 ------w c:\windows\hpomdl01.dat
2009-04-03 03:42 . 2009-02-05 21:55 31704 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-04-02 12:43 . 2009-04-02 14:40 -------- d-----w c:\documents and settings\Administrator\Contacts
2009-04-02 12:42 . 2009-04-08 21:50 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-01 18:55 . 2009-04-08 14:31 948 ----a-w c:\windows\system32\%LocalXml%
2009-04-01 12:58 . 2009-04-01 12:58 -------- d-----w c:\documents and settings\Administrator\Application Data\SmartFTP
2009-04-01 11:33 . 2009-04-01 11:42 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-31 10:54 . 2009-04-01 18:54 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-31 10:54 . 2009-04-01 18:54 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-31 10:53 . 2009-04-19 18:36 466976 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-31 10:53 . 2009-04-19 18:36 2676 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-31 10:53 . 2009-04-19 18:32 2401312 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-31 10:53 . 2009-04-19 18:32 19840 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-31 10:52 . 2009-04-19 18:36 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-29 12:57 . 2009-03-29 12:57 -------- d-----w c:\documents and settings\Administrator\Application Data\NPLUTO Corporation
2009-03-29 12:57 . 2009-02-17 00:39 2736890 ----a-w c:\windows\system32\GameMon.des
2009-03-29 12:57 . 2005-01-03 06:43 4682 ----a-w c:\windows\system32\npptNT2.sys
2009-03-29 12:57 . 2003-07-19 15:17 5174 ----a-w c:\windows\system32\nppt9x.vxd
2009-03-29 11:38 . 2009-03-29 11:38 -------- d-----w C:\ijji
2009-03-29 11:37 . 2008-06-18 02:28 710064 ----a-w c:\windows\system32\ijjiSetup.exe
2009-03-29 11:37 . 2008-06-12 06:01 58800 ----a-w c:\windows\system32\ijjiPlugin2.dll
2009-03-29 11:37 . 2008-04-23 21:02 157152 ----a-w c:\windows\system32\PubPlugin.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 18:33 . 2009-04-08 22:07 8082 ----a-w C:\aaw7boot.log
2009-04-19 17:48 . 2009-04-19 17:48 -------- d-----w c:\program files\Trend Micro
2009-04-19 17:20 . 2009-04-19 17:20 271 ----a-w C:\hpfr3425.log
2009-04-11 12:16 . 2009-04-11 12:13 -------- d-----w c:\program files\Garena
2009-04-09 19:50 . 2007-02-19 14:12 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 11:59 . 2009-04-09 03:06 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-09 03:06 . 2009-04-09 03:06 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 21:14 . 2009-04-08 21:14 -------- d-----w c:\program files\Lavasoft
2009-04-08 21:07 . 2009-04-08 21:07 -------- d-----w c:\program files\Siber Systems
2009-04-08 21:01 . 2009-04-08 21:01 -------- d-----w c:\program files\Fixup Restrictions
2009-04-08 19:02 . 2009-04-08 19:02 -------- d-----w c:\program files\Uniblue
2009-04-08 00:21 . 2009-04-08 18:46 14922467 ----a-w c:\program files\PROCESSLIST.DB
2009-04-08 00:20 . 2009-04-08 18:46 1141209 ----a-w c:\program files\PROCESSLISTRELATED.DB
2009-04-07 11:04 . 2009-03-08 07:31 -------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2009-04-06 14:16 . 2007-02-19 14:12 -------- d-----w c:\program files\Hewlett-Packard
2009-04-06 14:11 . 2009-04-06 14:11 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-04-06 13:35 . 2009-04-06 13:34 -------- d-----w c:\program files\Ahead
2009-04-02 12:41 . 2009-04-02 12:41 -------- d-----w c:\program files\MSN Messenger
2009-04-01 18:54 . 2008-01-30 01:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-01 12:58 . 2009-04-01 12:58 -------- d-----w c:\program files\SmartFTP Client
2009-04-01 12:58 . 2009-04-01 12:58 -------- d-----w c:\program files\SmartFTP Client 3.0 Setup Files
2009-03-29 13:33 . 2009-03-29 12:45 -------- d-----w c:\program files\DriftCity
2009-03-29 12:57 . 2009-03-29 12:57 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-29 12:44 . 2009-03-15 12:07 -------- d--h--w c:\documents and settings\Administrator\Application Data\ijjigame
2009-03-29 11:37 . 2009-03-29 11:37 -------- d-----w c:\program files\NHN USA
2009-03-29 11:09 . 2009-02-28 12:21 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-03-16 17:56 . 2009-03-16 17:56 -------- d-----w c:\documents and settings\Administrator\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
2009-03-16 17:54 . 2009-03-16 17:52 -------- d-----w c:\documents and settings\Administrator\Application Data\Raptr
2009-03-16 17:53 . 2009-03-16 17:53 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-12 12:06 . 2009-03-04 10:53 97184 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-12 12:04 . 2009-03-12 12:04 -------- d-----w c:\program files\Alfa Autorun Killer 2
2009-03-09 18:00 . 2009-03-09 17:58 -------- d-----w c:\program files\Counter-Strike 1.6
2009-03-06 17:48 . 2009-03-06 17:48 -------- d-----w c:\program files\WinPcap
2009-03-06 17:48 . 2009-03-06 17:48 -------- d-----w c:\program files\netcut
2009-03-05 12:31 . 2009-03-05 12:26 -------- d-----w c:\program files\Common Files\Adobe
2009-03-05 12:31 . 2009-03-05 12:31 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-05 12:30 . 2009-03-05 12:30 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-05 11:55 . 2009-03-05 11:46 -------- d-----w c:\program files\Web Publish
2009-03-05 11:31 . 2009-03-05 11:31 2678 ----a-w c:\windows\java\Packages\Data\HVXJRXFB.DAT
2009-03-05 11:31 . 2009-03-05 11:31 2678 ----a-w c:\windows\java\Packages\Data\KP7FD75Z.DAT
2009-03-05 11:31 . 2009-03-05 11:31 2678 ----a-w c:\windows\java\Packages\Data\HNHVZL31.DAT
2009-03-05 11:31 . 2009-03-05 11:31 2678 ----a-w c:\windows\java\Packages\Data\CYW0TVNJ.DAT
2009-03-02 17:28 . 2005-09-21 08:21 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-02 17:20 . 2002-08-29 07:00 250048 --sha-w C:\NTLDR
2009-02-28 11:31 . 2009-02-28 11:24 1255 ----a-w C:\INSTALL.LOG
2009-02-27 20:45 . 2009-02-27 19:37 2021 ----a-w C:\vre
2009-02-09 11:13 . 2009-03-01 11:09 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-04 08:00 1846784 ----a-w c:\windows\system32\win32k.sys
2008-05-08 11:24 . 2004-08-04 08:00 155648 --sha-r c:\windows\system32\wscript.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-09 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-01 206088]
"CTFMON"="c:\windows\system32\wscript.exe" [2008-05-08 155648]
"regdiit"="c:\windows\win.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\00hoeav.com]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\0w.com]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6.bat]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6fnlpetp.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6x8be16.cmd]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2cmd.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2free.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2upd.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\abk.bat]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Adobe Gamma Loader.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\algsrvs.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\algssl.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Angry.bat]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antihost.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTS.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apu-0607g.xml]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apu.stt]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashLogV.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashMaiSv.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashPopWz.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashQuick.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSkPcc.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashWebSv.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswBoot.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswRegSvr.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.bin]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Autorun.ini]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.reg]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.txt]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.wsh]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorunsc.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvastSS.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Avciman.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgamsvr.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrsx.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgscan.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgupsvc.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avltd.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmailc.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avzkrnl.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad1.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad2.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad3.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdsubwiz.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BDSurvey.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BIOSREAD.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caiss.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caissdt.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\catcache.dat]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cauninst.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavApp.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavasm.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavAUD.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVCmd.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVCtx.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavEmSrv.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavmr.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavMUD.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavoar.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavQ.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVRep.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVRid.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVSCons.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavse.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavSn.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavSub.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVSubmit.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavUMAS.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavUserUpd.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavvl.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CEmRep.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahcomm.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahrule.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahum.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clldr.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CMain.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\copy.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\curidsbase.kdz]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\destrukto.vbs]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DF5Serv.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\diffs.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drvins32.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb32w.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb386.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwebwcl.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwreg.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\regedit.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\e.cmd]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\e9ehn1m8.com]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\edb.chk]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EMDISK.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f0.cmd]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileKan.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\flashy.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FProtTray.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fptrayproc.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE ]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FrzState2k.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fs6519.dll.vbs]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fssf.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fssync.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fun.xls.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\g2pfnid.com]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GetSI.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxkickoff.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxkickoff_x64.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\h3.bat]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hookinst.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\host.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\i.bat]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Identity.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iefqwp.cmd]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEShow.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ij.bat]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\InstallCAVS.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\InstLsp.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iSafe.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iSafInst.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav.bav]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavbase.kdl]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ker.vbs]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KeyMgr.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killVBS.vbs]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kl1.sys]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klavemu.kdl]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klbg.cat]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klbg.sys]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klif.cat]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klif.sys]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klim5.sys]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licmgr.ex]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licreg.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lky.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\m2nl.bat]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcappins.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcaupdate.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinfo.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmnhdlr.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcregwiz.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdui.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsftsn.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsmap.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdos.pif]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msfir80.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSGrc32.vbs]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msime80.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msizap.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmsgs.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcm80.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcp80.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcr71.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcr80.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mzvkbd.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mzvkbd3.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\naiavfin.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netcfg.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\new folder.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\njibyekk.com]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\olb1iimw.bat]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OnAccessInstaller.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pagent.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pagentwd.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavFnSvr.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavprsrv.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavReport.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsAuxs.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsSvc.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsTray.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prloader.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSHost.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskmssvc.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QtnMaint.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rcukd.cmd]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\reload.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue32.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescuecd.zip]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rose.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sal.xls.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVHOST.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvhosts.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVHSOT.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVVHOST.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvvhosts.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVVHSOT.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SendLogs.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\session.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SocksA.ex]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOCFG.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOLITE.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOSCAN.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOSENT.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spidercpl.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssvichosst.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sxs.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\system.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp2.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\toy.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TPSrv.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uiscan.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\unp_test.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\update.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\updater.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UPSDbMaker.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\userdump.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UUpd.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\v.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32Act.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32ECM.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32ifs.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32PP3.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32Qtn.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcons.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbglobal.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbimport.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbinst.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbscan.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbsystry.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VetMsg.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\virusutilities.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VisthAux.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBPROXY.EXE]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\whi.com]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinGrc32.dll]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrAdmin.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrCtrl.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsctool.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\yannh.cmd]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ybj8df.exe]
"Debugger"=c:\windows\win.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 is-GACR0drv;is-GACR0drv; [x]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\DRIVERS\HssDrv.sys [2009-02-05 31704]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-17 2736890]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-01 33808]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-08 64160]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-09 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-08 951632]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-02-28 87808]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-14 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-05-01 24592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1902b20-0581-11de-9c17-0017a4d07113}]
\Shell\AutoRun\command - wscript.exe /e:vbs pagefiles.sys
\Shell\open\Command - wscript.exe /e:vbs pagefiles.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df9d9aaa-f9c8-11dd-9c00-806d6172696f}]
\Shell\AutoRun\command - wscript.exe /e:vbs pagefiles.sys
\Shell\open\Command - wscript.exe /e:vbs pagefiles.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df9d9aab-f9c8-11dd-9c00-806d6172696f}]
\Shell\AutoRun\command - wscript.exe /e:vbs pagefiles.sys
\Shell\open\Command - wscript.exe /e:vbs pagefiles.sys
.
Contents of the 'Scheduled Tasks' folder

2009-04-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:42]

2009-04-06 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8239027843.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.freewebtown.com/alrefai/login.live.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {5D1C8BE1-DFB4-4963-8F5A-8BFD2D476D28} = 192.168.254.254
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-19 11:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):71,e7,4b,bd,ae,c7,02,d3,30,fe,12,64,82,98,24,66,e8,8e,b5,53,f6,
5a,f6,74,e8,35,da,7a,f6,1c,fc,15,1e,ca,19,30,a6,9c,f7,43,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c2e39684-e290-49ac-9e4d-21610377ea0c}]
@Denied: (Full) (Everyone)
"Model"=dword:0000005f
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,40,02,13,ad,75,b8,fc,03,e5,e4,59,ba,d2,a9,c6,c6,45,40,84,78,8a,52,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(2024)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
.
Completion time: 2009-04-19 11:49
ComboFix-quarantined-files.txt 2009-04-19 18:49
ComboFix2.txt 2009-04-08 22:04

Pre-Run: 49,865,560,064 bytes free
Post-Run: 49,856,307,200 bytes free

771 --- E O F --- 2009-03-16 04:46

والسلام عليكم ورحمة الله وبركاته .. يا ريت با إخواني حد يساعدني بسرعة وله مني فائق الشكر والإمتنان والدعاء .

 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام


::::::

عطل نقطة الاستعادة مثل الموجود في الشرح التالي


jpg





ثم

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلها فتظهر لك واجهة الاداة
احتر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة​
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
ابو ريما الله يرفع قدرك ويزيدك علمآ ويجعل عملك خالصآ لوجه الله

وجزاك الله خيرآ ...
 
تأييد 0
الواعظ قال:
ابو ريما الله يرفع قدرك ويزيدك علمآ ويجعل عملك خالصآ لوجه الله



وجزاك الله خيرآ ...
أنقر للتوسيع...



اللهم امين ... :er:

 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
أخي الكريم , تم بحمد الله و فضله بتاريخ 30-03-2009 تحديث الاداة العامة لازاله الفيروسات General Removal ,, لكي تقوم بازالة هذا الفايروس winjpg.JPG او winxp.exe أو win.exe باقل من 10 ثواني , فقد قم بتحميل هذه الاداة و اضغط على الزرين كما في الصورة
وتأكد ان النسخة بتاريخ 30-03-2009 قبل تشغيلها أو أحدث
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى